Download Print this page

Amit IDG761AM-0T001 User Manual

Amit IDG761AM-0T001 User Manual

M2m cellular gateway

Table Of Contents

page of 408

/ 408
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

M2M Cellular Gateway

IDG761AM‐0T001 /

IDG761AM‐0P001

User Manual

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the IDG761AM-0T001 and is the answer not in the manual?

Questions and answers

Summary of Contents for Amit IDG761AM-0T001

Page 1 M2M Cellular Gateway IDG761AM‐0T001 / IDG761AM‐0P001 User Manual ...
Page 2: Table Of Contents
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 1 Introduction ..............................7 1.1 Introduction ..............................7 1.2 Contents List ..............................8 1.2.1 Package Contents ..........................8 1.3 Hardware Configuration ..........................9 1.4 LED Indication ............................... 11 1.5 Installation & Maintenance Notice ...................... 12 1.5.1 SYSTEM REQUIREMENTS ......................12 ...
Page 3 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.7.3 Log Storage Status......................... 39 2.9 Statistics & Report ............................40 2.9.1 Connection Session ........................40 2.9.3 Network Traffic ..........................41 2.9.5 Device Administration ........................42 2.9.9 Cellular Usage ..........................43 Chapter 3 Basic Network ............................44 3.1 WAN &...
Page 4 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.b.1 Static Routing ..........................175 3.b.3 Dynamic Routing ......................... 180 3.b.5 Routing Information ........................190 3.d DNS & DDNS ............................191 3.d.1 DNS & DDNS Configuration ....................191 3.f QoS ................................196 3.f.1 QoS Configuration ........................196 3.h Redundancy ............................... 207 ...
Page 5 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.3 Firewall ................................. 307 9.3.1 Firewall Configuration ....................... 307 9.3.3 Packet Filter ........................... 308 9.3.5 URL Blocking ..........................314 9.3.9 MAC Control ..........................319 9.3.d IPS ..............................323 9.3.f Options ............................. 328 Chapter b Administration ............................333 b.1 Configure & Manage ..........................333 ...
Page 6 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. d.1 Cellular Toolkit ............................374 d.1.1 Data Usage ............................ 374 d.1.3 SMS ..............................376 d.1.5 SIM PIN ............................380 d.1.7 USSD ..............................387 d.1.9 Network Scan ..........................392 d.3 Event Handling ............................394 d.3.1 Configuration ..........................396 d.3.3 Managing Events ........................405 ...
Page 7: Chapter 1 Introduction
Before you install and use this product, please read this manual in detail for fully exploiting the functions of this product. 1 The specification of embedded module depends on respective model. IDG761AM-0P001 is with an embedded 3G HSPA+ module. IDG761AM-0T001 is with an embedded 4G LTE module.
Page 8: Contents List
Items Description Contents Quantity IDG761AM‐0T001 1pcs (or IDG761AM‐0P001) M2M Cellular Gateway 2pcs Cellular Antenna 2pcs WiFi Antenna Power Adapter 1pcs (DC 12V/2A) ) 1pcs RJ45 Cable 1pcs Console Cable CD 1pcs (Manual) 2pcs Mounting Bracket 1pcs DIN‐Rail Bracket 2 The maximum power consumption of IDG761AM-0T001 / IDG761AM-0P001 is 15.5W.
Page 9: Hardware Configuration
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.3 Hardware Configuration  Front View USB Port Reset Indicators Button 3G/LTE(Aux) 3G/LTE(Main) Console Auto MDI/MDIX RJ45 Ports Antenna Antenna Port 4x FE LAN to connect local ※Reset Button The RESET button provides user with a quick and easy way to resort the default setting. Press the RESET button continuously for 6 seconds, and then release it. The device will restore to factory default settings. ...
Page 10 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Bottom View SIM B SIM A Slot Slot  Left View 2.4GHz WiFi 2.4GHz WiFi Antenna Antenna Power Terminal Block ...
Page 11: Led Indication
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.4 LED Indication LED Color LED Icon Indication Description Power Source 1 Green Steady ON: Device is powered on by power source 1 Power Source 2 Green Steady ON: Device is powered on by power source 2 Steady ON: Wireless radio is enabled WLAN (WiFi) Green Flash: Data packets are transferred...
Page 12: Installation & Maintenance Notice
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.5 Installation & Maintenance Notice 1.5.1 SYSTEM REQUIREMENTS  An Ethernet RJ45 cable or DSL modem  3G/4G cellular service subscription Network Requirements  IEEE 802.11n or 802.11b/ g wireless clients  10/100 Ethernet adapter on PC Computer with the following:  Windows®, Macintosh, or Linux‐based operating system  An installed Ethernet adapter Web-based Configuration Utility Browser Requirements: Requirements  Internet Explorer 6.0 or higher  Chrome 2.0 or higher  Firefox 3.0 or higher  Safari 3.0 or higher 1.5.2 WARNING Only use the power adapter that comes with the ...
Page 13: Hot Surface Caution
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.5.3 HOT SURFACE CAUTION CAUTION: The surface temperature for the metallic enclosure can be very high! Especially after operating for a long time, installed at a close cabinet without air conditioning support, or in a high ambient temperature space. DO NOT touch the hot surface with your fingers while servicing!! ...
Page 14: Hardware Installation
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.6 Hardware Installation This chapter describes how to install and configure the hardware 1.6.1 Mount the Unit The IDG761 series products can be mounted on a wall, horizontal plane, or DIN Rail in a cabinet with the mounting accessories (brackets or DIN‐rail kit). The mounting accessories are not screwed on the product when out of factory. Please screw the wall‐mount kits or DIN‐rail bracket on the product first. 1.6.2 Insert the SIM Card WARNING: BEFORE INSERTING OR CHANGING THE SIM CARD, PLEASE MAKE SURE THAT POWER OF THE DEVICE IS SWITCHED OFF. The SIM card slots are located at the bottom side of IOG761‐0T001 housing. You need to unscrew and remove the outer SIM card cover before installing or removing the SIM card. Please follow the instructions to insert a SIM card. After SIM card is well placed, screw back the outer SIM card cover. ...
Page 15: Connecting Power
It supports dual 9 to 48VDC power inputs. Following picture is the power terminal block pin assignments. Please check carefully and connect to the right power requirements and polarity. There is a DC12V/2A power adapter in the package for you to easily connect DC power adapter to this terminal block. WARNNING: This commercial‐grade power adapter is mainly for ease of powering up the purchased device while initial configuration. It’s not for operating at wide temperature range environment. PLEASE PREPARE OR PURCHASE OTHER INDUSTRIAL‐GRADE POWER SUPPLY FOR POWERING UP THE DEVICE. 1.6.4 Connecting to the Network or a Host The IDG761 series provides four RJ45 ports to connect 10/100Mbps Ethernet. It can auto detect the transmission speed on the network and configure itself automatically. Connect the Ethernet cable to the RJ45 ports of the device. Plug one end of an Ethernet cable into your computer’s network port and the other end into one of IDG761 series for LAN ports on the front panel. If you need to configure or troubleshoot the device, you may need to connect the IDG761 series directly to the host PC. In this way, you can also use the RJ45 Ethernet cable to connect the IDG761 series to the host PC’s Ethernet port. 4 The maximum power consumption of IDG761AM-0T001 / IDG761AM-0P001 is 15.5W.
Page 16: Setup By Configuring Web Ui
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.6.5 Setup by Configuring WEB UI You can browse web UI to configure the device. 5 Type in the IP Address (http://192.168.123.254) 6 When you see the login page, enter the password ‘admin’ and then click ‘Login’ button. 5 The default LAN IP address of this gateway is 192.168.123.254. If you change it, you need to type the new IP address 6 It’s strongly recommending you to change this login password from default value...
