M2M IDG701AM-0T001 User Manual

Cellular gateway

page of 400

/ 400
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual

M2M Cellular Gateway

IDG701AM‐0T001

User Manual

Table of Contents

Need help?

Do you have a question about the IDG701AM-0T001 and is the answer not in the manual?

Questions and answers

Summary of Contents for M2M IDG701AM-0T001

Page 1 M2M Cellular Gateway IDG701AM‐0T001 User Manual ...
Page 2: Table Of Contents
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 1 Introduction ........................... 6 1.1 Introduction ............................ 6 1.2 Contents List ............................ 7 1.2.1 Package Contents ........................ 7 1.3 Hardware Configuration ......................... 8 1.4 LED Indication .......................... 10 1.5 Installation Requirement ...................... 11 1.5.1 WARNING ........................... 11 1.5.2 SYSTEM REQUIREMENTS .................... 11 1.6 Hardware Installation ........................ 12 1.6.1 Mount the Unit ........................ 12 1.6.2 Insert the SIM Card ...................... 12 1.6.3 Connecting Power ...................... 13 1.6.6 Connecting to the Network or a Host ................ 13 Chapter 2 Getting Started ........................... 14 2.1 Wizard .............................. 14 Network Setup Wizard ........................ 14 ...
Page 3 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.3.1 Ethernet LAN ........................ 89 3.3.3 VLAN ............................. 89 3.7 IPv6 .............................. 1 05 3.7.1 IPv6 Configuration ...................... 1 09 3.9 NAT / Bridge .......................... 1 17 3.9.1 NAT Configuration ...................... 1 17 3.9.3 Virtual Server & Virtual Computer................ 1 21 3.9.5 Special AP & ALG ...................... 1 29 3.9.7 DMZ & Pass Through ...................... 1 37 3.b Routing ............................ 1 40 3.b.1 Static Routing ........................ 1 40 ...
Page 4 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.5.1 Configuration ........................ 2 28 5.5.3 IPSec ........................... 2 30 5.5.5 PPTP ............................ 2 54 5.5.7 L2TP ............................ 2 68 5.5.9 GRE............................ 2 81 5.5.d OpenVPN ........................... 2 89 5.7 Redundancy ........................... 3 08 5.7.1 VRRP ........................... 3 08 5.9 System Management ........................ 3 12 5.9.1 TR‐069 .......................... 3 12 ...
Page 5 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.3 Scheduling ............................. 3 91 9.7 Grouping ............................ 3 93 9.9 External Servers ........................... 3 97 9.b MMI .............................. 4 00 5 ...
Page 6: Chapter 1 Introduction
Intranet, and all data are transmitted in a secure (256-bit AES encryption) link. To meet a variety of M2M application requirements, AMIT M2M Cellular Gateway products are based on modular design. A new functional module can replace current one to support new application in short time, such as for NFC or GPS applications. ...
Page 7: Contents List
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.2 Contents List 1.2.1 Package Contents #Standard Package Items Description Contents Quantity IDG701AM‐0T001 1 1pcs M2M Cellular Gateway Cellular Antenna 2pcs Power Adapter (DC 12V/2A) 1pcs RJ45 Cable 1pcs Console Cable 1pcs 1pcs (Manual) Mounting Bracket 2pcs DIN‐Rail Bracket 1pcs ...
Page 8: Hardware Configuration
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.3 Hardware Configuration  Front View LED USB Port Reset Indicators Button 3G/LTE(Aux) Console 3G/LTE(Main) Auto MDI/MDIX RJ45 Ports Antenna Port Antenna 4x FE LAN to connect local devices ※Reset Button The RESET button provides user with a quick and easy way to resort the default setting. Press the RESET button continuously for 6 seconds, and then release it. The device will restore to factory default ...
Page 9 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Bottom View SIM B SIM A Slot Slot  Left View Power Terminal Block 9 ...
Page 10: Led Indication
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.4 LED Indication LED Icon Indication LED Color Description Power Source 1 Green Steady ON: Device is powered on by power source 1 Power Source 2 Green Steady ON: Device is powered on by power source 2 ) SIM A Green Steady ON: SIM card A is used SIM B Green Steady ON: SIM card B is used Steady ON: Ethernet connection of LAN is established LAN 1 ~ LAN 4 Green Flash: Data packets are transferred High LTE/3G Signal Green Steady ON: The signal strength of LTE/3G is strong Low LTE/3G Signal Green Steady ON: The signal strength of LTE/3G is weak ...
Page 11: Installation Requirement
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.5 Installation Requirement 1.5.1 WARNING Do not use the product in high humidity or high  temperatures. Only use the power adapter that comes with the  package. Using a different voltage rating power adaptor is dangerous and may damage the product.
Page 12: Hardware Installation
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.6 Hardware Installation This chapter describes how to install and configure the hardware 1.6.1 Mount the Unit The IDG701 series can be placed on a desktop, mounted on the wall, or mounted on a DIN‐rail. It has designed with “ears” for attaching to the wall or the inside of a cabinet. The wall‐mount kits and DIN‐ rail bracket are not screwed on the product when out of factory. Please screw the wall‐mount kits and DIN‐rail bracket on the product first. 1.6.2 Insert the SIM Card WARNNING: BEFORE INSERTING OR CHANGING THE SIM CARD, PLEASE MAKE SURE THAT POWER OF THE DEVICE IS SWITCHED OFF. The SIM card slots are located at the bottom side of IDG701‐0T001 housing in order to protect the SIM card. You need to unscrew and remove the outer SIM card cover before installing or removing the SIM card. Please follow the instructions to insert a SIM card. After SIM card is well placed, screw back the outer SIM card cover. Step 1: Step 2: Step 3: Follow red arrow to Lift up SIM holder, Put back SIM holder, and unlock SIM socket and insert SIM card follow red arrow to lock SIM socket ...
Page 13: Connecting Power
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.6.3 Connecting Power The IDG701‐0T001 can be powered by connecting a power source to the terminal block . It supports dual 9 to 48VDC power inputs. Following picture is the power terminal block pin assignments. Please check carefully and connect to the right power requirements and polarity. There are a DC converter and a DC12V/2A power adapter in the package for you to easily connect DC power adapter to this terminal block. WARNNING: This commercial‐grade power adapter is mainly for ease of powering up the purchased device while initial configuration. It’s not for operating at wide temperature range environment. PLEASE PREPARE OR PURCHASE OTHER INDUSTRIAL‐GRADE POWER SUPPLY FOR POWERING UP THE DEVICE. 1.6.6 Connecting to the Network or a Host The IDG701 series provides four RJ45 ports to connect 10/100Mbps Ethernet. It can auto detect the transmission speed on the network and configure itself automatically. Connect the Ethernet cable to ...
Page 14: Chapter 2 Getting Started
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 2 Getting Started 2.1 Wizard Network Setup Wizard Wired Router Network Setup Wizard will guide you through a basic configuration procedure step by step. Step‐2 is to change your login password. Go to Wizard > Network Setup Wizard > Step‐2 Item Value setting Description If you want to change password, Enter the current password in this Old Password 1. String format: any text item. New Password 1. String format: any text Enter the new password. New Password The box is unchecked by Enter the new password to re‐confirm. Confirmation default Exit NA Click the Exit button to cancel Setup Wizard. Back NA Click the Back button to go to the previous step. Next NA Click the Next button to go to the next step. 14 ...
Page 15 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Step‐3 is to change the time zone. Go to Wizard > Network Setup Wizard > Step‐3 Item Value setting Description Time zone list 1. A Must filled setting Select the time zone for the system clock. Detect Again NA Click the Detect Again button to detect the time zone from network. Exit NA Click the Exit button to cancel Setup Wizard. Back NA Click the Back button to go to the previous step. Next NA Click the Next button to go to the next step. Item Value setting Description 1. String format: any text 2. A Must filled setting Rule Name 3. By default Always is selected. 4. The box is unchecked by default. 5. NA 15 ...
Page 16 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Step 4. Internet Connection (WAN Interface Setting) In this step of the Wizard you will be specifying how your router connects to the Internet by selecting the appropriate Physical Interface and WAN Type. For detail settings, refer to the following pages for your required settings. Go to Wizard > Network Setup Wizard > Step 4. WAN interface Step 4. WAN interface Setting Item Value setting Description Here you specify the Physical Interface that connects your router to the Internet. Physical Interface A Must filled setting The type of available Interfaces will depend on the router model. They are normally the Ethernet port and the 3G/4G wireless interface. WAN Type A Must filled setting Choose the WAN type for the selected Physical Interface above. Back N/A Click Back button to go to previous step Next N/A ...
Page 17 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: Ethernet WAN Type: Dynamic IP Address Dynamic IP Settings Item Value setting Description Host Name An optional setting Enter the host name provided by your Service Provider. Enter the MAC address that you have registered with your service provider. Or Click the Clone button to clone your PC’s MAC to this field. ISP Registered MAC An Optional setting Address Usually this is the PC’s MAC address assigned to allow you to connect to Internet. Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step 17 ...
Page 18 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: Ethernet WAN Type: Static IP Address Static IP Settings Item Value setting Description WAN IP Address A Must filled setting Enter the WAN IP address given by your Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider Primary DNS A Must filled setting Enter the primary WAN DNS IP address given by your Service Provider Secondary DNS Optional setting Enter the secondary WAN DNS IP address given by your Service Provider Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step 18 ...
Page 19 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: Ethernet WAN Type: PPP over Ethernet PPPoE Settings Item Value setting Description PPPoE Account A Must filled setting Enter the PPPoE User Name provided by your Service Provider. PPPoE Password A Must filled setting Enter the PPPoE password provided by your Service Provider. Primary DNS A Must filled setting Enter the IP address of Primary DNS server. Secondary DNS Optional setting Enter the IP address of Secondary DNS server. Service Name Optional setting Enter the service name if your ISP requires it Assigned IP Address Optional setting Enter the IP address assigned by your Service Provider. Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step 19 ...
Page 20 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: Ethernet WAN Type: PPTP PPTP Settings Item Value setting Description Select either Static or Dynamic IP address for PPTP Internet connection. When Static IP Address is selected, you will need to enter the WAN IP Address, WAN Subnet Mask, and WAN Gateway. WAN IP Address (A Must filled setting): Enter the WAN IP address given by your Service Provider. IP Mode A Must filled setting WAN Subnet Mask (A Must filled setting): Enter the WAN subnet mask given by your Service Provider. WAN Gateway (A Must filled setting): Enter the WAN gateway IP address given by your Service Provider. When Dynamic IP is selected, there are no above settings required. Server IP A Must filled setting Enter the PPTP server name or IP Address. Address/name PPTP Account A Must filled setting Enter the PPTP username provided by your Service Provider. PPTP Password A Must filled setting Enter the PPTP connection password provided by your Service Provider. Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step 20 ...
Page 21 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: Ethernet WAN Type: L2TP L2TP Settings Item Value setting Description Select either Static or Dynamic IP address for L2TP Internet connection. When Static IP Address is selected, you will need to enter the WAN IP Address, WAN Subnet Mask, and WAN Gateway. WAN IP Address (A Must filled setting): Enter the WAN IP address given by your Service Provider. IP Mode A Must filled setting WAN Subnet Mask (A Must filled setting): Enter the WAN subnet mask ...
Page 22 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: ADSL WAN Type: Ethernet Over ATM with NAT Ethernet over ATM with NAT for ADSL Setting Item Value setting Description Select either Static or Dynamic IP address for Ethernet over ATM Internet connection. When Static IP Address is selected, you will need to enter the WAN IP Address, WAN Subnet Mask, WAN Gateway, Primary DNS and Secondary DNS (optional) manually. WAN IP Address (A Must filled setting): Enter the WAN IP address given by your Service Provider. WAN Subnet Mask (A Must filled setting): Enter the WAN subnet mask given by your Service Provider. WAN Gateway (A Must filled setting): Enter the WAN gateway IP address IP Mode A Must filled setting given by your Service Provider. Primary DNS (A Must filled setting): Enter the primary WAN DNS IP address given by your Service Provider. Secondary DNS (An optional setting): Enter the secondary WAN DNS IP address given by your Service Provider. When Dynamic IP is selected: Host Name (An optional setting): Enter the host name provided by your Service Provider. ISP Registered MAC Address (An optional setting): Enter the MAC address 22 ...
Page 23 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. that you have registered with your service provider. Or Click the Clone button to clone your PC’s MAC to this field. Usually this is the PC’s MAC address assigned to allow you to connect to Internet. Select the encryption mode provided by your Service Provider. Data Encapsulation A Must filled setting LLC: refers to Logical Link Control VCMux: Virtual Circuit Multiplexing 1. A Must filled Enter the VPI provided by your Service Provider. setting VPI Number VPI Number refers to Virtual Path Identifier Number. 2. Default is 0 1. A Must filled Enter the VCI provided by your Service Provider. setting VCI Number VCI Number refers to Virtual Circuit Identifier Number. 2. Default is 33 Define the Schedule Type provided by your Service Provider. There are four types can be selected: UBR: UBR generally is used for applications that are very tolerant of delay 1.A Must filled and cell loss. setting Schedule Type CBR: CBR is typically used for circuit emulation. 2. Default is UBR VBR: VBR is used in that relates to telecommunications computing used in sound or video encoding. bitrate GFR: refers to Guaranteed Frame Rate GFR Back ...
Page 24 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: ADSL WAN Type: IP over ATM IP over ATM for ADSL Setting Item Value setting Description Select either Static or Dynamic IP address for IP over ATM Internet connection. When Static IP Address is selected, you will need to enter the WAN IP Address, WAN Subnet Mask, WAN Gateway, Primary DNS and Secondary DNS (optional) manually. WAN IP Address (A Must filled setting): Enter the WAN IP address given by your Service Provider. WAN Subnet ...
Page 25 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. address assigned to allow you to connect to Internet. Select the encryption mode provided by your Service Provider. Data Encapsulation A Must filled setting LLC: refers to Logical Link Control VCMux: Virtual Circuit Multiplexing 1. A Must filled Enter the VPI provided by your Service Provider. setting VPI Number VPI Number refers to Virtual Path Identifier Number. 2. Default is 0 1. A Must filled Enter the VCI provided by your Service Provider. setting VCI Number VCI Number refers to Virtual Circuit Identifier Number. 2. Default is 33 Define the Schedule Type provided by your Service Provider. UBR: UBR generally is used for applications that are very tolerant of delay and cell loss. 1. A Must filled Schedule Type setting CBR: CBR is typically used for circuit emulation. 2. Default is UBR VBR: VBR is used in telecommunications and computing that relates to the bitrate used in sound or video encoding. GFR: refers to Guaranteed Frame Rate GFR Back N/A Click Back button to go to previous step ...
Page 26 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPPoE for ADSL Setting Item Value setting Description PPPoE Account A Must filled setting Define the PPPoE connection account should be used. PPPoE Password A Must filled setting Define the PPPoE connection password should be used. Primary DNS Optional setting Define the IP address of Primary DNS server. Secondary DNS Optional setting Define the IP address of Secondary DNS server. Service Name Optional setting Define the PPPoE server name should be used. Assigned IP Address Optional setting Define the static IP that the PPPoE connection should be used. Define the encryption mode for data. There two types can be selected : Data Encapsulation A Must filled setting LLC : refers to Logical Link Control VCMux : Virtual Circuit Multiplexing Define the VPI number that connection should use. VPI Number A Must filled setting VPI Number refers to Virtual Path Identifier Number. Define the VCI number that connection should use. VCI Number A Must filled setting VCI Number refers to Virtual Circuit Identifier Number. Define the Schedule Type that connection should use. There are four types can be selected : ...
Page 27 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: ADSL WAN Type: – PPP over ATM PPP over ATM for ADSL Setting Item Value setting Description PPPoA Account A Must filled setting Define the PPPoA connection account should be used. PPPoA Password A Must filled setting Define the PPPoA connection password should be used. Primary DNS Optional setting Define the IP address of Primary DNS server. Secondary DNS Optional setting Define the IP address of Secondary DNS server. Service Name Optional setting Define the PPPoA server name should be used. Assigned IP Address Optional setting Define the static IP that the PPPoA connection should be used. Define the encryption mode for data. There two types can be selected : Data Encapsulation A Must filled setting LLC : refers to Logical Link Control VCMux : Virtual Circuit Multiplexing Define the VPI number that connection should use. ...
Page 28 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Define the Schedule Type that connection should use. There are four types can be selected : UBR : UBR generally is used for applications that are very tolerant of delay and cell loss. Schedule Type A Must filled setting CBR : CBR is typically used for circuit emulation. VBR : VBR is used in telecommunications and computing that relates to the bitrate used in sound or video encoding. GFR : refers to Guaranteed Frame Rate GFR Back N/A Click the Back button to go to previous step Next N/A Click the Next button to go to next step In Ethernet LAN Interface (Step‐5), configure the LAN IP Address and Subnet Mask of the device. The Ethernet LAN Interface Item Value setting Description LAN IP Address A Must filled setting Assign an IP Address for LAN, this IP address is a gateway IP. By default Select a Subnet Mask for the default LAN, and it will be assigned to DHCP Subnet Mask 255.255.255.0/24 is server to distribute IP address for client. selected. Back N/A Click Back button to go to previous step Next ...
Page 29: Vpn Setup Wizard
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. VPN Setup Wizard VPN Wizard will step by step guide you through to complete VPN tunnel setup. Step‐1: Setup Steps In Step‐1, the VPN Setup Step is a screen that displays the summary of steps for VPN setup. Click Next button to begin VPN setup. Step‐2: Select VPN Type From VPN Type dropdown box choose a VPN method to deploy. Click the Next button to go to the next step. Step‐3: Sub‐steps When IPSec is selected, go to (Step‐3) IPSec in the following page. When PPTP is selected, go to (Step‐3) PPTP in the following page. When L2TP is selected, go to (Step‐3) L2TP in the following page. When GRE is selected, go to (Step‐3) GRE in the following page. 29 ...
Page 30 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. (Step‐3) IPSec When IPSec is selected in Step‐2 for VPN Type, IPSec configuration window will appear. When complete the IPSec configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. 30 ...
Page 31 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. (Step‐3) PPTP When PPTP is selected in Step‐2 for VPN Type and either PPTP client or server is selected the client or server configuration window will appear. PPTP Client When PPTP Client is selected in Step‐2 for VPN Type, PPTP configuration window will appear. When complete the PPTP Client configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. PPTP Server When PPTP Server is selected in Step‐2 for VPN Type, PPTP configuration window will appear. 31 ...
Page 32 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When complete the PPTP Server configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. (Step‐3) L2TP When L2TP is selected in Step‐2 for VPN Type and either L2TP client or server is selected the client or server configuration window will appear. L2TP Client When L2TP Client is selected in Step‐2 for VPN Type, L2TP configuration window will appear. When complete the L2TP Client configuration, click Next button, a setup summary will display. 32 ...
Page 33 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Confirm the setting then click the Apply button to complete the setting. L2TP Server When L2TP Server is selected in Step‐2 for VPN Type, L2TP configuration window will appear. When complete the L2TP Server configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. 33 ...
Page 34 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. (Step‐3) GRE When GRE is selected in Step‐2 for VPN Type, GRE configuration window will appear. When complete the GRE configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. 34 ...
Page 35: Status
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3 Status 2.3.3 Network Status The Network Status window shows the current status for different network type, including network configuration, connecting information, modem status and traffic statistics. From the menu on the left, select Status > Network Status WAN interface IPv4 Network Status WAN interface IPv4 Network Status screen shows status information for IPv4 network. WAN interface IPv4 Network Status Item Value setting Description ID N/A It displays corresponding WAN interface WAN IDs. It displays the type of WAN physical interface. Interface N/A Depending on the model purchased, it can be Ethernet, 3G/4G, USB ...
Page 36 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. connection. Default value is 0.0.0.0 if left unconfigured. It displays the MAC Address for your ISP to allow you for Internet access. MAC Address N/A Note: Not all ISP may require this field. It displays the connection status of the device to your ISP. Conn. Status N/A Status are Connected or disconnected. This area provides functional buttons. Renew button allows user to force the device to request an IP address from the DHCP server. Note: Renew button is available when DHCP WAN Type is used and WAN connection is disconnected. Release button allows user to force the device to clear its IP address setting to disconnect from DHCP server. Note: Release button is available when DHCP WAN Type is used and WAN connection is connected. Connect button allows user to manually connect the device to the Action N/A Internet. Note: Connect button is available when Connection Control in WAN Type setting is set to Connect Manually (Refer to Edit button in Basic Network > WAN > Internet Setup) and WAN connection status is disconnected. Disconnect button allows user to manually disconnect the device from the Internet. Note: Connect button is available when Connection Control in WAN Type setting is set to Connect Manually (Refer to Edit button in Basic Network > WAN > Internet Setup) and WAN connection status is connected. WAN interface IPv6 Network Status WAN interface IPv6 Network Status screen shows status information for IPv6 network. WAN interface IPv6 Network Status Item ...
Page 37 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. It displays the method which public IP address is obtained from your ISP. WAN Type N/A WAN type setting can be changed from Basic Network > IPv6 > Configuration. Link‐local IP N/A It displays the LAN IPv6 Link‐Local address. Address It displays the IPv6 global IP address assigned by your ISP for your Internet Global IP Address N/A connection. It displays the connection status. The status can be connected, Conn. Status N/A disconnected and connecting. This area provides functional buttons. Action N/A Edit Button when pressed, web‐based utility will take you to the IPv6 configuration page. (Basic Network > IPv6 > Configuration.) LAN Interface Network Status LAN Interface Network Status screen shows IPv4 and IPv6 information of LAN network. LAN Interface Network Status Item Value setting Description It displays the current IPv4 IP Address of the gateway IPv4 Address N/A This is also the IP Address user use to access Router’s Web‐based Utility. IPv4 Subnet Mask ...
Page 38 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Edit IPv6 Button when press, web‐based utility will take you to the IPv6 configuration page. (Basic Network > IPv6 > Configuration.) Interface Traffic Statistics Interface Traffic Statistics screen displays the Interface’s total transmitted packets. Interface Traffic Statistics Item Value setting Description ID N/A It displays corresponding WAN interface WAN IDs. It displays the type of WAN physical interface. Interface N/A Depending on the model purchased, it can be Ethernet, 3G/4G, USB 3G/4G. Received Packets N/A It displays the downstream packets. It is reset when the device is rebooted. Transmitted Packets N/A It displays the upstream packets. It is reset when the device is rebooted. LAN Interface Network Status LAN Interface Network Status screen shows IPv4 and IPv6 information of LAN network. ...
Page 39 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. LAN Interface Network Status Item Value setting Description It displays the current IPv4 IP Address of the gateway IPv4 Address N/A This is also the IP Address user use to access Router’s Web‐based Utility. IPv4 Subnet Mask N/A It displays the current mask of the subnet. It displays the current LAN IPv6 Link‐Local address. IPv6 Link‐local N/A This is also the IPv6 IP Address user use to access Router’s Web‐based Address Utility. It displays the current IPv6 global IP address assigned by your ISP for your IPv6 Global Address N/A Internet connection. This area provides functional buttons. Edit IPv4 Button when press, web‐based utility will take you to the ...
Page 40 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Depending on the model purchased, it can be 3G/4G and USB 3G/4G. Note: Some device model may support two 3G/4G modules. Their physical interface name will be 3G/4G 1 and 3G/4G 2. Card N/A It displays the vendor’s 3G/4G modem model name. Information It displays the 3G/4G connection status. The status can be Connecting, Link Status N/A Connected, Disconnecting, and Disconnected. Signal N/A It displays the 3G/4G wireless signal level. Strength Network N/A It displays the name of the service network carrier. ...
Page 41 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Show SIM Status SIM Status (after Detail button) Item Value setting Description It displays the operating SIM card. The display can be SIM‐A or SIM‐B. Note: In SIM N/A some AMIT’s products, the device supports one SIM slot and only SIM‐A is available. It displays the stutus of whether the SIM is requied to be unlocked and absent of SIM card. The display can be Ready, SIM card not inserted, incorrect PIN code, PIN is required, Blocked. Ready* the PIN code is entered correctly and the SIM is unlocked. SIM card not insert* the SIM card is not detected. Check if SIM card is inserted properly. PIN Code N/A Status PIN code incorrect* the PIN code entered is incorrect. PIN is required* the PIN code is required to unlock the SIM card. Blocked* the SIM card is locked and need PUK code to unlock. It is probably due to the device had exceeded the allowed number of times to unlock. Refer to PIN Code Remaining Times This displays the remaining time of the counter that you are allowed to try to unlock SIM card with the PIN code*. Once the number of unlocking tries has been exhused the counter will display zero then the SIM card is locked. You are PIN Code not allowed to unlock with the PIN code and would need to enter the PUK code Remaining N/A Times to unlock instead. Note: You will need to enquire the telecom carrier for the PUK code to unlock or further technical services. ...
Page 42 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. *To enter or re‐enter PIN code please go to Basic Network > WAN > Internet Setup > Connection with SIM‐A Card. Show Service Information Service Information (after Detail button) Item Value setting Description Operator N/A It displays the name of the carrier. It displays the cell messaging information. This is only available in GSM network Cell Broadcast N/A and that your carrier provides this information. It displays the MCC (Mobile Country Code) information that obtains from the MCC N/A current registered network. It displays the MNC (Mobile Network Code) information that obtains from the ...
Page 43 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PS Attached N/A It shows the PS attached status. It can be Attached or Detached. Status Roaming It displays the registration status to the network, at roaming or at home N/A Status network. It can be Roaming or Not Roaming. It displays the IMSI (International Mobile Subscriber Identity) information, which IMSI N/A usually is composed of 15 digits. It displays the SMSC (Short Message Service Center) information, which is SMSC N/A ...
Page 44: Client List
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3.7 Client List The Client List shows you the LAN Interface, IP address, Host Name, MAC Address, and Remaining Lease Time of each device that is connected to this router. Go to Status > LAN Client List LAN Client List Item Value setting Description LAN Interface N/A Client record of LAN Interface. String Format. Client record of IP Address Type and the IP Address. Type is String Format IP Address N/A and the IP Address is IPv4 Format. Host Name N/A Client record of Host Name. String Format. MAC Address N/A Client record of MAC Address. MAC Address Format. Remaining Lease N/A Client record of Remaining Lease Time. Time Format. Time 44 ...
Page 45: Firewall Status
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3.9 Firewall Status The Firewall Status Viewer provides user a quick view of the firewall status and current firewall settings. The Firewall Status Viewer also keeps the log history of the dropped packets by the firewall rule policies. It also includes the administrator remote login settings specified in the Firewall Options. Before Status Viewer can log history ensure to enable Log Alert box for each of the Filter specified under Advanced Network > Firewall By clicking the icon [+], the status table will be expanded to display log history. Clicking the Edit button the screen will be switched to the configuration page. From the menu on the left, select Status > Firewall Status > Firewall Status Tab Packet Filter Status Packet Filter Status Item Value setting Description Activated Filter N/A This is the Packet Filter Rule name. Rule This is the logged packet information, including the source IP, destination IP, protocol, and destination port –the TCP or UDP. Detected N/A Contents String format: Source IP to Destination IP : Destination Protocol (TCP or UDP) IP N/A The Source IP (IPv4) of the logged packet. ...
Page 46 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. URL Blocking Status URL Blocking Status Item Value setting Description Activated N/A This is the URL Blocking Rule name. Blocking Rule Blocked URL N/A This is the logged packet information. IP N/A The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format. Time N/A ("Month" "Day" "Hours":"Minues":"Seconds") Note: Ensure URL Blocking Log Alert is enabled. Refer to Advanced Network > Firewall > URL Blocking tab. Check Log Alert and save the setting. Web Content Filter Status Web Content Filter Status Item Value setting Description Activated Filter N/A Logged packet of the rule name. String format. Rule ...
Page 47 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Control Status MAC Control Status Item Value setting Description Activated N/A This is the MAC Control Rule name. Control Rule Blocked MAC N/A This is the MAC address of the logged packet. Addresses IP N/A The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format. Time N/A ("Month" "Day" "Hours":"Minues":"Seconds") ...
Page 48 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IPS Firewall Status IPS Firewall Status Item Value setting Description Detected N/A This is the intrusion type of the packets being blocked. Intrusion IP N/A The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format. ("Month" Time N/A "Day" "Hours":"Minues":"Seconds") Note: Ensure IPS Log Alert is enabled. Refer to Advanced Network > Firewall > IPS tab. Check Log Alert and save the setting. 48 ...
Page 49 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Firewall Options Status Firewall Options Status Item Value setting Description Enable or Disable setting status of Stealth Mode on Firewall Options. Stealth Mode N/A String Format: Disable or Enable Enable or Disable setting status of SPI on Firewall Options. SPI N/A String Format : Disable or Enable Enable or Disable setting status of Discard Ping from WAN on Firewall Discard Ping from Options. N/A WAN String Format: Disable or Enable Enable or Disable setting status of Remote Administrator. If Remote Administrator is enabled, it shows the currently logged in ...
Page 50: Vpn Status
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3.b VPN Status The VPN Status widow shows the overall VPN tunnel status. From the menu on the left, select Status > VPN Status IPSec Status IPSec Status shows the configuration for establishing IPSec tunnel and current connection status. IPSec Status Item Value setting Description Tunnel Name N/A It displays the tunnel name you have entered to identify. Tunnel Scenario N/A It displays the Tunnel Scenario specified. Local Subnets N/A It displays the Local Subnets specified. Remote Subnets N/A It displays the Remote Subnets specified. It displays the Status of the VPN connection. The status displays are ...
Page 51 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPTP Server Status Item Value setting Description User Name N/A It displays the login name of the user used for the connection. It displays the public IP address (the WAN IP address) of the connected PPTP Remote IP N/A client. Remote Virtual IP N/A It displays the IP address assigned to the connected PPTP client. Remote Call ID N/A It displays the PPTP client Call ID. It displays the Status of each of the PPTP client connection. The status displays Status N/A Connected, Disconnect, and Connecting. Click on Edit Button to change PPTP server setting, web‐based utility will take Edit Button N/A you to the PPTP server configuration page. (Advanced Network > VPN > PPTP tab) PPTP Client Status Item Value setting Description Client Name N/A It displays Name for the PPTP Client specified. It displays the WAN interface with which the gateway will use to ...
Page 52 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. L2TP Server/Client Status LT2TP Status shows the configuration for establishing LT2TP tunnel and current connection status. L2TP Server Status Item Value setting Description User Name N/A It displays the login name of the user used for the connection. It displays the public IP address (the WAN IP address) of the connected Remote IP N/A L2TP client. Remote Virtual IP N/A It displays the IP address assigned to the connected L2TP client. Remote Call ID N/A It displays the L2TP client Call ID. It displays the Status of each of the L2TP client connection. The status Status N/A displays Connected, Disconnect, Connecting Click on Edit Button to change L2TP server setting, web‐based utility Edit Button N/A will take you to the L2TP server configuration page. (Advanced Network > VPN > L2TP tab) 52 ...
Page 53 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. L2TP Client Status Item Value setting Description Client Name N/A It displays Name for the L2TP Client specified. It displays the WAN interface with which the gateway will use to Interface N/A request PPTP tunneling connection to the PPTP server. It displays the IP address assigned by Virtual IP server of the L2TP Virtual IP N/A server. ...
Page 54: System Mgmt. Status
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3.d System Mgmt. Status The System Management Status window shows the status for managing remote network devices. The type of management available in your device is depended on the device model purchased. The commonly used ones are the SNMP, TR‐069, and UPnP. From the menu on the left, select Status > System Mgmt. Status SNMP Linking Status SNMP Link Status screen shows the status of current active SNMP connections. SNMP Link Status Item Value setting Description It displays the user name for authentication. This is only available for SNMP User Name N/A version 3. IP Address N/A It displays the IP address of SNMP manager. ...
Page 55 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. SNMP Trap Information Show the status of current received SNMP traps. SNMP Trap Information Item Value setting Description Trap Level N/A It displays the trap level. Time N/A It displays the timestamp of trap event. Trap Event N/A It displays the IP address of the trap sender and event type. TR‐069 Status The TR‐069 Status window shows the current connection status with the TR‐068 server. TR‐069 Status Item Value setting Description It displays the current connection status with the TR‐068 server. The ...
Page 56: Chapter 3 Basic Network
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 3 Basic Network 3.1 WAN The gateway provides one or more WAN interfaces to let all client hosts in Intranet of the gateway access the Internet via ISP. But ISPs in the world apply various connection protocols to let gateways or user's devices dial in ISPs and then link to the Internet via different kinds of transmit media. So, the WAN Connection lets you specify the WAN Physical Interface, WAN Internet Setup and WAN Load Balance for Intranet to access Internet. For each WAN interface, you must specify its physical interface first and then its Internet setup to connect to ISP. If the gateway has multiple WAN ...
Page 57: Physical Interface
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.1.1 Physical Interface The first step to configure one WAN interface is to specify which kind of connection media to be used for the WAN connection, as shown in "Physical Interface" page. In "Physical Interface" page, there are two configuration windows, "Physical Interface List" and "Interface Configuration". "Physical Interface List" window shows all the available physical interfaces. After clicking on the "Edit" button for the interface in "Physical Interface List" window the "Interface Configuration" window will appear to let you configure a WAN interface. Physical Interface List The Physical Interface List shows all WAN interfaces of the gateway device, including their name, what kinds of physical interface, their operation mode and line speed. There is one "Edit" button for each WAN interface, which can let you configure the interface. Please see "Interface Configuration" ...
Page 58 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. An example of an IOG761AM‐0TDA1 device An example of an ODG761AM‐0T1 device An example of an BDG761AM‐0T1 device The contents of "Physical Interface List" in above example windows are just some examples. They vary from model to model. It depends on the model purchased.  Interface Name The logic name of WAN interfaces is identified by “WAN‐1”, “WAN‐2”, …, and so on.  Physical Interface This device is equipped with some kinds of WAN Interfaces to support different WAN types of connections. You can configure one by one to get proper internet connection setup. Refer to AMIT ...
Page 59 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. There are three option items “Always‐on”, “Failover”, and “Disable” for the operation mode setting. It decides whether the corresponding WAN interface functions as the main access, as a failover access connection or disable the interface.  Line Speed Specify the correct line speed (bandwidth) of uploading and downloading for each WAN interface allow the device to operate its QoS&BWM and WAN Load Balance functions normally. It is necessary to configure the parameters if you want to use QoS&BWM and WAN Load Balance functions on the gateway device.  VLAN Tagging ...
Page 60 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Physical Interface]‐[Interface Configuration (WAN‐n)], n=1, 2, ... Configuration Path Ethernet 3G/4G USB 3G/4G ADSL Physical Interface Always on Always on Failover Always on Operation Mode 100Mbps / 50Mbps / 5Mbps / 21Mbps 2Mbps / 22Mbps Line Speed 100Mbps 150Mbps WAN Physical Interface Ethernet WAN Gateway DSLAM Firewall xDSL Modem 3G/4G WAN Cellular Network Gateway USB 3G/4G WAN Cellular Network Gateway...
Page 61 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. USB 3G/4G WAN: The gateway has one USB port that can support 3G/4G USB modem for a WAN connection. Please plug 3G/LTE USB dongle and follow UI setting to setup. ADSL WAN: The gateway has one ADSL modem built‐in that can be configured to be a WAN connection, please plug in RJ11 cable (normally the landline phone cable) in DSL port and follow UI setting to setup.  Operation Mode There are three option items “Always on”, “Failover”, and “Disable” for the operation mode ...
Page 62 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Physical Interface]‐[Interface Configuration (WAN‐n)], n=1, 2 Configuration Path WAN‐1 WAN‐2 Interface Name ADSL USB 3G/4G Physical Interface Always on Failover WAN‐1 □Seamless Operation Mode 2Mbps / 22Mbps 5Mbps / 21Mbps Line Speed [Internet Setup]‐[Internet Connection Configuration (WAN‐n)], n=1, 2 Configuration Path WAN‐1 WAN‐2 Interface Name Ethernet over ATM with NAT 3G/4G WAN Type [Internet Setup]‐[Ethernet over ATM with NAT WAN Type Configuration] Configuration Path WAN‐1 Interface Name Auto‐reconnect (Always on) Connection Control LLC Data Encryption 0 VPI Number 33 VCI Number UBR Schedule Type ...
Page 63 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. system starts the failback process. S 5: When failback process starts, system terminates the current WAN connection via Failover WAN interface. S 6: System changes the data routing path back to the primary WAN interface as same state as at the beginning of system normal operation. Gateway ① Disconnected DSLAM WAN‐1: ADSL ② Failover Failover WAN‐2: 3G/4G ③ Start Connecting Cellular Network Gateway ④ Connection Back DSLAM WAN‐1: ADSL Failback ⑥...
Page 64 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. transfer mission instantly by only changing routing path to failover interface. The dialing‐up time of failover connection is saved since it has been connected beforehand. For some mission‐critical applications, this gateway supports “Seamless Failover” to shorten switch time during WAN interface failover process. So, the initial status of two WAN connections for Seamless Failover is shown in following diagram. Gateway DSLAM Connected and Data Transferring WAN‐1: ADSL WAN‐2: 3G/4G Initial Status Connected but just Keep Alive Cellular Network Next, Failover and Failback processes are shown in following diagram. Their steps are: S 1: When system discovers the primary WAN connection is failed. S 2: System starts the failover process. ...