Page 17: Chapter 2 Status
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 2 Status 2.3 Basic Network 2.3.1 WAN & Uplink Status The WAN & Uplink Status window shows the current status for different network type, including network configuration, connecting information, modem status and traffic statistics. From the menu on the left, select Status > Basic Network > WAN & Uplink Status WAN interface IPv4 Network Status WAN interface IPv4 Network Status screen shows status information for IPv4 network. ...
Page 18 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. WAN interface IPv4 Network Status Item Value setting Description ID N/A It displays corresponding WAN interface WAN IDs. It displays the type of WAN physical interface. Interface N/A Depending on the model purchased, it can be Ethernet, 3G/4G, USB 3G/4G. It displays the method which public IP address is obtained from your ISP. WAN Type N/A Depending on the model purchased, it can be Static IP, Dynamic IP, PPPoE, PPTP, L2TP, 3G/4G. It displays the public IP address obtained from your ISP for Internet IP Addr. N/A connection. Default value is 0.0.0.0 if left un‐configured. It displays the Subnet Mask for public IP address obtained from your ISP Subnet Mask N/A for Internet connection. Default value is 0.0.0.0 if left un‐configured. It displays the Gateway IP address obtained from your ISP for Internet Gateway N/A connection. Default value is 0.0.0.0 if left un‐configured. It displays the IP address of DNS server obtained from your ISP for DNS N/A Internet connection. Default value is 0.0.0.0 if left un‐configured. It displays the MAC Address for your ISP to allow you for Internet access. MAC Address N/A Note: Not all ISP may require this field. It displays the connection status of the device to your ISP. ...
Page 19 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. WAN interface IPv6 Network Status WAN interface IPv6 Network Status screen shows status information for IPv6 network. WAN interface IPv6 Network Status Item Value setting Description ID N/A It displays corresponding WAN interface WAN IDs. It displays the type of WAN physical interface. Interface N/A Depending on the model purchased, it can be Ethernet, 3G/4G, USB 3G/4G. It displays the method which public IP address is obtained from your ISP. WAN Type N/A WAN type setting can be changed from Basic Network > IPv6 > Configuration. Link‐local IP It displays the LAN IPv6 Link‐Local address. N/A Address It displays the IPv6 global IP address assigned by your ISP for your Global IP Address N/A Internet connection. It displays the connection status. The status can be connected, Conn. Status N/A disconnected and connecting. This area provides functional buttons. Action N/A Edit Button when pressed, web‐based utility will take you to the IPv6 ...
Page 20 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Utility. IPv6 Global It displays the current IPv6 global IP address assigned by your ISP for your N/A Address Internet connection. This area provides functional buttons. Edit IPv4 Button when press, web‐based utility will take you to the Ethernet LAN configuration page. (Basic Network > LAN & VLAN > Action N/A Ethernet LAN tab). Edit IPv6 Button when press, web‐based utility will take you to the IPv6 configuration page. (Basic Network > IPv6 > Configuration.) 3G/4G Modem Status 3G/4G Modem Status List screen shows status information for 3G/4G WAN network. 3G/4G Modem Status List Item Value setting Description It displays the type of WAN physical interface. Depending on the model you purchased, it can be 3G/4G and USB 3G/4G. Interface N/A Note: Some device model may support two 3G/4G modules. Their physical interface name will be 3G/4G‐1 and 3G/4G‐2. Card N/A It displays the vendor’s 3G/4G modem model name. Information It displays the 3G/4G connection status. The status can be Connecting, Link Status N/A Connected, Disconnecting, and Disconnected. Signal ...
Page 21 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Modem Information (Detail Button) Modem Information (after Detail button) Item Value setting Description Interface N/A It displays the type of WAN physical interface. Module Name N/A It displays the vendor’s 3G/4G modem model name. IMEI/MEID N/A It displays the device IMEI code of the module. HW Version N/A It displays the hardware version of the 3G/4G module. FW Version N/A It displays the firmware version of the 3G/4G module. SIM Status SIM Status (after Detail button) Item Value setting Description It displays the operating SIM card. The display can be SIM‐A or SIM‐B. SIM N/A Note: Some device just supports one SIM slot and only SIM‐A is available. It displays the status of whether the SIM is required to be unlocked and absent of SIM card. The display can be Ready, SIM card not inserted, incorrect PIN code, PIN is required, Blocked. ...
Page 22 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. to unlock instead. Note: You will need to enquire the telecom carrier for the PUK code to unlock or further technical services. This displays the remaining time of the counter that you are allowed to try to unlock SIM card with the PUK code*. Once the number of unlocking tries has PUK Code Remaining N/A been exhausted the counter will display zero then the SIM card is locked. Note: Times When the counter has reached zero, you will need to enquire the telecom carrier for further technical services. *To enter or re‐enter PIN code, please go to Basic Network > WAN & Uplink > Internet Setup > Connection with SIM‐A Card. Service Information Service Information (after Detail button) Item ...
Page 23 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Status value will be Registered or Unregistered. PS Attached N/A It shows the PS attached status. It can be Attached or Detached. Status Roaming It displays the registration status to the network, at roaming or at home N/A Status network. It can be Roaming or Not Roaming. It displays the IMSI (International Mobile Subscriber Identity) information, which IMSI N/A usually is composed of 15 digits. It displays the SMSC (Short Message Service Center) information, which is SMSC N/A necessary for SMS service. It displays the MSISDN (Mobile Station International Subscriber Directory MSISDN N/A Number) information. The information is available if the SIM card supports it. ...
Page 24: Lan & Vlan Status
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3.3 LAN & VLAN Status Go to Status > Basic Network > LAN & VLAN. Client List The Client List shows you the LAN Interface, IP address, Host Name, MAC Address, and Remaining Lease Time of each device that is connected to this router. LAN Client List Item Value setting Description LAN Interface N/A Client record of LAN Interface. String Format. Client record of IP Address Type and the IP Address. Type is String Format IP Address N/A and the IP Address is IPv4 Format. Host Name N/A Client record of Host Name. String Format. MAC Address N/A Client record of MAC Address. MAC Address Format. Remaining N/A Client record of Remaining Lease Time. Time Format. Lease Time ...
Page 25: Wifi Status
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3.5 WiFi Status The WiFi Status window shows the overall statistics of WiFi VAP entries. Go to Status > Basic Network > WiFi tab. WiFi Virtual AP List The WiFi Virtual AP List shows all of the virtual AP information. The Edit button allows for quick configuration changes. WiFi Virtual AP List Item Value setting Description Op. Band N/A It displays the Wi‐Fi Operation Band (2.4G or 5G) of VAP. ID N/A It displays the ID of VAP. ...
Page 26 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. WiFi WDS Status The WiFi Traffic Statistic shows all the received and transmitted packets on WiFi network. WiFi IDS Status Item Value setting Description SSID N/A It displays the network ID of VAP. Remote AP MAC N/A It displays the the Remote AP MAC list for the WDS peers. Channel N/A It displays the wireless channel used. It displays the authentication and encryption setting for the WDS Security N/A connection. RSSI0, RSSI1 N/A It displays the Rx sensitivity on each radio path.. Click the Edit button to make a quick access to the WiFi configuration Action N/A ...
Page 27 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Frame Action N/A Click the Reset button to clear the entire statistic and reset counter to 0. Ensure WIDS function is enabled Go to Basic Network > WiFi > Advanced Configuration tab Note that the WIDS of 2.4G or 5G should be configured separately. WiFi Traffic Statistic The WiFi Traffic Statistic shows all the received and transmitted packets on WiFi network. WiFi Traffic Statistic ...