Page 65 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Gateway ① Disconnected DSLAM WAN‐1: ADSL ② Failover Failover WAN‐2: 3G/4G ③ Change Routing via WAN-2 Cellular Network Gateway DSLAM ④ Connection Back WAN‐1: ADSL Failback ⑥ Failback: Change WAN‐2: 3G/4G Routing back via WAN-1 ⑤ Leave it Keep Alive Cellular Network  Dual SIM Failover Scenario: ...
Page 66 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Physical Interface]‐[Interface Configuration (WAN‐1)] Configuration Path WAN‐1 Interface Name 3G/4G Physical Interface Always on Operation Mode 50Mbps / 150Mbps Line Speed [Internet Setup]‐[Internet Connection Configuration (WAN‐1)] Configuration Path WAN‐1 Interface Name 3G/4G WAN Type [Internet Setup]‐[3G/4G WAN Type Configuration] Configuration Path WAN‐1 Interface Name SIM‐A First Preferred SIM Card So, the initial status of two WAN connections using different SIM card is shown in the following diagram. Cellular Network #1 Connected and Gateway Data Transferring SIM‐A Initial Status SIM‐B (SIM-A First) Not Connected Cellular Network #2 ...
Page 67 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. S 3: System keeps executing data transfer via SIM‐n connection until the connection failed. Once the SIM‐n connection failed, system starts the failover process again and goes back to S2 step. Cellular Network #1 ① When Disconnected Gateway SIM‐A ② Failover Failover SIM‐B ③ Start Connecting Cellular Network #2 Cellular Network #1 Gateway ⑥ Start Connecting SIM‐A Failover ⑤...
Page 68: Ethernet Wan
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In addition, you also can setup WAN‐2 with VLAN Tagging (Tag ID 12) using ADSL WAN interface for your Intranet to access specific service in ISP. Following table list the physical interface configuration for these two WAN interfaces, and their scenarios are shown in the following diagram. [Physical Interface]‐[Interface Configuration (WAN‐n)], n=1, 2 Configuration Path WAN‐1 WAN‐2 Interface Name Ethernet ADSL Physical Interface Always on Always on Operation Mode 100Mbps / 100Mbps 2Mbps / 22Mbps Line Speed □Enable ■Enable 12 VLAN Tagging Ethernet WAN Gateway w/o Tag...
Page 69: Internet Setup
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.1.3 Internet Setup After specifying the physical interface for each WAN connection, administrator must configure their connection profiles one after one to meet the dial in process of ISPs, so that all client hosts in the Intranet of the gateway can access the Internet. In "Internet Setup" page, there are some configuration windows: "Internet Connection List", "Internet Connection Configuration", "WAN Type Configuration" and related configuration windows for each WAN type. For the Internet setup of each WAN interface, you must specify its WAN type of ...
Page 70 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Internet Connection List The Internet Connection List shows the WAN connection profiles of all WAN interfaces in the gateway device, including interface name, the kinds of physical interface, their operation mode and WAN connection type. There is one "Edit" button for each WAN interface to let you configure its ...
Page 71 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Interface Name The logic name of WAN interfaces is identified by “WAN‐1”, “WAN‐2”, …, and so on.  Physical Interface This device is equipped with some kinds of WAN Interfaces. Please refer to [Basic Network]‐ [WAN]‐[Physical Interface] section (3.1.1).  Operation Mode It is "Always on", "Failover" or "Disable". Please refer to [Basic Network]‐ [WAN]‐[Physical Interface] section (3.1.1).  WAN Type The supported WAN types for each WAN interface depend on the kind of interface. Following are all kinds of physical interfaces and their supported WAN types.  Ethernet interface: A fixed line ISP that provides xDSL or cable modem for you to setup the WAN connection.  Static IP Address WAN type: Select this option if ISP provides a fixed IP address to you. You will need to enter in the IP address, subnet mask, and gateway address, provided to you by your ISP.  Dynamic IP Address WAN type: You may choose this WAN type if you connects a cable modem or a fiber (VDSL modem) for Internet connection. The assigned IP address for ...
Page 72 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. operator provides. In addition, if your 3G data plan is not with a flat rate, it’s recommended to set Connection Control mode to Connect‐on‐Demand or Manually.  ADSL interface: Asymmetric digital subscriber line (ADSL) is a type of digital subscriber line (DSL) technology, a data communications technology that enables faster data transmission ...
Page 73 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Ethernet interface: there are Static IP, Dynamic IP, PPPoE, PPTP and L2TP WAN types.  Static IP Address WAN Type: Settings include WAN IP Address, WAN Subnet Mask, WAN Gateway, Primary DNS, Secondary DNS, MTU, NAT, Network Monitoring, IGMP and WAN IP Alias.  Dynamic IP Address WAN Type: Settings include Host Name, ISP registered MAC Address, Connection Control, Maximum Idle Time, MTU, NAT, Network Monitoring, IGMP and WAN IP Alias.  PPPoE WAN Type: Settings include IPv6 Dual Stack, PPPoE Account & Password, Primary DNS / Secondary DNS, Connection Control, Maximum Idle Time, Service Name / Assigned IP ...
Page 74 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. NAT, Data Encapsulation, VPI Number, VCI Number, Schedule Type, Network Monitoring, IGMP and WAN IP Alias.  RFC 1483 Bridged WAN type: Settings include Data Encapsulation, VPI Number, VCI Number, Schedule Type, Network Monitoring, IGMP and WAN IP Alias. There are some common and important configuration parameters common to all WAN Type as listed below.  Network Monitoring The gateway supports failover function and the function must depend on the correct decision ...
Page 75 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Start N: the count of fails N = 0 “Loading Check” enable? Sleep for “Check Interval” Enough Sleep for traffic “Check Interval” existed? “DNS Query” “ICMP Checking” Checking Method FQDN Query ICMP Check (Target1, Target2) (Target1, Target2) Reply time > “Latency Success? Threshold” No, or “Check Timeout” occurs N = N+1 N < “Fail Threshold” Connection is Broken Try to reconnect  Connection Control There are three ways for connection control, “Auto‐reconnect (Always on)”, “Dial‐on‐demand” ...
Page 76 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Manually: This gateway won’t start to establish WAN connection until you press “Connect” button on web UI. After normal data transferring between LAN and WAN sides, this gateway will disconnect WAN connection if idle time reaches value of Maximum Idle Time. Please be noted, if the WAN interface serves as the primary one for another WAN interface in Failover role, the Connection Control parameter will not be available to you to configure as the system must set it to “Auto‐reconnect (Always on)”.  Auto‐reconnect / Dial‐on‐demand / Manually Scenario: As an example, WAN‐1, WAN‐2 and WAN‐3 are all Ethernet interfaces with "Always on" operation mode. Their WAN Type is set to "Dynamic IP" but with different Connection Control approaches. WAN‐1 uses "Auto‐reconnect (Always on)", WAN‐2 uses "Dial‐on‐demand" and WAN‐3 uses ...
Page 77 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Its steps are: Pre‐state: After system booting up, system tries to let the WAN connection be alive. S 1: When system discovers the WAN connection is failed. S 2: System starts to re‐connect the WAN connection till connect successfully as same as Pre‐ state. In the "Dial‐on‐demand" scenario, system will not make the WAN connection until gateway receives an Internet accessing request from Intranet. And then the connection will keep alive only when there still is data transfer. If there is no data transfer for a period that is longer than the ...
Page 78 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. ② Start Connecting Gateway Manually DSLAM xDSL Modem ③ Disconnect when ① Connect Button idle timeout Primary DNS, Secondary DNS, DHCP Servers Intranet Its steps are: Pre‐state: After system booting up, the WAN connection is disconnected. S 1: When administrator click on the "Connect" button on the "Network Status" configuration window. S 2: System starts to make the WAN connection till connect successfully. Keep the connection ...
Page 79: Load Balance
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.1.5 Load Balance When there are more than one WAN interfaces, and when the bandwidth of one WAN connection is not enough for the traffic loads from the Intranet to the Internet, the gateway device needs the WAN load balance function to enlarge the total WAN bandwidth of gateway. AMIT "Load Balance" function for multiple WANs gateway designs five optional strategies: By Smart Weight, By Priority, By User Policy, By Sequence and ...
Page 80 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. decides further routing ratio of connection flow to all WAN interfaces based on current traffic flow loads (in bytes) on all WAN interfaces. Administrator may take it as a fast approach to maximize the bandwidth utilization of multiple WAN interfaces in gateway. That is, system will take the line speed settings of all WAN interfaces specified in "Physical Interface" configuration page, as the default ratio between WAN interfaces for data transfer. Based on the ratio of packet bytes via these WAN interfaces in past period (maybe 5 minutes), system decides how many sessions will be transferred via each WAN interface for current period of traffic loadings as shown in the following illustration diagram. ...
Page 81 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Internet Setup]‐[Ethernet over ATM with NAT WAN Type Configuration] Configuration Path WAN‐1 Interface Name Auto‐reconnect (Always on) Connection Control LLC Data Encryption 0 VPI Number 33 VCI Number UBR Schedule Type [Internet Setup]‐[3G/4G WAN Type Configuration] Configuration Path WAN‐2 Interface Name Auto‐detection Dial‐up Profile Auto‐reconnect (Always on) Connection Control [Load Balance]‐[Configuration] Configuration Path ■ Enable Load Balance By Smart Weight Load Balance Strategy The steps of the Smart Weight algorithm are: Pre‐state: System takes the line speed settings of all WAN interfaces as the initial ratio between all WAN interfaces for load balance. ...
Page 82 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Following is another example diagram to illustrate the scenario. At the beginning, gateway has two WAN interfaces and their download line speed are 22Mbps (m Mbps) for WAN‐1 interface and 11Mbps (n Mbps) for WAN‐2. That comes from administrator subscribes ADSL ISP for a 22 Mbps WAN connection and 3G/4G ISP for another 11 Mbps WAN connection. Administrator fills these both values in the line speed field for both WAN interfaces. Please refer to section [Basic Network]‐[WAN]‐...
Page 83 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Physical Interface]‐[Interface Configuration (WAN‐n)] , n=1,2 Configuration Path WAN‐1 WAN‐2 Interface Name ADSL 3G/4G Physical Interface Always on Always on Operation Mode 2Mbps / 22Mbps 1Mbps / 11Mbps Line Speed [Internet Setup]‐[Internet Connection Configuration (WAN‐n)], n=1, 2 Configuration Path WAN‐1 WAN‐2 Interface Name Ethernet over ATM with NAT 3G/4G WAN Type [Internet Setup]‐[Ethernet over ATM with NAT WAN Type Configuration] Configuration Path WAN‐1 Interface Name Auto‐reconnect (Always on) Connection Control LLC Data Encryption 0 VPI Number 33 VCI Number UBR Schedule Type ...
Page 84 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. By User Policy Load Balance Strategy Finally, when you choose "By User Policy" load balance strategy, there are two more configuration windows: "User Policy List" and "User Policy Configuration". "User Policy List" shows all your defined user policy entries, and the "User Policy Configuration" window will let you configure one user policy for routing dedicated packet flow via one WAN interface. They are shown in following diagrams. Above example shows that administrator hopes the packet flow whose destination is "www.google.com" will be transferred via WAN‐1 interface, and another packet flow whose destination is "www.yahoo.com" will be transferred via WAN‐2 interface. For other un‐specified packet flows will be routed by default via different WAN interfaces by "Smart Weight" load balance strategy. ① Google: ‐> WAN‐1 Yahoo: ‐> WAN‐2 Gateway DSLAM WAN‐1: ADSL ②...
Page 85 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. To meet the load balance requirement as in the above example diagram, administrator need configure the device based on following configuration table contents. [Physical Interface]‐[Interface Configuration (WAN‐n)] , n=1,2 Configuration Path Same as the one in "By Priority" load balance strategy [Internet Setup]‐[Internet Connection Configuration (WAN‐n)], n=1, 2 Configuration Path Same as the one in "By Priority" load balance strategy [Internet Setup]‐[Ethernet over ATM with NAT WAN Type Configuration] Configuration Path Same as the one in "By Priority" load balance strategy [Internet Setup]‐[3G/4G WAN Type Configuration] Configuration Path Same as the one in "By Priority" load balance strategy [Load Balance]‐[Configuration] Configuration Path ■ Enable Load Balance Load Balance Strategy By User Policy ...
Page 86 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Load Balance Setting The Load Balance is used to manage balance bandwidth usage of multiple WAN connections. Go to Basic Network > WAN > Load Balance When By Smart Weight is selected, user just needs to click Save button. Load Balance Item Value setting Description Unchecked by Load Balance Check the Enable box to activate Load Balance function. default There are three strategy selections. By Smart Weight: System will automatically adjust traffic loading based on traffic weight of each WAN. Load Balance A Must filled setting By Priority: System will adjust the loading based on user defined bandwidth Strategy for each WAN. By User Policy: System will route traffics through available WAN interface based on user defined rules. Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings When By Priority is selected, user needs to adjust the percentage of WAN loading. System will give a ...
Page 87 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. By Priority Item Value setting Description Edit N/A When click Edit button, user can edit the percentage of WAN loading. Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings When By User Policy is selected, the load balance can be configured for user’s preference. By User Policy Item Value setting Description When click Add button, it will open the rule setting page. Add N/A Detail is shown below. When click Delete button, it will delete the selected rule. Delete N/A Note that rule is selected by checking the box near Select Text Edit N/A When click Edit button, user can edit the selected rule at setting page. Create User Policy Click Add to add rules ...
Page 88 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create User Policy Item Value setting Description There are four options can be selected : Select Any for traffic from any source Subnet : Traffic from the setting subnet will follow the rule. Input format Source IP Address A Must filled setting is : xxx.xxx.xxx.xxx/xx e.g. 192.168.123.0/24 IP Range : Traffic from the setting IP range will follow the rule. Single IP : Traffic from specific IP will follow the rule. There are five options can be selected : Any : All traffic will follow the rule Subnet : Traffic to the setting subnet will follow the rule. Input format is : Destination IP xxx.xxx.xxx.xxx/xx e.g. 192.168.123.0/24 A Must filled setting Address IP Range : Traffic to the setting IP range will follow the rule. Single IP : Traffic to specific IP will follow the rule. Domain Name : Traffic to the specific domain name will follow the rule. There are four options can be selected : All : All traffic will follow the rule Port Range : Traffic to the setting port range will follow the rule. Destination Port A Must filled setting Single port : Traffic to specific port will follow the rule. Well‐known Applications : User can select the service port of well‐known application defined in menu. There are three options can be selected : Both : Traffic with TCP or UDP protocol will follow the rule. Protocol A Must filled setting TCP : Traffic to the setting port range will follow the rule. UDP : Traffic to specific port will follow the rule. User can select the interface that traffic should go. WAN Interface ...
Page 89: Lan & Vlan
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Undo N/A Click Undo to cancel the settings 3.3 LAN & VLAN This section provides a brief description of LAN and VLAN. It also explains how to create and modify virtual LANs which are more commonly known as VLANs. 3.3.1 Ethernet LAN The Local Area Network (LAN) can be used to share data or files among computers attached to a network. Following diagram illustrates the network that wired and interconnects computers. ...
Page 90 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. client hosts in the same department should own common access property and QoS property. You can select either one operation mode, port‐based VLAN or tag‐based VLAN, and then configure according to your network configuration. Please be noted, for some gateway with only one physical Ethernet LAN port, only very limited configuration are available if you enable the Port‐based VLAN. There are some common VLAN scenarios for the device as follows:  Port‐Based VLAN Tagging for Differentiated Services Port‐based VLAN function can group Ethernet ports, Port‐1 ~ Port‐4, and WiFi Virtual Access ...
Page 91 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. DHCP‐3 server equipped. He also configure Office segment with VLAN ID 2. The VLAN group includes Port‐2 and VAP‐1 (SSID: Staff) with NAT mode and DHCP‐2 server equipped. At last, administrator also configure Data Center segment with VLAN ID 1. The VLAN group includes Port‐ 1 with NAT mode to WAN interface as shown in following diagram. Above is the general case for 3 Ethernet LAN ports in the gateway. But if the device just has one Ethernet LAN port, there will be only one VLAN group for the device. Under such situation, it still supports both the NAT and Bridge mode for the Port‐based VLAN configuration.  Tag‐based VLAN Tagging for Location‐free Departments ...
Page 92 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Tag‐based VLAN is also called a VLAN Trunk. The VLAN Trunk collects all packet flows with different VLAN IDs from Router device and delivers them in the Intranet. VLAN membership in a tagged VLAN is determined by VLAN ID information within the packet frames that are received on a port. Administrator can further use a VLAN switch to separate the VLAN trunk to different groups based on VLAN ID. Following is an example. In a SMB company, administrator schemes out 3 segments, Lab, Meeting Rooms, and Office. In a ...
Page 93 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  VLAN Group Access Control Administrator can specify the Internet access permission for all VLAN groups. He can also configure which VLAN groups are allowed to communicate with each other. VLAN Group Internet Access Administrator can specify members of one VLAN group to be able to access Internet or not. Following is an example that VLAN groups of VID is 2 and 3 can access Internet but the one with VID is 1 cannot. That is, visitors in meeting room and staffs in office network can access Internet. ...
Page 94 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Inter VLAN Group Routing: In Port‐based tagging, administrator can specify member hosts of one VLAN group to be able to communicate with the ones of another VLAN group or not. This is a communication pair, and one VLAN group can join many communication pairs. But communication pair doesn’t have the transitive property. That is, A can communicate with B, and B can communicate with C, it doesn’t imply that A can communicate with C. An example is shown at following diagram. VLAN groups of VID is 1 and 2 can access each other but the ones between VID 1 and VID 3 and between VID 2 and VID 3 can’t. 94 ...
Page 95 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. LAN & VLAN Setting The Ethernet LAN allows user to setup the LAN IP address for device. Setting LAN IP address and subnet mask will affect the IP that LAN devices can get. Go to Basic Network > LAN & VLAN > Ethernet LAN 95 ...
Page 96 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Ethernet LAN Item Value setting Description LAN IP can let user to access device from LAN. LAN IP Address A Must filled setting Changing LAN IP means to change the DHCP server IP pool on device. Subnet Mask is used to define the range of IP pool and it will affect the IP Subnet Mask A Must filled setting address that LAN devices can get. Save N/A Click the Save button to save the configuration. Click the Undo button to restore what you just configured back to the Undo N/A previous setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. The VLAN function allows you to divide local network into different virtual LAN. There are Port‐ based and Tag‐based VLAN types. Select one that applies. For Port‐based VLAN Type Go to Basic Network > LAN & VLAN > VLAN Tab In VLAN type select Port‐based. VLAN Configuration Item Value setting Description Port‐based is Select Port‐based allow you to add rule for each LAN port, and you can do VLAN Type ...
Page 97 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When Add button is applied Port‐based VLAN Configuration screen will appear, which is including 3 sections: Port‐based VLAN Configuration, DHCP Server Configuration and IP Fixed Mapping Rule List and Inter Vlan Group Routing (enter through a button) 97 ...
Page 98 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Port‐based VLAN Configuration Port‐based VLAN Configuration Item Value setting Description Name 1. A Must filled Define the Name of this rule. It has a default text and can not be modified. setting 2. String format: already have default texts Enable The box is Click Enable box to activate this rule. unchecked by default. A Must filled setting Define the VLAN ID number, range is 1~4094. VLAN ID By default Disable is The rule is activated according to VLAN ID and Port Members configuration VLAN Tagging selected. when Enable is selected. The rule is activated according Port Members configuration when Disable is selected. By default NAT is Select NAT mode or Bridge mode for the rule. NAT / Bridge selected. These box is ...
Page 99 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. DHCP Server Configuration DHCP Server Configuration Item Value setting Description DHCP Server /Relay By default Server is Define the DHCP Server type. selected. There are three types you can select: Server, Relay, and Disable. If selecting Server or Disable, just go to DHCP Server Name field to start setting Server information. If selecting Relay type, only have to fill the DHCP Server IP Address field. Go to DHCP Server IP Address DHCP Server Name A Must filled setting Define name of the DHCP Server. IP Pool A Must filled setting Define the IP Pool range. There are Starting Address and Ending Address fields, if a client requests an IP address from this DHCP Server, it will assign an IP address in the range of IP pool. Lease Time A Must filled setting Define a period of time for an IP Address that the DHCP Server leases to a new device. By default, the lease time is 86400 seconds. When your lease expires, you must stop using the IP address. Domain Name It’s optional field, please follow rules of CHCP Server page. Go to Basic Network > Client / Server / Proxy > DHCP Server Primary DNS ...
Page 100 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. settings only) Save NA Port‐based Click the Save button to save the configuration and back to VLAN List. IP Fixed Mapping Rule List Additionally, you can add rule in the IP Fixed Mapping Rule List, and the rule list in only for Server/Disable type of DHCP Server /Relay field. This table is the same with Basic Network > Client / Server / Proxy > DHCP Server > Fixed Mapping Tab When Add button is applied Mapping Rule Configuration table will appear. Mapping Rule Configuration Item Value setting ...
Page 101 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Inter VLAN Group Routing Click on VLAN Group Routing button the VLAN Group Internet Access Definition and Inter VLAN Group Routing screen will appear. The screen in the figure shows the default setting. Each member in different VLAN IDs can’t access each other. Click on Edit to modify the setting. When clicking Edit button, a screen similar to this will appear. 101 ...
Page 102 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. VLAN Group Item Value setting Description All boxes are By default, all boxes are checked means all VLAN ID members are allow to VALN Group checked by default. access WAN interface. Internet Access If uncheck a VLAN ID box, it means the VLAN ID member can’t access Definition Internet anymore. (VLAN ID 1 is available always, it is the default VLAN ID of LAN rule) (VLAN ID 2 is available only when VLAN ID 2 is enabled) The same applies to other VLAN IDs. (i.e. VLAN ID 3). The box is By default, members in different VLAN IDs can’t access each other. Our Inter VLAN unchecked by device supports 4 rules for Inter VLAN Group Routing. Group Routing default. If ID_1 and ID_2 are checked, it means members in VLAN ID_1 and VLAN ID_2 are defined as a group member. Members of VLAN ID_1 can access members of VLAN ID_2, so as VLAN ID_2 to VLAN ID_1. (VLAN ID 1 is available always, it is the default VLAN ID of LAN rule) (VLAN ID 2 is available only when VLAN ID 2 is enabled) The same applies to other VLAN IDs. (i.e. VLAN ID 3). NA Click the Save button to save the configuration Save For Tag‐based VLAN Type The Tag‐based VLAN allows you to custom each LAN port according to VLAN ID. There is a default rule ...
Page 103 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Tag‐based VLAN Rules When Add button is applied Tag‐based VLAN Configuration screen will appear. 103 ...
Page 104 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Tag‐based VLAN Item Value setting Description A Must filled setting Define the VLAN ID number, range is 6~4094. VALN ID Internet Access The box is checked Define the VLAN ID member can access Internet or not. by default. Port The box is Define which LAN port is part of the VLAN ID. unchecked by default. The box is Define which VAP is part of the VLAN ID. VAP unchecked by Notice that a VAP is only belong to a VLAN ID. default. Disappear VAP if the router doesn’t support Wireless function. By default DHCP 1 is Assign a DHCP Server to these members of this VLAN ID. The field list DHCP Server selected. available DHCP server and None items for select. To create or edit DHCP server for VLAN, refer to Basic Network > Client/Server/Proxy > DHCP Server NA Click the Save button to save the configuration Save Notice that after clicking Save button, always click Apply button to take ...
Page 105: Ipv6 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.7 IPv6 The growth of the Internet has created a need for more addresses than are possible with IPv4. IPv6 (Internet Protocol version 6) is a version of the Internet Protocol (IP) intended to succeed IPv4, which is the protocol currently used to direct almost all Internet traffic. IPv6 also implements additional features not present in IPv4. It simplifies aspects of address assignment (stateless address auto‐configuration), network renumbering and router announcements when changing Internet connectivity providers. This gateway supports various types of IPv6 connection (Static IPv6 / DHCPv6 / PPPoEv6 / 6to4 / 6in4). Please contact your ISP the type of IPv6 is supported before you proceed with IPv6 setup.  Static IPv6 Static IPv6 does the same function as static IPv4. The static IPv6 provides manual setting of IPv6 address, IPv6 default gateway address, and IPv6 DNS. In above diagram depicts the IPv6 IP addressing, type in the information provided by your ISP to setup the IPv6 network.  DHCPv6 DHCP in IPv6 does the same function as DHCP in IPv4. The DHCP server sends IP address, DNS ...
Page 106 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In above diagram depicts DHCP IPv6 IP addressing, the DHCPv6 server on the ISP side assigns IPv6 address, IPv6 default gateway address, and IPv6 DNS to client host’s automatically.  PPPoEv6 PPPoEv6 in IPv6 does the same function as PPPoE in IPv4. The PPPoEv6 server provides configuration parameters based on PPPoEv6 client request. When PPPoEv6 server gets client request and successfully authenticates it, the server sends IP address, DNS server addresses and other required parameters to automatically configure the client. 106 ...
Page 107 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The diagram above depicts the IPv6 addressing through PPPoE, PPPoEv6 server (DSLAM) on the ISP side provides IPv6 configuration upon receiving PPPoEv6 client request. When PPPoEv6 server gets client request and successfully authenticates it, the server sends IP address, DNS server addresses and other required parameters to automatically configure the client.  6to4 6to4 is one mechanism to establish automatic IPv6 in IPv4 tunnels and to enable complete IPv6 sites communication. The only thing a 6to4 user needs is a global IPv4 address. 6to4 may be used by an individual host, or by a local IPv6 network. When used by a host, it must have a global IPv4 address connected, and the host is responsible for encapsulation of outgoing IPv6 packets and decapsulation of incoming 6to4 packets. If the host is configured to forward packets for ...
Page 108 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In above diagram, the 6in4 usually needs to register to a 6in4 tunnel service, known as Tunnel Broker, in order to use. It also need end point global IPv4 address as 114.39.16.49 to complete 6in4 setting. 108 ...
Page 109: Ipv6 Configuration 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.7.1 IPv6 Configuration The IPv6 Configuration setting allows user to set the IPv6 connection type to access the IPv6 network. Ensure IPv6 is enabled and saved Go to Basic Network > IPv6 > Configuration Tab Select IPv6 WAN Connection Type IPv6 Configuration Item Value setting Description Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity. 1. Only can be selected when IPv6 Select Static IPv6 when your ISP provides you with a set IPv6 addresses. WAN Connection Enable Then go to Static IPv6 WAN Type Configuration. Type 2. A Must filled Select DHCPv6 when your ISP provides you with DHCPv6 services. setting Select PPPoEv6 when your ISP provides you with PPPoEv6 account settings. Select 6to4 when you want to user IPv6 connection over IPv4. Select 6in4 when you want to user IPv6 connection over IPv4. 109 ...
Page 110 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Static IPv6 WAN Type Configuration Static IPv6 WAN Type Configuration Item Value setting Description IPv6 Address A Must filled setting Enter the WAN IPv6 Address for the router. Subnet Prefix A Must filled setting Enter the WAN Subnet Prefix Length for the router. Length Default Gateway A Must filled setting Enter the WAN Default Gateway IPv6 address. Primary DNS An optional setting Enter the WAN primary DNS Server. Secondary DNS An optional setting Enter the WAN secondary DNS Server. The box is unchecked by Enable/Disable the MLD Snooping function MLD Snooping default LAN Configuration LAN Configuration Item ...
Page 111 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. DHCPv6 WAN Type Configuration DHCPv6 WAN Type Configuration Item Value setting Description The option [From Select the [Specific DNS] option to active Primary DNS and Secondary DNS. DNS Server] is selected by Then fill the DNS information. default Can not modified by Primary DNS Enter the WAN primary DNS Server. default Can not modified by Secondary DNS Enter the WAN secondary DNS Server. default The box is MLD unchecked by Enable/Disable the MLD Snooping function default LAN Configuration LAN Configuration Item Value setting Description Global Address Value auto‐created ...
Page 112 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPPoEv6 WAN Type Configuration PPPoEv6 WAN Type Configuration Item Value setting Description Enter the Account for setting up PPPoEv6 connection. If you want more Account A Must filled setting information, please contact your ISP. Enter the Password for setting up PPPoEv6 connection. If you want more Password A Must filled setting information, please contact your ISP. A Must filled Enter the Service Name for setting up PPPoEv6 connection. If you want Service Name setting/Option more information, please contact your ISP. Connection Control Fixed value The value is Auto‐reconnect(Always on). Enter the MTU for setting up PPPoEv6 connection. If you want more MTU A Must filled setting information, please contact your ISP. The box is MLD Snooping unchecked by Enable/Disable the MLD Snooping function default LAN Configuration ...
Page 113 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 6to4 WAN Type Configuration 6to4 WAN Type Configuration Item Value setting Description 6to4 Address Value auto‐created IPv6 address for access the IPv6 network. Primary DNS An optional setting Enter the WAN primary DNS Server. Secondary DNS An optional setting Enter the WAN secondary DNS Server. The box is MLD unchecked by Enable/Disable the MLD Snooping function default LAN Configuration LAN Configuration Item Value setting Description Global Address An optional setting Enter the LAN IPv6 Address for the router. Link‐local Address Value auto‐created Show the link‐local address for LAN interface of router. ...
Page 114 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 6in4 WAN Type Configuration Please go to find IPv6 tunnel brokers to establish 6in4 tunnel. (can find List of IPv6 tunnel brokers that support 6in4 service from wiki) Then filled the Local IPv4 address of router into Client IPv4 Address field in IPv6 tunnel broker setting page. 6in4 WAN Type Configuration Item Value setting Description Remote IPv4 A Must filled setting Filled Server IPv4 Address gotten from tunnelbroker in this field. Address Local IPv4 Address Value auto‐created IPv4 address of this router. Local IPv6 Address A Must filled setting Filled Client IPv6 Address gotten from tunnelbroker in this field. Primary DNS An optional setting Enter the WAN primary DNS Server. Secondary DNS An optional setting Enter the WAN secondary DNS Server. The box is MLD unchecked by Enable/Disable the MLD Snooping function default ...
Page 115 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. LAN Configuration LAN Configuration Item Value setting Description Global Address A Must filled setting Filled Routed /64 gotten from tunnelbroker in this field. Link‐local Address Value auto‐created Show the link‐local address for LAN interface of router. Then go to Address Auto‐configuration (summary) for setting LAN environment. If above setting is set, click the save button to save the configuration and click reboot button to reboot the router. Address Auto‐configuration (summary) 115 ...
Page 116 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Address Auto‐configuration Item Value setting Description The box is Auto‐configuration unchecked by Check to enable the Autoconfiguration feature. default Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity. Select Stateless to manage the Local Area Network to be SLAAC + RDNSS Router Advertisement Lifetime (A Must filled setting): Enter the Router Advertisement Lifetime (in seconds). 200 is setted by default. 1. Only can be selected when Auto‐ Select Stateful to manage the Local Area Network to be Stateful (DHCPv6). configuration ...
Page 117: Nat / Bridge 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.9 NAT / Bridge Network address translation (NAT) is a methodology of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. The technique was originally used for ease of rerouting traffic in IP networks without renumbering every host. It has become a popular and essential tool in conserving global address space allocations in face of IPv4 address exhaustion. AMIT products embed and activate the NAT function by default except the Access Point series of products. You also can disable it in [Basic Network]‐[WAN]‐[Internet Setup]‐[WAN Type Configuration]. Following features are included in the NAT function: NAT Loopback, Virtual Server, Virtual ...
Page 118 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. NAT Loopback This feature allows you to access the WAN global IP address from your inside NAT local network. It is useful when you run a server inside your network. For example, if you set a mail server at LAN side, your local devices can access this mail server through gateway’s global IP address when enable NAT loopback feature. On either side are you in accessing the email server, at the LAN side or at the WAN side, you don’t need to change the IP address of the mail server, as shown in scenario of following diagram. 118 ...
Page 119: Virtual Server & Virtual Computer 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Without the need of reconfigure their PC each time, the employee from inside or outside the office can access enterprise servers. So network administrator must activate the "NAT Loopback" feature to do that. Scenario Description Local user can access mail server by FQDN or global IP when NAT loop back is enable. Global user can access mail server only when mail server is set as virtual server of the gateway. Parameter Setup Example Following 2 tables list the parameter configuration as an example for above diagram of gateway with "NAT Loopback" feature activated. Use default value for those parameters that are not mentioned in these tables. [Configuration]‐[NAT Loopback] Configuration Path ■ Enable NAT Loopback [Virtual Server & Virtual Computer]‐[Virtual Server List] Configuration Path 2 ID Public Port 25 (SMTP) 110 (POP3) 10.0.75.101 10.0.75.101 Server IP 25 (SMTP) 110 (POP3) Private Port ■ Enable ■ Enable Rule ...
Page 120 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Configuration Item Value setting Description The box is checked by NAT Loopback Check the Enable box to activate this NAT function default Save N/A Click the Save button to save the settings. Undo N/A Click Undo to cancel the settings 120 ...
Page 121 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.9.3 Virtual Server & Virtual Computer Virtual server is another name for port forwarding used by some routers. In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway (external network), by remapping the destination IP address and port number of the communication to an internal host. Port forwarding allows remote computers (a computers on the Internet) to connect to a specific computer or service within a private local‐area network (LAN). So you can deploy some servers in your Intranet with the firewall protection by your gateway. This device’s NAT firewall filters out unrecognized packets to protect your Intranet, so all hosts behind this device gateway are invisible to the outside ...
Page 122 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Virtual Server List "Virtual Server" feature allows you to define some servers with the global IP address or FQDN of the gateway as if they are servers existed in the Internet. But in fact, these servers are located in the Intranet and are physically behind the gateway. The gateway serves the service requests by port forwarding the requests to the LAN servers and transfers the replies from LAN servers to the requester on the WAN side. For example, if you set an E‐mail server on the LAN side with IP address 10.0.75.101, a remote user can access the gateway for E‐mail service if you defined a virtual E‐mail server for the gateway by using the real E‐mail server on the LAN side, as shown in scenario in following diagram. Scenario Application Timing Set up some application servers in the Intranet of deployed network for services and are protected by the gateway firewall. In a way that the gateway appears to be the physical server to the remote users, while the real server is, in reality, operating and providing service at the LAN side behind the gateway. Scenario Description The gateway serves as an E‐mail server for remote users E‐mail services from the gateway. 122 ...
Page 123 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The gateway executes port forwarding transferring the E‐mail service requests to the LAN servers and sends the replies from LAN servers to the requester. The E‐mail server at LAN side is the server for E‐mail service. Parameter Setup Example Following table list the parameter configuration as an example for scenario ② in above diagram. Please be noted that the E‐mail service includes SMTP and POP3 service ports. Use default value for those parameters that are not mentioned in the table. [Virtual Server & Virtual Computer]‐[Virtual Server List] Configuration Path ID 25 (SMTP) 110 (POP3) Public Port 10.0.75.101 10.0.75.101 Server IP 25 (SMTP) 110 (POP3) Private Port ■ Enable ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a NAT router. Define the E‐mail virtual server to be located at a server with IP address 10.0.75.101 in the Intranet of Network‐A, including SMTP service port 25 and POP3 service port 110. So, the remote user can access the E‐mail server in the gateway that has the global IP 118.18.81.33 at its WAN side. But the real E‐mail server is located at LAN side and the gateway is the port forwarder for E‐mail service. A virtual server rule can be integrated with a schedule rule. That means, the virtual server rule can be activated only at the pre‐defined time schedule. Virtual Computer List ...
Page 124 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing To setup some hosts in the Intranet of deployed networking to be visible to outside world but also be protected by the NAT gateway firewall, use the "Virtual Computer" feature in the gateway to implement the application scenario. Scenario Description A LAN host is assigned with a global IP address to be visible to outside world. The host has an embedded FTP file server and is protected by the gateway firewall. The gateway acts as the media between the LAN host and outside world to allow remote access. Parameter Setup Example Following table list the parameter configuration as an example for scenario ③ in above diagram. Use default value for those parameters that are not mentioned in the table. [Virtual Server & Virtual Computer]‐[Virtual Computer List] Configuration Path ID Global IP 118.18.81.44 10.0.75.102 Local IP ■ Enable Rule 124 ...
Page 125 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a NAT router. A LAN host with private IP address 10.0.75.102 has an embedded FTP file server in it. The host is expected to be visible to the outside world with global IP address 118.18.81.44, but also be protected by the gateway firewall. Configure a virtual computer in the gateway for the mapping between the global IP address 118.18.81.44 and the local IP address 10.0.75.102. The gateway will take care of all accessing to the FTP file server by server's global IP address, and it acts as a media between the LAN host and the outside world by using its "Virtual Computer" feature. So remote users can request for file services from the FTP file server, even it is existed in a LAN host. The Virtual Server setting allows user to redirect a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. The Virtual Computer setting allows user to use the original NAT feature, and allows you to setup the one‐to‐one mapping of multiple pairs of global IP address and local IP address. Enable Virtual Server and Virtual Computer Go to Basic Network > NAT / Bridging > Virtual Server & Virtual Computer tab Configuration Item Value setting Description The box is unchecked by Virtual Server Check the Enable box to activate this NAT function default The box is checked by Virtual Computer Check the Enable box to activate this NAT function default Save N/A ...