Page 28: Ddns Status
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3.7 DDNS Status The DDNS Status window shows the current DDNS service in use, the last update status, and the last update time to the DDNS service server. Go to Status > Basic Network > DDNS. DDNS Status DDNS Status Item Value Setting Description It displays the name you entered to identify DDNS service provider Host Name N/A It displays the DDNS server of DDNS service provider Provider N/A It displays the public IP address of the device updated to the DDNS Effective IP ...
Page 29: Security
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.5 Security 2.5.1 VPN Status The VPN Status widow shows the overall VPN tunnel status. From the menu on the left, select Status > Security > VPN Status. IPSec Tunnel Status IPSec Tunnel Status windows show the configuration for establishing IPSec VPN connection and current connection status. IPSec Tunnel Status Item Value setting Description Tunnel Name N/A It displays the tunnel name you have entered to identify. Tunnel Scenario N/A It displays the Tunnel Scenario specified. Local Subnets N/A It displays the Local Subnets specified. ...
Page 30 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Click on Edit Button to change IPSec setting, web‐based utility will take Edit Button N/A you to the IPSec configuration page. (Security > VPN > IPSec tab) OpenVPN Server Status According to OpenVPN configuration, the OpenVPN Server/Client Status shows the status and statistics for the OpenVPN connection from the server side or client side. OpenVPN Server Status Item Value setting Description User Name N/A It displays the Client name you have entered for identification. Remote N/A It displays the public IP address (the WAN IP address) of the connected IP/FQDN OpenVPN Client Virtual IP/MAC N/A It displays the virtual IP/MAC address assigned to the connected OpenVPN client. ...
Page 31 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. L2TP Server/Client Status LT2TP Server/Client Status shows the configuration for establishing LT2TP tunnel and current connection status. L2TP Server Status Item Value setting Description User Name N/A It displays the login name of the user used for the connection. It displays the public IP address (the WAN IP address) of the connected Remote IP N/A L2TP client. Remote Virtual IP N/A It displays the IP address assigned to the connected L2TP client. Remote Call ID N/A It displays the L2TP client Call ID. Conn. Time N/A It displays the connection time for the L2TP tunnel. It displays the Status of each of the L2TP client connection. The status Status ...
Page 32 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPTP Server/Client Status PPTP Server/Client Status shows the configuration for establishing PPTP tunnel and current connection status. PPTP Server Status Item Value setting Description User Name N/A It displays the login name of the user used for the connection. It displays the public IP address (the WAN IP address) of the connected Remote IP N/A PPTP client. Remote Virtual IP N/A It displays the IP address assigned to the connected PPTP client. Remote Call ID N/A It displays the PPTP client Call ID. Conn. Time N/A It displays the connection time for the PPTP tunnel. It displays the Status of each of the PPTP client connection. The status Status N/A ...
Page 33: Firewall Status
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.5.3 Firewall Status From the menu on the left, select Status > Security > Firewall Status Tab. The Firewall Status provides user a quick view of the firewall status and current firewall settings. It also keeps the log history of the dropped packets by the firewall rule policies, and includes the administrator remote login settings specified in the Firewall Options. By clicking the icon [+], the status table will be expanded to display log history. Clicking the Edit button the screen will be switched to the configuration page. Packet Filter Status Packet Filter Status Item Value setting Description Activated Filter N/A This is the Packet Filter Rule name. Rule This is the logged packet information, including the source IP, destination Detected ...
Page 34 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IP N/A The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format. Time N/A ("Month" "Day" "Hours":"Minutes":"Seconds") Note: Ensure URL Blocking Log Alert is enabled. Refer to Security > Firewall > URL Blocking tab. Check Log Alert and save the setting. Web Content Filter Status Web Content Filter Status Item Value setting Description Activated Filter N/A Logged packet of the rule name. String format. Rule Detected N/A Logged packet of the filter rule. String format. Contents IP N/A Logged packet of the Source IP. IPv4 format. Logged packet of the Date Time. Date time format ("Month" "Day" Time N/A "Hours":"Minutes":"Seconds") Note: Ensure Web Content Filter Log Alert is enabled. Refer to Security > Firewall > Web Content Filter tab. Check Log Alert and save the setting. ...
Page 35 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. MAC Control Status MAC Control Status Item Value setting Description Activated N/A This is the MAC Control Rule name. Control Rule Blocked MAC N/A This is the MAC address of the logged packet. Addresses IP N/A The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format. Time N/A ("Month" "Day" "Hours":"Minutes":"Seconds") Note: Ensure MAC Control Log Alert is enabled. Refer to Security > Firewall > MAC Control tab. Check Log Alert and save the setting. Application Filters Status Application Filters Status Item Value setting Description Filtered Application N/A The name of the Application Category being blocked. Category Filtered Application ...
Page 36 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IPS Status IPS Firewall Status Item Value setting Description Detected N/A This is the intrusion type of the packets being blocked. Intrusion IP N/A The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format. ("Month" Time N/A "Day" "Hours":"Minutes":"Seconds") Note: Ensure IPS Log Alert is enabled. Refer to Security > Firewall > IPS tab. Check Log Alert and save the setting. Firewall Options Status Firewall Options Status Item Value setting Description Enable or Disable setting status of Stealth Mode on Firewall Options. Stealth Mode N/A String Format: Disable or Enable Enable or Disable setting status of SPI on Firewall Options. SPI N/A String Format : Disable or Enable Enable or Disable setting status of Discard Ping from WAN on Firewall Discard ...
Page 37: Administration
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.7 Administration 2.7.1 Configure & Manage Status The Configure & Manage Status window shows the status for managing remote network devices. The type of management available in your device is depended on the device model purchased. The commonly used ones are the SNMP, TR‐069, and UPnP. From the menu on the left, select Status > Administration > Configure & Manage tab. SNMP Linking Status SNMP Link Status screen shows the status of current active SNMP connections. SNMP Link Status Item Value setting Description It displays the user name for authentication. This is only available for User Name N/A SNMP version 3. ...
Page 38 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IP Address N/A It displays the IP address of SNMP manager. It displays the port number used to maintain connection with the SNMP Port N/A manager. Community N/A It displays the community for SNMP version 1 or version 2c only. Auth. Mode N/A It displays the authentication method for SNMP version 3 only. Privacy Mode N/A It displays the privacy mode for version 3 only. SNMP Version N/A It displays the SNMP Version employed. SNMP Trap Information SNMP Trap Information screen shows the status of current received SNMP traps. SNMP Trap Information Item Value setting Description Trap Level N/A It displays the trap level. Time N/A It displays the timestamp of trap event. Trap Event N/A It displays the IP address of the trap sender and event type. ...
Page 39: Log Storage Status
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.7.3 Log Storage Status The Log Storage Status window shows the status for selected device storage. From the menu on the left, select Status > Administration > Log Storage tab. Log Storage Status Log Storage Status screen shows the status of current the selected device storage. The status includes Device Select, Device Description, Usage, File System, Speed, and status . ...
Page 40: Statistics & Report
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.9 Statistics & Report 2.9.1 Connection Session Go to Status > Statistics & Reports > Connection Session tab. Internet Surfing Statistic shows the connection tracks on this router. Internet Surfing Statistic Item Value setting Description Previous N/A Click the Previous button; you will see the previous page of track list. Next N/A Click the Next button; you will see the next page of track list. First N/A Click the First button; you will see the first page of track list. Last N/A Click the Last button; you will see the last page of track list. Export (.xml) N/A Click the Export (.xml) button to export the list to xml file. Export (.csv) N/A Click the Export (.csv) button to export the list to csv file. Refresh N/A Click the Refresh button to refresh the list. ...
Page 41: Network Traffic
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.9.3 Network Traffic Go to Status > Statistics & Reports > Network Traffic tab. Network Traffic Statistics screen shows the historical graph for the selected network interface. You can change the interface drop list and select the interface you want to monitor. . ...
Page 42: Device Administration
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.9.5 Device Administration Go to Status > Statistics & Reports > Device Administration tab. Device Administration shows the login information. Device Manager Login Statistic Item Value setting Description Previous N/A Click the Previous button; you will see the previous page of login statistics. Next N/A Click the Next button; you will see the next page of login statistics First N/A Click the First button; you will see the first page of login statistics Last N/A Click the Last button; you will see the last page of login statistics Export (.xml) N/A Click the Export (.xml) button to export the login statistics to xml file. Export (.csv) N/A Click the Export (.csv) button to export the login statistics to csv file. Refresh N/A Click the Refresh button to refresh the login statistics ...
Page 43: Cellular Usage
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.9.9 Cellular Usage Go to Status > Statistics & Reports > Cellular Usage tab. Cellular Usage screen shows data usage statistics for the selected cellular interface. The cellular data usage can be accumulated per hour or per day. ...
Page 44: Chapter 3 Basic Network
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 3 Basic Network 3.1 WAN & Uplink The gateway provides one or more WAN interfaces to let all client hosts in Intranet of the gateway access the Internet via ISP. But ISPs in the world apply various connection protocols to let gateways or user's devices dial in ISPs and then link to the Internet via different kinds of transmit media. So, the WAN Connection lets you specify the WAN Physical Interface, WAN Internet Setup and WAN Load Balance for Intranet to access Internet. For each WAN interface, you must specify its physical interface first and then its Internet setup to connect to ISP. If the gateway has multiple WAN interfaces, you also can assign physical interface to participate in the Load Balance function. ...
Page 45: Physical Interface
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.1.1 Physical Interface The first step to configure one WAN interface is to specify which kind of connection media to be used for the WAN connection, as shown in "Physical Interface" page. In "Physical Interface" page, there are two configuration windows, "Physical Interface List" and "Interface Configuration". "Physical Interface List" window shows all the available physical interfaces. After clicking on the "Edit" button for the interface in "Physical Interface List" window the "Interface Configuration" window will appear to let you configure a WAN interface. Physical Interface List The Physical Interface List shows all WAN interfaces of the gateway device, including their name, what kinds of physical interface, their operation mode and line speed. There is one "Edit" button for each WAN interface, which can let you configure the interface. Please see "Interface Configuration" section beneath. Following are some "Physical Interface List" window examples for different gateway ...
Page 46 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. An example of a SDE852AM‐00001 device An example of an IOG761AM‐0TDA1 device An example of an ODG761AM‐0T1 device An example of a BDG761AM‐0T1 device The contents of "Physical Interface List" in above example windows are just some examples. They vary from model to model. It depends on the model you purchased.  Interface Name The logic name of WAN interfaces is identified by “WAN‐1”, “WAN‐2”, …, and so on.  Physical Interface This device is equipped with some kinds of WAN interfaces to support different WAN types of connections. You can configure one by one to get proper internet connection setup. Refer to the product specification for the available WAN interfaces for the model you purchased. ...
Page 47 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Operation Mode There are three option items “Always‐on”, “Failover”, and “Disable” for the operation mode setting. It decides whether the corresponding WAN interface functions as the main access, as a failover access connection or disable the interface.  Line Speed Specify the correct line speed (bandwidth) of uploading and downloading for each WAN interface allow the device to operate its QoS and WAN Load Balance functions normally. It is necessary to configure the parameters if you want to use QoS and WAN Load Balance functions on the gateway device. ...
Page 48 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Physical Interface]‐[Interface Configuration (WAN‐n)], n=1, 2, ... Configuration Path Ethernet 3G/4G USB 3G/4G ADSL Physical Interface Always on Always on Failover Always on Operation Mode 100Mbps / 50Mbps / 5Mbps / 21Mbps 2Mbps / 22Mbps Line Speed 100Mbps 150Mbps WAN Physical Interface Ethernet WAN Gateway DSLAM Firewall xDSL Modem 3G/4G WAN Cellular Network Gateway USB 3G/4G WAN Cellular Network Gateway ADSL WAN Gateway DSLAM...
Page 49 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. USB 3G/4G WAN: The gateway has one USB port that might support 3G/4G USB modem for a WAN connection. Please plug 3G/4G USB dongle and follow UI setting to setup. ADSL WAN: The gateway has one ADSL modem built‐in that can be configured to be a WAN connection, please plug in RJ11 cable (normally the landline phone cable) in DSL port and follow UI setting to setup.  Operation Mode There are three option items “Always on”, “Failover”, and “Disable” for the operation mode setting. ...
Page 50 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Physical Interface]‐[Interface Configuration (WAN‐n)], n=1, 2 Configuration Path WAN‐1 WAN‐2 Interface Name ADSL USB 3G/4G Physical Interface Always on Failover WAN‐1 □Seamless Operation Mode 2Mbps / 22Mbps 5Mbps / 21Mbps Line Speed [Internet Setup]‐[Internet Connection Configuration (WAN‐n)], n=1, 2 Configuration Path WAN‐1 WAN‐2 Interface Name Ethernet over ATM with NAT 3G/4G WAN Type [Internet Setup]‐[Ethernet over ATM with NAT WAN Type Configuration] Configuration Path WAN‐1 Interface Name Auto‐reconnect (Always on) Connection Control LLC Data Encryption 0 VPI Number 33 VCI Number UBR Schedule Type ...
Page 51 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. S 5: When failback process starts, system terminates the current WAN connection via Failover WAN interface. S 6: System changes the data routing path back to the primary WAN interface as same state as at the beginning of system normal operation. Gateway ① Disconnected DSLAM WAN‐1: ADSL ② Failover Failover WAN‐2: 3G/4G ③ Start Connecting Cellular Network Gateway DSLAM ④ Connection Back WAN‐1: ADSL Failback ⑥...
Page 52 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. So, the initial status of two WAN connections for Seamless Failover is shown in following diagram. Gateway DSLAM Connected and Data Transferring WAN‐1: ADSL WAN‐2: 3G/4G Initial Status Connected but just Keep Alive Cellular Network Next, Failover and Failback processes are shown in following diagram. Their steps are: S 1: When system discovers the primary WAN connection is failed. S 2: System starts the failover process. S 3: System changes the data routing path to the failover WAN interface for further data transmitting. It is faster than the one in the normal mode of failover since routing change is ...
Page 53 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Gateway ① Disconnected DSLAM WAN‐1: ADSL ② Failover Failover WAN‐2: 3G/4G ③ Change Routing via WAN-2 Cellular Network Gateway DSLAM ④ Connection Back WAN‐1: ADSL Failback ⑥ Failback: Change WAN‐2: 3G/4G Routing back via WAN-1 ⑤ Leave it Keep Alive Cellular Network  Dual SIM Failover Scenario: If your purchased product has one or more embedded 3G/LTE module, and they have dual SIMs ...
Page 54 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Physical Interface]‐[Interface Configuration (WAN‐1)] Configuration Path WAN‐1 Interface Name 3G/4G Physical Interface Always on Operation Mode 50Mbps / 150Mbps Line Speed [Internet Setup]‐[Internet Connection Configuration (WAN‐1)] Configuration Path WAN‐1 Interface Name 3G/4G WAN Type [Internet Setup]‐[3G/4G WAN Type Configuration] Configuration Path WAN‐1 Interface Name SIM‐A First Preferred SIM Card So, the initial status of two WAN connections using different SIM card is shown in the following diagram. Cellular Network #1 Connected and Gateway Data Transferring SIM‐A Initial Status SIM‐B (SIM-A First) Not Connected Cellular Network #2 ...