Page 126 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Virtual Server The router allows you to custom your Virtual Server rules. The router supports up to a maximum of 20 rule‐based Virtual Server sets. When Add button is applied Virtual Server Rule Configuration screen will appear. Virtual Server Rule Configuration Item Value setting Description Define the selected interface to be the packet‐entering interface of the router. If the packets to be filtered are coming from WAN‐x then select WAN‐x for 1. A Must filled setting 2. this field. WAN Interface Default is ALL. Select ALL for packets coming into the router from any interfaces. It can be selected WAN‐x box when WAN‐x enabled. This field is to specify the IP address of the interface selected in the WAN Server IP A Must filled setting Interface setting above. When “ICMPv4” is selected It means the option “Protocol” of packet filter rule is ICMPv4. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Protocol A Must filled setting Scheduling setting under System) Then check Enable box to enable this rule. When “TCP” is selected 126 ...
Page 127 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. It means the option “Protocol” of packet filter rule is TCP. Public Port selected a predefined port from Well‐known Service, and Private Port is the same with Public Port number. Public Port is selected Single Port and specify a port number, and Private Port can be set a Single Port number. Public Port is selected Port Range and specify a port range, and Private Port can be selected Single Port or Port Range. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Enable box to enable this rule. When “UDP” is selected It means the option “Protocol” of packet filter rule is UDP. Public Port selected a predefined port from Well‐known Service, and Private Port is the same with Public Port number. Public Port is selected Single Port and specify a port number, and Private Port can be set a Single Port number. Public Port is selected Port Range and specify a port range, and Private Port can be selected Single Port or Port Range. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Enable box to enable this rule. When “TCP & UDP” is selected It means the option “Protocol” of packet filter rule is TCP and UDP. Public Port selected a predefined port from Well‐known Service, and Private Port is the same with Public Port number. Public Port is selected Single Port and specify a port number, and Private Port can be set a Single Port number. Public Port is selected Port Range and specify a port range, and Private Port can be selected Single Port or Port Range. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Enable box to enable this rule. When “GRE” is selected It means the option “Protocol” of packet filter rule is GRE. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) 127 ...
Page 128 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Then check Enable box to enable this rule. When “ESP” is selected It means the option “Protocol” of packet filter rule is ESP. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Enable box to enable this rule. Click the Save button to save the settings. When “SCTP” is selected It means the option “Protocol” of packet filter rule is SCTP. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Enable box to enable this rule. When “User‐defined” is selected It means the option “Protocol” of packet filter rule is User‐defined. For Protocol Number, enter a port number. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Enable box to enable this rule. Save N/A Click the Save button to save the settings. Undo N/A Click Undo to cancel the settings. When the Back button is clicked the screen will return to the Packet Filters Back N/A Configuration page. Create/Edit Virtual Computer The router allows you to custom your Virtual Computer rules. The router supports up to a maximum of 20 rule‐based Virtual Computer sets. When Add button is applied Virtual Computer Rule Configuration screen will appear. 128 ...
Page 129: Special Ap & Alg 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Virtual Computer Rule Configuration Item Value setting Description Global IP A Must filled setting This field is to specify the IP address of the WAN IP. Local IP A Must filled setting This field is to specify the IP address of the LAN IP. Enable N/A Then check Enable box to enable this rule. Save N/A Click the Save button to save the settings. 3.9.5 Special AP & ALG As a pure NAT gateway, it doesn't allow an active connection request from outside world. All this kind of requests will be ignored by the NAT gateway. But at the client hosts in the Intranet, users may use applications that need more service ports to be allowed for passing through the NAT gateway. The "Special AP" feature in the gateway can solve this problem. That is, some applications require multiple connections, like Internet games, Video conferencing, Internet telephony, etc. Because of the firewall function, these applications cannot work with a pure NAT router. The Special Applications feature allows some of these applications to work with this product. Besides, application‐level gateway (ALG) allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer "control/data" ...
Page 130 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In "Special AP & ALG" page, there is one configuration window for "ALG" feature. The gateway provides "SIP ALG" here. In addition, there also be one "Special AP List" window to list all your defined special applications. Using "Add" or "Edit" button to add and create one new special application or to modify an existed one. When "Add" or "Edit" button is applied the "Special AP Rule Configuration" window will appear to let you define a application rule. The parameters include the trigger port, the allowed incoming ports, the integrated time schedule rule, and the rule activation. Special AP List ...
Page 131 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When local user wants to run an application to access the server in the Internet and the application need more than one connection session with different service ports to finish its function. You can define one special application rule for it. The rule can be integrated with one schedule rule. That is, the special application rule can be activated only at the pre‐defined schedule. Scenario Description Local user runs an application to access the Internet server by a trigger packet with the dedicated destination port. Gateway opens more service ports for incoming packets to pass through the gateway into the Intranet from the Internet if the application requires. Parameter Setup Example Following table lists the parameter configuration as an example for the gateway in above diagram with one special application rule to be defined. Use default value for those parameters that are not mentioned in the table. [Special AP & ALG]‐[Special AP List] Configuration Path ID 554 (Quick Time 4) Trigger Port 6970‐6999 Incoming Ports ■ Enable Rule 131 ...
Page 132 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a NAT router. Define a special application rule with the trigger port 554 (Quick Time 4) and incoming ports 6970‐6999, and activate the rule. So, the local user at host with IP address 10.0.75.100 can enjoy the music by using Quick Time 4 application. The media server is in the Internet. ALG Configuration This gateway supports the SIP ALG feature to allow one SIP phone behind the NAT gateway can call another SIP phone in the Internet, even the gateway executes its NAT mechanism between the Intranet and the Internet. The NAT gateway monitors the control traffic and open up port mappings (firewall pinhole) dynamically as required to know about an address/port number combination that ...
Page 133 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. gateway. Scenario Description The "SIP ALG" feature in the NAT Gateway is enabled to monitor, open up ports and make the address and port translation for the voice communication of the SIP phone behind the gateway. A SIP phone behind a NAT gateway can call another SIP phone with the help of the SIP server in the Internet. Parameter Setup Example Following table lists the parameter configuration for the NAT gateway in above diagram. Configuration Path [Special AP & ALG]-[Configuration] SIP ALG ■ Enable Scenario Operation Procedure In above diagram, the NAT Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a NAT router. Configure the NAT gateway with SIP ALG being enabled. When the SIP Phone #1 behind the NAT gateway has booted up, it will register to the SIP server in the Internet. So, the SIP server knows where the SIP Phone #1 is. In the same way, the SIP Phone #2 also registers to the SIP server. A local user wants to make one call to the SIP Phone #2 by using the SIP Phone #1, the NAT Gateway will monitor the calling process, open up required service ports for incoming packets and make the address and port translation for the voice communication. First, the calling starts from the SIP Phone #1 to the SIP server. Then the SIP server invites the SIP Phone #2 and finally, the SIP Phone #1 talks to the SIP Phone #2, as shown in above diagram. ...
Page 134 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Special AP & ALG tab Item Value setting Description The box is checked by Special AP Check the Enable box to activate this NAT function default The box is checked by ALG Enable Check the Enable box to activate this NAT function default Save N/A Click the Save button to save the setting Undo N/A Click Undo to cancel the settings Create/Edit Special AP The router allows you to custom your Special AP rules. The router supports up to a maximum of 8 rule-based Special AP sets.
Page 135 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Special AP List Item Value setting Description Define the selected interface to be the packet‐entering interface of the router. If the packets to be filtered are coming from WAN‐x then select WAN‐x for 1. A Must filled setting 2. this field. WAN Interface Default is ALL. Select ALL for packets coming into the router from any interfaces. It can be selected WAN‐x box when WAN‐x enabled. When Popular Applications is selected “User‐defined” Port is set a port number, and Incoming Ports can be set a port number or a port range. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. When Popular Applications is selected “Battle.net” Port and Incoming Ports will be defined automatically. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. When Popular Applications is selected “Dialpad” Trigger Port A Must filled setting Port and Incoming Ports will be defined automatically. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. When Popular Applications is selected “ICU II” Port is the same with Incoming Ports. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. When Popular Applications is selected “MSN Gaming Zone” ...
Page 136 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scheduling setting under System) Then check Rule box to enable this rule. When Popular Applications is selected “PC‐to‐Phone” Port is the same with Incoming Ports. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. When Popular Applications is selected “Quick Time 4” Port is the same with Incoming Ports. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. Save N/A Click Save to save the settings. 136 ...
Page 137: Dmz & Pass Through 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.9.7 DMZ & Pass Through DMZ (De Militarized Zone) Host is a host that is exposed to the Internet cyberspace but still within the protection of firewall by gateway device. So, the function allows a computer to execute 2‐way communication for Internet games, Video conferencing, Internet telephony and other special applications. In some cases when a specific application is blocked by NAT mechanism, you can indicate that LAN computer as a DMZ host to solve this problem. In "DMZ" page, there is only one configuration window for "DMZ" feature. The window lets you activate the DMZ function and specify the IP address in the Intranet to be DMZ host so that the host under DMZ function can run applications freely that would, otherwise, blocked by NAT mechanism of the gateway with DMZ feature disabled. That is, the incoming packets issued by an active application in the Internet are usually blocked outside of the NAT gateway. But the DMZ host can receive those packets and make replies. That is, it is reactive to outside world. In the meantime, it is also protected by the gateway firewall. Configuration This feature allows you to ask the gateway pass through all normal packets to the DMZ host ...
Page 138 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the administrator of the gateway wants to set up some service daemons in a host that is in the Intranet to allow remote users request for services from the host actively, even the host is behind a NAT gateway. But remote users think the gateway provides those services, so users use the global IP of the gateway to request their services. Apply the DMZ feature in the NAT gateway to meet the application scenario. In addition, please also be noted that the client host is still protected by the gateway firewall. Scenario Description The DMZ host is behind a NAT gateway and receives all normal and active packets from the Internet. Remote user can access the DMZ host by using the IP address of the gateway, and the gateway will skip the NAT checking on the DMZ host. DMZ host is still protected by the gateway firewall. Parameter Setup Example Following table lists the parameter configuration as an example for the gateway in above diagram with DMZ enabling. Use default value for those parameters that are not mentioned in the table. Configuration Path [DMZ]-[Configuration] IP Address of DMZ Host: 10.0.75.100 ■ Enable Scenario Operation Procedure In above diagram, the NAT Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a NAT router. 138 ...
Page 139 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Configure a host in the Intranet to be the DMZ Host and activate the rule, whose IP address is 10.0.75.100. Assume there is an X server installed in the DMZ host. Then, the remote user can request services from the X server in the DMZ host by skipping the NAT checking by the gateway. DMZ & Pass Through Setting The DMZ setting allows that Host is a host that is exposed to the Internet cyberspace but still with the protection of firewall by gateway device. Enable DMZ and Pass Through Enable Go to Basic Network > NAT / Bridging > DMZ tab Configuration Item Value setting Description DMZ 1. A Must filled setting 2. Check the Enable box to activate this NAT function Default is ALL. Define the selected interface to be the packet‐entering interface of the router. If the packets to be filtered are coming from WAN‐x then select WAN‐x for this field. Select ALL for packets coming into the router from any interfaces. It can be selected WAN‐x box when WAN‐x enabled. This field of DMZ Host is to specify the IP address of Host LAN IP. Pass Through The box is checked by Check the Enable box to activate this NAT function Enable ...
Page 140: B Routing 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.b Routing If you have more than one router and subnet, you will need to enable routing function to allow packets to find proper routing path and allow different subnets to communicate with each other. Routing is the process of selecting best paths in a network. It is performed for many kinds of networks, like electronic data networks (such as the Internet), by using packet switching technology. The routing process usually directs forwarding on the basis of routing tables which maintain a record of the routes to various network destinations. Thus, constructing routing tables, which are held in the router's memory, is very important for efficient routing. Most routing algorithms use only one network path at a time. The routing tables record your pre‐defined routing paths for some specific destination subnets. It is static routing. However, if the contents of routing tables record the obtained routing paths from neighbor routers by using some protocols, such as RIP, OSPF and BGP. It is dynamic routing. These both routing approaches will be illustrated one after one. 3.b.1 Static Routing "Static Routing" function lets you define the routing paths for some dedicated hosts/servers or subnets to store in the routing table of the gateway. The gateway system will route incoming packets to different peer gateways based on the routing table. You define the static routing information in gateway system. In "Static Routing" page, there are three configuration windows for static routing feature. They are the "Configuration" window, "Static Routing Rule List" window and "Static Routing Rule Configuration" window. The "Configuration" window lets you activate the global static routing ...
Page 141 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. applied the "Static Routing Rule Configuration" window will appear to let you define a static routing rule. The parameters include the destination IP address and subnet mask of dedicated host/server or subnet, the IP address of peer gateway, the metric and the rule activation. Configuration Just check the "Enable" box to activate the "Static Routing" feature. Static Routing Rule List The Static Routing Rule List shows the setup parameters of all static routing rule enteries. There also be one "Add" button at the "Static Routing Rule List" caption, that can let you add one new static routing rule.
Page 142: Subnet Mask
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. destination. It can be carried out by the "Static Routing" feature. Scenario Description Dedicated packet flows from the Intranet will be routed to their destination via the pre‐ defined peer gateway and corresponding gateway interface that are defined in the system routing table by manual. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "Static Routing" enabling. Use default value for those parameters that are not mentioned in the tables. Configuration Path [Static Routing]-[Configuration] Static Routing ■ Enable Configuration Path [Static Routing]-[Static Routing Rule List] Destination IP 173.194.72.94 188.125.73.108 Subnet Mask 255.255.255.255 255.255.255.255 Gateway 118.18.81.1 203.95.80.1 Metric Rule ■...
Page 143: Static Routing Setting
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Static Routing Setting The static routing setting allows user to create and customize static routing rules through the router based on their office setting. Go to Basic Network > Routing > Static Routing Tab Static Routing Tab Item Value setting Description Enable Static The box is unchecked by Check the Enable box to activate this function Routing function default Create/Edit Static Routing Rules The router allows you to custom your static routing rules. It supports up to a maximum of 64 rule sets. When Add button is applied Static Routing Rule Configuration screen will appear. ...
Page 144 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IPv4 Static Routing Item Value setting Description 1. IPv4 Format Destination IP The Destination IP of this static routing rule. 2. A Must filled setting 255.255.255.0 (/24) is set Subnet Mask The Subnet Mask of this static routing rule. by default 1. IPv4 Format Gateway IP The Gateway IP of this static routing rule. 2. A Must filled setting Interface Auto is set by default The Interface of this static routing rule. 1. Numberic String Format Metric The Metric of this static routing rule. 2. A Must filled setting Enabling the The box is unchecked by Click Enable box to activate this rule. rule default. Save NA ...
Page 145: B.3 Dynamic Routing 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.b.3 Dynamic Routing Dynamic Routing, also called adaptive routing, describes the capability of a system, through which routes are characterized by their destination, to alter the path that the route takes through the system in response to a change in network conditions. The adaptation is intended to allow as many routes as possible to remain valid (that is, have destinations that can be reached) in response to the change. This gateway supports dynamic routing protocol, such as RIPv1/RIPv2 (Routing Information Protocol), OSPF (Open Shortest Path First), BGP (Border Gateway Protocol) for you to establish routing table automatically. The feature of dynamic routing will be very useful when there are lots of subnets in your network. Generally speaking, RIP is suitable for small network. OSPF is more suitable for medium network. BGP is more used for big network infrastructure. In the "Dynamic Routing" page, there are seven configuration windows for dynamic routing feature. They are the "RIP Configuration" window, "OSPF Configuration" window, "OSPF Area List", "OSPF Area Configuration", "BGP Configuration", "BGP Neighbor List" and "BGP Neighbor Configuration" window. RIP, OSPF and BGP protocols can be configured individually. The "RIP Configuration" window lets you choose which version of RIP protocol to be activated or disable it. The "OSPF Configuration" window can let you activate the OSPF dynamic routing protocol and specify its backbone subnet. Moreover, the "OSPF Area List" window lists all defined areas in the OSPF network. Using the "Add" button to add and create one new OSPF area and the "Edit" button to modify an existed one. Creation and modification can be done in the "OSPF Area Configuration" window. However, the "BGP Configuration" window can let you activate the BGP dynamic routing protocol and specify its self ID. The "BGP Neighbor List" window lists all defined neighbors in the BGP network. By using the "Add" button to add and create one new BGP neighbor and the "Edit" button to modify an existed one. You can do them in the "BGP Neighbor Configuration" window. 145 ...
Page 146 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. These three dynamic routing protocols are described as follows.  RIP Scenario The Routing Information Protocol (RIP) is one of the oldest distance‐vector routing protocols, which employs the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from the source to a destination. The maximum 146 ...
Page 147: Rip Configuration
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. number of hops allowed for RIP is 15. This hop limit, however, also limits the size of networks that RIP can support. A hop count of 16 is considered an infinite distance, in other words the route is considered unreachable. RIP implements the split horizon, route poisoning and holddown mechanisms to prevent incorrect routing information from being propagated. RIP Configuration In the "RIP Configuration" window, you can just choose the version of RIP protocol to activate the dynamic routing feature, or disable it.  OSPF Scenario Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing algorithm and falls into the group of interior routing protocols, operating within a single autonomous system (AS). OSPF is perhaps the most widely used interior gateway protocol (IGP) in large enterprise networks. IS‐IS, another link‐state dynamic routing protocol, is more common in large service provider networks. The most widely used exterior gateway protocol is the Border Gateway Protocol (BGP), the principal routing protocol between autonomous systems on the Internet. OSPF is an interior gateway protocol (IGP) for routing Internet Protocol (IP) packets solely within a single routing domain, such as an autonomous system. It gathers link state information from available routers and constructs a topology map of the network. The topology is presented as a routing table to the Internet Layer which routes datagrams based solely on the destination IP address found in IP packets. OSPF detects changes in the topology, such as link failures, and converges on a new loop‐free routing structure within seconds. It computes the shortest path tree for each route using a method based on Dijkstra's algorithm, a shortest path first algorithm. The OSPF routing policies for constructing a route table are governed by link cost factors (external metrics) associated with each routing interface. Cost factors may be the distance of a router (round‐trip time), data throughput of a link, or link availability and reliability, expressed as simple unitless numbers. This provides a dynamic process of traffic load balancing between routes of equal cost. An OSPF network may be structured, or subdivided, into routing areas to simplify administration and optimize traffic and resource utilization. Areas are identified by 32‐bit numbers, expressed either simply in decimal, or often in octet‐based dot‐decimal notation, familiar from IPv4 address notation. OSPF Configuration In the "OSPF Configuration" window, you can just check the "Enable" box to activate the OSPF ...
Page 148 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. the "OSPF Area List" caption to allow you to add one new OSPF area. The "Edit" button at the end of each OSPF area definition can let you modify it. OSPF Area Configuration To configure one OSPF area, you must specify related parameters including the area subnet, the area ID and area activation by an "Enable" box. Following diagram is an example for the scenario. ...
Page 149 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Following tables list the parameter configuration as an example for the OSPF gateway in above diagram. Use default value for those parameters that are not mentioned in the tables. Configuration Path [Dynamic Routing]-[OSPF Configuration] OSPF ■ Enable Backbone Subnet 10.0.0.0/16 Configuration Path [Dynamic Routing]-[OSPF Area List] Area Subnet 10.0.75.0/24 10.0.76.0/24 Area ID 10.0.75.254 10.0.76.254 Area ■ Enable ■ Enable Scenario Operation Procedure In above diagram, the OSPF Gateway is one gateway of the enterprise backbone (area ...
Page 150 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The BGP Neighbor List shows all BGP neighbors definition. There also be one "Add" button at the "BGP Neighbor List" caption that can let you add and create one new BGP neighbor. The "Edit" button at the end of each BGP neighbor definition can let you modify it.
Page 151 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. some other border gateways for exchanging routing information. The BGP gateway will distribute the collected routing information in its dominated AS. Then all routers in the AS know how to route packets to other AS. Parameter Setup Example Following tables list the parameter configuration as an example for the BGP gateway in above diagram. Use default value for those parameters that are not mentioned in the tables. Configuration Path [Dynamic Routing]-[BGP Configuration] ■ Enable Self ID Configuration Path [Dynamic Routing]-[BGP Neighbor List] Neighbor IP 10.101.0.1 10.102.0.1 10.103.0.1 10.104.0.1 Neighbor ID Neighbor ■ Enable ■ Enable ■ Enable ■...
Page 152 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Dynamic Routing Setting The dynamic routing setting allows user to customize RIP, OSPF, and BGP protocol through the router based on their office setting. Go to Basic Network > Routing > Dynamic Routing Tab Item Value setting Description Enable Dynamic The box is unchecked by Check the Enable box to activate this function Routing function default The RIP configuration setting allows user to customize RIP protocol through the router based on . their office setting ...
Page 153 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Item Value setting Description Enable OSPF Disable is set by default Click Enable box to activate the OSPF protocol. 1. IPv4 Format Router ID The Router ID of this router on OSPF protocol 2. A Must filled setting The Authentication method of this router on OSPF protocol. Select None will disable Authentication on OSPF protocol. Select Text will enable Text Authentication with entered the Key in this Authentication None is set by default field on OSPF protocol. Select MD5 will enable MD5 Authentication with entered the ID and Key in these fields on OSPF protocol. 1. Classless Inter Domain Routing (CIDR) Subnet Backbone Mask Notation. (Ex: The Backbone Subnet of this router on OSPF protocol. Subnet 192.168.1.0/24) 2. A Must filled setting Create/Edit OSPF Area Rules The router allows you to custom your OSPF Area List rules. It supports up to a maximum of 32 rule sets. When Add button is applied OSPF Area Rule Configuration screen will appear. 153 ...
Page 154 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Item Value setting Description 1. Classless Inter Domain Routing (CIDR) Subnet Mask Notation. (Ex: Area Subnet The Area Subnet of this router on OSPF Area List. 192.168.1.0/24) 2. A Must filled setting 1. IPv4 Format Area ID The Area ID of this router on OSPF Area List. 2. A Must filled setting The box is unchecked by Area Enable Click Enable box to activate this rule. default. Save N/A Click the Save button to save the configuration The BGP configuration setting allows user to customize BGP protocol through the router based on their office setting 154 ...
Page 155 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Item Value setting Description Enable BGP The box is unchecked by Check the Enable box to activate the BGP protocol. function default ASN 1. Numberic String The ASN Number of this router on BGP protocol. Format 2. A Must filled setting Router ID 1. IPv4 Format The Router ID of this router on BGP protocol. 2. A Must filled setting Create/Edit BGP Network Rules The router allows you to custom your BGP Network rules. It supports up to a maximum of 32 rule sets. When Add button is applied BGP Network Rule Configuration screen will appear. Item Value setting Description 1. IPv4 Format The Network Subnet of this router on BGP Network List. It composes of Network Subnet entered the IP address in this field and the selected subnet mask. 2. A Must filled setting The box is unchecked by Network Enable Click Enable box to activate this rule. default. Save ...
Page 156 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When Add button is applied BGP Neighbor Rule Configuration screen will appear. Item Value setting Description 1. IPv4 Format Neighbor IP The Neighbor IP of this router on BGP Neighbor List. 2. A Must filled setting 1. Numberic String Format Remote ASN The Remote ASN of this router on BGP Neighbor List. 2. A Must filled setting The box is unchecked by Neighbor Enable Click Enable box to activate this rule. default. Save N/A Click the Save button to save the configuration 156 ...
Page 157: B.5 Routing Information 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.b.5 Routing Information The routing information allows user to view the routing table and policy routing information based on their office setting. Policy Routing Information is available when the Load Balanced is . enabled and the Load Balance Strategy is By User Policy Go to Basic Network > Routing > Routing Information Tab Item Value setting Description Destination IP N/A Routing record of Destination IP. IPv4 Format. Subnet Mask N/A Routing record of Subnet Mask. IPv4 Format. Gateway IP N/A Routing record of Gateway IP. IPv4 Format. Metric N/A Routing record of Metric. Numeric String Format. Interface N/A Routing record of Interface Type. String Format. Item Value setting Description Policy Routing Source N/A Policy Routing of Source. String Format. Source IP ...
Page 158 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Destination Port N/A Policy Routing of Destination Port. String Format. WAN Interface N/A Policy Routing of WAN Interface. String Format. 158 ...
Page 159: D Client & Server & Proxy 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.d Client & Server & Proxy This section presents application clients, servers or proxies running in the gateway system. There are mainly Dynamic DNS client and DHCP server in the current gateway device. 3.d.1 DNS & DDNS How does user access your server if your WAN IP address changes all the time? One way is to register a new domain name, and maintain your own DNS server. Another simpler way is to apply a ...
Page 160 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. service provider, the host name of the gateway, and the user name (or E‐mail address) and password (or key) for authenticating to the service provider successfully. This device supports most popular third‐ party DDNS service provider, including DynDNS.org(Dynamic), DynDNS.org(Custom), No‐IP.com, TZO.com, and DHS.org. Before you enable Dynamic DNS, you need to register an account with one of these Dynamic DNS servers that we list in Provider field. Once the IP address of a WAN interface in the gateway has changed, the dynamic DNS agent in the gateway will inform the DDNS server with the new IP address. The server automatically re‐maps your domain name with the changed IP address. So, other hosts in the Internet world will be able to link to your gateway by using your domain name regardless of the changing global IP adress.  Dynamic DNS Scenario Scenario Application Timing When the IP address of the Gateway is often changed by ISP, and other hosts in the Internet want to link to the gateway device by using its corresponding domain name. The gateway must provide the dynamic DNS function to carry out the requirement. Scenario Description Apply one account to the DDNS provider for DDNS service before DDNS function in the gateway can work. The gateway asks the DDNS server to re‐map the domain name and WAN's IP address of the gateway once the IP address has been changed. Parameter Setup Example Following table lists the parameter configuration as an example for the gateway in above diagram with "Dynamic DNS" enabling. 160 ...
Page 161 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Use default value for those parameters that are not mentioned in the table. [Dynamic DNS]‐[Dynamic DNS] Configuration Path ■ Enable DDNS No‐IP.com Provider JP‐NB Host Name Chinghuihsieh Username / E‐mail ddnspassword Password / Key Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and gets a dynamic IP 118.18.81.33 for WAN‐1 interface. It serves as a NAT router. Configure the required parameters for DDNS function by referring to above setup example. When the gateway has booted up and has gotten a dynamic IP address for the WAN interface, the DDNS agent in the gateway tries to request the DDNS server with the mapping between the domain name and the obtained WAN IP address of the gateway. The DDNS server broadcasts the mapping to other DNS servers for DNS hosting service in the Internet world. So, other hosts in the Internet can link to the gateway by using the domain name. Once the gateway has dynamically changed its WAN IP address from ISP, the DDNS agent tries again to request the DDNS server with the re‐mapping between the domain name and the new WAN IP address of the gateway. The DDNS server broadcasts again the new mapping to other DNS servers for DNS hosting service in the Internet world. Finally, other hosts in the Internet can still link to the gateway by using the domain name, even the WAN IP address of the gateway has changed. DNS & DDNS Setting ...
Page 162 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When Add button is applied Pre‐defined Domain Name Configuration screen will appear. Pre‐defined Domain Name Configuration Item Value setting Description 1. String format can be any text Domain Name Enter a domain name that mapping the IP Address. 2. A Must filled setting 1. IPv4 format IP Address Enter a IP Address that mapping the Domain Name. 2. A Must filled setting Enabling the The box is unchecked by Click Enable box to activate this rule. rule default. Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings When the Back button is clicked the screen will return to the Dynamic DNS Back N/A configuration page. ...
Page 163 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Setup Dynamic DNS The router allows you to custom your Dynamic DNS settings. DDNS (Dynamic DNS) Configuration Item Value setting Description Enable DDNS The box is unchecked by Check the Enable box to activate this function function default WAN Interface WAN 1 is set by default Selected the WAN Interface IP Address of the router. DynDNS.org (Dynamic) is Provider Your DDNS provider of Dynamic DNS. set by default 1. String format can be any text Host Name Your registered host name of Dynamic DNS. 2. A Must filled setting 1. String format can be User Name / E‐ any text Your User name or E‐mail addresss of Dynamic DNS. Mail 2. A Must filled setting 1. String format can be any text Password / Key Your Password or Key of Dynamic DNS. 2. A Must filled setting Save N/A ...
Page 164: Dhcp Server
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.d.3 DHCP Server  DHCP Server The gateway supports up to 4 DHCP servers to fulfill the DHCP requests from different VLAN groups (please refer to VLAN section for getting more usage details). And there is one default setting for whose LAN IP Address is the same one of gateway LAN interface, with its default Subnet Mask setting as “255.255.255.0”, and its default IP Pool ranges is from “.100” to “.200” as shown at the DHCP Server List page on gateway’s WEB UI. User can add more DHCP server configurations by clicking on the “Add” button behind “DHCP Server List”, or clicking on the “Edit” button at the end of each DHCP Server on list to edit its current settings. Also, user can select DHCP Server and delete it by clicking on the “Select” check‐box and the “Delete” button. 164 ...
Page 165 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  DHCP Clients List To show the DHCP clients list with some details/information like the LAN Interface, IP Address, Host Name, MAC Address and the Remaining Lease Time.  Fixed Mapping User can assign fixed IP address to map the specific client MAC address by select them then copy, when targets were already existed in the DHCP Client List, or to add some other Mapping Rules by manually in advance, once the target's MAC address was not ready to connect. DHCP Server Setting The DHCP Server setting allows user to create and customize DHCP Server policies to assign IP . Addresses to the devices on the local area network (LAN) ...
Page 166 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit DHCP Server Policy The router allows you to custom your DHCP Server Policy. It supports up to a maximum of 4 policy sets. When Add button is applied DHCP Server Configuration screen will appear. DHCP Server Configuration Item Value setting Description 1. String format can be DHCP Server Enter a DHCP Server name. Enter a name that is easy for you to any text Name understand. 2. A Must filled setting 1. IPv4 format. LAN IP The LAN IP Address of this DHCP Server. Address 2. A Must filled setting Subnet Mask The Subnet Mask of this DHCP Server. 255.0.0.0 (/8) is set by 166 ...
Page 167 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. default 1. IPv4 format. The IP Pool of this DHCP Server. It composed of Starting Address entered IP Pool in this field and Ending Address entered in this field. 2. A Must filled setting 1. Numberic string format. Lease Time The Lease Time of this DHCP Server. 2. A Must filled setting String format can be any Domain Name The Domain Name of this DHCP Server. text Primary DNS IPv4 format The Primary DNS of this DHCP Server. Secondary IPv4 format The Secondary DNS of this DHCP Server. DNS Primary WINS IPv4 format The Primary WINS of this DHCP Server. Secondary IPv4 format The Secondary WINS of this DHCP Server. WINS Gateway IPv4 format The Gateway of this DHCP Server. Enabling the The box is unchecked by Click Enable box to activate this Server. Server default. Save NA ...
Page 168 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Mapping Rule Configuration Item Value setting Description 1. MAC Address string format MAC Address The MAC Address of this mapping rule. 2. A Must filled setting 1. IPv4 format. IP Address The IP Address of this mapping rule. 2. A Must filled setting Enabling the The box is unchecked by Click Enable box to activate this rule. Rule default. Save N/A Click the Save button to save the configuration Click the Undo button to restore what you just configured back to the Undo N/A ...
Page 169: Chapter5 Advanced Network 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter5 Advanced Network 5.1 Firewall The firewall functions include Packet Filters, URL Blocking, Web Content Filters, MAC Control, Application Filters, IPS and some firewall options. 5.1.1 Firewall Configuration Firewall Configuration Enable Firewall check box will activate all firewall functions. The firewall configuration allows user to enable or disable all functions including Packet Filters, URL Blocking, Web Content Filters, MAC Control, Application Filters, IPS, and Firewall Options. Enabling Global Firewall Function Go to Advanced Network > Firewall > Configuration Tab Firewall Configuration Setting Item Value setting Description Enable Firewall function The box is checked by default Check the Enable box to activate all firewall functions Save N/A ...
Page 170: Packet Filters 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.1.3 Packet Filters "Packet Filters" function can let you define some filtering rules for incoming and outgoing packets. So the gateway can control what packets are allowed or blocked to pass through it. A packet filter rule should indicate from and to which interface the packet enters and leaves the gateway, the source and destination IP addresses, and destination service port type and port number. Lastly, the time schedule to which the rule will be active. In "Packet Filters" page, there are three configuration windows for packet filtering function. They are the "Configuration" window, "Packet Filter Rule List" window, and "Packet Filter Rule Configuration" window. The "Configuration" window can let you activate the packet filtering function and specify to black listing or to white listing Inbound or Outbound packets defined in the "Packet Filter Rule List" entry. In addition, log alerting can be enabled through an “Enable” checkbox to log events. Second, the "Packet Filter Rule List" window lists all your defined packet filtering rule entry. At last, the "Packet Filter Rule Configuration" window can let you define one packet filtering rule. Configuration Check the "Enable" box to activate the "Packet Filters" function. Select either the black list or the white list for following "Packet Filter Rule List". Finally, enable the log alerting when needed. When you choose "Allow all to pass except those match the following rules" for the "Packet Filter Rule List", you are setting the defined packet filtering rules to belong to the black list. The packets, listed in the rule list, will be blocked from entering or leaving the gateway if they match to one rule. Other packets can pass through the gateway. In contrast, when you choose "Deny all to pass except those match the following rules" for the "Packet Filter Rule List", you are setting the defined packet filtering rules to belong to the white list. The packets, listed in the rule, will be allowed to enter or leave the gateway if they match to one of the rules. Other packets will be blocked. 170 ...
Page 171 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Packet Filter Rule List The "Packet Filter Rule List" shows the setup parameters of all packet filtering rules. There also be one "Add" button at the "Packet Filter Rule List" caption, that can let you add and create one new packet filtering rule. The "Edit" button at the end of each packet filtering rule can let you modify the rule. Refer to the following sub‐sections for more reference. Packet Filter Rule Configuration When you want to add a new packet filtering rule or edit one already existed, the "Packet Filter Rule Configuration" window shows up for you to configure. The parameters in a rule include the rule name, the from and to which interface the packet enters and leaves, the source and destination IP addresses, the destination service port type and port number, the integrated time schedule rule and the rule activation. Refer to 6.2.1 Scheduling Settings section in this user manual on how to configure a time schedule. See following scenario example.  Packet Filters with White List Scenario Scenario Application Timing When the administrator of the gateway wants to allow only specific packets through the gateway, he can use the "Packet Filters" function to carry out to allow specific packets by defining the white list as shown in above diagram. Certainly, when the ...