Page 55 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. S 3: System keeps executing data transfer via SIM‐n connection until the connection failed. Once the SIM‐n connection failed, system starts the failover process again and goes back to S2 step. Cellular Network #1 ① When Disconnected Gateway SIM‐A ② Failover Failover SIM‐B ③ Start Connecting Cellular Network #2 Cellular Network #1 Gateway ⑥ Start Connecting SIM‐A Failover ⑤...
Page 56: Ethernet Wan
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In addition, you also can setup WAN‐2 with VLAN Tagging (Tag ID 12) using ADSL WAN interface for your Intranet to access specific service in ISP. Following table list the physical interface configuration for these two WAN interfaces, and their scenarios are shown in the following diagram. [Physical Interface]‐[Interface Configuration (WAN‐n)], n=1, 2 Configuration Path WAN‐1 WAN‐2 Interface Name Ethernet ADSL Physical Interface Always on Always on Operation Mode 100Mbps / 100Mbps 2Mbps / 22Mbps Line Speed □Enable ■Enable 12 VLAN Tagging Ethernet WAN Gateway w/o Tag DSLAM xDSL Modem Specific Service ADSL WAN...
Page 57 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Physical Interface Setting The Physical Interface allows user to setup the physical WAN interface and to adjust WAN’s behavior. Note: Numbers of available WAN Interfaces can be different for the purchased gateway. Go to Basic Network>WAN > Physical Interface tab. Configure Physical Interface Setting When Edit button is applied, an Interface Configuration screen will appear. WAN‐1 interface is used in this example. ...
Page 58 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Interface Configuration Item Value setting Description 1. A Must fill setting Select Ethernet or 3G/4G for WAN‐2. In this example WAN‐2 is been 2. WAN‐1 is the edited. Physical Interface primary interface and Depending on the router model, Disable and Failover options will be is factory set to Always available only to multiple WAN gateway. WAN‐2 and WAN‐3 interfaces on. are only available to multiple WAN gateway. Define the operation mode of the interface. Select Always on to make this WAN always active. Select Disable to disable this WAN interface. Select Failover to make this WAN a Failover WAN when the primary or the secondary WAN link failed. Then select the primary or the existed secondary WAN interface to switch Failover from. To failover seamlessly, check Seamless box. This failover WAN will Operation Mode A Must fill setting keep connected to the network (i.e. 3G/4G network) but no traffic will be transmitted through it until failover happens. If Seamless box is unchecked, failover WAN will begin to initiate a connection request to the network (i.e. the nearest 3G/4G base station) when failover occurs. During failover period, users may notice a period of connection time. (Note: for WAN‐1, only Always on option is available.) Define the upload and download bandwidth for the WAN. The actual bandwidth will also be affected if the Priority is specified in Line Speed A Must fill setting Load Balance Strategy. Refer to Basic Network > WAN & Uplink > Load Balance tab if your device supports Load Balance function. Check Enable box to enter tag value provided by your ISP. Otherwise ...
Page 59: Internet Setup
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.1.3 Internet Setup After specifying the physical interface for each WAN connection, administrator must configure their connection profiles one after one to meet the dial in process of ISPs, so that all client hosts in the Intranet of the gateway can access the Internet. In "Internet Setup" page, there are some configuration windows: "Internet Connection List", "Internet Connection Configuration", "WAN Type Configuration" and related configuration windows for each WAN type. For the Internet setup of each WAN interface, you must specify its WAN type of physical interface first and then its related parameter configuration for that WAN type. ...
Page 60 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Internet Connection List The Internet Connection List shows the WAN connection profiles of all WAN interfaces in the gateway device, including interface name, the kinds of physical interface, their operation mode and WAN connection type. There is one "Edit" button for each WAN interface to let you configure its Internet ...
Page 61 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Interface Name The logic name of WAN interfaces is identified by “WAN‐1”, “WAN‐2”, …, and so on.  Physical Interface This device is equipped with some kinds of WAN Interfaces. Please refer to [Basic Network]‐ [WAN & Uplink]‐[Physical Interface] section.  Operation Mode It is "Always on", "Failover" or "Disable". Please refer to [Basic Network]‐[WAN & Uplink]‐ [Physical Interface] section.  WAN Type The supported WAN types for each WAN interface depend on the kind of interface. Following are all kinds of physical interfaces and their supported WAN types.  Ethernet interface: A fixed line ISP that provides xDSL or cable modem for you to setup the WAN connection.  Static IP Address WAN type: Select this option if ISP provides a fixed IP address to you. You will need to enter in the IP address, subnet mask, and gateway address, provided to you by your ISP.  Dynamic IP Address WAN type: You may choose this WAN type if you connects a cable modem or a fiber (VDSL modem) for Internet connection. The assigned IP address for the WAN interface by a DHCP server may be different every time. ...
Page 62 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. recommended to set Connection Control mode to Connect‐on‐Demand or Manually.  ADSL interface: Asymmetric digital subscriber line (ADSL) is a type of digital subscriber line (DSL) technology, a data communications technology that enables faster data transmission over copper telephone lines than a conventional voiceband modem can provide. Use a RJ11 cable to connect the ADSL port of gateway device to the DSLAM at ISP, and connect further to a conventional Internet Protocol network.  Ethernet over ATM with NAT WAN type: The option is intended to be used in implementations ...
Page 63 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Ethernet interface: there are Static IP, Dynamic IP, PPPoE, PPTP and L2TP WAN types.  Static IP Address WAN Type: Settings include WAN IP Address, WAN Subnet Mask, WAN Gateway, Primary DNS, Secondary DNS, MTU, NAT, Network Monitoring, IGMP and WAN IP Alias.  Dynamic IP Address WAN Type: Settings include Host Name, ISP registered MAC Address, Connection Control, Maximum Idle Time, MTU, NAT, Network Monitoring, IGMP and WAN IP Alias.  PPPoE WAN Type: Settings include IPv6 Dual Stack, PPPoE Account & Password, Primary DNS / ...
Page 64 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IGMP and WAN IP Alias.  RFC 1483 Bridged WAN type: Settings include Data Encapsulation, VPI Number, VCI Number, Schedule Type, Network Monitoring, IGMP and WAN IP Alias. There are some common and important configuration parameters common to all WAN Type as listed below.  Network Monitoring The gateway supports failover function and the function must depend on the correct decision when a connection is down. Some parameters are used in the decision process.  DNS Query / ICMP Checking: either one is used to check alive for a WAN connection. ...
Page 65 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The decision flow chart of keep‐alive checking for a WAN connection is shown as below. Start N: the count of fails N = 0 “Loading Check” enable? Sleep for “Check Interval” Enough Sleep for traffic “Check Interval” existed? “DNS Query” “ICMP Checking” Checking Method FQDN Query ICMP Check (Target1, Target2) (Target1, Target2) Reply time > “Latency Success? Threshold” No, or “Check Timeout” occurs N = N+1 N < “Fail Threshold” Connection is Broken Try to reconnect  Connection Control There are three ways for connection control, “Auto‐reconnect (Always on)”, “Dial‐on‐demand” and “Manually”. ...