Page 172 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. administrator wants to deny only specific packets from going through, he can use the "Packet Filters" function by defining the black list to carry out to meet the requirement. It is contrasting to above diagram. Scenario Description To only allow dedicated packets that match to one packet filtering rule to flow through the gateway and block other packets that are not defined in the “Packet Filter Rule List” entry. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "Packet Filters" enabling. Use default value for those parameters that are not mentioned in the tables. [Packet Filters]‐[Configuration] Configuration Path ■ Enable Packet Filters Deny all to pass except those match the following rules. Black List / White List [Packet Filters]‐[Packet Filter Rule List] Configuration Path ID Access 80 Access 443 Rule Name IP Range: 10.0.75.200 ~ 10.0.75.250 IP Range: 10.0.75.200 ~ 10.0.75.250 Source IP Specific IP Address: 0.0.0.0 Specific IP Address: 0.0.0.0 Destination IP User‐defined Service: 80 ~ 80 User‐defined Service: 443 ~ 443 Destination Port Protocol TCP ■ Enable ...
Page 173 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Packet Filter Setting The packet filter setting allows user to create and customize packet filter policies to allow or reject specific inbound/outbound packets through the router based on their office setting. Enabling Packet Filter Go to Advanced Network > Firewall > Packet Filters Tab Enabling Packet Filters Item Name Value setting Description Enable Packet The box is unchecked by Check the Enable box to activate Packet Filter function Filter function default When Deny those match the following rules is selected, as the name Black List / Deny those match the White List suggest, packets specified in the rules will be blocked –black listed. In following rules is set by (Filter Method contrast, with Allow those match the following rules, you can specifically default Selection) white list the packets to pass and the rest will be blocked. The box is unchecked by Log Alert Check the Enable box to activate Event Log. default Save N/A ...
Page 174 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Filter Rules The router allows you to customize your packet filtering rules. It supports up to a maximum of 20 filter rule sets. When Add button is applied Filter Rule Configuration screen will appear. Create/Edit Filter Rules Item Name Value setting Description 1. String format can be Enter a packet filter rule name. Enter a name that is easy for you to any text Rule Name remember. 2. A Must filled setting Define the selected interface to be the packet‐entering interface of the ...
Page 175 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Define the selected interface to be the packet‐leaving interface of the router. If the packets to be filtered are entering from LAN to WAN then select WAN for this field. Or VLAN‐1 to WAN then select WAN for this ...
Page 176 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. known Service is selected, otherwise select User‐defined Service and specify a port range. Then for Destination Port, select a predefined port dropdown box when Well‐known Service is selected, otherwise select User‐defined Service and specify a port range. For Protocol, select ICMPv4 to filter ICMPv4 packets For Protocol, select TCP to filter TCP packets Then for Source Port, select a predefined port dropdown box when Well‐ known Service is selected, otherwise select User‐defined Service and specify a port range. Then for Destination Port, select a predefined port dropdown box when ...
Page 177: Url Blocking 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.1.5 URL Blocking "URL Blocking" function can let you define blocking or allowing rules for incoming and outgoing Web request packets. With defined rules, gateway can control the Web requests containing the complete URL, partial domain name or pre‐defined keywords. For example, one can filter out or allow only the Web requests based on domain input suffixes like .com or .org or keywords like “bct” or “mpe”. An URL blocking rule should indicate the URL, partial domain name or included keywords in the Web requests from and to the gateway and what destination service port. In addition, the integrated time schedule can be applied to activate rules based on date and time. Gateway logs and displays illegal web accessing, in the web‐based utility, that matches rules in the defined URL blocking rule entry in the black‐list or in the exclusion of the white‐list. In "URL Blocking" page, there are three configuration windows. They are the "Configuration" window, "URL Blocking Rule List" window, and "URL Blocking Rule Configuration" window. The "Configuration" window can let you activate the URL blocking function and specify to black listing or to white listing the packets defined in the "URL Blocking Rule List" entry. In addition, log alerting can be enabled through an “Enable” checkbox to log on‐going events. Refer to "System Status" in "6.1.1 System Related" section in this user manual on where and how to view log. Another "Enable" checkbox for Invalid Access Web Redirection allow you to enable warning message to be displayed on your browser during an illegal web accessing. Second, the "URL Blocking Rule List" window lists all your defined URL blocking rule entry. At last, the "URL Blocking ...
Page 178 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. white list for following "URL Blocking Rule List". Finally, enable the log alerting and the Web redirection for invalid accessing when needed. When you choose "Allow all to pass except those match the following rules" for the "URL Blocking Rule List", you are setting the defined URL blocking rules to belong to the black list. The packets, listed in the rule list, will be blocked if one pattern in the requests matches to one rule. Other Web requests can pass through the gateway. In contrast, when you choose "Deny all to pass except those match the following rules" for the "URL Blocking Rule List", you are setting the defined packet filtering rules to belong to the white list. The Web requests, listed in the rule, will be allowed if one pattern in the requests matches to one rule. Other Web requests will be blocked. URL Blocking Rule List The "URL Blocking Rule List" shows the setup parameters of all URL blocking rules. There also be one "Add" button at the "URL Blocking Rule List" caption, that can let you add and create one new URL blocking rule. The "Edit" button at the end of each URL blocking rule can let you modify the rule. Refer to the following sub‐sections for more reference. URL Blocking Rule Configuration When you want to add a new URL blocking rule or edit one existed rule, the "URL Blocking Rule Configuration" window shows up for you to configure the rule. The parameters in a rule include the rule name, the URL/Domain Name/Keyword, the destination service ports, the integrated time schedule rule and the rule activation. Refer to 6.2.1 Scheduling Settings section in this user manual on how to configure a time schedule. See following scenario example. 178 ...
Page 179 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  URL Blocking with Black List Scenario Scenario Application Timing When the administrator of the gateway wants to block the Web requests with some dedicated patterns, he can use the "URL Blocking" function to carry out to block specific Web requests by defining the black list as shown in above diagram. Certainly, when the administrator wants to allow only the Web requests with some dedicated patterns to go through the gateway, he can use the "URL Blocking" function by defining the white list to carry out to meet the requirement. It is contrasting to above diagram. Scenario Description Web requests with dedicated patterns in the black list will be blocked by the gateway. Other ones can pass through the gateway. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "URL Blocking" enabling. Use default value for those parameters that are not mentioned in the tables. [URL Blocking]‐[Configuration] Configuration Path ■ Enable URL Blocking Allow all to pass except those match the following rules. Black List / White List ■ Enable Invalid Access Web Redirection 179 ...
Page 180 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [URL Blocking]‐[URL Blocking Rule List] Configuration Path 1 ID Block sex & sexygirl Block playboy Rule Name sex;sexygirl playboy URL/Domain Name/Keyword ■ Enable ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface, 118.18.81.33 for WAN‐1 interface. It serves as a NAT router. Enable the URL blocking function and specify the "URL Blocking Rule List" is a black list and configure two URL blocking rules for the gateway. Create one rule to deny the Web requests with "sex" or "sexygirl" patterns and the other to deny the Web requests with "playboy" pattern to go through the gateway. System will block the Web requests with "sex", "sexygirl" or "playboy" patterns to pass through the gateway. URL blocking Setting The URL blocking setting allows user to create and customize URL blocking policies to allow or reject http packets with specific keyword, domain name, or URL through the router based on their . office setting ...
Page 181 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Method following rules is set by suggest, packets specified in the rules will be blocked –black listed. In Selection) default contrast, with Allow those match the following rules, you can specifically white list the packets to pass and the rest will be blocked. The box is unchecked by Log Alert Check the Enable box to activate to activate Event Log. default Invalid Access The box is unchecked by Check the Enable box to activate this function. When the user attempts to open a Web Redirection default blocked http URL by the web browser, it will redirect to a warning page. Create/Edit Filter Rules The router supports up to a maximum of 20 URL blocking rule sets. Ensure that the URL Blocking is enabled before we can create blocking rules. When Add button is applied Filter Rule Configuration screen will appear. Item Value setting Description 1. String format can be any text Rule Name Enter a url blocking rule name. Enter a name that is easy for you to understand. 2. A Must filled setting This field is to specify the Source IP address. Source IP Select Any to filter packets coming from any IP addresses. ...
Page 182 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Select IP Range to filter packets coming from a specified range of IP address entered in this field. Select IP Address‐based Group to filter packets coming from a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. This field is to specify the Source MAC address. Select Any to filter packets coming from any MAC addresses. Select Specific MAC Address to filter packets coming from a MAC address entered ...
Page 183: Web Content Filters 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.1.9 Web Content Filters "Web Content Filters" function can block HTML requests with some specific extension file names, like ".exe", ".bat" (applications), "mpeg” (video), and so on. It also blocks HTML requests with some script types, like Java Applet, Java Scripts, cookies and Active X. In "Web Content Filters" page, there are three configuration windows for the filtering function. They are the "Configuration" window, "Web Content Filter List" window, and "Web Content Filter Configuration" window. The "Configuration" window can let you activate the Web content filtering function. Some popular script types, like Java Applet, Java Scripts, cookies and Active X are in the window and you can check their boxes to enable the gateway to filter out the Web requests with corresponding patterns. Furthermore, log alerting can be enabled by clicking an "Enable" checkbox to log events. Second, the "Web Content Filter List" window lists all your defined file extension lists that are used by the gateway to filter out unwanted Web requests. At last, the "Web Content Filter Configuration" window can let you define one Web content filtering rule. Configuration Check the "Enable" box to activate the "Web Content Filters" function. Select some popular script types that you want to block. Finally, enable the log alerting when needed. Web Content Filter List 183 ...
Page 184 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The "Web Content Filter List" shows the setup parameters of all filtering rules. There also be one "Add" button at the “Web Content Filter List" caption, that can let you add and create one new Web content filtering rule. The "Edit" button at the end of each filtering rule can let you modify the rule. Refer to the following sub‐sections for more reference. Web Content Filter Configuration When you want to add a new Web content filtering rule or edit one existed rule, the "Web Content Filter Configuration" window will appear when you click on the Add or Edit button to configure. The parameters in a rule include the rule name, the defined file extension list to be filtered out, the integrated time schedule rule and the rule activation. See following scenario example for your reference. Scenario Application Timing When the administrator of the gateway wants to block the Web requests for dedicated contents or objects, he can use the "Web Content Filters" function to carry out such request blocking. Scenario Description Web requests for dedicated contents or objects in the defined list will be blocked by the gateway. Other ones can pass through the gateway. Parameter Setup Example 184 ...
Page 185 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Following tables list the parameter configuration as an example for the gateway in above diagram with "Web Content Filters" enabling. Use default value for those parameters that are not mentioned in the tables. [Web Content Filters]‐[Configuration] Configuration Path ■ Enable Web Content Filter ■ Cookie ■ Java ■ ActiveX Popular File Extension List ■ Enable Log Alert [Web Content Filters]‐[Web Content Filter List] Configuration Path ID execution files Rule Name .exe; .com User‐defined File Extension List ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface, 118.18.81.33 for WAN‐1 interface. It serves as a NAT router. Enable the Web content filters function to check and filter out Web requests on Cookie, Java and ActiveX objects then define further with objects in the “Web Content Filter List” that may include extension ".exe" and ".com". System will block requests containing objects with extension ".exe" or ".com". ...
Page 186 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Web Content Filters Tab Item Value setting Description Enable Web The box is unchecked by Content Filters Check the Enable box to activate this filter function default function Check the Cookie box to activate this filter function, as the name suggests, this pattern matching rule define as the packet with the keyword “Cookie:”. Check the Java box to activate this filter function, as the name suggests, Popular File this pattern matching rule define as the packet with the keyword “.js”, “.class”, The boxes are Extension List “.jar”, “.jsp”, “ .java”, “.jse”, “.jcm”, “.jtk” , or ”.jad”. unchecked by default Selection Check the ActiveX box to activate this filter function, as the name suggests, this pattern matching rule define as the packet with the keyword “.ocx”, “.cab”, “.ole”, “.olb”, “.com”, “.vbs”, “.vrm”, or “.viv”. If one of the matching rules is found, the packets with http header will be dropped. The box is unchecked by Log Alert Check the Enable box to activate to activate Event Log. default Create/Edit Filter Rules The router supports up to a maximum of 20 filter rule sets. Ensure that the Web Content Filers is enabled before we can create filter rules. When Add button is applied Filter Rule Configuration screen will appear. ...
Page 187 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Web Content Filter Configuration Item Value setting Description 1. String format can be Enter a web content filter rule name. Enter a name that is easy for you to any text Rule Name understand. 2. A Must filled setting This field is to specify the Source IP address. Select Any to filter packets coming from any IP addresses. Select Specific IP Address to filter packets coming from an IP address entered in this field. Select IP Range to filter packets coming from a specified range of IP address entered in this field. Source IP A Must filled setting Select IP Address‐based Group to filter packets coming from a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. This field is to specify the Source MAC address. Select Any to filter packets coming from any MAC addresses. Select Specific MAC Address to filter packets coming from a MAC address entered in this field. Source MAC A Must filled setting Select MAC Address‐based Group to filter packets coming from a pre‐ defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. User‐defined Specify file extension list to filtering rule. It supports up to a maximum of ...
Page 188: B Mac Control 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Click the Undo button to restore what you just configured back to the Undo N/A previous setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. When the Back button is clicked the screen will return to the Web Content Back N/A Filters Configuration page. 5.1.b MAC Control "MAC Control" function allows you to assign the accessibility to the gateway for different users based on device’s MAC address, including wired hosts or WiFi stations. In "MAC Control" page, there are three configuration windows for MAC control function. They are the "Configuration" window, "MAC Control Rule List" window, and "MAC Control Rule Configuration" window. The "Configuration" window can let you activate the MAC Control function and specify to black listing or to white listing the devices in the "MAC Control Rule List" entry. Furthermore, log alerting can be enabled through an "Enable" checkbox to log events. Another "Known MAC from LAN PC List" is a tool that you can use to do quick copy the known MAC address of client hosts in the Intranet to facilitate creating rules. Use the "Copy to" button to copy. Second, the "MAC Control Rule List" window lists all your defined MAC control rule entry. At last, the "MAC Control Rule Configuration" window can let you define one MAC control rule. ...
Page 189 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Check the "Enable" box to activate the "MAC Control" function. Select either the black list or the white list for following "MAC Control Rule List". Finally, enable the log alerting during MAC controlling process when needed. When you choose "Allow all to pass except those match the following rules" for the "MAC Control Rule List", you are setting the defined MAC control rules to belong to the black list. The client hosts, listed in the rule list, in the Intranet will be rejected for the connection to the gateway if their MAC addresses match to one rule. Other client hosts can connect to the gateway. In contrast, when you choose "Deny all to pass except those match the following rules" for the "MAC Control Rule List", you are setting the defined MAC control rules to belong to the white list. The client hosts, listed in the rule, in the Intranet will be allowed for the connection to the gateway if their MAC addresses match to one rule. Other client hosts can't connect to the gateway. MAC Control Rule List The "MAC Control Rule List" shows the setup parameters of all MAC control rules. There also be one "Add" button at the “MAC Control Rule List" caption, that can let you add and create one new MAC control rule. The "Edit" button at the end of each MAC control rule can let you modify the rule. Refer to the following sub‐sections for more reference. MAC Control Rule Configuration When you want to add a new MAC control rule or edit one already existed, the "MAC Control Rule Configuration" window shows up for you to configure. The parameters in a rule include the rule name, the MAC address, the integrated time schedule rule and the rule activation. Refer to 6.2.1 ...
Page 190 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the administrator of the gateway wants to reject some client hosts with specific MAC addresses in the Intranet to connect to the gateway, he can use the "MAC Control" function to carry out to reject by defining the black list as shown in above diagram. Certainly, when the administrator wants to allow only the client hosts with dedicated MAC addresses to connect to the gateway, he can use the "MAC Control" function by defining the white list to carry out to meet the requirement. It is contrasting to above diagram. Scenario Description To only reject client hosts with dedicated MAC addresses in the black list to connect to the gateway and block other hosts that are not defined in the “MAC Control Rule List” entry. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "MAC Control" enabling. Use default value for those parameters that are not mentioned in the tables. 190 ...
Page 191 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [MAC Control]‐[Configuration] Configuration Path ■ Enable MAC Control Allow all to pass except those match the following rules. Black List / White List ■ Enable Log Alert [MAC Control]‐[MAC Control Rule List] Configuration Path ID Block JP NB Rule Name MAC Address 20:6A:6A:6A:6A:6B ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface, 118.18.81.33 for WAN‐1 interface. It serves as a NAT router. Enable the MAC control function and specify the "MAC Control Rule List" is a black list, and configure one MAC control rule for the gateway to deny the connection request from the "JP NB" with its own MAC address. System will block the connecting from the "JP NB" to the gateway but allow others. MAC Control Setting The MAC control setting allows user to create and customize MAC address policies to allow or reject packets with specific source MAC address. Before you proceed ensure that the Firewall is enabled and saved. Go to Advanced Network > Firewall > Configuration tab. ...
Page 192 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Enabling MAC Control Item Value setting Description Enable MAC The box is unchecked by Check the Enable box to activate the MAC filter function Control function default When Deny MAC Address Below is selected, as the name suggest, packets Black List / White List (Filter Deny MAC Address specified in the rules will be blocked –black listed. In contrast, with Allow Method Below is set by default MAC Address Below, you can specifically white list the packets to pass and Selection) the rest will be blocked. The box is unchecked by Log Alert Check the Enable box to activate to activate Event Log. default Known MAC Select a MAC Address from LAN Client List. Click the Copy to to copy the N/A from LAN PC List selected MAC Address to the filter rule. Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings Create/Edit MAC Control Rules ...
Page 193 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit MAC Control Rules Item Value setting Description 1. String format can be Enter a MAC Control rule name. Enter a name that is easy for you to any text Rule Name remember. 2. A Must fill setting 1. MAC Address string MAC Address Format (Ues: to Specify the Source MAC Address to filter rule. Compose) 2. A Must fill setting Apply Time Schedule to this rule, otherwise leave it as Always. Time Schedule A Must fill setting If the dropdown list is empty ensure Time Schedule is pre‐configured. Refer to System > Scheduling > Scheduling Setting tab Enabling the The box is unchecked by Click Enable box to activate this rule, then save the settings. rule default. Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings Back N/A Click Back button to return to the MAC Control Configuration page. ...
Page 194: D Application Filters 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.1.d Application Filters Application Filter function can categorize Internet Protocol packets based on their application layer data and allow or deny their passing of gateway. It supports the application filters for various Internet chat software, P2P download, Proxy, and A/V streaming. You can select the applications to be blocked after the function is enabled, and may also specify schedule rule to apply. 194 ...
Page 195 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the administrator of the gateway wants to block some P2P or Stream applications, he can use the "Application Filters" function to activate by checking the "Enable" box. Scenario Description Applications, by checking the "Enable" box, will be rejected or limited connection sessions to access the Internet. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "Application Filters" enabling. Use default value for those parameters that are not mentioned in the tables. Configuration Path [Application Filters]‐[Configuration] ■ Enable Application Filter ■ Enable Log Alert [Application Filters]‐[Application Filter List] Configuration Path Rule 1 Rule Name IP Range : 192.168.123.200 ‐ 192.168.123.250 Source IP ■BT(BitTorrent, BitSpirit, BitComet) P2P Software ■eDonkey/eMule/Shareaza ■MMS Streaming ■RTSP ■PPStream ■PPSLive ■Qvcd ■ Enable Rule ...
Page 196 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Application Filters Item Setting Value setting Description Enable The box is unchecked by Application Check the Enable box to activate this filter function default Filters function The box is unchecked by Log Alert Check the Enable box to activate Event Log. default Create/Edit Filter Rules The router supports up to a maximum of 20 filter rule sets. Ensure that the Application Filers is enabled before we can create filter rules. When Add button is applied Filter Rule Configuration screen will appear. 196 ...
Page 197 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Application Filter Rule Configuration Item Value setting Description 1. String format can be Enter a Application filter rule name. Enter a name that is easy for you to any text Rule Name understand. 2. A Must filled setting This field is to specify the Source IP address. Select Any to filter packets coming from any IP addresses. Select Specific IP Address to filter packets coming from an IP address entered in this field. Source IP A Must filled setting Select IP Range to filter packets coming from a specified range of IP address entered in this field. Select IP Address‐based Group to filter packets coming from a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting 197 ...
Page 198 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. done through the Add Rule button will also appear in the Host grouping setting screen. This field is to specify the Source MAC address. Select Any to filter packets coming from any MAC addresses. Select Specific MAC Address to filter packets coming from a MAC address entered in this field. Source MAC A Must filled setting Select MAC Address‐based Group to filter packets coming from a pre‐ defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. All boxes are unchecked Check the boxes to activate the application filter functions you want on Chat Software by default. this rule. All boxes are unchecked Check the boxes to activate the application filter functions you want on P2P Software by default. this rule. All boxes are unchecked Check the boxes to activate the application filter functions you want on Proxy by default. this rule. All boxes are unchecked Check the boxes to activate the application filter functions you want on Streaming by default. this rule. Apply Time Schedule to this rule, otherwise leave it as Always. Time Schedule A Must filled setting ...
Page 199: F Ips 1
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.1.f IPS Intrusion Prevention Systems are network security appliances that monitor network and/or system activities for malicious activity. The main functions of IPS are to identify malicious activity, log information about this activity, attempt to block/stop it and report it. You can enable the IPS function and check the listed intrusion activities when needed. There are some intrusion prevention items need a further Threshold parameter to work properly for intrusion detection. You can enable the log alerting so that system will record Intrusion events when corresponding intrusions are detected. Configuration Please check the "Enable" box to activate the "IPS" function and the log alerting when needed. The "Configuration" window can let you enable some features. In addition to enabling, you can specify threshold in packets per second for each detection. 199 ...
Page 200 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  IPS Scenario Scenario Application Timing The administrator provides some application servers in the Intranet of deployed networking and has to open specific ports to make services for employees oversea or Internet users. There are some risks to always open service ports in the internet for admin users. In order to avoid such attacked risks, please enable IPS functions. Scenario Description The gateway serves as an E‐mail server, Web Server and open TCP‐Port 8080 allowing user to access web‐based utility of Gateway, so remote users or unknown users can request those services from the gateway. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "IPS" enabling. Use default value for those parameters that are not mentioned in the tables. [IPS]‐[Configuration] Configuration Path ■ Enable ISP ■ Enable Log Alert [IPS]‐[Intrusion Prevention] Configuration Path ■ Enable 300 Packets/second SYN Flood Defense ■ Enable 200 Packets/second Port Scan Detection ■ Enable Block IP Spoof ■ Enable Block TCP Flag Scan 200 ...
Page 201 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Operation Procedure In above diagram, the gateway detects incoming packets which TCP ports are 25, 80,110,443 and 8080 then forward to transfer the E‐mail service requests to the LAN servers and send the replies from LAN servers back to the requester. System will block lots of packets in seconds. IPS Setting The Intrusion Prevention System (IPS) setting allows user to customize intrusion prevention rules to prevent malicious packets. Enabling IPS Firewall Go to Advanced Network > Firewall > IPS Tab Enabling IPS Firewall Item Value setting Description Enable IPS The box is unchecked by Check the Enable box to activate IPS function function default The box is unchecked by Log Alert Check the Enable box to activate to activate Event Log. default Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings ...
Page 202 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 202 ...
Page 203 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Setup Intrusion Prevention Rules Item Name Value setting Description SYN Flood Click Enable box to activate this intrusion prevention rule and enter 1. A Must filled setting Defense the traffic threshold in this field. 2. The box is unchecked by default. UDP Flood Click Enable box to activate this intrusion prevention rule and enter 3. traffic threshold is set to 300 by Defense the traffic threshold in this field. default 4. The value range can be from 10 to ICMP Flood Click Enable box to activate this intrusion prevention rule and enter 10000. Defense the traffic threshold in this field. 1. A Must filled setting ...
Page 204: H Options 2
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.1.h Options There are some useful functions in this page. “Stealth Mode” lets gateway not to respond to port scans from the WAN so that makes it less susceptible to discovery and attacks on the Internet. ”SPI” enables gateway to record the packet information like IP address, port address, ACK, SEQ number and so on while they pass through the router. And the gateway checks every incoming packet to detect if this packet is valid. “Discard Ping from WAN” makes any host on the WAN side can`t ping this product. It means this device won`t reply any ICMP packet from Internet. “Remote Administrator Hosts” enables only the LAN users to browse the web‐based utility to perform administration task locally. This feature also enables you to perform administration task also from a remote host. If this feature is enabled, only the specified IP address can perform remote administration. If the specified IP address is 0.0.0.0, any host can access web‐based utility to perform administration task. You can use subnet mask bits '/nn' notation to specified a group of trusted IP addresses for example, '10.1.2.0/24'. Firewall Options Please check the "Enable" box to activate the functions needed. 204 ...
Page 205 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  SPI Scenario Scenario Application Timing Users in Network‐A initiate to access cloud server through Gateway which records connected sessions. Sometimes, unknown users will simulate the Packet but use different Src IP to masquerade. Scenario Description In order to prevent security leak when local users surf the internet. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "SPI" enabling. [Options]‐[Firewall Options] Configuration Path ■ Enable SPI Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.200 for WAN interface. It serves as a NAT router. Activate the SPI feature at the Gateway. Users in Network‐A initiate to access cloud server through Gateway. Sometimes, unknown users will simulate the Packet but use different Src IP to masquerade. System will block such packets from unknown users. 205 ...
Page 206 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Discard Ping from WAN and Remote Administrator Hosts Scenario Scenario Application Timing “Discard Ping from WAN” makes any host on the WAN side can`t ping this gateway reply any ICMP packet from Internet while with “Remote Administrator Hosts” allowing to browse the web‐based utility to perform administration task remotely. Scenario Description In order to prevent security leak when local users surf the internet. Following tables list the parameter configuration as an example for the gateway in above diagram. [Options]‐[Firewall Options] Configuration Path ■ Enable Discard Ping from WAN ■ Enable HTTPS , ANY : 8080 Remote Administrator Hosts Please disable “SPI” Function. Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.200 for WAN interface. It serves as a NAT router. Activate the features at the Gateway. Remote users can’t get response via Ping Utility, but can access the web‐based utility of Gateway via port 8080 of TCP. 206 ...
Page 207: Firewall Setting
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Firewall Setting The firewall options setting allows network administrator to modify the behavior of the Firewall and to enable Remote Router Access Control. Enabling Firewall Options Go to Advanced Network > Firewall > Options Tab Enabling Firewall Options Item Value setting Description Enable Stealth The box is unchecked by Check the Enable box to activate Stealth Mode function mode function default Enable SPI The box is checked by Check the Enable box to activate SPI function function default Discard Ping The box is unchecked by Check the Enable box to activate Discarding Ping function from WAN default Remote Router Access Control The router allows network administrator to manage router remotely. The network administrator can assign specific IP address and service port to allow accessing the router. 207 ...
Page 208 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Remote Administrator Host Definition Item Value setting Description Protocol HTTP is set by default Select HTTP or HTTPS method for router access. This field is to specify the remote host to assign access right for remote access. Select Any IP to allow any remote hosts IP A Must filled setting Select Specific IP to allow the remote host coming from a specific subnet. An IP address entered in this field and a selected Subnet Mask to compose the subnet. 1. 80 for HTTP by default Service Port This field is to specify a Service Port to HTTP or HTTPS connection. 2. 443 for HTTPS by default Enabling the The box is unchecked by Click Enable box to activate this rule. rule default. Save N/A Click Enable box to activate this rule then save the settings. Undo N/A Click Undo to cancel the settings 208 ...
Page 209: Qos & Bwm 2
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.3 QoS & BWM The total amount of data traffic increases nowadays as the higher demand of mobile applications, like Game / Chat / VoIP / P2P / Video / Web access. In order to pose new requirements for data transport, e.g. low latency, low data loss, the entire network must ensure them via a connection service guarantee. The main goal of QoS & BWM (Quality of Service and Bandwidth Management) is prioritizing ...
Page 210 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. are the "System Resource Configuration" window and "WAN Interface Resource" window. The number of supported WAN interfaces in the gateway will have same number of "WAN Interface Resource" windows available. Specify a WAN interface in the "System Resource Configuration" window with which the bandwidth will be managed, and then configure the Bandwidth resource for that WAN interface in the corresponding "WAN Interface Resource" window. The system resource information provides important parameters for the QoS & BWM function. Incorrect information will result in poor bandwidth utilization. System Resource Configuration The gateway system needs to know some system resource status for QoS & BWM function to work normally. The system resources include the number of total priority queues in system and the resource status for each WAN interface. WAN Interface Resource Each WAN interface should be configured carefully for its upstream bandwidth, downstream bandwidth and maximum number of connection sessions. The Configuration of QoS allows user to configure total bandwidth and session of each WAN. Ensure QoS are enabled and saved Go to Advanced Network > QoS & BWM > Rule‐based QoS Tab Configure Bandwidth and Session Go to Advanced Network > QoS & BWM > Configuration Tab ...
Page 211: Rule‐Based Qos 2
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. System Resource Configuration Item Value setting Description Define the total priority that is related to configure of each rule‐based QoS Total Priority A Must filled setting if select Priority Queues of Resource. It is also related to default banwidth Queues of All WANs of WANs. Select WAN‐1 and then the following will show setting function that you can configure. (WAN‐1 is available only when WAN‐1 interface is enabled) The same applies to other WAN interfaces (i.e. WAN‐2). By default WAN‐1 is selected. Bandwidth of Upstream WAN Interface Specify total upload bandwidth of WAN‐n. Bandwidth of Downstream Specify total download bandwidth of WAN‐n. Total Connection Sessions Specify total connection sessions of WAN‐n Save N/A Click the Save button to save the settings. 211 ...
Page 212 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.3.3 Rule‐based QoS This gateway provides lots of flexible rules for you to set QoS policies. Basically, you need to know three parts of information before you create your own policies. First, “who” needs to be managed? Second, “what” kind of service needs to be managed? The last part is “how” you prioritize. Once you have this information, you can continue to learn functions in this section in more detail. In "Rule‐based QoS" page, there are three configuration windows for QoS & BWM function. They are the "Configuration" window, "QoS Rule List" window, and "QoS Rule Configuration" window. The "Configuration" window can let you activate the Rule‐based QoS function. In addition, you can also enable the "Flexible Bandwidth Management" (FBM) feature for better utilization of system bandwidth by FBM algorithm. Second, the "QoS Rule List" window lists all your defined QoS rules. At last, the "QoS Rule Configuration" window can let you define one QoS rule. Configuration Check the "Enable" box to activate the "Rule‐based QoS" function. Also enable the FBM feature when needed. When FBM is enabled, system adjusts the bandwidth distribution dynamically based on current bandwidth usage situation to reach maximum system network performance while transparent to all users. Certainly, the bandwidth subscription profiles of all current users are considered in system's automatic adjusting algorithm. QoS Rule List The "QoS Rule List" shows the parameter settings of all QoS rule entry. There also be one "Add" 212 ...
Page 213 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. button at the "QoS Rule List" caption, that can let you add and create one new QoS rule. The "Edit" button at the end of each QoS rule can let you modify the rule. Please see following sub‐section. Refer to the following sub‐sections for more reference. QoS Rule Configuration When you want to add a new QoS rule or edit one already existed, the "QoS Rule Configuration" window shows up for you to configure. The parameters in a rule include the applied WAN interfaces, the dedicated host group based on MAC address or IP address, the dedicated kind of service packets, the system resource to be distributed, the corresponding control function for your specified resource, the packet flow direction, the sharing method for the control function, the integrated time schedule rule and the rule activation. Refer to 6.2.1 Scheduling Settings section in this user manual on how to configure a time schedule. Following diagram illustrates how to organize an QoS rule. In diagram above, a QoS rule is organized by the premise part and the conclusion part. In the premise part, you must specify the WAN interface, host group, service type in the packets, packet flow direction to be watched and the sharing method of group control or individual control. However, in the conclusion part, you must make sure which kind of system resource to distribute and the control function based on the chosen system resource for the rule. The Rule‐based QoS has following features. 213 ...
Page 214 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Flexible QoS Rule Definition Multiple Group Categories Specify the group category in a QoS rule for the target objects that rule to be applied on. Group Category can bases on VLAN ID, MAC Address, IP Address, Host Name or Packet Length. Category depends on product model. Differentiated Services Specify the service type in a QoS rule for the target packets that rule to be applied on. Differentiated services can be base on 802.1p, DSCP, TOS, VLAN ID, User‐defined Services and Well‐known Services. Well‐known services include FTP(21), SSH(TCP:22), Telnet(23), SMTP(25), DNS(53), TFTP(UDP:69), HTTP(TCP:80), POP3(110), Auth(113), SFTP(TCP:115), SNMP&Traps(UDP:161‐162), LDAP(TCP:389), HTTPS(TCP:443), SMTPs(TCP:465), ISAKMP(500), RTSP(TCP:554), POP3s(TCP:995), NetMeeting(1720), L2TP(UDP:1701) and PPTP(TCP:1723). Available Control Functions There are 4 resources can be applied in a QoS rule: bandwidth, connection sessions, priority queues and DiffServ Code Point (DSCP). Control function that acts on target objects for specific services of packet flow is based on these resources. For bandwidth resource, control functions include guaranteeing bandwidth and limiting bandwidth. For priority queue resource, control function is setting priority. For DSCP resource, control function is DSCP marking. The last resource is Connection Sessions; the related control function is limiting connection sessions. Individual / Group Control One QoS rule can be applied to individual member or whole group in the target group. This feature depends on model. Outbound / Inbound Control One QoS rule can be applied to the outbound or inbound direction of packet flow, even them both. This feature depends on model. Two QoS rule examples are listed as below. 214 ...
Page 215 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  "DSCP" Type of QoS Rule Example Scenario Application Timing When the administrator of the gateway wants to convert the code point value, "IP Precedence 4(CS4)", in the packets from some client hosts (IP 10.0.75.196~199) to the code value, "AF Class2(High Drop)", he can use the "Rule‐based QoS" function to carry out this rule by defining an QoS rule as shown in above diagram. Scenario Description Convert the code point value from "IP Precedence 4(CS4)" to "AF Class2(High Drop)" for incoming packets from some client hosts in the Intranet. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "Rule‐based QoS" enabling. Use default value for those parameters that are not mentioned in the tables. [Rule‐based QoS]‐[Configuration] Configuration Path ■ Enable Rule‐based QoS ■ Enable Flexible Bandwidth Management [Rule‐based QoS]‐[QoS Rule Configuration] Configuration Path All WANs Interface Group IP 10.0.75.196 Subnet Mask: 255.255.255.252 (/30) Service DSCP DiffServ Code Point IP Precedence 4(CS4) DiffServ Code Points Resource DSCP Marking AF Class2(High Drop) Control Function ...
Page 216 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. (0) Always Time Schedule ■ Enable Rule Scenario Operation Procedure This rule means IP packets from all WAN interfaces to LAN IP address 10.0.75.196 ~ 10.0.75.199 which have DiffServ code points with “IP Precedence 4(CS4)” value will be modified by “DSCP Marking” control function with “AF Class 2(High Drop)” value at any time.  "Connection Sessions" Type of QoS Rule Example Scenario Application Timing When the administrator of the gateway wants to limit the connection sessions from some client hosts (IP 10.0.75.16~31) to 20000 sessions totally for accessing the Internet, he can use the "Rule‐based QoS" function to carry out it by defining an QoS rule as shown in above diagram. Scenario Description Specify the maximum connection sessions from some client hosts (IP 10.0.75.16~31) for accessing the Internet. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "Rule‐based QoS" enabling. Use default value for those parameters that are not mentioned in the tables. [Rule‐based QoS]‐[Configuration] Configuration Path ■ Enable Rule‐based QoS ■ Enable Flexible Bandwidth Management 216 ...
Page 217 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Rule‐based QoS]‐[QoS Rule Configuration] Configuration Path WAN‐1 Interface IP 10.0.75.16 Subnet Mask: 255.255.255.240 (/28) Group Service Connection Sessions Resource Set Session Limitation 20000 Control Function Outbound QoS Direction Group Control Sharing Method Time Schedule (0) Always ■ Enable Rule Scenario Operation Procedure This rule defines that all client hosts, whose IP address is in the range of 10.0.75.16~31, can access the Internet via "WAN‐1" interface under the limitation of the maximum 20000 connection sessions totally at any time The Rule Based QoS allows user to configure QoS and bandwidth to set the limitation of total bandwidth of each WAN connection. Ensure QoS and Bandwidth are enabled and saved Go to Advanced Network > QoS & BWM > Rule‐based QoS Tab Configuration Item Value setting ...
Page 218 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. maximum of 128 rule‐based QoS rule sets. When Add button is applied QoS Rule Configuration screen will appear. QoS Rule Configuration Item Value setting Description Define the selected interface to be the packet‐entering/packet‐leaving interface of the router. Select All WANs to filter the packets entering to or leaving from any WAN interface. Interface A Must filled setting Select WAN‐1 to filter the packets entering to or leaving from WAN‐1. (WAN‐1 is available only when WAN‐1 interface is enabled) The same applies to other WAN interfaces (i.e. WAN‐2). This field is to specify the Group of the interface selected in the Interface setting above. Select Src. MAC Address to prioritize packets based on MAC. Configure Service in the next line then go to Resource_1. Group A Must filled setting Select IP to prioritize packets based on IP address and Subnet Mask. Configure Service in the next line, then go to Resource_2. Select Host Name to prioritize packets based on a group of a preconfigured group of host from the dropdown list. If the dropdown list empty ensure if any group is pre‐configured (Note_1) and ensure that QoS is enabled in the group (Note_2). 218 ...
Page 219 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Configure Service in the next line, then go to Resource_3. Note_1: Group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. Note_2: Ensure that QoS in the Multiple Bound Services field is checked. Refer to System > Grouping > Host grouping then click Edit button of one of the host group created. Select All to filter packets entering to or leaving from any service. Select DSCP to filter packets entering to or leaving from a DSCP packet type. Select TOS to filter packets entering to or leaving from a TOS packet type. Select User‐defined Service to filter packets entering to or leaving from a user‐ Service A Must filled setting defined port or port range, and the protocol could be TCP/UDP/Both protocol for these ports. Select Well‐known Service to filter packets entering to or leaving from a well‐ known service list. Specify resource to the QoS rule. When Bandwidth is selected It means the option Resource of rule‐based QoS Rule is bandwidth. In Control Function when Set MINR & MAXR is selected It means the option Control Function of rule‐based QoS Rule is set MINR & MAXR. You can assign min rate, max rate and rate unit for this rule. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound Resource_1 means the Group option is a source group. (for Group Src. MAC A Must filled setting Address settings When Inbound is selected only) It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. ...
Page 220 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Click the Save button to save the settings When Connection Sessions is selected It means the option Resource of rule‐based QoS Rule is connection sessions. In Control Function when Set Session Limitation is selected It means the option Control Function of rule‐based QoS Rule is set session limitation. You must fill the session number in the textbox. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. Time Schedule (A Must filled setting) Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings When Priority Queues is selected It means the option Resource of rule‐based QoS Rule is priority queues. In Control Function when Set Priority is selected It means the option Control Function of rule‐based QoS Rule is set priority. You must fill the priority queue number in the textbox. Each priority have its own bandwidth. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. 220 ...
Page 221 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. Time Schedule (A Must filled setting) Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings When DiffServ Code Points is selected It means the option Resource of rule‐based QoS Rule is DiffServ Code Points. In Control Function when DSCP Marking is selected It means the option Control Function of rule‐based QoS Rule is DSCP marking. You must select one from the list. DSCP Marking will mark with Code Point in Packet. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. Time Schedule (A Must filled setting) Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings Specify resource to the QoS rule. Select Bandwidth is selected Resource_2 It means the option Resource of rule‐based QoS Rule is bandwidth. (for Group IP A Must filled setting In Control Function when Set MINR & MAXR is selected settings only) It means the option Control Function of rule‐based QoS Rule is set MINR & MAXR. You can assign min rate, max rate and rate unit for this rule. ...
Page 222 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. Sharing Method (A Must filled setting) When Individual Control is selected, It means the option Sharing Method of rule‐based QoS Rule is Individual Control. When Group Control is selected, It means the option Sharing Method of rule‐based QoS Rule is Group Control. Time Schedule (A Must filled setting) Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings When Connection Sessions is selected It means the option Resource of rule‐based QoS Rule is connection sessions. In Control Function when Set Session Limitation is selected It means the option Control Function of rule‐based QoS Rule is set session limitation. You must fill the session number in the textbox. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. 222 ...
Page 223 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Sharing Method (A Must filled setting) When Individual Control is selected, It means the option Sharing Method of rule‐based QoS Rule is Individual Control. When Group Control is selected, It means the option Sharing Method of rule‐based QoS Rule is Group Control. Time Schedule (A Must filled setting) Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings When Priority Queues is selected It means the option Resource of rule‐based QoS Rule is priority queues. In Control Function when Set Priority is selected It means the option Control Function of rule‐based QoS Rule is set priority. You must fill the priority queue number in the textbox. Each priority have its own bandwidth. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. Time Schedule (A Must filled setting) Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings 223 ...
Page 224 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When DiffServ Code Points is selected It means the option Resource of rule‐based QoS Rule is DiffServ Code Points. In Control Function when DSCP Marking is selected It means the option Control Function of rule‐based QoS Rule is DSCP marking. You must select one from the list. DSCP Marking will mark with Code Point in Packet. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. Time Schedule (A Must filled setting) Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings Specify resource to the QoS rule. When Bandwidth is selected It means the option Resource of rule‐based QoS Rule is bandwidth. In Control Function when Set MINR & MAXR is selected It means the option Control Function of rule‐based QoS Rule is set MINR & MAXR. You can assign min rate, max rate and rate unit for this rule. QoS Direction (A Must filled setting) Resource_3 (for Group Host A Must filled setting When Outbound is selected Name settings only) It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected ...
Page 225 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Sharing Method (A Must filled setting) When Individual Control is selected, It means the option Sharing Method of rule‐based QoS Rule is Individual Control. When Group Control is selected, It means the option Sharing Method of rule‐based QoS Rule is Group Control. Time Schedule (A Must filled setting) Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings When Connection Sessions is selected It means the option Resource of rule‐based QoS Rule is connection sessions. In Control Function when Set Session Limitation is selected It means the option Control Function of rule‐based QoS Rule is set session limitation. You must fill the session number in the textbox. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. Time Schedule (A Must filled setting) Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings 225 ...
Page 226 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When Priority Queues is selected It means the option Resource of rule‐based QoS Rule is priority queues. In Control Function when Set Priority is selected It means the option Control Function of rule‐based QoS Rule is set priority. You must fill the priority queue number in the textbox. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. Time Schedule (A Must filled setting) Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings When DiffServ Code Points is selected It means the option Resource of rule‐based QoS Rule is DiffServ Code Points. In Control Function when DSCP Marking is selected It means the option Control Function of rule‐based QoS Rule is DSCP marking. You must select one from the list. DSCP Marking will mark with Code Point in Packet. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. 226 ...
Page 227 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Time Schedule (A Must filled setting) Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings 227 ...
Page 228: Vpn 2
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.5 VPN A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefitting from the functionality, security and management policies of the private network. This is done by establishing a virtual point‐to‐point connection through the use of dedicated connections, encryption, or a combination of the two. The ...
Page 229 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. VPN Configuration Enable VPN check box will activate all VPN related functions. The VPN configuration allows user to enable or disable all the VPN functions of the gateway device. The VPN enables check box must be checked to enable to allow IPSec, PPTP, L2TP and GRE to function. VPN Configuration Item Value setting Description The box is VPN unchecked by Check the Enable box to enable all VPN functions default Save N/A Click the Save button to save the settings 229 ...
Page 230: Ipsec 2
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.5.3 IPSec Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPSec includes protocols for establishing mutual authentication between agents at the beginning of the ...
Page 231 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The "Configuration" window is to enable the IPSec VPN function. In addition, if you want to activate the network neighborhood communication to work between both Intranets of local and remote peers in the IPSec VPN tunnel, you can check the "NetBIOS over IPSec" box. Moreover, if your security gateway is under a NAT router and you want to create an IPSec VPN tunnel between your ...
Page 232 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Site to Site Tunnel Scenario Scenario Application Timing The security gateway can be located at branch office or mobile office. When the client hosts behind the security gateway want to make a secure communication with the ones behind another security gateway in headquarters or another branch office, both security gateways need to establish a VPN tunnel first. Both Intranets of security gateways have their own subnet and the "Site to Site" tunnel scenario is used. "Site" means a subnet of client hosts. Scenario Description Both Initiator and Responder of IPSec tunnel must have a “Static IP” or a “FQDN” for "Site to Site" scenario. Any peer gateway can be worked as an Initiator or a Responder of the IPSec VPN tunnel. Two phases (IKE and IPSec) to negotiate for establishing an IPSec VPN tunnel with pre‐ shared key and optional X‐Auth account / password. Parameter Setup Example For Network‐A at HQ Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network‐A. Use default value for those parameters that are not mentioned in these 5 tables. 232 ...
Page 233 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel s2s‐101 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.76.0 Local Subnet 255.255.255.0 Local Netmask Disable Full Tunnel 10.0.75.0 Remote Subnet 255.255.255.0 Remote Netmask 118.18.81.33 Remote Gateway [IPSec]‐[Authentication] Configuration Path Key Management IKE+Pre‐shared Key 12345678 User Name Network‐A...
Page 234 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel s2s‐201 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.75.0 Local Subnet 255.255.255.0 Local Netmask Disable Full Tunnel 10.0.76.0 Remote Subnet 255.255.255.0 Remote Netmask 203.95.80.22 Remote Gateway [IPSec]‐[Authentication] Configuration Path IKE+Pre‐shared Key 12345678 Key Management User Name Network‐B Local ID User Name Network‐A Remote ID ...
Page 235 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Dynamic VPN Tunnel Scenario Business Security Gateway can ignore IP information of clients when using Dynamic VPN, so it is suitable for users to build VPN tunnels with Business Security Gateway from a remote mobile site. Remote peer is a site will be indicated in the negotiation packets, including what remote subnet is. It must be noted that the remote peer has to initiate the tunnel establishing process first in this application scenario. Scenario Application Timing If the security gateway in headquarters wants to allow any traveling employees to securely access the enterprise operation systems to access office resources from outside, the Dynamic VPN connection can be setup up to meet the requirement. These mobile employees are carrying with their notebooks or security supporting gateways outsides, and use these devices to connect to the Internet and try to access the enterprise resources at headquarters. But the IP address that the devices get is dynamic, not fixed. When the security gateway of headquarters need to check the IP address of a remote device during establishing a secure VPN tunnel for data communication, mobile devices will fail since they have not fixed IP address. So, to activate the "Dynamic VPN" function on the headquarters gateway is a fast approach for the secure data communication between mobile devices and the headquarters gateway. You can follow the deployment steps as below. Scenario Description 235 ...
Page 236 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Dynamic VPN is suitable for the Initiator being a mobile site or a mobile device with a dynamic IP, only the Responder has a “Static IP” or a “FQDN”. Two phases (IKE and IPSec) to negotiate for establishing an IPSec VPN tunnel with pre‐ shared key and optional X‐Auth account / password. Parameter Setup Example For Network‐A at HQ Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network‐A. Use default value for those parameters that are not mentioned in these 5 tables. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel dvpn‐101 Tunnel Name WAN 1 Interface Dynamic VPN Tunnel Scenario Always on Operation Mode [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.76.0 Local Subnet 255.255.255.0 Local Netmask [IPSec]‐[Authentication] Configuration Path IKE+Pre‐shared Key 12345678 Key Management ...
Page 237 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. ones in the setup example and they are not shown in followings. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel dvpn‐201 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode ■ Enable Keep alive  Ping FQDN www.abc.com , Interval 120 sec [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.75.0 Local Subnet 255.255.255.0 Local Netmask Full Tunnel Disable 10.0.76.0 Remote Subnet 255.255.255.0 Remote Netmask 203.95.80.22 or www.abc.com Remote Gateway ...
Page 238 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. server or database resources in the Intranet of Network‐A at HQ with a secured link. That means, the security gateway in headquarters supports "Dynamic VPN" function and then you, as a mobile user, can access its Intranet resources from remote side with a secured link; even your device is not on a fixed IP address.  "Full Tunnel"‐enabled Site to Site Tunnel Scenario In "Site to Site" tunnel scenario, the client hosts of remote site can securely access the enterprise resources in the Intranet of headquarters gateway via an established VPN tunnel, as described above. But the regular Internet accessing at remote site still go through the WAN interface of remote gateway, not the VPN tunnel. If you want all packets to be transferred from the Network‐B at branch office via this VPN tunnel, including the enterprise resource accessing and the Internet accessing, you can refer to following scenario example. When Full Tunnel function of remote Business Security Gateway is enabled, all data traffic from remote clients behind remote Business Security Gateway will go over the VPN tunnel. That is, if a user is operating at a PC that is in the Intranet of remote Business Security Gateway, all application packets and private data packets from the PC will be transmitted securely in the VPN tunnel to access the resources behind HQ Business Security Gateway, including surfing the Internet. As a result, every time the user surfs the web for shopping or searching data on Internet, checking personal emails, or ...
Page 239 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing The security gateway can be located at branch office or mobile office. When the client hosts behind the security gateway want to make a secure communication with the ones behind another security gateway in headquarters or another branch office, both security gateways need establish a VPN tunnel first. Both Intranets of security gateways have their own subnet and the "Site to Site" tunnel scenario is used. "Site" means a subnet of client hosts. Moreover, since the "Full Tunnel" feature is enabled at branch office site, all packet flows will go through the established VPN tunnel between both sites, including the HQ resource accessing and regular Internet accessing. Scenario Description Both Initiator and Responder of IPSec tunnel must have a “Static IP” or a “FQDN” for "Site to Site" scenario. Any peer gateway can be worked as an Initiator or a Responder of the IPSec VPN tunnel. Two phases (IKE and IPSec) to negotiate for establishing an IPSec VPN tunnel with pre‐ shared key and optional X‐Auth account / password. “Full Tunnel” feature to be enabled drives all packet flows from local site will be transferred via the established VPN tunnel. Parameter Setup Example For Network‐A at HQ Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network‐A. Use default value for those parameters that are not mentioned in these 5 tables. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec 239 ...
Page 240 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel s2s‐101 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.76.0 Local Subnet 255.255.255.0 Local Netmask Disable Full Tunnel 10.0.75.0 Remote Subnet 255.255.255.0 Remote Netmask 118.18.81.33 Remote Gateway [IPSec]‐[Authentication] Configuration Path IKE+Pre‐shared Key 12345678 Key Management User Name Network‐A Local ID User Name Network‐B Remote ID [IPSec]‐[IKE Phase] Configuration Path ...
Page 241 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel s2s‐201 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.75.0 Local Subnet 255.255.255.0 Local Netmask ■ Enable Full Tunnel 10.0.76.0 Remote Subnet 255.255.255.0 Remote Netmask 203.95.80.22 Remote Gateway [IPSec]‐[Authentication] Configuration Path IKE+Pre‐shared Key 12345678 Key Management User Name Network‐B Local ID User Name Network‐A Remote ID [IPSec]‐[IKE Phase] Configuration Path ...
Page 242 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IPSec Setting The IPsec Setting allows user to create and configure IPSec tunnels. Before you proceed ensure that the VPN is enabled and saved. To enable VPN, go to Advanced Network > VPN > Configuration tab. Enabling IPSec Go to Advanced Network > VPN > IPSec tab Enable IPSec Window Item Value setting Description Unchecked by IPsec Click the Enable box to enable IPSec function. default Unchecked by NetBIOS over IPSec Click the Enable box to enable NetBIOS over IPSec function. default Unchecked by ...
Page 243 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When Add/Edit button is applied a series of configuration screen will appear. 243 ...
Page 244 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Tunnel Configuration Window Item Value setting Description Unchecked by Tunnel Check the Enable box to activate the IPSec tunnel default 1. A Must fill setting Tunnel Name Enter a tunnel name. Enter a name that is easy for you to identify. 2. String format can be any text 1. A Must fill setting 2. WAN 1 is selected by default Interface Select WAN interface on which IPSec tunnel is to be established. Select an IPSec tunneling scenario from the dropdown box for your 1. A Must fill setting application. Select Site‐to‐Site, Site‐to‐Host, Host‐to‐Site, Host‐to‐Host, or Dynamic VPN. 2. Site to site is Tunnel Scenario selected by default With Site‐to‐Site or Site‐to‐Host or Host‐to‐Site, IPSec operates in tunnel mode. The difference among them is the number of subnets. With Host‐to‐ Host, IPSec operates in transport mode. Select from the dropdown box to setup your gateway for Hub‐and‐Spoke IPsec VPN Deployments. Select None if your deployments will not support Hub or Spoke encryption. 1. An optional setting Select Hub for a Hub role in the IPSec design. Hub and Spoke ...
Page 245 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. interfaces to balance traffic loads. For more details on WAN Load Balance, refer to Load Balance Usage in this manual. On gateway’s web‐based utility, go to Basic Network > WAN > Load Balance tab. Note: Failover and Load Balance functions are not available for Dynamic VPN specified in Tunnel Scenario. 1. A Must fill setting Encapsulation Select the Encapsulation Protocol from the dropdown box for this IPSec 2. ESP is selected by Protocol tunnel. Available encapsulations are ESP and AH. default Check the Enable box to enable Keep alive function. 1. Unchecked by Select Ping IP to keep live and enter the IP address to ping. default Keep alive Enter the ping time interval in seconds. 2. 30s is set by Note: Keep alive option is not available for Dynamic VPN specified in default Tunnel Scenario. 245 ...
Page 246 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Local & Remote Configuration Window Item Value setting Description Specify the Local Subnet IP address and Subnet Mask. Click the Add or Delete button to add or delete a Local Subnet. Note_1: When Dynamic VPN option in Tunnel Scenario is selected, there A Must fill setting Local Subnet List will be only one subnet available. Note_2: When Host‐to‐Site or Host‐to‐Host option in Tunnel Scenario is selected, Local Subnet will not be available. Note_3: When Hub and Spoke option in Hub and Spoke is selected, there will be only one subnet available. Click Enable box to enable Full Tunnel. Unchecked by Full Tunnel Note: Full tunnel is available only for Site‐to‐Site specified in Tunnel default Scenario. Specify the Remote Subnet IP address and Subnet Mask. Remote Subnet List A Must fill setting Click the Add or Delete button to add or delete Remote Subnet setting. 1. A Must fill setting. 2. Format can be a Remote Gateway Specify the Remote Gateway. ipv4 address or FQDN Authentication Configuration Window Item Value setting Description Select Key Management from the dropdown box for this IPSec tunnel. ...
Page 247 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. include but can’t be all numbers. Select FQDN for Local ID and enter the FQDN. Select User@FQDN for Local ID and enter the User@FQDN. Select Key ID for Local ID and enter the Key ID (English alphabet or number). Specify the Remote ID for this IPSec tunnel to authenticate. Selected User Name for Remote ID and enter the username. The username may include but can’t be all numbers. Select FQDN for Local ID and enter the FQDN. Remote ID An optional setting Select User@FQDN for Remote ID and enter the User@FQDN. Select Key ID for Remote ID and enter the Key ID (English alphabet or number).. Note: Remote ID will be not available when Dynamic VPN option in Tunnel Scenario is selected. IKE Phase Configuration Window Item Value setting Description Specify the IKE version for this IPSec tunnel. Select v1 or v2 1. A must fill setting Note: IKE versions will not be available when Dynamic VPN option in IKE Version 2. v1 is selected by Tunnel Scenario is selected, or AH option in Encapsulation Protocol is default selected. Main Mode is set by Specify the Negotiation Mode for this IPSec tunnel. Select Main Mode or Negotiation Mode default default Aggressive Mode. Specify the X‐Auth role for this IPSec tunnel. Select Server, Client, or None. Selected None no X‐Auth authentication is required. Selected Server this gateway will be an X‐Auth server. Click on the X‐Auth ...
Page 248 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 180s and Delay 30s 1. A Must fill setting Phase1 Key Life 2. Default 3600s Specify the Phase1 Key Life Time Time 3. Max. 86400s IKE Proposal Definition Window Item Value setting Description Specify the Phase 1 Encryption method. AES‐ auto/AES128/AES192/AES256/DES/3DES Specify the Authentication method. None/MD5/SHA1/SHA2‐256/SHA2‐512 IKE Proposal A Must fill setting Definition Specify the DH Group None/Group1/ Group2/ Group5/ Group14/ Group15/ Group16/ Group17/ Group18/ Check Enable box to enable this setting IPSec Phase Window Item Value setting Description 1. A Must fill setting Phase2 Key Life 2. 28800s is set by Specify the Phase2 Key Life Time in second. Time default 3. Max. 86400s ...
Page 249 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IPSec Proposal Definition Window Item Value setting Description Specify the Encryption method None/AES‐auto/AES128/AES192/AES256/DES/3DES Specify Authentication method IPSec Proposal None/MD5/SHA1/SHA2‐256/SHA2‐512 A Must fill setting Definition Specify the PFS Group None/Group1/ Group2/ Group5/ Group14/ Group15/ Group16/ Group17/ Group18/ Click Enable to enable this setting Save N/A Click Save to save the settings Undo N/A Click Undo button to cancel the settings Back N/A Click Back button to return to the previous page. Manual Key Management This section describes parameters available for configuring tunnel authentications manually as described in Key Management section under Authentication configuration window in the previous pages. When Manually option is selected for Key Management described in Authentication Configuration Window, a series of configuration windows for Manual IPSec Tunnel configuration will appear. The configuration windows are the Tunnel configuration, the Local & Remote Configuration, the Authentication, the Manual Proposal. The windows may look similar to the ones below. 249 ...
Page 250 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Tunnel Configuration Window Item Value setting Description Unchecked by Tunnel Check the Enable box to activate the IPSec tunnel default 1. A Must fill setting Tunnel Name Enter a tunnel name. Enter a name that is easy for you to identify. 2. String format can be any text 1. A Must fill setting Interface Select WAN interface on which IPSec is to be established. 2. WAN 1 is selected by default Select an IPSec tunneling scenario from the dropdown box for your 1. A Must fill setting application. Select Site‐to‐Site, Site‐to‐Host, Host‐to‐Site, or Host‐to‐Host. Tunnel Scenario 2. Site to site is With Site‐to‐Site or Site‐to‐Host or Host‐to‐Site, IPSec operates in tunnel selected by default mode. The difference among them is the number of subnets. With Host‐to‐ Host, IPSec operates in transport mode. 250 ...
Page 251 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. There are three available operation modes. Always On, Failover, Load Balance. Define whether the IPSec tunnel is a failover tunnel function or an always on tunneling Note: If this IPSec is a failover tunneling, you will need to select the primary IPSec tunnel from which to failover to. 1. A Must fill setting Define whether the IPSec tunnel connection will take part in load balance Operation Mode 2. Alway on is function of the gateway. You will not need to select with WAN interface as selected by default the system will automatically utilize the available WAN interfaces to balance traffic loads. For more details on WAN Load Balance, refer to Load Balance Usage in this manual. On gateway’s web‐based utility, go to Basic Network > WAN > Load Balance tab. Note: Failover and Load Balance functions are not available for Dynamic VPN specified in Tunnel Scenario. 1. A Must fill setting Encapsulation Select the Encapsulation Protocol from the dropdown box for this IPSec 2. ESP is selected by Protocol tunnel. Available encapsulations are ESP and AH. default Click the Enable box to enable Keep alive function. 1. Unchecked by Select Ping IP to keep live and enter the IP address to ping. default Keep alive Enter the ping time interval in seconds. 2. 30s is set by Note: Keep alive option is not available for Dynamic VPN specified in Tunnel default Scenario. Local & Remote Configuration Window Item ...
Page 252 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Authentication Configuration Window Item Value setting Description Select Key Management from the dropdown box for this IPSec tunnel. In this section Manually is the option selected. Key Management A Must fill setting For IKE+Pre‐shared Key and IKE+X.509 option, please refer to the table in previous 5 pages where key management is described. Specify the Local ID for this IPSec tunnel to authenticate. Local ID An optional setting Select the Key ID for Local ID and enter the Key ID (English alphabet or number). Specify the Remote ID for this IPSec tunnel to authenticate. Remote ID An optional setting Select Key ID for Remote ID and enter the Key ID (English alphabet or number). Manual Proposal Window Item Value setting Description Outbound SPI Hexadecimal format Specify the Outbound SPI for this IPSec tunnel. Inbound SPI Hexadecimal format Specify the Inbound SPI for this IPSec tunnel. Specify the Encryption Method and Encryption key Available encryption methods are DES/3DES/AES128/AES192/AES256 1. A Must fill setting The key length for DES is 16, 3DES is 48, AES128 is 32, AES192 is 48, AES256 Encryption 2. Hexadecimal is 64. ...
Page 253 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Back N/A Click Back button to return to the previous page. 253 ...
Page 254 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.5.5 PPTP The Point‐to‐Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. The PPTP specification does not describe encryption or authentication features and relies on the Point‐to‐Point Protocol being tunneled to implement security functionality. However, the most ...
Page 255 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. time. Define and choose either one role for your router in the "Configuration" window and configure all required parameters beneath the "Configuration" window. Then configure parameters on another gateway to takes another role. Above diagram is the server role configuration and following diagram shows the client role configuration. When you want to configure "PPTP Server" role for the security gateway, there are 4 more configuration windows: "PPTP Server Configuration", "PPTP Server Status", "User Account List" and "User Account Configuration". However, when you want to configure "PPTP Client" role for the security gateway, there are 3 more configuration windows: "PPTP Client Configuration", "PPTP Client List & ...
Page 256 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. "MS‐CHAP v2" for the authentication protocol, you also can specify if the PPTP server needs the MPPE encryption and its key length for the authentication process. PPTP Server Status "PPTP Server Status" window shows the dialing in status to the PPTP VPN server, including the used user name, remote IP address, the obtained virtual IP address and call ID of all PPTP clients. User Account List "User Account List" lists your defined user accounts that can be accepted by the PPTP server. User Account Configuration "User Account Configuration" window can let you specify the required parameters for a PPTP client account, such as user name, password and account activation. Add one new user account by ...
Page 257 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Above diagram illustrates the security gateway at headquarters playing the PPTP VPN server role. The PPTP tunnel is established by starting from PPTP client, the Security Gateway 2 in Network‐B or the mobile device, like notebook. All client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established PPTP tunnel. Usually, these hosts at PPTP client peer access the Internet directly via the WAN interface of Security Gateway 2. Only the packets whose destination is in the dedicated subnet to Network‐A will be transferred via the PPTP tunnel. Scenario Description PPTP Tunneling is a Client and Server based tunneling technology. The PPTP Server must have a Static IP or a FQDN and maintain a Client list (account / password). The Client may be a mobile user or mobile site and requesting the PPTP tunnel connection with its account / password. PPTP protocol is used for establishing a PPTP VPN tunnel. Parameter Setup Example 257 ...
Page 258 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. For Network‐A at HQ Following 3 tables list the parameter configuration for above example diagram of PPTP VPN server in Network‐A. Use default value for those parameters that are not mentioned in these tables. [PPTP]‐[Configuration] Configuration Path ■ Enable PPTP Server Client/Server [PPTP]‐[PPTP Server Configuration] Configuration Path ■ Enable PPTP Server 192.168.101.253 Server Virtual IP 10 IP Pool Starting Address (that means 192.168.101.10) 50 IP Pool Ending Address (that means 192.168.101.50) MS‐CHAP Authentication Protocol ■ Enable 128 bits MPPE Encryption [PPTP]‐[User Account Configuration] Configuration Path ID 1 User‐1 User‐2 User Name 1234 4321 ...
Page 259 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. "PPTP Client Configuration" window can let you enable the PPTP client function by checking the "Enable" box. PPTP Client List & Status "PPTP Client List & Status" window shows your defined PPTP clients and their tunnel connection status. Only some important information for all tunnels are shown in the list as following diagram. Configuration for A PPTP Client "Configuration for A PPTP Client" window let you specify the required parameters for a PPTP VPN client, such as "PPTP Client Name", "Interface", "Operation Mode", "Remote IP/FQDN", "User Name", "Password", "Default Gateway/Remote Subnet", "Authentication Protocol", "MPPE Encryption", "NAT before Tunneling", "LCP Echo Type" and tunnel activation. Please be noted the "Default Gateway/Remote Subnet" configuration item. There are two options, "Default Gateway" and "Remote Subnet". When you choose "Remote Subnet", you need specify one more setting: the remote subnet. It is for the Intranet of PPTP VPN server. So, at PPTP client peer, the packets whose destination is in the dedicated subnet will be transferred via the PPTP VPN tunnel. Others will be transferred based on current routing policy of the security gateway at PPTP client peer. But, if you choose "Default Gateway" option for the PPTP client peer, all packets will be transferred via the PPTP VPN tunnel. That means the remote PPTP VPN server gateway controls the flowing of any ...
Page 260 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Above diagram illustrates the Security Gateway 2 or the mobile device playing the PPTP VPN client role. The PPTP tunnel is established by the PPTP client making the tunnel connection request initiation and the Security Gateway 1 in Network‐A of headquarters serves as the PPTP VPN server responding to the request. Once the tunnel has been established, all client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established PPTP tunnel. Usually, these hosts at PPTP client peer access the Internet directly via the WAN interface of Security Gateway 2. Only the packets whose destination is in the dedicated subnet to Network‐A will be transferred via the PPTP tunnel. But if PPTP client peer is configured to all packets are delivered via the PPTP tunnel, as shown in the diagram by configuring the PPTP tunnel is the default gateway at PPTP client peer, the Internet accessing packets will be also sent to the Security Gateway 1 in Network‐A and be re‐transferred to the Internet. That means the Internet accessing of PPTP Client peer is also controlled by the Security Gateway 1, the PPTP VPN server. Scenario Description PPTP Tunneling is a Client and Server based tunneling technology. 260 ...
Page 261 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The PPTP Server must have a Static IP or a FQDN, and maintain a Client list (account / password). The Client may be a mobile user or mobile site, and requesting the PPTP tunnel connection with its account / password. PPTP protocol is used for establishing a PPTP VPN tunnel. The PPTP Client’s “Default Gateway/Remote Subnet” setting determines how the Internet traffic from PPTP client site is handled. Parameter Setup Example For Network‐B at Mobile Office Following 3 tables list the parameter configuration for above example diagram of PPTP VPN client in Network‐B. Use default value for those parameters that are not mentioned in these tables. [PPTP]‐[Configuration] Configuration Path ■ Enable PPTP Client Client/Server [PPTP]‐[PPTP Client Configuration] Configuration Path ■ Enable PPTP Client [PPTP]‐[ Configuration for A PPTP Client] Configuration Path PPTP #1 PPTP Client Name WAN 1 Interface 203.95.80.22 Remote IP/FQDN User‐1 User Name ...
Page 262 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2 is configured to "Default Gateway", the Internet accessing of PPTP Client peer also go through the established PPTP VPN tunnel, and the Security Gateway 1 can control the accessing as same as the HQ resource accessing. PPTP Setting The PPTP setting allows user to create and configure PPTP tunnels. Before you proceed ensure that the VPN is enabled and saved. To enable VPN, go to Advanced Network > VPN > Configuration tab. Enabling PPTP Go to Advanced Network > VPN > PPTP tab Enable PPTP Window Item Value setting Description Unchecked by PPTP Click the Enable box to activate PPTP function. default Specify the role of PPTP. Select Server or Client role your gateway will take. Client/Server A Must fill setting Below are the configuration windows for PPTP Server and for Client. Save N/A Click Save button to save the settings 262 ...
Page 263 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPTP Server The gateway supports up to a maximum of 10 PPTP user accounts. When Server in the Client/Server field is selected, the PPTP server configuration window will appear. PPTP Server Configuration Window Item Value setting Description Unchecked by PPTP Server Check the Enable box to enable PPTP server role of the gateway. default 1. A Must fill setting Specify the PPTP server Virtual IP address. The virtual IP address will serve Server Virtual IP as the virtual DHCP server for the PPTP clients. Clients will be assigned a 2. Default is virtual IP address from it after the PPTP tunnel has been established. 192.168.10.1 This is the PPTP server’s Virtual IP DHCP server. User can specify the first IP 1. A Must fill setting IP Pool Starting address for the subnet from which the PPTP client’s IP address will be Address 2. Default is 10 assigned. This is the PPTP server’s Virtual IP DHCP server. User can specify the last IP 1. A Must fill setting IP Pool Ending address for the subnet from which the PPTP client’s IP address will be Address 2. Default is 100 assigned. Authentication ...
Page 264 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. default PAP/CHAP/MS‐CHAP/MS‐CHAPv2. Specify whether to support MPPE Protocol. Click the Enable box to enable MPPE and from dropdown box to select 40 bits/56 bits/128 bits. MPPE Encryption A Must fill setting Note: when MPPE Encryption is enabled, the Authentication Protocol PAP/CHAP options will not be available. Save N/A Click Save button to save the settings. Undo N/A Click Undo button to cancel the settings. PPTP Server Status Window Item Value setting Description It displays the User Name, Remote IP, Remote Virtual IP, Remote Call ID of the PPTP Server Status N/A connected PPTP clients. User Account List Window Item Value setting Description This is the PPTP authentication user account entry. You can create and add ...
Page 265 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPTP Client When select Client in Client/Server, a series PPTP Client Configuration will appear. PPTP Client Setting Window Item Value setting Description Unchecked by PPTP Client Check the Enable box to enable PPTP client role of the gateway. default Save N/A Click Save button to save the settings. Undo N/A Click Undo button to cancel the settings. Create/Edit PPTP Client The gateway supports up to a maximum of 32 simultaneous PPTP tunnels. When Add/Edit button is applied a series PPTP Client Configuration will appear. 265 ...