Page 66 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. to be sent to WAN side. After normal data transferring between LAN and WAN sides, this gateway will disconnect WAN connection if idle time reaches value of Maximum Idle Time. Manually: This gateway won’t start to establish WAN connection until you press “Connect” button on web UI. After normal data transferring between LAN and WAN sides, this gateway will disconnect WAN connection if idle time reaches value of Maximum Idle Time. Please be noted, if the WAN interface serves as the primary one for another WAN interface in Failover role, the Connection Control parameter will not be available to you to configure as the system must set it to “Auto‐reconnect (Always on)”.  Auto‐reconnect / Dial‐on‐demand / Manually Scenario: As an example, WAN‐1, WAN‐2 and WAN‐3 are all Ethernet interfaces with "Always on" operation mode. Their WAN Type is set to "Dynamic IP" but with different Connection Control approaches. ...
Page 67 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Gateway ① Disconnected DSLAM Dynamic IP, xDSL Modem G ateway, Auto-reconnect ② Re-connecting Subnet Mas k, Primary DN S, (Alw ays on) Secondary DNS Primary DNS, Secondary DNS, DHCP Servers Intranet Its steps are: Pre‐state: After system booting up, system tries to let the WAN connection be alive. S 1: When system discovers the WAN connection is failed. S 2: System starts to re‐connect the WAN connection till connect successfully as same as Pre‐ state. ...
Page 68 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. At last, for "Manually" scenario, system will not make the WAN connection until administrator click on the "Connect" button on the "Network Status" configuration window. Please refer to [System]‐[Network Status] section. And then the connection will keep alive only when there still is data transfer. If there is no data transfer for a period that is longer than the Maximum Idle Time, system will disconnect it and let the WAN connection go back to its initial state –disconnected. The scenario is shown in following diagram. ...
Page 69 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Internet Setup Setting Internet Setup allows user to setup WAN connection of the gateway. Depending on the model of the device, there are Ethernet, ADSL, 3G/4G WAN connection interfaces. This section shows the type of WAN and the numbers of WAN interfaces are supported by your device. Note: Numbers of available WAN Interfaces can be different for the purchased gateway. Go to Basic Network > WAN > Internet Setup tab Internet Connection List shows the basic information of each WAN. Click Edit button to configure. Then follow the following pages for detail settings. ...
Page 70 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Internet Setup – Ethernet WAN If the device connects to Internet through Ethernet WAN port, this section will help you to complete Ethernet WAN connection setup. Go to Basic Network > WAN & Uplink > Internet Setup tab. Configure Ethernet WAN Setting When Edit button is applied, Internet Connection Configuration screen will appear. WAN‐1 interface is used in this example. Internet Connection Configuration Item Value setting Description From the dropdown box, select Internet connection method for Ethernet WAN Connection. Detail settings are described in the next 1. A Must filled few pages. setting  Dynamic IP WAN Type  2. Dynamic IP is set Static IP  by default PPPoE  PPTP ...
Page 71 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Dynamic IP (Ethernet WAN) Dynamic IP WAN Type Configuration Item Value setting Description An optional setting Enter the host name provided by your Service Provider. Host Name Enter the MAC address that you have registered with your service provider. Or Click the Clone button to clone your PC’s MAC to this ISP Registered MAC An optional setting field. Address Usually this is the PC’s MAC address assigned to allow you to connect to Internet. There are three connection modes.  Auto‐reconnect (Always on) enables the router to always keep the Internet connection on.  Connect‐on‐demand enables the router to automatically re‐ establish Internet connection as soon as user attempts to A Must filled setting Connection Control access the Internet. Internet connection will be disconnected when it has been inactive for a specified idle time. ...
Page 72 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1200~1500 1. An optional Enable NAT to apply NAT on the WAN connection. Uncheck the box to setting disable NAT function. NAT 2. NAT is enabled by default When the Network Monitoring feature is enabled, the gateway will use DNS Query or ICMP to periodically check Internet connection – connected or disconnected.  Choose either DNS Query or ICMP Checking to detect WAN link. With DNS Query, the system checks the connection by sending DNS Query packets to the destination specified in Target 1 and Target 2. With ICMP Checking, the system will check connection by sending ICMP request packets to the destination specified in Target 1 and Target 2.  Loading Check Enable Loading Check allows the router to ignore unreturned DNS Queries or ICMP requests when WAN bandwidth is fully occupied. This is to prevent false link‐down status.  Check Interval defines the transmitting interval between two DNS Query or ICMP checking packets. 1. An optional ...
Page 73 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Undo N/A Click Undo to cancel the settings. Static IP (Ethernet WAN) Static IP WAN Type Configuration Item Value setting Description WAN IP Address A Must filled setting Enter the WAN IP address given by your Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider Primary DNS A Must filled setting Enter the primary WAN DNS IP address given by your Service Provider Enter the secondary WAN DNS IP address given by your Service Secondary DNS An optional setting ...
Page 74 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2. Box is checked by disable. default When the Network Monitoring feature is enabled, the router will use 1. An optional setting DNS Query or ICMP to periodically check Internet connection – 2. Box is checked by Network Monitoring connected or disconnected. default For the configuration details, please refer to the description stated in Dynamic Ethernet WAN section. Enable IGMP (Internet Group Management Protocol) would enable 1. A Must filled the router to listen to IGMP packets to discover which interfaces are setting IGMP connected to which device. The router uses the interface information 2. Disable is set by generated by IGMP to reduce bandwidth consumption in a multi‐...
Page 75 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPPoE (Ethernet WAN) PPPoE WAN Type Configuration Item Value setting Description PPPoE Account A Must filled setting Enter the PPPoE User Name provided by your Service Provider. PPPoE Password A Must filled setting Enter the PPPoE password provided by your Service Provider. Primary DNS An optional setting Enter the IP address of Primary DNS server. Secondary DNS An optional setting Enter the IP address of Secondary DNS server. There are three connection modes. 1. A Must filled  Auto‐reconnect (Always on) enables the router to always setting keep the Internet connection on. 2. Auto-reconnect is ...
Page 76 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Connect Manually allows user to connect to Internet manually. Internet connection will be inactive after it has been inactive for specified idle time. Service Name An optional setting Enter the service name if your ISP requires it Assigned IP Address An optional setting Enter the IP address assigned by your Service Provider. 1. A Must filled MTU refers to Maximum Transmission Unit. It specifies the largest setting packet size permitted for Internet transmission. MTU When set to Auto (value ‘0’), the router selects the best MTU for best 2. Auto (value zero) is Internet connection performance. set by default 1. An optional setting Enable NAT to apply NAT on the WAN connection. Uncheck the box to 2. Box is checked by disable. ...
Page 77 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPTP (Ethernet WAN) PPTP WAN Type Configuration Item Value setting Description Select either Static or Dynamic IP address for PPTP Internet connection.  When Static IP Address is selected, you will need to enter the WAN IP Address, WAN Subnet Mask, and WAN Gateway.  WAN IP Address (A Must filled setting): Enter the WAN IP A Must filled setting IP Mode address given by your Service Provider.  WAN Subnet Mask (A Must filled setting): Enter the WAN subnet mask given by your Service Provider.  WAN Gateway (A Must filled setting): Enter the WAN gateway IP address given by your Service Provider.  When Dynamic IP is selected, there are no above settings ...
Page 78 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. required. Server IP Enter the PPTP server name or IP Address. A Must filled setting Address/Name PPTP Account A Must filled setting Enter the PPTP username provided by your Service Provider. Enter the PPTP connection password provided by your Service PPTP Password A Must filled setting Provider. Connection ID An optional setting Enter a name to identify the PPTP connection. There are three connection modes.  Auto‐reconnect (Always on) enables the router to always keep the Internet connection on.  Connect‐on‐demand enables the router to automatically re‐ establish Internet connection as soon as user attempts to A Must filled setting Connection Control access the Internet. Internet connection will be disconnected when it has been inactive for a specified idle time.  Connect Manually allows user to connect to Internet manually. Internet connection will be inactive after it has been inactive for specified idle time. ...