Page 266 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPTP Client Configuration Window Item Value setting Description Tunnel Name A Must fill setting Enter a tunnel name. Enter a name that is easy for you to identify. 1. A Must fill setting Select WAN interface on which PPTP tunneling is to be established. Interface 2. WAN1 is selected by default 1. A Must fill setting There are three available operation modes. Always On, Failover, Load Balance. 2. Alwasy on is selected by default Failover/ Always Define whether the PPTP client is a failover tunnel function or an always on tunnel. Note: If this PPTP is a failover tunneling, you will need to select a primary IPSec tunnel from which to failover to. Operation Mode Load Balance Define whether the PPTP tunnel connection will take part in load balance function of the gateway. You will not need to select which WAN interface as the system will automatically utilize the available WAN interfaces to balance traffic loads. For more details on WAN Load Balance, refer to Load Balance Usage in this manual. On gateway’s web‐based utility, go to Basic Network > WAN > Load Balance tab. 1. A Must fill setting. Enter the public IP address or the FQDN of the PPTP server. 2. Format can be a Remote IP/FQDN ipv4 address or FQDN A Must fill setting Enter the Username for this PPTP tunnel to be authenticated when Username connect to PPTP server. ...
Page 267 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1. Unchecked by Specify whether PPTP server supports MPPE Protocol. Click the Enable box default to enable MPPE. MPPE Encryption 2. an optional setting Note: when MPPE Encryption is enabled, the Authentication Protocol PAP/CHAP options will not be available. 1. Unchecked by Check the Enable box to enable NAT function for this PPTP tunnel. NAT before default Tunneling 2. an optional setting Auto is set by default Specify the LCP Echo Type for this PPTP tunnel. Auto, User‐defined, Disable. Auto the system sets the Interval and Max. Failure Time. LCP Echo Type User‐defined enter the Interval and Max. Failure Time. Disable disable the LCP Echo. Unchecked by Check the Enable box to enable this PPTP tunnel. Tunnel default Save N/A Click Save button to save the settings. Undo N/A Click Undo button to cancel the settings. Back N/A Click Back button to return to the previous page. ...
Page 268: L2Tp 2
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.5.7 L2TP Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy. This Gateway can behave as a L2TP server and a L2TP client both at the same time. Deploy a security gateway for local office and establish a virtual private network with the remote gateway of another office by using L2TP tunneling. So, all client hosts behind local security gateway can make data communication with others behind remote gateway. Or when you are a mobile user with your notebook or carrying along a security gateway and you want to access the servers and database in company headquarters (HQ). Moreover, the security ...
Page 269 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. beneath the "Configuration" window. Then configure parameters on another gateway to take another role. Above diagram is the server role configuration and following diagram shows the client role configuration. When you want to configure "L2TP Server" role for the security gateway, there are 4 more configuration windows: "L2TP Server Configuration", "L2TP Server Status", "User Account List" and ...
Page 270 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. the L2TP server needs the MPPE encryption and its key length for the authentication process. L2TP Server Status "L2TP Server Status" window shows the dialing in status to the L2TP VPN server, including the used user name, remote IP address, the obtained virtual IP address and call ID of all L2TP clients. User Account List "User Account List" lists your defined user accounts that can be accepted by the L2TP server. User Account Configuration "User Account Configuration" window can let you specify the required parameters for a L2TP client account, such as user name, password and account activation. Add one new user account by ...
Page 271 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Above diagram illustrates the security gateway at headquarters playing the L2TP VPN server role. The L2TP tunnel is established by starting from L2TP client, the Security Gateway 2 in Network‐B or the mobile device, like notebook. All client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established L2TP tunnel. Usually, these hosts at L2TP client peer access the Internet directly via the WAN interface of Security Gateway 2. Only the packets whose destination is in the dedicated subnet to Network‐A will be transferred via the L2TP tunnel. Scenario Description L2TP Tunneling is a Client and Server based tunneling technology. The L2TP Server must have a Static IP or a FQDN, and maintain a Client list (account / password); The Client may be a mobile user or mobile site, and requesting the L2TP tunnel connection with its account / password. L2TP protocol is used for establishing an L2TP VPN tunnel. Parameter Setup Example For Network‐A at HQ Following 3 tables list the parameter configuration for above example diagram of L2TP VPN server in Network‐A. Use default value for those parameters that are not mentioned in these tables. [L2TP]‐[Configuration] Configuration Path ■ Enable L2TP Server Client/Server Configuration Path [L2TP]‐[L2TP Server Configuration] ■ Enable L2TP Server ■ Enable Preshare Key 12345678 L2TP over IPSec Server Virtual IP 192.168.101.253 10 IP Pool Starting Address ...
Page 272 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In above diagram, Network‐A is in the headquarters, and the subnet of its Intranet is 10.0.76.0/24. The security gateway for Network‐A has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN interface. It serves as a L2TP server. However, Network‐B is in the mobile office and the subnet of its Intranet is 10.0.75.0/24. The security gateway for Network‐B has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a L2TP client. L2TP server provides two user accounts, User‐1 and User‐2, for L2TP clients dialing in. Establish a L2TP VPN tunnel by starting from the L2TP client site. So both Intranets of 10.0.75.0/24 and 10.0.76.0/24 can securely communicate each other. Finally, the client hosts in the Intranet of Network‐B at mobile office can access the server or database resources in the Intranet of Network‐A at HQ in a secured link.  L2TP VPN Client Scenario When you want the security gateway to play a L2TP client role, check the "Enable" box and choose "Client" option in the "L2TP Configuration" window. And make its related configuration in following sections. L2TP Client Configuration "L2TP Client Configuration" window can let you enable the L2TP client function by checking the "Enable" box. L2TP Client List & Status ...
Page 273 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. specify one more setting: the remote subnet. It is for the Intranet of L2TP VPN server. So, at L2TP client peer, the packets whose destination is in the dedicated subnet will be transferred via the L2TP VPN tunnel. Others will be transferred based on current routing policy of the security gateway at L2TP client peer. But, if you choose "Default Gateway" option for the L2TP client peer, all packets will be transferred via the L2TP VPN tunnel. That means the remote L2TP VPN server gateway controls the ...
Page 274 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. dedicated subnet to Network‐A will be transferred via the L2TP tunnel. But if L2TP client peer is configured to all packets are delivered via the L2TP tunnel, as shown in the diagram by configuring the L2TP tunnel is the default gateway at L2TP client peer, the Internet accessing packets will be also sent to the Security Gateway 1 in Network‐A and be re‐transferred to the Internet. That means the Internet accessing of L2TP Client peer is also controlled by the Security Gateway 1, the L2TP VPN server. Scenario Description L2TP Tunneling is a Client and Server based tunneling technology. The L2TP Server must have a Static IP or a FQDN, and maintain a Client list (account / password). The Client may be a mobile user or mobile site, and requesting the L2TP tunnel connection with its account / password. L2TP protocol is used for establishing a L2TP VPN tunnel. The L2TP Client’s “Default Gateway/Remote Subnet” setting determines how the Internet traffic from L2TP client site is handled. The L2TP over IPSec is usually used for BYOD devices to establish a secure VPN tunnel between mobile employees and company office. Parameter Setup Example For Network‐B at Mobile Office Following 3 tables list the parameter configuration for above example diagram of L2TP VPN client in Network‐B. Use default value for those parameters that are not mentioned in these tables. Configuration Path [L2TP]‐[Configuration] ■ Enable L2TP Client Client/Server [L2TP]‐[L2TP Client Configuration] Configuration Path ■ Enable L2TP Client [L2TP]‐[ Configuration for A L2TP Client] Configuration Path ...
Page 275 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In above diagram, Network‐A is in the headquarters, and the subnet of its Intranet is 10.0.76.0/24. The security gateway for Network‐A has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN interface. It serves as a L2TP server. However, Network‐B is in the mobile office and the subnet of its Intranet is 10.0.75.0/24. The security gateway for Network‐B has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a L2TP client. The L2TP client uses "User‐1" user account to dial in the L2TP server at HQ for establishing a L2TP VPN tunnel. So both Intranets of 10.0.75.0/24 and 10.0.76.0/24 can securely communicate each other. Finally, the client hosts in the Intranet of Network‐B at mobile office can access the server or database resources in the Intranet of Network‐A at HQ in a secured link. However, if the "Default Gateway/Remote Subnet" parameter in the Security Gateway 2 is configured to "Default Gateway", the Internet accessing of L2TP Client peer also go through the established L2TP VPN tunnel, and the Security Gateway 1 can control the accessing as same as the HQ resource accessing. The L2TP allows user to configure L2TP tunnel Ensure Configuration are enabled and saved Go to Advanced Network > VPN > L2TP When select Server in Client/Server, the L2TP server Configuration will appear. 275 ...
Page 276 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. L2TP Server Configuration Item Value setting Description The box is When click the Enable box L2TP unchecked by It will activate L2TP functions. default Specify the role of L2TP. Selected Server Client/Server A Must filled setting ‐>Set as a L2TP server and jump to server configuration page Selected Client ‐>Set as a L2TP client and jump to client configuration page The box is When click the Enable box L2TP Server unchecked by It will active L2TP server default The box is When click the Enable box. L2TP over IPSec unchecked by It will enable L2TP over IPSec and need to fill in the Pre‐shared Key. default Specify the L2TP server Virtual IP Server Virtual IP A Must filled setting It will set as this L2TP server local virtual IP Specify the L2TP server starting IP of virtual IP pool IP Pool Starting A Must filled setting Address ...
Page 277 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Specify the L2TP server ending IP of virtual IP pool IP Pool Ending A Must filled setting Address It will set as the ending IP which assign to L2TP client Specify the Authentication Protocol which this L2TP server allowed. Authentication A Must filled setting Selected PAP/CHAP/MS‐CHAP/MS‐CHAPv2 Protocol ‐>It will as the authentication protocol which the box be click. Specify the MPPE Protocol which this L2TP server allowed. When Click the Enable box ‐>It will enable MPPE MPPE Encryption A Must filled setting Selected 40 bits/56 bits/128 bits ‐>It will as the MPPE encryption which be choose. Note_1: If Enable box is be clock, Authentication Protocol PAP/CHAP will be available. Service Port A Must filled setting Specify the Service Port which L2TP server use. Save N/A Click the Save button to save the configuration. Undo N/A Click the Undo button to recovery the configuration. L2TP Server Status Item Value setting Description Show the L2TP client information which connect to this L2TP server. L2TP Server Status N/A Click the Refresh button to renew the L2TP client information. ...
Page 278 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When select Client in Client/Server, a series L2TP Client Configuration will appear. L2TP Client Configuration Item Setting Value setting Description L2TP Client The box is When click the Enable box unchecked by It will activate L2TP Client. default Save N/A Click the Save button to save the configuration. Undo N/A Click the Undo button to recovery the configuration. When Add/Edit button is applied a series of configuration screen will appear. 278 ...
Page 279 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. L2TP Client Configuration Item Setting Value setting Description When fill in the name Tunnel Name A Must filled setting It will be used to identify it in the tunnel list Define the selected interface to be the used for this L2TP tunnel Select WAN‐1 for this IPSec tunnel using. Interface A Must filled setting (WAN‐1 is available only when WAN‐1 interface is enabled) The same applies to other WAN interfaces (i.e. WAN‐2). The box is When click the Enable box. L2TP over IPSec unchecked by It will enable L2TP over IPSec and need to fill in the Pre‐shared Key. default Specify the Remote LNS IP/FQDN for this L2TP tunnel. Remote LNS A Must filled setting IP/FQDN Fill in the IP address or FQDN. Specify the Remote LNS Port for this L2TP tunnel. Remote LNS Port A Must filled setting Fill in the value for LNS port. Specify the Username for this L2TP tunnel to authenticate when connect to server. Username A Must filled setting Fill in the string as username. Specify the Password for this L2TP tunnel to authenticate when connect to Password A Must filled setting server. ...
Page 280 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When click the Enable box The box is ‐>It will enable MPPE for this L2TP tunnel. MPPE Encryption unchecked by Note_1: If Enable box is be click, Authentication Protocol PAP/CHAP will default be not available. When click the Enable box The box is NAT before unchecked by ‐>It will enable NAT for this L2TP tunnel. Tunneling default Specify the LCP Echo Type for this L2TP tunnel. Select Auto ‐>Auto setting the Interval and Max. Failure Time. LCP Echo Type A Must filled setting Selected User‐defined ‐>Fill in the Interval and Max. Failure Time for LCP. Selected Disable ‐>Disable LCP Echo and it will be not availabe. Service Port A Must filled setting Specify the Service Port for this L2TP tunnel to use. The box is When click Enable Tunnel unchecked by It will enable this L2TP tunnel default Save N/A Click the Save button to save the configuration. Undo ...
Page 281: Gre 2
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.5.9 GRE Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that encapsulate a wide variety of network layer protocols inside virtual point‐to‐point links over an Internet Protocol internetwork. Deploy a security gateway for local office and establish a virtual private network with the remote gateway of another office by using GRE tunneling. So, all client hosts behind local security gateway can make data communication with others behind remote gateway. The most popular scenario is the security gateway is located at a branch office. Employees in the branch office want to use their client hosts or devices behind the security gateway to access the resources in headquarters. These resources are located in the Intranet of headquarters, and the security gateway in headquarters supports the ...
Page 282 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The "Configuration" window is to enable the GRE VPN function by checking the Enable box. GRE Tunnel List "GRE Tunnel List" window shows all your defined GRE tunnel profiles and parameters include Tunnel Name, Interface, Operation Mode, IP address of local peer, IP address of remote peer, Key, TTL, if keep alive or not, tunnel as the Default Gateway or specifying the remote subnet to flow through the tunnel, and tunnel activation. GRE Rule Configuration "GRE Rule Configuration" window can let you specify all parameters for a GRE VPN tunnel. Take a GRE tunnel between the gateway in headquarters and the one in branch office as an example fo ...
Page 283 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. GRE Tunneling is similar to IPSec Tunneling, client requesting the tunnel establishment with the server. Both the client and the server must have a Static IP or a FQDN. Any peer gateway can be worked as either a client or a server, even using the same set of configuration rule. GRE Tunneling protocol is used for establishing an GRE VPN tunnel. Parameter Setup Example For Network‐A at HQ Following 2 tables list the parameter configuration for above example diagram of GRE VPN server in Network‐A. Use default value for those parameters that are not mentioned in these tables. Configuration Path [GRE]‐[Configuration] ■ Enable GRE [GRE]‐[GRE Rule Configuration] Configuration Path GRE HQ Tunnel Name Interface WAN 1 Always on Operation Mode 203.95.80.22 Tunnel IP Remote IP 118.18.81.33 1234 Key TTL Remote Subnet 10.0.75.0/24 Default Gateway/Remote Subnet ■ Enable Tunnel ...
Page 284 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Above diagram illustrates the security gateway in headquarters playing the GRE client role. In fact, the GRE tunnel establishment can be started from either site. The GRE tunnel is established by starting from GRE client, the Security Gateway 2 in Network‐B. All client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established GRE tunnel. Usually, these hosts at GRE client peer access the Internet directly via the WAN interface of Security Gateway 2. Only the packets whose destination is in the dedicated subnet to Network‐A will be transferred via the GRE tunnel. But if GRE client peer is configured to all packets are delivered via the GRE tunnel, as shown in the diagram by configuring the GRE tunnel is the default gateway at GRE client peer, the Internet accessing packets will be also sent to the Security Gateway 1 in Network‐A and be re‐ transferred to the Internet. That means the Internet accessing of GRE Client peer is also controlled by the Security Gateway 1, the LGRE VPN server. Scenario Description GRE Tunneling is similar to IPSec Tunneling, client requesting the tunnel establishment with the server. Both the client and the server must have a Static IP or a FQDN. Any peer gateway can be worked as either a client or a server, even using the same set of configuration. GRE Tunneling protocol is used for establishing a GRE VPN tunnel. If the GRE server at HQ supports DMVPN Hub function, like Cisco router as the VPN concentrator, the GRE client at branch office can activate the DMVPN spoke function here since it is implemented by GRE over IPSec tunneling. The GRE Client’s “Default Gateway/Remote Subnet” setting determines how the 284 ...
Page 285 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Internet traffic from GRE client site is handled. Parameter Setup Example For Network‐B at Branch Office Following 2 tables list the parameter configuration for above example diagram of GRE VPN server in Network‐B. Use default value for those parameters that are not mentioned in these tables. [GRE]‐[Configuration] Configuration Path ■ Enable GRE [GRE]‐[GRE Rule Configuration] Configuration Path GRE BO Tunnel Name WAN 1 Interface Operation Mode Always on 118.18.81.33 Tunnel IP 203.95.80.22 Remote IP 1234 Key TTL Default Gateway Default Gateway/Remote Subnet ■ Enable Tunnel Scenario Operation Procedure In above diagram, Network‐A is in the headquarters, and the subnet of its Intranet is 10.0.76.0/24. The security gateway for Network‐A has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN interface. It serves as a GRE server. However, Network‐B is in the branch office and the subnet of its Intranet is ...
Page 286 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. GRE Setting The GRE setting allows user to create and configure GRE tunnels. Before you proceed ensure that the VPN is enabled and saved. To enable VPN, go to Advanced Network > VPN > Configuration tab. . Enabling GRE Go to Advanced Network > VPN > GRE tab Enable GRE Window Item Value setting Description Unchecked by GRE Click the Enable box to enable GRE function. default 1. 32 is set by default Max. Concurrent It specifies the maximum number of simultaneous GRE tunnel connections. 2. Max. of 32 GRE Tunnels connections Save N/A Click Save button to save the settings Undo N/A Click Undo button to cancel the settings Create/Edit GRE tunnel ...
Page 287 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. GRE Rule Configuration Window Item Value setting Description Tunnel Name A Must fill setting Enter a tunnel name. Enter a name that is easy for you to identify. 1. A Must fill setting Select WAN interface on which GRE tunnel is to be established. Interface 2. WAN 1 is selected by default There are three available operation modes. Always On, Failover, Load Balance. Failover/ Always Define whether the GRE tunnel is a failover tunnel function or an Always on tunnel. Note: If this GRE is a failover tunneling, you will need to select a primary GRE tunnel from which to failover to. 1. A Must fill setting Load Balance Define whether the GRE tunnel connection will take part in Operation Mode 2. Alway on is load balance function of the gateway. You will not need to select with WAN selected by default interface as the system will automatically utilize the available WAN interfaces to balance traffic loads. For more details on WAN Load Balance, refer to Load Balance Usage in this manual. On gateway’s web‐based utility, go to Basic Network > WAN > Load Balance tab. Note: Failover and Load Balance functions are not available for Dynamic VPN specified in Tunnel Scenario. Tunnel IP A Must fill setting Enter the Tunnel IP address. Enter the Remote IP address of remote GRE tunnel gateway. Normally this Remote IP ...
Page 288 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1. A Must fill setting TTL Specify TTL hop‐count value for this GRE tunnel. 2. 1 to 255 range 1. Unchecked by Check the Enable box to enable Keep alive function. default Keep alive Select Ping IP to keep live and enter the IP address to ping. 2. 30s is set by Enter the ping time interval in seconds. default Specify a gateway for this GRE tunnel to reach GRE server. If the gateway uses its gateway IP address to connect to the internet to Default connect to the GRE server then select Default Gateway, otherwise, Gateway/Remote A Must fill setting specified a subnet and its netmask –the remote subnet, if the default Subnet gateway is not used to connect to the GRE server. The Remote Subnet format must be IP address/netmask (e.g. 10.0.0.2/24). Unchecked by Specify whether the gateway will support DMVPN Spoke for this GRE DMVPN Spoke default tunnel. Check Enable box to enable DMVPN Spoke. 1. Unchecked by Check Enable box to add pre‐shared key for GRE tunnel connection. default Enter a DMVPN spoke authentication Pre‐shared Key. GRE Pre‐shared Key 2. Pre‐shared Key 8 Note: Pre‐shared Key will not be available when DMVPN Spoke is not to 32 character enabled. length Check Enable box to enable NAT‐Traversal. ...
Page 289: D Openvpn 2
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.5.d OpenVPN OpenVPN is an application that implements virtual private network (VPN) techniques for creating secure point‐to‐point or site‐to‐site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. OpenVPN allows peers to authenticate each other using a Static key or certificates.When used in a multi‐client‐server configuration, it allows the server to release an authentication certificate for every client, using signature and Certificate authority. It uses the OpenSSL encryption library extensively, as well as the SSLv3/TLSv1 protocol, and contains many security and control features. Deploy a security gateway for local office and establish a virtual private network with the remote gateway of another office by using OpenVPN. So, all client hosts behind local security gateway can make data communication with others behind remote gateway. In the case when you are a mobile user with your notebook or carrying along a security gateway to access the servers and database in company headquarters (HQ). And that the security gateway in HQ supports the OpenVPN server function. You can dial in the HQ gateway and access the HQ ...
Page 290 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In "OpenVPN" page, there is the "Configuration" window to enable the OpenVPN function. The security gateway can either take "OpenVPN Server" role or "OpenVPN Client" role or they both. Define and choose either one role for your router in the "Configuration" window and configure all required parameters beneath the "Configuration" window. Then configure parameters on another gateway to take another role. Above diagram is the server role configuration and following diagram shows the client role configuration. 290 ...
Page 291 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. To configure "OpenVPN Server or Client" role for the security gateway as follows: Configuration The "Configuration" window is to enable the OpenVPN by checking the Enable box. In the "Client/Server" field of the "Configuration" window choose either "Server" or "Client". Choose Server to define the gateway as the L2TP VPN server for remote clients to initiate the connection to establish VPN tunnels. Or choose Client to create multiple OpenVPN clients to establish VPN tunnels to remote gateways. Moreover, the security gateway serves as the OpenVPN client and server simultaneously.  OpenVPN VPN Server Scenario When you want the security gateway to play an OpenVPN server role, check the "Enable" box and choose "Server" option in the "OpenVPN Configuration" window. And make its related configuration in following sections. Also refer to the above server role diagram. OpenVPN Server Configuration In the "OpenVPN Server Configuration" window you will enable the OpenVPN server function, ...
Page 292 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Above diagram illustrates the security gateway at headquarters playing the OpenVPN server role. The OpenVPN tunnel is established by starting from OpenVPN client, the Security Gateway 2 in Network‐B or the mobile device, like notebook. All client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established OpenVPN tunnel. Usually, these hosts at OpenVPN client peer access the Internet directly via the WAN interface of Security Gateway 2. Only the packets whose destination is in the dedicated subnet to Network‐A will be transferred via the OpenVPN tunnel. Scenario Description OpenVPN Tunneling is a Client and Server based tunneling technology. The OpenVPN Server must have a Static IP or a FQDN, and maintain a Client list. The Client may be a mobile user or mobile site, and requesting the OpenVPN tunnel connection. OpenVPN protocol is used for establishing an OpenVPN VPN tunnel. Parameter Setup Example For Network‐A at HQ Following below tables list the parameter configuration for above example diagram of OpenVPN server in Network‐A. 292 ...
Page 293 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Use default value for those parameters that are not mentioned in these tables. Configuration Path [OpenVPN]‐[Configuration] ■ Enable OpenVPN Server Configuration Server/Client [OpenVPN]‐[OpenVPN Server Configuration] Configuration Path ■ Enable OpenVPN Server TCP Protocol 443 Port TAP Tunnel Device PS: TAP also called “Bridging” behaves like a real network adapter and Broadcast traffic can transport. TUN called “Routing” transports only layer 3 IP packets. The user has to add routing rule according to the environment so that packets transfer smoothly. TLS Authorization Mode CA Cert: RootCA, Server Cert: Local.crt DH PEM : Default ‐‐‐‐‐BEGIN DH PARAMETERS‐‐‐‐‐ MIGHAoGBAMq4z88pL8X1dzmDmnr7nyV3w3L1rDU4Q+4SJiGQjR6b2nb4tf9jw/QJ W/ENgduKKXsltYSAzOZ9gXoNxwFGc9nKd4LfGpjQl9lIoHTp0eTdb9b5EKeR6B7h QxkfLBwVv1YZh9oUXm6pdewpg2QdZ2KtiOlMpgsJyaqRMQ3MlNB7AgEC ‐‐‐‐‐END DH PARAMETERS‐‐‐‐‐ PS: Security Gateway 1 is the role of RootCA and trusted CA. 10.0.76.100 IP Pool Starting Address 10.0.76.150 IP Pool Ending Address ...
Page 294 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. "Enable" box of Advanced Configuration.  OpenVPN VPN Client Scenario When you want the security gateway to play an OpenVPN client role, check the "Enable" box and choose "Client" option in the "OpenVPN Configuration" window. And make its related configuration in following sections. OpenVPN Client Configuration "OpenVPN Client Configuration" window can let you enable the OpenVPN client function by checking the "Enable" box. OpenVPN Client List "OpenVPN Client List" window shows your defined OpenVPN clients and their tunnel status. Only some important information for all tunnels are shown in the list in following diagram. Configuration for An OpenVPN Client "Configuration for An OpenVPN Client" window let you specify the required parameters for an ...
Page 295 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Above diagram illustrates the Security Gateway 2 or the mobile device playing the OpenVPN VPN client role. The OpenVPN tunnel is established by the OpenVPN client making the tunnel connection request initiation and the Security Gateway 1 in Network‐ A of headquarters serves as the OpenVPN server responding to the request. Once the tunnel has been established, all client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established OpenVPN tunnel. Moreover, these hosts at OpenVPN client peer access the Internet directly via the WAN interface of Security Gateway 1. As shown in the diagram by configuring the OpenVPN tunnel set “TAP” for OpenVPN client peer, the Internet accessing packets will be also sent to the Security Gateway 1 in Network‐A and be re‐transferred to the Internet. That means the Internet accessing of OpenVPN Client peer is also controlled by the Security Gateway 1, the OpenVPN VPN server. Scenario Description OpenVPN Tunneling is a Client and Server based tunneling technology. The OpenVPN Server must have a Static IP or a FQDN, and maintain a Client list; The Client may be a mobile user or mobile site, and requesting the OpenVPN tunnel connection. OpenVPN protocol is used for establishing an OpenVPN tunnel. 295 ...
Page 296 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Parameter Setup Example For Network‐B at Mobile Office Following 3 tables list the parameter configuration for above example diagram of OpenVPN VPN client in Network‐B. Use default value for those parameters that are not mentioned in these tables. [OpenVPN]‐[Configuration] Configuration Path ■ Enable OpenVPN Client Configuration Server/Client [OpenVPN]‐[OpenVPN Client Configuration] Configuration Path Client1 OpenVPN Client Name Interface WAN1 Protocol Port Tunnel Device PS: TAP also called “Bridging” behaves like a real network adapter and Broadcast traffic can transport. TUN called “Routing” transports only layer 3 IP packets. The user has to add routing rule according to the environment so that packets transfer smoothly. 203.95.80.22 Remote IP/FQDN 10.0.76.0/24 Authorization Mode CA Cert: RootCA, Client Cert: Remote.crt Blowfish Encryption Cipher SHA‐1 Hash Algorithm ...
Page 297 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Open VPN Setting T he configuration setting allows user to use OpenVPN. Ensure VPN is enabled and saved Go to Advanced Network > VPN > Configuration Tab Enable OpenVPN and select which server or client you want Item Value setting Description The box is unchecked by OpenVPN Check the Enable box to activate this OpenVPN function. default Server Configuration is When Server Configuration is selected, as the name suggest, server Server/ ...
Page 298 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When Server Configuration is selected Item Value setting Description The box is unchecked by OpenVPN Server Click the Enable to activate OpenVPN Server functions. default Define the selected Protocol for the OpenVPN Server which to be. Select TCP /UDP for OpenVPN Server which to be. Select TCP for OpenVPN Server which to be. A Must filled setting ‐>The OpenVPN will use TCP protocol, and Port will be set 443 Protocol By default TCP is automatically. selected. Select UDP for OpenVPN Server which to be. ‐> The OpenVPN will use UDP protocol, and Port will be set 1194 automatically. A Must filled setting Port Specify the Port for the OpenVPN Server to use. By default 443 is set. Specify the Tunnel Device for the OpenVPN Server to use. A Must filled setting Tunnel Device Select TUN for OpenVPN Server which to be. By default TUN is selected. ‐>The OpenVPN will use TUN tunnel device. 298 ...
Page 299 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Select TAP for OpenVPN Server which to be. ‐> The OpenVPN will use TAP tunnel device. Specify Static Key/TLS for the OpenVPN Server. Select Static Key for OpenVPN Server which to be. ‐>The OpenVPN will use static key authorization mode. The items Local Endpoint IP Address, Remote Endpoint IP Address and Static Key will be A Must filled setting display. Authorization By default Static Key is Mode Select TLS for OpenVPN Server which to be. selected. ‐>The OpenVPN will use TLS authorization mode. The items CA Cert., Server Cert. and DH PEM will be display. CA Cert. could be generated in Certificate. Refer to Advanced Network > Certificate > Trusted Certificates. Server Cert. could be generated in Certificate. Refer to Advanced Network > Certificate > My Certificates. DH PEM should let user enter the content. Specify the Local Endpoint IP Address. Local Endpoint A Must filled setting Note_1: Local Endpoint IP Address will be available only when Static Key IP Address is be chose in Authorization Mode. Specify the Remote Endpoint IP Address. Remote Endpoint IP A Must filled setting Note_1: Remote Endpoint IP Address will be available only when Static Address Key is be chose in Authorization Mode. Specify the Static Key. Static Key A Must filled setting Note_1: Static Key will be available only when Static Key is be chose in Authorization Mode. Specify the Server Virtual IP. Server Virtual IP ...
Page 300 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Specify the OpenVPN server Gateway Gateway A Must filled setting Note_1: Gateway will be available only when TAP is be chose in Tunnel Device and DHCP‐Proxy Mode is unchecked. Specify the OpenVPN server Netmask. Note_1: Netmask will be available when TAP is be chose in Tunnel Device By default ‐ select one ‐ Netmask and DHCP‐Proxy Mode is unchecked. is selected. Note_2: Netmask will be available when TUN is be chose in Tunnel Device. Specify the Encryption Cipher. Encryption By default Blowfish is Cipher selected. Selected the Blowfish/AES‐256/AES‐192/AES‐128/None. Specify the Hash Algorithm By default SHA‐1 is Hash Algorithm selected. Selected the SHA‐1/MD5/MD4/SHA2‐256/SHA2‐512/None. Specify the OpenVPN server Advanced Configuration setting. Advanced The box is unchecked by Configuration default. If it is checked, Advanced Configuration will be display below. Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings ...
Page 301 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When select Advanced Configuration in OpenVPN Server Configuration will appear. Item Value setting Description Specify the OpenVPN server TLS Cipher. By default TLS‐RSA‐ TLS Cipher WITH‐AES128‐SHA is Note_1: TLS Cipher will be available only when TLS is be chose in selected. Authorization Mode. LZO By default Adaptive is Specify the OpenVPN server LZO Compression. Compression selected. Specify the OpenVPN server TLS Auth. Key. TLS Auth. Key String format: any text Note_1: TLS Auth. Key will be available only when TLS is be chose in Authorization Mode. Redirect Default The box is checked by Specify the OpenVPN server Redirect Default Gateway. Gateway default The box is checked by Client to Client Specify the OpenVPN server Client to Client. default The box is checked by Duplicate CN Specify the OpenVPN server Duplicate CN. default A Must filled setting Tunnel MTU ...
Page 302 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. default Specify the OpenVPN server Tunnel UDP Fragment. Tunnel UDP The value is 1500 by Note_1: Tunnel UDP Fragment will be available only when UDP is be Fragment default chose in Protocol. Specify the OpenVPN server Tunnel UDP MSS‐Fix. Tunnel UDP The box is unchecked by Note_1: Tunnel UDP MSS‐Fix will be available only when UDP is be chose MSS‐Fix default. in Protocol. CCD‐Dir Default String format: any text Specify the OpenVPN server CCD‐Dir Default File. File Client Connection String format: any text Specify the OpenVPN server Client Connection Script. Script Additional String format: any text Specify the OpenVPN server Additional Configuration. Configuration When select Client in Client/Server, a series OpenVPN Client Configuration will appear. When Add/Edit button is applied a series OpenVPN Client Configuration will appear. 302 ...
Page 303 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Item Value setting Description OpenVPN Client A Must filled setting When fill in the name, it will be used to identify it in the tunnel list. Name Define the selected interface to be the used for this OpenVPN Client tunnel. Interface A Must filled setting Select WAN‐1 for this OpenVPN Client tunnel by default. Define the selected Protocol for the OpenVPN Client which to be. Select TCP /UDP for OpenVPN Client which to be. Select TCP for OpenVPN Client which to be. A Must filled setting ‐>The OpenVPN will use TCP protocol, and Port will be set 443 ...
Page 304 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. could be generated in Certificate. Refer to Advanced Network > Certificate > My Certificates. Specify the Local Endpoint IP Address. Local Endpoint IP A Must filled setting Note_1: Local Endpoint IP Address will be available only when Static Key Address is be chose in Authorization Mode. Specify the Remote Endpoint IP Address. Remote Endpoint IP A Must filled setting Note_1: Remote Endpoint IP Address will be available only when Static Address Key is be chose in Authorization Mode. Specify the Static Key. Static Key A Must filled setting Note_1: Static Key will be available only when Static Key is be chose in ...
Page 305 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 305 ...
Page 306 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. OpenVPN Client Advanced Configuration Item Value setting Description Specify the OpenVPN client TLS Cipher. By default TLS‐RSA‐ TLS Cipher WITH‐AES128‐SHA is Note_1: TLS Cipher will be available only when TLS is be chose in selected. Authorization Mode. LZO By default Adaptive is Specify the OpenVPN client LZO Compression. Compression selected. Specify the OpenVPN client TLS Auth. Key. TLS Auth. Key String format: any text Note_1: TLS Auth. Key will be available only when TLS is be chose in (Optional) Authorization Mode. Specify the OpenVPN client User Name. User Name String format: any text (Optional) Specify the OpenVPN client Password. Password String format: any text (Optional) The box is unchecked by NAT Specify the OpenVPN client NAT. default. Specify the OpenVPN client Bridge TAP to. By default VLAN1 is ...
Page 307 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Specify the OpenVPN client Tunnel UDP Fragment. Tunnel UDP The value is 1500 by Note_1: Tunnel UDP Fragment will be available only when UDP is be Fragment default chose in Protocol. Specify the OpenVPN client Tunnel UDP MSS‐Fix. Tunnel UDP The box is unchecked by Note_1: Tunnel UDP MSS‐Fix will be available only when UDP is be chose MSS‐Fix default. in Protocol. Specify the OpenVPN client nsCertType Verification. nsCertType The box is unchecked by Verification default. Specify the OpenVPN client Redirect Internet Traffic. Redirect The box is checked by Internet Traffic default. TLS Renegotiation The value is 3600 by Specify the OpenVPN client TLS Renegotiation Time. Time default (seconds) Connection Specify the OpenVPN client Connection Retry. Retry The value is ‐1 by default The value is ‐1 which represent infinite. ...
Page 308: Redundancy 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.7 Redundancy In engineering, redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system, usually in the form of a backup or fail‐safe. In an IP networking, the access gateway is the critical part of the networking system. Redundant gateway plays the backup one of the master gateway and it will take over the data transmitting job once it finds the master gateway failed. AMIT security gateway can serve as the redundant gateway of core router in the enterprise by using the Virtual Router Redundancy Protocol (VRRP). 5.7.1 VRRP The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol providing device redundancy. It allows a backup router or switch to automatically take over if the primary (master) router or switch fails. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP network. The protocol achieves this by creation of virtual routers, which are an abstract representation of multiple routers, i.e. master and backup routers, acting as a group. The default gateway of a participating host is assigned to the virtual router instead of a physical router. If the physical router that is routing packets on behalf of the virtual router fails, another physical router is selected to automatically replace it. The physical router that is forwarding packets at any given time is called the master router. In "VRRP" page, there is only one configuration window for Redundancy function. A group of ...
Page 309 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. function can join one group of redundant gateways to serve as the backup one for the master gateway. Fill same values of virtual server ID and IP for these gateways, and each gateway owns its own priority as the sequence in the backup list. They construct a VRRP redundant gateway group. Following diagram illustrates the group example with two member gateways. Scenario Application Timing When the enterprise gateway needs a reliable connection to the Internet, administrator can setup a group of VRRP redundant gateways as the enterprise entry gateway. Each member gateway connects to different ISP for a redundant connection to the Internet. So, the enterprise gateway is reliable even the master connection is failed. Scenario Description When the master gateway is disabled of its Internet connection, the backup gateway whose priority is the highest among the ones with alive Internet connection will take over the data communication duty and serves as the master. Once the backup gateway is recovered from terminated Internet connection and its priority is higher than the one of the master gateway, the data communication duty will return to it. 309 ...
Page 310 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Parameter Setup Example Following tables list the parameter configuration as a group example for the gateways in above diagram with "VRRP" enabling. Use default value for those parameters that are not mentioned in the tables.  Master Gateway [Ethernet LAN]‐[Configuration] ([Basic Network]‐[LAN&VLAN]) Configuration Path 10.0.75.1 LAN IP Address 255.255.255.0 (/24) Subnet Mask [VRRP]‐[Configuration] Configuration Path ■ Enable VRRP Virtual Server ID Priority of Virtual Server Virtual Server IP Address 10.0.75.200  Backup Gateway [Ethernet LAN]‐[Configuration] ([Basic Network]‐[LAN&VLAN]) Configuration Path 10.0.75.2 LAN IP Address 255.255.255.0 (/24) Subnet Mask [VRRP]‐[Configuration] Configuration Path ■ Enable VRRP Virtual Server ID Priority of Virtual Server Virtual Server IP Address 10.0.75.200 ...
Page 311 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. VRRP Setting T he Virtual Router Redundancy Protocol (VRRP) setting allows user to assign available Internet Protocol (IP) routers to participating hosts automatically. Go to Advanced Network > Redundancy > VRRP Tab VRRP Item Value setting Description Enable VRRP The box is unchecked by Check the Enable box to activate this VRRP function function default 1. Numberic String Define the Virtual Server ID on VRRP of the router. The value range is from Format Virtual Server ID 1 to 255. 2. A Must filled setting 1. Numberic String Priority of Define the Priority of Virtual Server on VRRP of the router. The value range Format Virtual Server is from 1 to 254. 2. A Must filled setting 1. IPv4 Format Virtual Server IP Define the Virtual Server IP Address on VRRP of the router. Address ...
Page 312: System Management 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.9 System Management System management refers to enterprise‐wide administration of distributed systems including (and commonly in practice) computer systems. Centralized management has a time and effort trade‐off that is related to the size of the company, the expertise of the IT staff, and the amount of technology being used. This device supports many system management protocols, such as TR‐069, SNMP, Telnet with CLI and UPnP. You can setup those configurations in the "System Management" section. 5.9.1 TR‐069 TR‐069 (Technical Report 069) is a Broadband Forum technical specification entitled CPE WAN ...
Page 313 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. time interval for job inquiry. Except the inquiry time, there are no activities between the ACS server and the gateways until the next inquiry cycle. But if the ACS server has new jobs that are expected to do by the gateways urgently, it will ask these gateways by using connection request related information for immediate connection for inquiring jobs and executing. Scenario Application Timing When the enterprise data center wants to use an ACS server to manage remote gateways geographically distributed elsewhere in the world, the gateways in all branch offices must have an embedded TR‐069 agent to communicate with the ACS server. So that the ACS server can configure, FW upgrade and monitor these gateways and their corresponding Intranets. Scenario Description The ACS server can configure, upgrade with latest FW and monitor these gateways. Remote gateways inquire the ACS server for jobs to do in each time period. The ACS server can ask the gateways to execute some urgent jobs. Parameter Setup Example Following tables list the parameter configuration as an example for the Gateway 1 in above diagram with "TR‐069" enabling. Use default value for those parameters that are not mentioned in the tables. 313 ...
Page 314 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [TR‐069]‐[Configuration] Configuration Path ■ Enable TR‐069 ACS URL http://qaamit.acslite.com/cpe.php ACSUserName ACS User Name ACSPassword ACS Password 8099 ConnectionRequest Port ConnReqUserName ConnectionRequest User Name ConnReqPassword ConnectionRequest Password ■ Enable Interval 900 Inform Scenario Operation Procedure In above diagram, the ACS server can manage multiple gateways in the Internet. The "Gateway 1" is one of them and has 118.18.81.33 IP address for its WAN‐1 interface. When all remote gateways have booted up, they will try to connect to the ACS server. Once the connections are established successfully, the ACS server can configure, upgrade with latest FW and monitor these gateways. Remote gateways inquire the ACS server for jobs to do in each time period. If the ACS server needs some urgent jobs to be done by the gateways, it will issue the "Connection Request" command to those gateways. And those gateways make immediate connections in response to the ACS server’s immediate connection request for executing the urgent jobs. Go to Advenced Network > System Management > TR‐069 ...
Page 315 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. TR‐069 Item Value setting Description The box is unchecked TR‐069 Enable Check the Enable box for activate TR‐069 by default When you finish set basic network wan 1~wan n, you can choose wan 1~wan n Auto is selected by Interface When you finish set advance network > vpn > Ipsec/pptp/l2tp/GRE, you default. can choose Ipsec/pptp/l2tp/GRE tunnel, the interface just like ACS URL A Must filled setting You can ask ACS manager provide ACS URL and manually set You can ask ACS manager provide ACS username and manu ACS Username A Must filled setting ally set ACS Password A Must filled setting You can ask ACS manager provide ACS password and manually set ConnectionRequest You can ask ACS manager provide ACS ConnectionRequest Port and A Must filled setting Port manually set ConnectionRequest You can ask ACS manager provide ACS ConnectionRequest Username and A Must filled setting Username manually set ConnectionRequest You can ask ACS manager provide ACS ConnectionRequest Password and ...
Page 316: Snmp 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.9.3 SNMP In brief, SNMP, the Simple Network Management Protocol, is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events. In typical SNMP uses, one or more administrative computers, called managers, have the task of ...
Page 317 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. SNMP Configuration Check the "Enable" box to activate the SNMP function for the gateway. Drive the function to work by specifying the access interfaces of SNMP protocol, the supported protocol versions, the read/write communities, the trap event receivers and the allowed IP address from outside to access the gateway by using SNMP protocol. User Privacy Definition However, if SNMPv3 is not listed in the supporting of the "Configuration" window, the "User Privacy Definition" window will be not used for SNMP agent in the gateway. The "User Privacy ...
Page 318 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. is used, the authority of user can be defined to be Read‐only or Read/Write both.  SNMP Management Scenario Scenario Application Timing There are two application scenarios of SNMP Network Management Systems (NMS). Local NMS is in the Intranet and manage all devices that support SNMP protocol in the Intranet. Another one is the Remote NMS to manage some devices whose WAN interfaces are connected together by using a switch or a router with UDP forwarding. If you want to manage some devices and they all have supported SNMP protocol, use either one application scenario, especially the management of devices in the Intranet. In managing devices in the Internet, the TR‐069 is the better solution. Please refer to last sub‐section. Scenario Description The NMS server can monitor and configure the managed devices by using SNMP protocol, and those devices are located at where UDP packets can reach from NMS. The managed devices report urgent trap events to the NMS servers. 318 ...
Page 319 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Use SNMPv3 version of protocol can protected the transmitting of SNMP commands and responses. The remote NMS with privilege IP address can manage the devices, but other remote NMS can't. Parameter Setup Example Following tables list the parameter configuration as an example for the Gateway 1 in above diagram with "SNMP" enabling at LAN and WAN interfaces. Use default value for those parameters that are not mentioned in the tables. [SNMP]‐[Configuration] Configuration Path ■ LAN ■ WAN SNMP Enable ■ v1 ■ v2c ■ v3 Supported Versions ReadCommunity / WriteCommunity Get / Set Community 118.18.81.11 Trap Event Receiver 1 118.18.81.11 WAN Access IP Address [SNMP]‐[User Privacy Definition] Configuration Path ID 1 3 UserName1 UserName2 UserName3 User Name Password1 Password2 Disable ...
Page 320 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. NMS and the managed devices, use SNMPv3 version of protocol. The remote NMS without privilege IP address can't manage the "Gateway 1", since "Gateway 1" allows only the NMS with privilege IP address can manage it via its WAN interface. SNMP Setting The SNMP allows user to configure SNMP relevant setting which includes interface, version, access control and trap receiver Ensure Configuration are enabled and saved Go to Advanced Network > System Management > SNMP SNMP Item Value setting Description Select the interface for the SNMP and enable SNMP functions. When Check the LAN box. 1.The LAN box is SNMP Enable It will activate SNMP functions and you can access SNMP by LAN checked by default When Check the WAN box. It will activate SNMP functions and you can access SNMP by WAN Select the version for the SNMP When Check the v1 box. 1.The v1 box is It means you can access SNMP by version 1. checked by default Supported Versions 2.The v2c box is ...
Page 321 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. It means you can access SNMP by version 3. 1. String format: any Specify the Remote Aceess IP for WAN. Ipv4 address If you filled in the IP address. It means only this IP address can access Remote Aceess IP 2. It is an optional SNMP by WAN. item. If you not filled. It means any IP address can access SNMP by WAN. 1. String format: any port number Specify the SNMP Port. 2. The default SNMP SNMP Port You can fill in any port number. But you must ensure the port number is port is 161 not to be used. 3. A Must filled setting Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings Create/Edit Multiple Community The SNMP allows you to custom your access control for version 1 and version 2 user. The router supports up to a maximum of 10 community sets. When Add button is applied Multiple Community Rule Configuration screen will appear. ...
Page 322 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. setting The maximum length of the community is 32. 3. String format: any text 1.The box is checked Enable Click Enable to enable this version 1 or version v2c user. by default Click the Save button to save the configuration. But it does not apply to SNMP functions. When you return to the SNMP main page. It will show Save N/A “Click on save button to apply your changes” remind user to click main page Save button. Undo N/A Click Undo to cancel the settings. Back N/A Click the Back button to return the last page. Create/Edit User Privacy The SNMP allows you to custom your access control for version 3 user. The router supports up to a maximum of 128 User Privacy sets. When Add button is applied User Privacy Rule Configuration screen will appear. 322 ...
Page 323 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. User Privacy Rule Configuration Item Value setting Description User Name 1. A Must filled Specify the User Name for this version 3 user. setting The maximum length of the user name is 32. 2. String format: any text Password 1. String format: any When your Privacy Mode is authNoPriv or authPriv, you must specify the text Password for this version 3 user. The minimum length of the password is 8. The maximum length of the password is 64. Authentication 1. None is selected When your Privacy Mode is authNoPriv or authPriv, you must specify the by default Authentication types for this version 3 user. Selected the authentication types MD5/ SHA‐1 to use. Encryption 1. None is selected When your Privacy Mode is authPriv, you must specify the Encryption by default protocols for this version 3 user. Selected the encryption protocols DES / AES to use. Privacy Mode 1. noAuthNoPriv is Specify the Privacy Mode for this version 3 user. selected by default Selected the noAuthNoPriv. You do not use any authentication types and encryption protocols. Selected the authNoPriv. You must specify the Authentication and Password. ...
Page 324 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. setting 3. String format: any legal OID Enable 1.The box is checked Click Enable to enable this version 3 user. by default Save N/A Click the Save button to save the configuration. But it does not apply to SNMP functions. When you return to the SNMP main page. It will show “Click on save button to apply your changes” remind user to click main page Save button. Undo N/A Click Undo to cancel the settings Back N/A Click the Back button to return the last page. Create/Edit Trap Event Receiver The SNMP allows you to custom your trap event receiver. The router supports up to a maximum of 4 Trap Event Receiver sets. When Add button is applied Trap Event Receiver Rule Configuration screen will appear. The default SNMP Version is v1. The configuration screen will provide the version 1 must filled items. When you selected v2c. The configuration screen will provide the version 2c must filled items which is the same v1. 324 ...
Page 325 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When you selected v3. The configuration screen will provide the version 3 must filled items Trap Event Receiver Rule Configuration Item Value setting Description 1. A Must filled setting Specify the trap Server IP. Server IP 2. String format: any The DUT will send trap to the server IP. Ipv4 address 1. String format: any port number Specify the trap Server Port. 2. The default SNMP Server Port You can fill in any port number. But you must ensure the port number is trap port is 162 not to be used. ...
Page 326 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Select the version for the trap Selected the v1. The configuration screen will provide the version 1 must filled items. 1. v1 is selected by SNMP Version Selected the v2c. default The configuration screen will provide the version 2c must filled items. Selected the v3. The configuration screen will provide the version 3 must filled items. 1. A v1 and v2c Must filled setting Specify the Community Name for this version 1 or version v2c trap. Community Name 2. String format: any The maximum length of the community name is 32. text 1. A v3 Must filled setting Specify the User Name for this version 3 trap. User Name 2. String format: any The maximum length of the user name is 32. text When your Privacy Mode is authNoPriv or authPriv, you must specify the 1. A v3 Must filled Password for this version 3 trap. setting Password The minimum length of the password is 8. 2. String format: any text The maximum length of the password is 64. Specify the Privacy Mode for this version 3 trap. Selected the noAuthNoPriv. You do not use any authentication types and encryption protocols. 1. A v3 Must filled setting ...
Page 327 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. by default Selected the encryption protocols DES / AES to use. When your Privacy Mode is authPriv, you must specify the Privacy Key for 1. A v3 Must filled this version 3 trap. setting Privacy Key The minimum length of the privacy key is 8. 2. String format: any text The maximum length of the privacy key is 64. 1.The box is checked Enable Click Enable to enable this trap receiver. by default Click the Save button to save the configuration. But it does not apply to SNMP functions. When you return to the SNMP main page. It will show ...
Page 328: Telnet With Cli 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3. String format: any number 1. The default value is Specify the Enterprise OID for the particular private mib. 1.3.6.1.4.1.12823.4.4.9 (AMIT Enterprise OID) The range of the each OID number is 1‐2080768. Enterprise OID 2. A Must filled setting The maximum length of the enterprise OID is 31. 3. String format: any The seventh number must be identical with the enterprise number. legal OID Click the Save button to save the configuration and apply your changes to Save N/A SNMP functions. Undo N/A Click Undo to cancel the settings. 5.9.5 Telnet with CLI A command‐line interface (CLI), also known as command‐line user interface, console user interface, and character user interface (CUI), are means of interacting with a computer program where the user (or client) issues commands to the program in the form of successive lines of text (command lines). The interface is usually implemented with a command line shell, which is a program that accepts commands as text input and converts commands to appropriate operating system functions. Programs with command‐line interfaces are generally easier to automate via scripting. The device supports both Telnet and SSH CLI with default service port 2300 and 22, respectively. And it also accepts commands from both LAN and WAN sides and makes corresponding responses. In "Telnet with CLI" page, there is only one configuration window for the "Telnet with CLI" function. The window can let you activate or deactivate the function to be made available for telnetting via LAN and WAN interfaces. You can also specify the connection type in plain text telnet or secured text ssh or ...
Page 329 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Check the "Enable" box to activate the "Telnet with CLI" function for the LAN or WAN or both interfaces of the gateway. Choose either telnet or ssh or both for the connection type. Also change their service ports based on your requirement.  Telnet & SSH Scenario Scenario Application Timing When the manager of the gateway wants to manage it from remote site in the Intranet or Internet, he may use "Telnet with CLI" function to do that by using "Telnet" or "SSH" utility. Scenario Description The Local Admin or the Remote Admin can manage the Gateway by using "Telnet" or "SSH" utility with privileged user name and password. The data packets between the Local Admin and the Gateway or between the Remote Admin and the Gateway can be plain texts or encrypted texts. Suggest they are plain texts in the Intranet for Local Admin to use "Telnet" utility, and encrypted texts in the Internet for Remote Admin to use "SSH" utility. Parameter Setup Example Following table lists the parameter configuration as an example for the Gateway 1 in above diagram with "Telnet with CLI" enabling at LAN and WAN interfaces. 329 ...
Page 330 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Use default value for those parameters that are not mentioned in the table. Configuration Path [Telnet with CLI]‐[Configuration] LAN: ■ Enable WAN: ■ Enable Telnet with CLI Telnet: Service Port 2300 ■ Enable Connection Type SSH: Service Port 22 ■ Enable Scenario Operation Procedure In above diagram, "Local Admin" or "Remote Admin" can manage the "Gateway" in the Intranet or Internet. The "Gateway" is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. It has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN‐1 interface. It serves as a NAT gateway. The "Local Admin" in the Intranet uses "Telnet" utility with privileged account (Usually, "root" and the same password as the one to login Web UI) to login the Gateway. Or the "Remote Admin" in the Internet uses "SSH" utility with privileged account (Usually, "root" and the same password as the one to login Web UI) to login the Gateway. The administrator of the gateway can control the device as like he is in front of the gateway. . The telnet with cli setting allows user to access DUT Go to Advanced Network > System Management > Telnet with CLI ...
Page 331 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Telnet with CLI Item Setting Value setting Description 1. The LAN Enable box is checked by default Telnet with CLI Check the Enable box to activate this WAN/LAN function 2. The WAN Enable box is unchecked by default The Telnet Enable box is checked by default. By default Service Port is Check the Telnet Enable box to activate to activate telnet connect. Check 23. Connection Type the SSH Enable box to activate to activate telnet connect. You can set The SSH Enable box is which number of Service Port you want to connect. unchecked by default. By default Service Port is 22. Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings 331 ...
Page 332: Upnp 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.9.7 UPnP UPnP Internet Gateway Device (IGD) Standardized Device Control Protocol is a NAT port mapping protocol and is supported by some NAT routers. It is a common communication protocol of automatically configuring port forwarding. Applications using peer‐to‐peer networks, multiplayer gaming, and remote assistance programs need a way to communicate through home and business gateways. Without IGD one has to manually configure the gateway to allow traffic through, a process which is error prone and time consuming. This device supports the UPnP Internet Gateway Device (IGD) feature, and by default, it is enabled. In "UPnP" page, there is only one configuration window for the "UPnP" function available to you for function activation. UPnP Configuration Check the "Enable" box to activate the UPnP function. 332 ...
Page 333 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  UPnP Add Port Mapping Scenario Scenario Application Timing When one client host in the Intranet wants to run peer‐to‐peer applications, like multiplayer gaming, the NAT gateway needs the UPnP function to automatically setup or remove port mapping rules in the gateway. Scenario Description Usually, the active port service attempt to access the gateway from the Internet will be ignored by the gateway for security. Normal NAT mechanism has the connection tracking feature to direct the response packets from the Internet back to the source end of request packets in the Intranet. Once one application in the Intranet host needs an additional service port to be activated at the WAN interface of the gateway, it will ask the gateway to do that by using UPnP protocol. Then the Internet server can use the service port to contact the application for data communication. Parameter Setup Example 333 ...
Page 334 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Following table lists the parameter configuration as an example for the NAT Gateway in above diagram. Use default value for those parameters that are not mentioned in the table. [UPnP]‐[Configuration] Configuration Path ■ Enable UPnP Scenario Operation Procedure In above diagram, the "NAT Gateway" is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. It has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN‐1 interface. There is one gaming station in the Intranet and a game server in the Internet. A gaming application is executed and data is communicated between the gaming station and server. The gaming application needs more service ports to be activated in the gateway, so that the gaming server can send data to the station actively via those service ports. At first stage, the gaming server sends an active accessing for service port 1000 to the NAT Gateway, the gateway ignores it since the service port 1000 is deactivated at current stage. When the gaming has not be executed yet, the NAT mechanism in the gateway has its connection tracking feature to direct the response packets from the Internet back to the source end of request packets in the Intranet. Once the gaming application in the Intranet host is executed and it needs an additional service port, like 1300, to be activated at the WAN interface of the gateway, it will ask the gateway to do that by using UPnP protocol. Finally, the gaming server can use the service port to actively contact the application in the gaming station for data communication. UPnP provides a set of networking protocols for networked devices to discover each other's presence and establish functional network services. Go to Advanced Network > System Management > UPnP ...
Page 335 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. UPnP Configuration Item Name Value Setting Description UPnP Default checked Check to enable UPnP functionality Save N/A Click the Save button to save changes Undo N/A Click the Undo button to revert changes 335 ...
Page 336: B Certificate 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.b Certificate In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. The certificate includes information about the key, information about its owner's identity, and the digital signature of an entity that has verified the certificate's contents are genuine. If the signature is valid, and the person examining the certificate trusts the signer, then they know they can use that key to communicate with its owner . In a typical public‐key infrastructure (PKI) scheme, the signer is a certificate authority (CA), usually a company such as VeriSign which charges customers to issue certificates for them. In a web of trust scheme, the signer is either the key's owner (a self‐signed certificate) or other users ("endorsements") whom the person examining the certificate might know and trust. The device also plays as a CA role. Certificates are an important component of Transport Layer Security (TLS, sometimes called by its older name SSL), where they prevent an attacker from impersonating a secure website or other server. They are also used in other important applications, such as email encryption and code signing. Here, it can be used in IPSec tunneling for user authentication. 5.b.1 Configuration The configuration setting allows user to create Root Certificate Authority (CA) certificate and configure to set enable of SCEP. Create root CA Go to Advanced Network > Certificate > Configuration When Generate button is applied, Root CA Certificate Configuration screen will appear. ...
Page 337 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Root CA Certificate Configuration Item Value setting Description 1. String format can be any text Name Enter a Root CA Certificate name. It will be a certificate file name 2. A Must filled setting This field is to specify the key attribute of certificate. Key Type to set public‐key cryptosystems. It only supports RSA now. Key Length to set s the size measured in bits of the key used in a Key A Must filled setting cryptographic algorithm. Digest Algorithm to set identifier in the signature algorithm identifier of certificates This field is to specify the information of certificate. Country(C) is the two‐letter ISO code for the country where your organization is located. State(ST) is the state where your organization is located. Location(L) is the location where your organization is located. Subject Name A Must filled setting Organization(O) is the name of your organization. Organization Unit(OU) is the name of your organization unit. Common Name(CN) is the name of your organization. Email is the email of your organization. It has to be email address style. Validity Period A Must filled setting This field is to specify the validity period of certificate. SCEP Configuration Go to Advanced Network > Certificate > Configuration ...
Page 338 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. SCEP Configuration Item Value setting Description The box is unchecked by SCEP Check the Enable box to activate SCEP function. default When SCEP Enable is checked. Automatically The box is unchecked by Check the Enable box to activate this function. re‐enroll aging default certificates It will be automatically check which certificate is aging. If certificate is aging, it will activate scep function to re‐enroll automatically. 338 ...
Page 339: B.3 My Certificates 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.b.3 My Certificates My Certificates include Root CA and Local Certificate List. Root CA is the top‐most certificate of the tree, the private key of which is used to "sign" other certificates. Local Certificate List shows all generated certificates by the root CA for the gateway. And it also stores the generated Certificate Signing Requests (CSR) which will be signed by other external CAs. The signed certificates can be imported as the local ones of the gateway. In "My Certificates" page, there are four configuration windows for the "My Certificates" function. The "Root CA" window can let you generate or delete the certificate of root CA. "Root CA Configuration" window can let you fill required information necessary for generating the root CA. ...
Page 340 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Local Certificate List Click on the "Generate" button and fill the required information for one certificate of the gateway. There may be multiple certificates to be used for different applications to represent the gateway. You also can import certificates signed by other root CAs for the gateway. You may remove unused ones by checking the Select box of those certificates and clicking on the "Delete" button. Local Certificate Configuration The required information to be filled for the certificate or CSR includes the name, key and subject name. It is a certificate if the "Self‐signed" box is checked, otherwise, it is a CSR.  Self‐signed Certificate Usage Scenario Scenario Application Timing When the enterprise gateway owns the root CA and VPN tunneling function, it can generate its own local certificates by being signed by itself or import any local certificates that are signed by other external CAs. Also import the trusted certificates for other CAs and Clients. In addition, since it has the root CA, it also can sign Certificate Signing Requests (CSR) to form corresponding certificates for others. These certificates can be used for two remote peers to make sure their identity during establishing a VPN tunnel. Scenario Description Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. Import a trusted certificate (BranchCRT) –a BranchCSR certificate of Gateway 2 signed by root 340 ...
Page 341 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. CA of Gateway 1. Gateway 2 creates a CSR (BranchCSR) to let the root CA of the Gateway 1 sign it to be the BranchCRT certificate. Import the certificate into the Gateway 2 as a local certificate. In addition, also import the certificates of the root CA of the Gateway 1 into the Gateway 2 as the trusted ones. (Please also refer to following two sub‐sections) Establish an IPSec VPN tunnel with IKE and X.509 protocols by starting from either peer, so that all client hosts in these both subnets can communicate with each other. Parameter Setup Example For Network‐A at HQ Following tables list the parameter configuration as an example for the "My Certificates" function used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The configuration example must be combined with the ones in following two sections to complete the whole user scenario. Use default value for those parameters that are not mentioned in the tables. [My Certificates]‐[Root CA Certificate Configuration] Configuration Path HQRootCA Name Key Type: RSA Key Length: 1024‐bits Key Country(C): TW State(ST): Taiwan Location(L): Tainan Subject Name Organization(O): AMITHQ Organization Unit(OU): HQRD Common Name(CN): HQRootCA E‐mail: hqrootca@amit.com.tw [My Certificates]‐[Local Certificate Configuration] Configuration Path HQCRT Self‐signed: ■ Name Key Key Type: RSA Key Length: 1024‐bits Country(C): TW State(ST): Taiwan Location(L): Tainan Subject Name ...
Page 342 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 10.0.75.0 Remote Subnet 255.255.255.0 Remote Netmask 118.18.81.33 Remote Gateway [IPSec]‐[Authentication] Configuration Path IKE+X.509 Local Certificate: HQCRT Remote Certificate: BranchCRT Key Management User Name Network‐A Local ID User Name Network‐B Remote ID [IPSec]‐[IKE Phase] Configuration Path Main Mode Negotiation Mode None X‐Auth For Network‐B at Branch Office Following tables list the parameter configuration as an example for the "My Certificates" function used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The configuration example must be combined with the ones in following two sections to complete the whole user scenario. Use default value for those parameters that are not mentioned in the tables. [My Certificates]‐[Local Certificate Configuration] Configuration Path BranchCRT Self‐signed: □ Name Key Type: RSA Key Length: 1024‐bits Key ...
Page 343 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 255.255.255.0 Remote Netmask 203.95.80.22 Remote Gateway [IPSec]‐[Authentication] Configuration Path IKE+X.509 Local Certificate: BranchCRT Remote Certificate: HQCRT Key Management User Name Network‐B Local ID User Name Network‐A Remote ID [IPSec]‐[IKE Phase] Configuration Path Main Mode Negotiation Mode X‐Auth None Scenario Operation Procedure In above diagram, "Gateway 1" is the gateway of Network‐A in headquarters and the subnet of its Intranet is 10.0.76.0/24. It has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN‐1 interface. "Gateway 2" is the gateway of Network‐B in branch office and the subnet of its Intranet is 10.0.75.0/24. It has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN‐1 interface. They both serve as the NAT security gateways. Gateway 1 generates the root CA and a local certificate (HQCRT) that is signed by itself. Import the certificates of the root CA and HQCRT into the "Trusted CA Certificate List" and "Trusted Client Certificate List" of Gateway 2. Gateway 2 generates a Certificate Signing Request (BranchCSR) for its own certificate (BranchCRT) (Please generate one not self‐signed certificate in the Gateway 2, and click on the "View" button for that CSR. Just downloads it). Take the CSR to be signed by the root CA of Gateway 1 and obtain the BranchCRT certificate (you need rename it). Import the certificate into the "Trusted Client Certificate List" of the Gateway 1 and the "Local Certificate List" of Gateway 2. ...
Page 344 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Local Certificate Configuration Item Value setting Description 1. String format can be Enter a certificate name. It will be a certificate file name any text Name If Self‐signed is checked, it will be signed by root CA. If Self‐signed is not 2. A Must filled setting checked, it will generate a certificate signing request (CSR). This field is to specify the key attribute of certificate. Key Type to set public‐key cryptosystems. It only supports RSA now. Key Length to set s the size measured in bits of the key used in a Key A Must filled setting cryptographic algorithm. Digest Algorithm to set identifier in the signature algorithm identifier of certificates This field is to specify the information of certificate. Country(C) is the two‐letter ISO code for the country where your organization is located. State(ST) is the state where your organization is located. Location(L) is the location where your organization is located. Subject Name A Must filled setting Organization(O) is the name of your organization. Organization Unit(OU) is the name of your organization unit. Common Name(CN) is the name of your organization. Email is the email of your organization. It has to be email address setting only. This field is to specify the extra information for generate certificate. Challenge Password which you can later use to request certificate Extra Attributes A Must filled setting revocation. ...
Page 345 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. This field is to specify the information of SCEP. If user wants to generate a certificate signing request (CSR) and then signed by SCEP server online, user can check the Enable box. Select SCEP Server to choice which scep server want to connect. It could be generated in External Server. Refer to System > External Servers > External Servers. You may click Add Object button to generate. SCEP Enrollment A Must filled setting Select CA Certificate to choice which certificate could be accepted by SCEP server for authentication. It could be generated in Trusted Certificates. Select CA Encryption Certificate to choice which certificate could be accepted by SCEP server for encryption data information. It could be generated in Trusted Certificates. CA Identifier is for SCEP server identifier which CA is used for signing certificates. When Import button is applied, Import screen will appear. 345 ...
Page 346 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Import Item Value setting Description Import A Must filled setting It could select a certificate file from user’s computer for importing to DUT. 1. String format can be any text PEM Encoded It could input the certificate pem encoded to DUT. 2. A Must filled setting Apply N/A Click the Apply button to import certificate. When the Cancel button is clicked the screen will return to the My Cancel N/A Certificates page. 346 ...
Page 347: B.5 Trusted Certificates 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.b.5 Trusted Certificates Trusted Certificates include Trusted CA Certificate List and Trusted Client Certificate List. The Trusted CA Certificate List places the certificates of external trusted CAs. However, the Trusted Client Certificate List places the others' certificates what you trust. In "Trusted Certificates" page, there are six configuration windows for the "Trusted Certificates" function. The "Trusted CA Certificate List" window shows the stored certificates of trusted CAs. The "Trusted CA Certificate Import from a File" window can let you browse the file system of the ...
Page 348 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. uploading to the gateway. Click on the "Apply" button to store it in the gateway to serve as one trusted CA certificate. Then it will be shown in the "Trusted CA Certificate List". Trusted CA Certificate Import from a PEM Copy the contents of one CA certificate in PEM format to this window and use "Apply" button to store it in the gateway to serve as one trusted CA certificate. It will appear in the "Trusted CA Certificate List". Trusted Client Certificate List Just click on the "Import" button and select one client certificate file of the management PC to upload as a trusted one. In addition, you can delete used ones by checking the Select box of those certificates and clicking on the "Delete" button. The "View" button allows you to view the contents of the dedicated certificate and download them to the management PC by using the "Download" button. Trusted Client Certificate Import from a File Browse the directory and file system in the management PC to choose one client certificate file for uploading to the gateway. Click on the "Apply" button to store it in the gateway to serve as one trusted client certificate. It will appear in the "Trusted Client Certificate List". Trusted Client Certificate Import from a PEM Copy the contents of one client certificate in PEM format to this window, and use "Apply" button to store it in the gateway to serve as one trusted client certificate. It will appear in the "Trusted Client Certificate List".  Self‐signed Certificate Usage Scenario 348 ...
Page 349 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing (same as the one described in "My Certificates" section) When the enterprise gateway owns the root CA and VPN tunneling function, it can generate its own local certificates by being signed by itself. Also imports the trusted certificates for other CAs and Clients. These certificates can be used for two remote peers to make sure their identity during establishing a VPN tunnel. Scenario Description (same as the one described in "My Certificates" section) Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. Import a trusted certificate (BranchCRT) –a BranchCSR certificate of Gateway 2 signed by root CA of Gateway 1. Gateway 2 creates a CSR (BranchCSR) to let the root CA of the Gateway 1 sign it to be the BranchCRT certificate. Import the certificate into the Gateway 2 as a local certificate. In addition, also imports the certificates of the root CA of Gateway 1 into the Gateway 2 as the trusted ones. (Please also refer to "My Certificates" and "Issue Certificates" sections). Establish an IPSec VPN tunnel with IKE and X.509 protocols by starting from either peer, so that all client hosts in these both subnets can communicate with each other. Parameter Setup Example (same as the one described in "My Certificates" section) For Network‐A at HQ Following tables list the parameter configuration as an example for the "Trusted Certificates" function used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The configuration example must be combined with the ones in "My Certificates" and "Issue Certificates" sections to complete the setup for the whole user scenario. [Trusted Certificates]‐[Trusted Client Certificate List] Configuration Path Import Command Button 349 ...
Page 350 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Trusted Certificates]‐[Trusted Client Certificate Import from a File] Configuration Path BranchCRT.crt File For Network‐B at Branch Office Following tables list the parameter configuration as an example for the "Trusted Certificates" function used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The configuration example must be combined with the ones in "My Certificates" and "Issue Certificates" sections to complete the setup for the whole user scenario. [Trusted Certificates]‐[Trusted CA Certificate List] Configuration Path Import Command Button [Trusted Certificates]‐[Trusted CA Certificate Import from a File] Configuration Path HQRootCA.crt File [Trusted Certificates]‐[Trusted Client Certificate List] Configuration Path Import Command Button [Trusted Certificates]‐[Trusted Client Certificate Import from a File] Configuration Path HQCRT.crt File Scenario Operation Procedure (same as the one described in "My Certificates" section) In above diagram, the "Gateway 1" is the gateway of Network‐A in headquarters and the subnet of its Intranet is 10.0.76.0/24. It has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN‐1 interface. The "Gateway 2" is the gateway of Network‐B in branch office and the subnet of its Intranet is 10.0.75.0/24. It has the IP ...
Page 351 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The Trusted Certificates setting allows user to import trusted certificate. Trusted CA Certificate List Go to Advanced Network > Certificate > Trusted Certificates When Import button is applied, Trusted CA import screen will appear. Trusted Certificates Item Value setting Description It could select a CA certificate file from user’s computer for importing to Import A Must filled setting DUT. 1. String format can be any text PEM Encoded It could input the CA certificate pem encoded to DUT. 2. A Must filled setting Apply N/A Click the Apply button to import certificate. When the Cancel button is clicked the screen will return to the Trusted Cancel N/A Certificates page. 351 ...
Page 352 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When Get CA button is applied, Trusted CA import screen will appear. Ensure SCEP is enabled. Ref Go to Advanced Network > Certificate > Configuration Get CA Configuration Item Value setting Description Select SCEP Server to choice which scep server want to connect. It could SCEP Server A Must filled setting be generated in External Server. Refer to System > External Servers > External Servers. You may click Add Object button to generate. 1. String format can be CA Identifier is for SCEP server identifier which CA is used for signing CA Identifier any text certificates. Save N/A Click Save to save the settings When the Cancel button is clicked the screen will return to the Trusted Cancel N/A Certificates page. Trusted Client Certificate List Go to Advanced Network > Certificate > Trusted Certificates When Import button is applied, Trusted Client import screen will appear. 352 ...
Page 353 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Trusted Client Certificate List Item Value setting Description Import A Must filled setting It could select a certificate file from user’s computer for importing to DUT. 1. String format can be any text PEM Encoded It could input the certificate pem encoded to DUT. 2. A Must filled setting Apply N/A Click the Apply button to import certificate. When the Cancel button is clicked the screen will return to the Trusted Cancel N/A Certificates page. 353 ...
Page 354: B.7 Issue Certificates 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.b.7 Issue Certificates When you have a Certificate Signing Request (CSR) that needs to be certificated by the root CA of the device, you can issue the request here and let Root CA sign it. There are two approaches to issue a certificate. One is from a CSR file importing from the managing PC and another is copy‐ paste the CSR codes in gateway’s web‐based utility, and then click on the "Sign" button. In "Issue Certificates" page, there are three configuration windows for the "Issue Certificates" function. The "Certificate Signing Request (CSR) Import from a File" window let you browse the directories and file list of the managing PC to choose a CSR file and import it as the certificate signing ...