Page 79 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. L2TP (Ethernet WAN) L2TP WAN Type Configuration Item Value setting Description Select either Static or Dynamic IP address for L2TP Internet connection.  When Static IP Address is selected, you will need to enter the WAN IP Address, WAN Subnet Mask, and WAN Gateway.  WAN IP Address (A Must filled setting): Enter the WAN IP A Must filled setting IP Mode address given by your Service Provider.  WAN Subnet Mask (A Must filled setting): Enter the WAN subnet mask given by your Service Provider.  WAN Gateway (A Must filled setting): Enter the WAN gateway IP address given by your Service Provider.  When Dynamic IP is selected, there are no above settings ...
Page 80 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. required. Server IP Enter the L2TP server name or IP Address. A Must filled setting Address/Name L2TP Account A Must filled setting Enter the L2TP username provided by your Service Provider. Enter the L2TP connection password provided by your Service L2TP Password A Must filled setting Provider. There are three connection modes.  Auto‐reconnect (Always on) enables the router to always keep the Internet connection on.  Connect‐on‐demand enables the router to automatically re‐ establish Internet connection as soon as user attempts to A Must filled setting Connection Control access the Internet. Internet connection will be disconnected when it has been inactive for a specified idle time.  Connect Manually allows user to connect to Internet manually. Internet connection will be inactive after it has been inactive for specified idle time. 1.
Page 81 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Internet Setup – 3G/4G WAN If the device connects to Internet through 3G/4G network, this section will help you to complete 3G/4G connection setup. Go to Basic Network > WAN & Uplink > Internet Setup tab. Configure 3G/4G WAN Setting When Edit button is applied, Internet Connection Configuration, 3G/4G WAN Configuration screens will appear. WAN‐2 interface is used in this example. 3G/4G Connection Configuration Item Value setting Description 3.
Page 82 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When SIM‐A only or SIM‐B only is selected, it will try to dial up only using the SIM card you selected. When Failback is checked, it means if the connection is dialed‐up not using the main SIM you selected, it will failback to the main SIM and try to establish the connection periodically. Note_1: In some AMIT’s products, only SIM‐A can be chose. Note_2: Failback is available only when SIM‐A First or SIM‐B First is selected. Configure SIM‐A / SIM‐B Card Here you can set configurations for the cellular connection according to your situation or requirement. Note_1: Configurations of SIM‐B Card follows the same rule of Configurations of SIM‐A Card, here we list SIM‐A as the example. Note_2: Both Connection with SIM‐A Card and Connection with SIM‐B Card will pop up only when the SIM‐A First or SIM‐B First is selected, otherwise it only pops out one of them. ...
Page 83 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3G/4G Connection Configuration Item Value setting Description Select Auto to register a network automatically, regardless of the network type. Select 2G Only to register the 2G network only. Select 2G Prefer to register the 2G network first if it is available. 1. A Must filled setting Select 3G only to register the 3G network only. Network Type 2. By default Auto is Select 3G Prefer to register the 3G network first if it is available. selected Select LTE only to register the LTE network only. Note_1: Options may be different due to the specification of the module. Select Auto to register a network automatically, regardless of the 1. A Must filled setting band. Band Selection 2. By default Auto is Select Manual to choose specific bands you want to appoint to. selected Note_1: USB 3G/4G doesn’t support this function. When Band Selection > Auto is selected, all bands are enabled and can’t be unchecked. ...
Page 84 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. address (IPv4 type) Server) setting. If it is not filled‐in, the server address is given by the carrier while dialing‐up. Enter the IP address to change the secondary DNS (Domain Name String format : IP Secondary DNS Server) setting. If it is not filled‐in, the server address is given by the address (IPv4 type) carrier while dialing‐up. Check the box to establish the connection even the registration status is roaming, not in home network. The box is unchecked Roaming by default Note_1: It may cost additional charges if the connection is under roaming. Create/Edit SIM‐A / SIM‐B APN Profile List You can add a new APN profile for the connection, or modify the content of the APN profile you added. It is available only when you select Dial‐Up Profile as APN Profile List. List all the APN profile you created, easily for you to check and modify. It is available only when you select Dial‐Up Profile as APN Profile List. When Add button is applied, an APN Profile Configuration screen will appear. 3G/4G Connection Configuration Item Value setting Description 1. By default Profile‐x Enter the profile name you want to describe for this profile. is listed Profile Name 2. String format : any text MCC String format : integer ...
Page 85 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Note_1: the MCC should be related to the MNC, this filed can’t be invalid value if MNC is filled‐in. Enter the MNC (Mobile Network Code) you want to use for this profile. MNC String format : integer Note_1: the MNC should be related to the MCC, this filed can’t be invalid value if MCC is filled‐in. APN String format : any text Enter the APN you want to use to establish the connection. String format : integer, Enter the Dial Number you want to use to establish the connection. Dial Number asterisk and number sign Account String format : any text Enter the Account you want to use for the authentication. Password String format : any text Enter the Password you want to use for the authentication. 1. A Must filled setting Enter the value for the dialing‐up order. The valid value is from 1 to 16. Priority 2. String format : It will start to dial up with the profile that assigned with the smallest integer number. The box is checked by Check the box to enable this profile. Profile default ...
Page 86 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3G/4G Connection Configuration Item Value setting Description When Auto‐reconnect (Always on) is selected, it means it will keep the connection on all the time. When Connect‐on‐demand is selected, it means the connection will be established only when detecting data traffic. By default Auto‐ When Connect Manually is selected, it means you need to click the Connection Control reconnect (Always on) Connect button to dial up the connection manually. Please go to is selected Status > Network Status for details. Note_1: This field is available only when Basic Network > WAN > Physical Interface > Operation Mode is selected to Always on. 1. A Must filled setting When (0) Always is selected, it means this WAN is under operation all Time Schedule 2. By default (0) the time. Once you have set other schedule rules, there will be other Always is selected options to select. Please go to System > Scheduling for details. 1. A Must filled setting Enter the MTU (Maximum Transmission Unit) you want to set the 2. By default 0 is filled‐ configuration. MTU in 3. String format : integer When Enable box is checked, it means the device will directly assign the WAN IP to the first connected local LAN client. ...
Page 87 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Check Timeout defines the timeout of each DNS query/ICMP.  Latency Threshold defines the tolerance threshold of responding time.  Fail Threshold specifies the detected disconnection before the router recognize the WAN link down status. Enter a number of detecting disconnection times to be the threshold before disconnection is acknowledged.  Target1 (DNS1 set by default) specifies the first target of sending DNS query/ICMP request.  DNS1: set the primary DNS to be the target.  DNS2: set the secondary DNS to be the target.  Gateway: set the Current gateway to be the target.  Other Host: enter an IP address to be the target.  Target2 (None set by default) specifies the second target of sending DNS query/ICMP request.  None: to disable Target2.  DNS1: set the primary DNS to be the target.  DNS2: set the secondary DNS to be the target.  Gateway: set the Current gateway to be the target. Other Host: enter an IP address to be the target. Select Auto to enable IGMP (Internet Group Management Protocol) By default Disable is ...
Page 88: Load Balance
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.1.5 Load Balance When there are more than one WAN interfaces, and when the bandwidth of one WAN connection is not enough for the traffic loads from the Intranet to the Internet, the gateway device needs the WAN load balance function to enlarge the total WAN bandwidth. The multi‐WAN "Load Balance" function provides three optional strategies: By Smart Weight, By Specific Weight, and By User Policy. Administrator can choose strategy based on his immediate need and environment consideration. When you choose "By Smart Weight" strategy, system will operate load balance function automatically ...