Page 355 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. generate corresponding certificate based on the imported CSR. The "Signed Certificate View" window will display the resulted certificate contents, and you can download the certification to a file in the managing PC by clicking on the "Download" button. The default name of the saved certification file is "issued.crt". You need to change to a preferred file name. Certificate Signing Request (CSR) Import from a PEM Copy the contents of one CSR in PEM format to this window, and use "Sign" button to generate corresponding certificate based on the pasted CSR contents. The "Signed Certificate View" window will display the resulted certificate contents, and you can download the certification to a file in the managing PC by clicking on the "Download" button. The default name of the saved certification file is "issued.crt". You need to change to a preferred file name. Singed Certificate View If the gateway signs a CSR successfully, the "Signed Certificate View" window will show the resulted certificate contents. In addition, a "Download" button is available for you to download the certificate to a file in the managing PC. 355 ...
Page 356 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Self‐signed Certificate Usage Scenario Scenario Application Timing (same as the one described in "My Certificates" section) When the enterprise gateway owns the root CA and VPN tunneling function, it can generate its own local certificates by being signed by itself. Also imports the trusted certificates for other CAs and Clients. These certificates can be used for two remote peers to make sure their identity during establishing a VPN tunnel. Scenario Description (same as the one described in "My Certificates" section) Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. Also imports a trusted certificate (BranchCRT) –a BranchCSR certificate of Gateway 2 signed by root CA of Gateway 1. Gateway 2 creates a CSR (BranchCSR) to let the root CA of the Gateway 1 sign it to be the BranchCRT certificate. Import the certificate into the Gateway 2 as a local certificate. In addition, also imports the certificates of the root CA of the Gateway 1 into the Gateway 2 as the trusted ones. (Please also refer to "My Certificates" and "Trusted Certificates" sections). Establish an IPSec VPN tunnel with IKE and X.509 protocols by starting from either peer, so that all client hosts in these both subnets can communicate with each other. Parameter Setup Example (same as the one described in "My Certificates" section) For Network‐A at HQ Following tables list the parameter configuration as an example for the "Issue Certificates" function used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The configuration example must be combined with the ones in "My Certificates" and "Trusted Certificates" sections to complete the setup for whole user scenario. 356 ...
Page 357 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Issue Certificates]‐[Certificate Signing Request Import from a File] Configuration Path C:/BranchCSR Browse Sign Command Button [Issue Certificates]‐[Signed Certificate View] Configuration Path Download (default name is "issued.crt") Command Button Scenario Operation Procedure (same as the one described in "My Certificates" section) In above diagram, the "Gateway 1" is the gateway of Network‐A in headquarters and the subnet of its Intranet is 10.0.76.0/24. It has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN‐1 interface. The "Gateway 2" is the gateway of Network‐B in branch office and the subnet of its Intranet is 10.0.75.0/24. It has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN‐1 interface. They both serve as the NAT security gateways. Gateway 1 generates the root CA and a local certificate (HQCRT) that is signed by itself. Import the certificates of the root CA and HQCRT into the "Trusted CA Certificate List" and "Trusted Client Certificate List" of Gateway 2. Gateway 2 generates a Certificate Signing Request (BranchCSR) for its own certificate BranchCRT to be signed by root CA (Please generate one not self‐signed certificate in the Gateway 2, and click on the "View" button for that CSR. Just downloads it). Take the CSR to be signed by the root CA of the Gateway 1 and obtain the BranchCRT certificate (you need rename it). Import the certificate into the "Trusted Client Certificate List" of the Gateway 1 and the "Local Certificate List" of the Gateway 2. Gateway 2 can establish an IPSec VPN tunnel with "Site to Site" scenario and IKE and X.509 protocols to Gateway 1. Finally, the client hosts in two subnets of 10.0.75.0/24 and 10.0.76.0/24 can communicate with each other. The Issued Certificates setting allows user to import Certificate Signing Request (CSR) to be signed by root CA. ...
Page 358 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Issued Certificate Go to Advanced Network > Certificate > Issued Certificates Certificate Signing Request (CSR) Import from a File Item Value setting Description Certificate Signing It could select a certificate signing request file from Request (CSR) Import A Must filled setting user’s computer for importing to DUT. from a File Certificate Signing 1. String format can be any text It could input the certificate signing request pem Request (CSR) Import encoded to DUT. 2. A Must filled setting from a PEM When root CA is exist, click the Sign button to be Sign N/A signed by root CA 358 ...
Page 359: Chapter 7 Applications 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 7 Applications 7.1 Mobile Application Whether there is the mobile application existed in your purchased gateway depends on its product category. In Mobile Application section, the device supports SMS Management, USSD Management, Network Scan and SMS‐based Remote Management. You can setup these four aspects of mobile applications by using embedded 3G/LTE module in the device. 7.1.1 SMS Short Message Service (SMS) is a text messaging service component of phone, Web, or mobile ...
Page 360 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In "SMS" page, there are four windows for the SMS function. The "Configuration" window can let you specify which 3G/4G module (physical interface) is used for the SMS function, and system will show which SIM card in the module is the current used one. In addition, the supported media to store SMS messages in the gateway now has only "SIM Card Only" option. The second window is the "Alter Rule List" and it shows all your defined altering rules for SMS messages, like auto‐forwarding messages to another mobile phone set, message forwarding by email and message forwarding by syslog. By using the third window, "Alter Rule Configuration", you can define an altering rule for SMS messages. At last, the "SMS Summary" window displays information such as the numbers of unread SMS messages, total received SMS messages and SMS messages in free space. Moreover, a "New SMS" button can let you compose and send a new SMS message. The "SMS Inbox" button can let you check all received SMS messages. The SMS function allow user to send SMS, read and delete SMS from SIM Card. Configuration setting Go to Application > Mobile Application > SMS Configuration Item Value setting Description Physical The box is 3G/4G‐1 by Choose the 3G/4G‐1 or 3G/4G‐2 to change setting of cellular module1 or cellular 360 ...
Page 361 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Interface default module2. The box is checked by This is the SMS switch. If the box checked that the SMS function enable, if the box SMS default unchecked that the SMS function disable. SIM Status N/A Depend on currently SIM status. The possible value will be SIM_A or SIM_B. The box is SIM Card Only SMS Storage This is the SMS storage location. Currently the option only SIM Card Only. by default Save N/A Click Save to save the settings SMS Summary Show Unread SMS, Received SMS, Remaining SMS, and edit SMS context to send, read SMS from SIM card. SMS Summary Item Value setting Description If SIM card insert to router first time, unread SMS value is zero. When received the Unread SMS N/A new SMS but didn’t read, this value plus one. This value record the existing SMS numbers from SIM card, When received the new Received SMS N/A SMS, this value plus one. This value is SMS capacity minus received SMS, When received the new SMS, this Remaining SMS ...
Page 362 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. New SMS Item Value setting Description Write the receivers to send SMS. User need to add the semicolon and compose Receivers N/A multiple receivers that can group send SMS. Write the SMS context to send SMS. The router supports up to a maximum of 1023 Text Message N/A character for SMS context length. If send SMS OK, result will show Send OK. If send SMS fail, Result will show Send Result N/A Failed. Send N/A Click Send button, SMS will send. 362 ...
Page 363: Ussd Usage 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. SMS Inbox List User can read or delete SMS, reply SMS or forward SMS from this screen. SMS Inbox List Item Value setting Description ID N/A The number or SMS. From Phone N/A What the phone number from SMS Number Timestamp N/A What time receive SMS SMS Text N/A Preview the SMS text. Preview User can check the box, then click Delete button to delete SMS. User click The box is unchecked by Action Reply/Forward button to reply/forward SMS. User click Detail button to default read the SMS detail, and Detail SMS Message screen appears. Refresh N/A Refresh the SMS Inbox List. Delete N/A Delete the SMS for all checked box from Action. Close N/A Close the Detail SMS Message screen. ...
Page 364 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In "USSD" page, there are four windows for the USSD function. The "Configuration" window can let you specify which 3G/4G module (physical interface) is used for the USSD function, and system will show which SIM card in the module is the current used one. The second window is the "USSD Profile List" and it shows all your defined USSD profiles that store pre‐commands for activating an USSD session. An "Add" button in the window can let you add one new USSD profile and define the ...
Page 365 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the administrator wants to uses the Voice Gateway to ask for some ISP's services through an USSD session, the scenario is adequate for the application. Following example is the roaming subscription for Hinet service in Taiwan. Scenario Description An USSD session can be established from the voice Vo3G Gateway to ask for services that are provided by ISP. Parameter Setup Example Following tables list the parameter configuration as an example for "USSD" function, as shown in above diagram. Use default value for those parameters that are not mentioned in the tables. [USSD]‐[Configuration] Configuration Path 3G/4G‐1 SIM Status: SIM_A Physical Interface [USSD]‐[USSD Profile Configuration] Configuration Path roaming setting Profile Name *135# USSD Command Comments Roaming function 365 ...
Page 366 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [USSD]‐[USSD Request] Configuration Path roaming setting Profile Name *135# USSD Command USSD Response Scenario Operation Procedure In above diagram, the "Vo3G Gateway" is the initiator of an USSD session requesting for data roaming services in ChungHwa mobile operator. First, administrator selects one 3G/4G module as the physical interface of the USSD session. And then, he defines an USSD profile named as "roaming setting" with command "*135#" for further use. In the "USSD Request" window, from the USSD Profile dropdown box select the "roaming setting" profile and the "USSD Command" field shows "*135#". Click on the "Send" button to send out the USSD request via the gateway, and the recevied response will appear at "USSD Response" line. As you type in more commands in the "USSD Command" line, you will get more responses from the USSD server. It is an interactive communication session for the administrator to request for avaliable services from ISP via USSD sessions. The USSD function allow user to send USSD to ISP, then ISP will provide some service for user. Configuration setting Go to Application > Mobile Application > USSD Configuration Item Value setting Description Physical The box is 3G/4G‐1 by Choose the 3G/4G‐1 or 3G/4G‐2 to change setting of cellular module1 or cellular Interface default module2. ...
Page 367 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. USSD Profile List setting The USSD allows you to custom your profile. The router supports up to a maximum of 35 USSD profile list. When Add button is applied USSD Profile List Configuration screen will appear. USSD Profile List Item Value setting Description Profile Name N/A The Profile Name that user can key in. USSD Command N/A The USSD command that user can key in. Comments N/A The Comments is this profile comment. USSD Request When send the USSD command, the USSD Response screen will appear. When click the Clear button, the USSD Response will disappear. USSD Request Item Value setting Description User can select the USSD Profile, then USSD Command will change by USSD Profile N/A USSD Profile. USSD Command can be key in by User or change when User select USSD USSD Command ...
Page 368: Network Scan 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 7.1.5 Network Scan "Network Scan" function can let administrator specify the device how to connect to the mobile system for data communication in each 3G/4G interface. For example, administrator can specify which generation of mobile system is used for connection, 2G, 3G or LTE. Moreover, he can define their connection sequence for the gateway device to connect to the mobile system automatically. ...
Page 369 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Configuration Item Value setting Description Physical The box is 3G/4G‐1 by Choose the 3G/4G‐1 or 3G/4G‐2 to change setting of cellular module1 or cellular Interface default module2. SIM Status N/A Depend on currently SIM status. When Auto selected, the network will be register automatically. If the prefer option The box is Auto by Network Type selected, network will be register for your option first. If the only option selected, default network will be register for your option only. The box is Auto by When Auto selected, Band List all box checked, and user can’t select any option. Band Selection default User need to select the Manual option, then allow to change the Band List setting. All box is checked by The Band List’s options depend on module, and user need to select option at least Band List default one for all network type. When Auto selected, cellular module register automatically. If the Manually selected, Network Provider List will shown. when Manually is selected in the dropdown list for Scan Approach, a network provider list screen appears. Press Scan button to scan for the nearest base stations. Select preferred base stations then click Apply button to apply settings. Network Provider List: When user click Scan button, it will be find the provider list ...
Page 370: Sms Management 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Action: The box is unchecked by default. User can check the box, then click Apply button to apply this provider and mobile system. Save N/A Click Save to save the settings 7.1.7 SMS Management "SMS‐based Remote Management" function can let administrator manage the gateway device remotely by using text SMS (Short Message Service) application in the mobile system. Users can send managing SMS messages to this gateway to perform necessary actions, such as to get WAN status, to connect / disconnect / reconnect WAN connection or to reboot the system. In addition, gateway can also send SMS notification messages automatically to users for alert events. Moreover, only the assigned person with connection key can link with the gateway via the SMS system. Administrator can further limit the assigned person by specifying phone numbers to allow communicate with the gateway ...
Page 371 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. function and specify which 3G/4G interface is the one to carry out the function. The second window is "Management Configuration", administrator can indicate to delete the read SMS for management or others. He also can indicate if the gateway wants to make a reply SMS after processing one managing SMS message. Moreover, he can specify the security key for validating the incoming SMS messages. The third window is "Event Configuration" window, administrator can indicate if the gateway would like to receive the managing events and if the gateway will issue alerting SMS messages upon events happened. In the "Managing Event List" and "Notified Event List" windows, there are managing events and notified events to be selected to enable gateway to execute corresponding actions and make ...
Page 372 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. cellular gateway. The cellular gateway replies with a confirmation SMS and then tries to reboot itself. Parameter Setup Example Following tables list the parameter configuration as an example for "SMS‐based Remote Management" function, as shown in above diagram. Use default value for those parameters that are not mentioned in the tables. [Remote Management]‐[Configuration] Configuration Path ■ Enable SMS Remote Management Physical Interface 3G/4G‐1 [Remote Management]‐[Management Configuration] Configuration Path ■ Enable Delete Managed SMS after Processing ■ Enable Send Confirmed SMS 1234 Security Key [Remote Management]‐[Event Configuration] Configuration Path ■ Enable Managing Event List Configuration Path [Remote Management]‐[Managing Event List] ID Reboot Device Event ...
Page 373: Captive Portal 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. message comes from, check the security key, reply a confirmation SMS to the sender, deletes the SMS message in the queue and tries to reboot itself. 7.5 Captive Portal A captive portal is a portal web page that is displayed before a user can browse Internet. The portal is often used to present a login page. This is done by intercepting most packets, regardless of address or port, until the user opens a browser and tries to access the web. At that time the browser is redirected to a web page which may require authentication and/or payment, or simply display an ...
Page 374 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In "Configuration" page, there is only one window for the Captive Portal function. The "Captive Portal Configuration" window can let you enable the function, specify which WAN interface for user authentication, which VLAN group of client hosts must pass the user authentication before Internet ...
Page 375 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Internal Captive Portal Scenario Scenario Application Timing When your purchased gateway has the "Captive Portal" function and the administrator wants to ask specific users to execute an authentication process before their Internet surfing via the gateway. The Captive Portal function in the gateway includes the internal one and the administrator of gateway can create user accounts for users in the [System]‐[User Management] for user authentication. Then the scenario is adequate to be adopted in the situation. Scenario Description Client hosts in the Guest group must pass the authentication process in the embedded UAM page of the Gateway before Internet surfing. Client hosts can access the Internet via the Gateway once they passed the user authentication. Parameter Setup Example Following tables list the parameter configuration as an example for "Internal Captive Portal" function, as shown in above diagram. Use default value for those parameters that are not mentioned in the tables. 375 ...
Page 376 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [DHCP Server]‐[DHCP Server Configuration] Configuration Path DHCP 2 DHCP Server Name 10.0.76.2 LAN IP Address 255.255.255.0 (/24) Subnet Mask 10.0.76.100 ~ 10.0.76.200 IP Pool ■ Enable Server [VLAN]‐[Configuration] Configuration Path VLAN Type Port‐based [VLAN]‐[Port‐based VLAN List] Configuration Path Port‐4 Port NAT/Bridge DHCP 2 DHCP Server [User Profile]‐[User List Configuration] Configuration Path GuestAccount User Name GuestPassword Password Guest User Level 10000 (seconds) Lease Time 60 (seconds) Idle Timeout ...
Page 377 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. and the client host in the Guest group hasn't been authenticated by the gateway. So, the gateway redirects the request to the UAM web page and asks the user to input correct account and password. Once the user authentication process completes successfully, the gateway redirects the web page to the requested one. Furthermore, the gateway also records the MAC address of guest client host and allows its incoming Internet access requests. Each account has its own lease time and it will not be reused for authentication once the lease time has run out. The client host with that account will be rejected to surf the Internet. However, there is a timeout setting for each account. When the client host with that account has been idle at the Internet surfing for a while that reaches the timeout setting, the gateway will re‐authenticate the client host for further Internet connection. The Captive Portal will direct user to a login page when user try to access the Internet. Ensure Captive Portal are enabled and saved Go to Applications > Captive Portal > Configuration Tab 377 ...
Page 378 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Captive Portal Item Setting Value setting Description The box is When Check the Enable box Captive Portal unchecked by It will activate Captive Portal functions. default This field is to specify the WAN interface of captive portal. Select WAN‐1 it means when WAN‐1 interface gets its IP, the captive portal WAN Interface A Must filled setting is loading. Other WAN interface options can be added by enable WAN interface in Basic Network > WAN > Physical Interface. This field is to specify the LAN subnet of captive portal. When DHCP‐1 is selected, means if user connect to the physical port which the DHCP‐1 server binds, user will be directed to a login page when access LAN Subnet A Must filled setting the Internet. Other DHCP server options can be added in Basic Network > Client/Server/Proxy > DHCP Server. When user create a new DHCP server, it must binds physical port if this DHCP server used in Captive Portal. This field is to specify the internal or external authentication server. Not all machines with internal options, some machine only have external options. When External is selected, there is no Customize login page and user must Web Portal A Must filled setting specify Uam Server and Authentication Server. When Internal is selected, user just need to specify Authentication Server and login page can be edited in Customize login page. The Download Default CSS and Logo button can download the default CSS file and Logo of login page of internal authentication server. Customize login The Download Current CSS and Logo button can download the current CSS N/A page ...
Page 379 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When External LDAP is selected, the login IDs and passwords are from external LDAP server. When External AD is selected, the login IDs and passwords are from external AD server. If Web Portal is external, user need to specify external radius server. The external LDAP, AD server or external radius server can be added by pressing AddObject button directly or added in System > External Servers > External Servers tab. This field is to specify the uam server. If Web Portal is external, user need to specify and enable uam server. The uam server can be added by pressing AddObject button directly or Uam Server A Must filled setting added in System > External Servers > External Servers tab. Note: UAM Server is available when External in Web Portal dropdown box is selected. Save N/A Click the Save button to save the settings. Refresh N/A Click the Refresh button to refresh the page. 379 ...
Page 380: Chapter 9 System 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 9 System 9.1 System Related 9.1.1 System Related System Related allows the network administrator to manage system, settings such as web‐based utility access password change, advanced system & network tools, system firmware upgrades, Email alert and system log. Go to System > System Related tab Change Password Change password screen allows network administrator to change the web‐based utility login password to access gateway. Go to System > System Related > Change Password tab Change Password Item Value Setting Description Old Password String: any text Enter the current password to enable you unlock to change password. New Password String: any text Enter new password New Password String: any text Enter new password again to confirm Confirmation System Information System Information screen gives network administrator a quick look up on the type of WAN connection is currently being used. The display also shows the current System time. It is particularly useful when firmware has been upgraded and system configuration file has been loaded. ...
Page 381 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. System Information Item Value Setting Description WAN Type N/A It displays WAN Type of WAN‐1 Interface Internet connection configured. Display Time N/A It displays current system time. System Status System Status screen contains various event log tools facilitating network administrator to perform local event logging and remote reporting. Go to System > System Related > System Status tab 381 ...
Page 382 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. View & Email Log History View button is provided for network administrator to view log history on the gateway. Email Now button enables administrator to send instant Emails for analysis. View & Email Log History Item Value setting Description View button N/A Click on the View button to view Log History in Web Log List Window. Email Now N/A Click on the Email Now button to send Log History via email instantly. button Save N/A Click Save button to save the settings. Refresh N/A Click the Refresh button to refresh the page. ...
Page 383 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Web Log List Button Description Item Value setting Description Previous N/A Click the Previous button to move to the previous page. Next N/A Click the Next button to move to the next page. First N/A Click the First button to jump to the first page. Last N/A Click the Last button to jump to the last page. Download N/A Click the Download button to download log to your PC in tar file format. Clear N/A Click the Clear button to clear all log. Back N/A Click Back button to return to the previous page. Web Log Type Category Web Log Type Category screen allows network administrator to select the type of event to log and be displayed in the Web Log List Window as described in the previous section. Click on the View button to view Log History in the Web Log List window. Web Log Type Category Setting Window Item Value Setting Description ...
Page 384 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Email Alert Setting Window Item Value Setting Description Check Enable box to enable sending event log messages to destined Email account Enable Default unchecked defined in the E‐mail Addresses blank space. Select one email server from the Server dropdown box to send email. If none has Server N/A been available, press Add Object button to create an outgoing Email server. Enter the recipient’s Email account. Separate Email accounts with comma ‘,’ or String : email format semicolon ‘ ;’ E‐mail address Enter the Email account in the format of ‘myemail@domain.com’ Subject String : any text Enter an Email subject that is easy for you to identify on the Email client. Select the type of event to log and be sent to the destined Email account. Available Log type category Default unchecked events are System, Attacks, Data Usage, Drop, Login message, and Debug. Email Alert Button Description Item Value setting Description Click on the Add Object button, a popup window will appear. Add an outgoing Add Object N/A Email server. You may also add an outgoing Email server from External Servers Button under System (System > External Server > External Server tab). ...
Page 385 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Syslogd Syslogd screen allows network administrator to select the type of event to log and be sent to the destined Syslog server. Syslogd Setting Window Item Value Description Setting Default Enable Check Enable box to enable sending event logs to syslog server unchecked Select from Select one syslog server from the Server dropdown box to sent event log to. If none has Server ...
Page 386 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Syslogd Button Description Item Value setting Description Click on the Add Object button, a popup window will appear. Add a syslog Add Object N/A server. You may also add a syslog server from External Servers under Button System (System > External Server > External Server tab). Log to Storage Log to Storage screen allows network administrator to select the type of event to log and be stored at an internal or an external storage. 386 ...
Page 387: Packet Analyzer 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Log to Storage Setting Window Item Value Setting Description Enable Default unchecked Check to enable sending log to storage Internal is selected by Select Device Select internal or external storage default Log file name Default unchecked Set file name to save logs in storage Split file Enable Default unchecked Check to enable split file whenever log file reaching size set in the following filed Split file Size Default 200 KB Set file size to split log file Log type category Default unchecked Check which type of logs to send: System, Attacks, Drop, Login message, Debug Log to Storage Button Description Item Value setting Description Download log N/A Click the Download log file button to download log files so far file 9.1.3 Packet Analyzer The Packet Analyzer can capture packets depend on user settings. User can specify interfaces to capture packets and filter by setting rule. Ensure USB storage is available or Packet Analyzer can not be enable. ...
Page 388 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Capture Fitters Item Value setting Description When Enable is checked It means that Packet Analyzer will start to capture packets after clicking Save. Packet Analyzer On/Off setting When Enable is not checked It means that Packet Analyzer will stop to capture packets after clicking Save. 1. Optional setting Define the output filename. If left blank the device automatically 2. If no name is given, the file assigns a name in the format of < File Name >_<index>.pcap File Name name by default is <Interface>_<Date>_<index>. When Enable is checked 1.Optional setting It means that if the current output file reaches the specific size, it 2.The default value of File will open a new file to save packets. Split Files Size is 200 KB. User can change File Size and Unit when Enable is checked. 3. NOTE that File Size can not be less than 4 KB Define which interface that Packet Analyzer should work on. Multiple selection is accepted, but user can only select the one which is active. WAN : When the WAN is enable at Physical Interface, it can be selected here. Packet Interfaces Optional setting ...
Page 389 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Capture Filters Capture Filters let user can setup rules to filter packets. That means Packet Analyzer will only capture packets which match rules. Capture Fitters Item Value setting Description When Enable is checked Filter Optional setting It means that Packet Analyzer will filter packets based on the rules. The rules below can be set when Enable is checked. Define the filter rule with Source MACs, which means the source MAC address of packets. Packets which match rules will be captured. Multiple input is accepted, but it must be seperated by ; Source MACs Optional setting e.g. AA:BB:CC:DD:EE:FF;11:22:33:44:55:66 NOTE that if there exists multiple rules, it will be merge with or conjuntion. That means packets will be captured when match one of the rules. Source IPs Optional setting Define the filter rule with Source IPs, which means the source IP address 389 ...
Page 390 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. of packets. Packets which match rules will be captured. Multiple input is accepted, but it must be seperated by ; e.g. 192.168.1.1;192.168.1.2 NOTE that if there exists multiple rules, it will be merge with or conjuntion. That means packets will be captured when match one of the rules. Define the filter rule with Source Ports, which means the source port of packets. Packets which match rules will be captured. Multiple input is accepted, but it must be seperated by ; Source Ports Optional setting e.g. 80;53 NOTE that if there exists multiple rules, it will be merge with or conjuntion. That means packets will be captured when match one of the rules. Define the filter rule with Destination MACs, which means the destination MAC address of packets. Packets which match rules will be captured. Multiple input is accepted, but it must be seperated by ; Destination MACs Optional setting e.g. AA:BB:CC:DD:EE:FF;11:22:33:44:55:66 NOTE that if there exists multiple rules, it will be merge with or conjuntion. That means packets will be captured when match one of the rules. Define the filter rule with Destination IPs, which means the destination IP address of packets. Packets which match rules will be captured. Multiple input is accepted, but it must be seperated by ; Destination IPs Optional setting e.g. 192.168.1.1;192.168.1.2 NOTE that if there exists multiple rules, it will be merge with or conjuntion. That means packets will be captured when match one of the rules. Define the filter rule with Destiantion Ports, which means the destination ...
Page 391: Scheduling
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. e.g. 80;53 NOTE that if there exists multiple rules, it will be merge with or conjuntion. That means packets will be captured when match one of the rules. 9.3 Scheduling Scheduling provides ability of adding/deleting time schedule rules, which can be applied to other functionality. Go to System > Scheduling > Schedule Settings Button description Item Value setting Description Add N/A Click the Add button to configure time schedule rule Delete N/A Click the Delete button to delete selected rule(s) Save N/A Click the Save button to save changes Refresh N/A Click the Refresh button to refresh current page 391 ...
Page 392 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Time Schedule Configuration Item Value Setting Description Rule Name String: any text Set rule name Rule Policy Default Inactivate Inactivate/activate the function been applied to in the time period below Time Period Definition Item Value Setting Description Week Day Select from menu Select everyday or one of weekday Start Time Time format (hh :mm) Start time in selected weekday End Time Time format (hh :mm) End time in selected weekday Button description Item Value setting Description Save NA Click the Save button to save changes Undo NA Click the Undo button to revert changes 392 ...
Page 393: Grouping
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.7 Grouping The Grouping allow user to make group for some services. Ensure Grouping are enabled and saved Go to System > Grouping > Configuration Tab Currently support three kinds of group: Host Grouping, File Extension Grouping and L7 Application Grouping. Host Grouping Go to System > Grouping > Host Grouping Tab When Add button is applied Host Group Configuration screen will appear. Host Group Configuration Item Value setting Description 1. String format can be any text Group Name Enter a group rule name. Enter a name that is easy for you to understand. 2. A Must filled setting Member List NA This field is shown members contained in group. The boxes are Binding the services that group can be applied. If user enable the Multiple Bound unchecked by Firewall, the produced group can be used in firewall service. Same as by Services default ...
Page 394 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Define the member type of group. When IP Address‐based is selected, only IP address can be added in Member to Join. A Must filled setting Member Type When MAC Address‐based is selected, only MAC address can be added in 2. Member to Join. When Host Name‐based is selected, only host name can be added in Member to Join. Add member to the group in this field. Member to Join N/A Key the member in the blank and press the Join button to add. Each time can be add only one member. The box is Group unchecked by Enable the group that can be used in bound service. default File Extension Grouping Go to System > Grouping > File Extension Grouping Tab When Add button is applied File Extension Group Configuration screen will appear. File Extension Group Configuration Item Value setting Description 1. String format can be any Group text Enter a group rule name. Enter a name that is easy for you to understand. ...
Page 395 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. List Multiple The boxes are unchecked by Binding the services that group can be applied. If user enable the Firewall, Bound default the produced group can be used in firewall service. Services Define the member type of group. There are six member types can be selected. When Image is selected, there are total eleven file extension names about image can be added. Include .bmp, .gif, .jpeg, .jpg, .jpg2, .jp2, .pcx, .pig, .png, .tif and .tiff. When Video is selected, there are total twelve file extension names about video can be added. Include .asf, .avi, .mov, .mpeg, .mpg, .mp4, .rm, .wmv, .3gp, .3gpp, .3gpp2 and .3g2. When Audio is selected, there are total eleven file extension names about File audio can be added. Extension A Must filled setting to Join Include .aac, .au, .mp3, .m4a, .m4p, .ogg, .ra, .ram, .vox, .wav and .wma. When Java is selected, there are total ten file extension names about java can be added. Include .class, .jad, .jar, .jav, .java, .jcm, .js, .jse, .jsp and .jtk. When Compression is selected, there are total ten file extension names about compression can be added. Include .ace, .ari, .bzip2, .bz2, .cab, .gz, .gzip, .rar, .sit and .zip. When Execution is selected, there are total eight file extension names about execution can be added. Include .bas, .bat, .com, .exe, .inf, .pif, .reg, .scr. The box is unchecked by Group Enable the group that can be used in bound service. default ...
Page 396 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. L7 Application Group Configuration Item Value setting Description Group Name 1. String format can Enter a group rule name. Enter a name that is easy for you to understand. be any text 2. A Must filled setting L7 Application List N/A This field is shown members contained in group. Multiple Bound The boxes are Binding the services that group can be applied. If user enable the Firewall, Services unchecked by the produced group can be used in firewall service. default Define the member type of group. There are four member types can be selected. When Chat is selected, there are total four Chat application can be added. Include QQ, Skype, Facebook, Aliww. When P2P is selected, there are total seven P2P application can be added. L7 Application to Join A Must filled setting Include BT, eDonkey, eMule, Shareaza, HTTP. Multiple Thread Download, Thunder, Baofeng. When Proxy is selected, there are three proxy application can be added. Include HTTP Proxy, SOCKS 4 and 5 Proxy. When Streaming is selected, there are total five streaming application can be added. ...
Page 397: External Servers
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.9 External Servers The External Servers setting allows user to add external server. Create external server Go to System > External Servers > External Servers When Add button is applied, External Server Configuration screen will appear. External Server Configuration Item Value setting Description 1. String format can be any text Sever Name Enter a server name. Enter a name that is easy for you to understand.. 2. A Must filled setting Server IP/FQDN A Must filled setting This field is to specify the external server IP. Server Port A Must filled setting This field is to specify the external server port. Specify server to the Server Type. Email Server (A Must filled setting) When Email Server is selected, it means the option External Servers is set email server. Server Port will be set 25 by default. Server Type A Must filled setting User Name (String format: any text) Password (String format: any text) Then check Enable box to add this server. 397 ...
Page 398 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Syslog Server (A Must filled setting) When Syslog Server is selected, it means the option External Servers is set Syslog Server. Server Port will be set 514 by default. Then check Enable box to add this server. RADIUS Server (A Must filled setting) When RADIUS Server is selected, it means the option External Servers is set RADIUS Server. Server Port will be set 1812 by default. Accounting Port (A Must filled setting) Primary : Shared Key (String format: any text) Authentication Protocol (By default CHAP is selected) Session Timeout (By default 1) The values must be between 1 and 60. Idle Timeout: (By default 1) The values must be between 1 and 26. Secondary : Shared Key (String format: any text) Authentication Protocol (By default CHAP is selected) Session Timeout (By default 1) The values must be between 1 and 60. Idle Timeout: (By default 1) The values must be between 1 and 26. Then check Enable box to add this server. Active Directory Server (A Must filled setting) When Active Directory Server is selected, it means the option External Servers is set Active Directory Server. Server Port will be set 389 by default. Domain (String format: any text) Then check Enable box to add this server. 398 ...
Page 399 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. LDAP Server (A Must filled setting) When LDAP Server is selected, it means the option External Servers is set LDAP Server. Server Port will be set 389 by default. Base DN (String format: any text) Identity (String format: any text) Password (String format: any text) Then check Enable box to add this server. UAM Server (A Must filled setting) When UAM Server is selected, it means the option External Servers is set UAM Server. Server Port will be set 80 by default. Login URL (String format: any text) Shared Secret (String format: any text) N/AS/Gateway ID (String format: any text) Location ID (String format: any text) Location Name (String format: any text) Then check Enable box to add this server. TACACS+ Server (A Must filled setting) When TACACS+ Server is selected, it means the option External Servers is set TACACS+ Server. Server Port will be set 49 by default. Shared Key (String format: any text) Session Timeout (String format: any number) The values must be between 1 and 60. Then check Enable box to add this server. SCEP Server (A Must filled setting) When SCEP Server is selected, it means the option External Servers is set SCEP Server. Server Port will be set 80 by default. Path (String format: any text, By default cgi‐bin is filled) Application (String format: any text, By default pkiclient.exe is filled) Then check Enable box to add this server. The box is checked by Server When click Enable, it will enable this External Server. default Save N/A Click Save to save the settings Undo N/A ...
Page 400: B Mmi
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Refresh N/A Click the Refresh button to refresh the external server list. 9.b MMI This is the gateway’s web‐based utility access which allows administrator to access the gateway for management. The gateway’s web‐based utility automatically logs out the administrator when the idle time has elapsed. The setting allows administrator to enable automatic logout and set the logout idle time. When the Time‐out is disabled the system will not logout the administrator automatically. Go to System > MMI > Web UI tab Web UI Item Value Setting Description Administrator Default checked Enable auto logout when maximum idle time elapsed. Time‐out Enable Administrator 300s is set by default Set maximum user idle time Time‐out Save N/A Click Save button to save the settings Undo N/A Click Undo button to cancel the settings 400 ...

M2M IDG701AM-0T001 User Manual

Chapter 1 Introduction

Chapter 2 Getting Started

Chapter 3 Basic Network

Chapter5 Advanced Network 1

Chapter 7 Applications 3

Chapter 9 System 3

Quick Links

Need help?

Questions and answers

Related Manuals for M2M IDG701AM-0T001

Summary of Contents for M2M IDG701AM-0T001

Table of Contents