Page 89 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. ① Gateway DSLAM WAN‐1: ADSL ② WAN‐2: 3G/4G Cellular Network Intranet Following 2 tables list the parameter configuration for the above example diagram of load balance function. The ratio m:n in this example is 22:11. [Physical Interface]‐[Interface Configuration (WAN‐n)] , n=1,2 Configuration Path Interface Name WAN‐1 WAN‐2 ADSL 3G/4G Physical Interface Operation Mode Always on Always on 2Mbps / 22Mbps 1Mbps / 11Mbps Line Speed [Load Balance]‐[Configuration] Configuration Path ■ Enable Load Balance By Smart Weight Load Balance Strategy The steps of the Smart Weight algorithm are: Pre‐state: System takes the line speed settings of all WAN interfaces as the initial ratio between all WAN interfaces for load balance. ...
Page 90 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. By Specific Weight Load Balance Strategy However, when you choose "By Specific Weight" load balance strategy, there is a list of two parameter pairs that is used for the load balance strategy: WAN Interface & Weight (%). The line speed of each WAN interface serves as its default weight whose value is the ratio of its line speed to total line speed of all WAN interfaces. Certainly, administrator also can fine tune the weight list based on the default one. The gateway's traffic control process will operate routing adequately based on the dedicated weights on all WAN interfaces. ...
Page 91 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Always on Always on Operation Mode 2Mbps / 22Mbps 1Mbps / 11Mbps Line Speed [Load Balance]‐[Configuration] Configuration Path ■ Enable Load Balance By Priority Load Balance Strategy [Load Balance]‐[Priority Definition] Configuration Path WAN‐1 WAN‐2 WAN ID 67% Priority (%) By User Policy Load Balance Strategy Finally, when you choose "By User Policy" load balance strategy, there are two more configuration windows: "User Policy List" and "User Policy Configuration". "User Policy List" shows all your defined user policy entries, and the "User Policy Configuration" window will let you configure one user policy for routing dedicated packet flow via one WAN interface. They are shown in following diagrams. ① Google: ‐> WAN‐1 Yahoo: ‐> WAN‐2 Gateway DSLAM WAN‐1: ADSL ② Google WAN‐2: 3G/4G Yahoo Cellular Network ...
Page 92 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. other un‐specified packet flows will be routed by default via different WAN interfaces by "Smart Weight" load balance strategy. To meet the load balance requirement as in the above example diagram, administrator need configure the device based on following configuration table contents. [Physical Interface]‐[Interface Configuration (WAN‐n)] , n=1,2 Configuration Path Interface Name WAN‐1 WAN‐2 ADSL 3G/4G Physical Interface ...
Page 93 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Load Balance Setting The Load Balance function is used to manage balance bandwidth usage among multiple WAN . connections Go to Basic Network > WAN & Uplink > Load Balance Tab. The "Configuration" window is to enable the load balance function and specify the strategy. When you choose "By Smart Weight" strategy, system will operate load balance function automatically based on the embedded Smart Weight algorithm. However, when you choose "By Specific Weight" strategy, the further "Weight Definition" configuration window will let you define the ratio of transferred sessions ...
Page 94 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. clicking Save button. Weight Definition Item Value setting Description WAN ID NA The Identifier for each available WAN interface.. 1. A Must filled setting Enter the weight ratio for each WAN interface. 2. Set with bandwidth Initially, the bandwidth ratio of each WAN is set by default. Weight ratio of each WAN by Note: The sum of all weights can’t be greater than 100%. default. Save NA Click the Save button to save the configuration Click the Undo button to restore what you just configured back to the Undo NA previous setting. When By User Policy is selected, a User Policy List screen will appear. With properly configured your policy rules, system will route traffics through available WAN interface based on user defined rules Create User Policy ...
Page 95 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. User Policy Configuration Item Value setting Description There are four options can be selected : Any: No specific Source IP is provided. The traffic may come from any source 1. A Must filled setting Source IP Subnet: Specify the Subnet for the traffics come from the subnet. Input 2. Any is selected by Address format is : xxx.xxx.xxx.xxx/xx e.g. 192.168.123.0/24. default. IP Range: Specify the IP Range for the traffics come from the IPs Single IP: Specify a unique IP Address for the traffics come from the IP. Input format is : xxx.xxx.xxx.xxx e.g. 192.168.123.101. There are five options can be selected : Any: No specific destination IP is provided. The traffic may come to any destination. Subnet: Specify the Subnet for the traffics come to the subnet. Input 1. A Must filled setting Destination format is : xxx.xxx.xxx.xxx/xx e.g. 192.168.123.0/24. 2. Any is selected by IP Address IP Range: Specify the IP Range for the traffics come to the IPs default. Single IP: Specify a unique IP Address for the traffics come to the IP. Input format is : xxx.xxx.xxx.xxx e.g. 192.168.123.101. Domain Name: Specify the domain name for the traffics come to the domain There are four options can be selected : All: No specific destination port is provided. 1. A Must filled setting Destination Port Range: Specify the Destination Port Range for the traffics 2. All is selected by Port ...
Page 96: Lan & Vlan
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.3 LAN & VLAN This section provides a brief description of LAN and VLAN. It also explains how to create and modify virtual LANs which are more commonly known as VLANs. 3.3.1 Ethernet LAN The Local Area Network (LAN) can be used to share data or files among computers attached to a network. Following diagram illustrates the network that wired and interconnects computers. Please follow the following instructions to do IPv4 Ethernet LAN Setup. ...
Page 97 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. LAN IP Address: The local IP address of this device. The computer on your network must use the LAN IP address of this device as their Default Gateway. You can change it if necessary. It’s also the IP address of web UI. If you change it, you need to type new IP address in the browser to see web UI. Subnet Mask: Input your Subnet mask. Subnet mask defines how many clients are allowed in one network or subnet. The default subnet mask is 255.255.255.0 (/24), and it means maximum 254 IP addresses are allowed in this subnet. However, one of them is occupied by LAN IP address of this gateway, so there are maximum 253 clients allowed in LAN network. Hereafter are the available options for subnet mask. ...
Page 98: Vlan
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.3.3 VLAN This section provides a brief description of LAN and VLAN (Virtual LAN). It also explains how to create and modify virtual LANs which are more commonly known as VLANs.  Ethernet LAN The Local Area Network (LAN) can be used to share data or files among computers or devices attached to a network. Following diagram illustrates the network that wired and interconnects computers.  VLAN The VLAN is a logical network under a certain switch or router device to group lots of client hosts with a specific VLAN ID. This device supports both Port‐based VLAN and Tag‐based VLAN. In Port‐based VLAN, all client hosts belong to the same group by transferring data via some physical ports that are tagged with same VLAN ID in the device. The ports of a VLAN form an independent traffic domain in which the traffic generated by the nodes remains within the VLAN. However, in Tag‐based VLAN, all packets with same VLAN ID will be treated as the same group of them and own same access property and QoS property. It is especially useful when individuals of a VLAN group are located at ...
Page 99 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. configuration are available if you enable the Port‐based VLAN. There are some common VLAN scenarios for the device as follows:  Port‐based VLAN Port‐based VLAN function can group Ethernet ports, Port‐1 ~ Port‐4, and WiFi Virtual Access Points, VAP‐1 ~ VAP‐8, together for differentiated services like Internet surfing, multimedia enjoyment, VoIP talking, and so on. Two operation modes, NAT and Bridge, can be applied to each VLAN group. One DHCP server can be allocated for a NAT VLAN group to let group host member get its IP address. Thus, each host can surf Internet via the NAT mechanism of business access gateway. In bridge mode, ...
Page 100 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Above is the general case for 3 Ethernet LAN ports in the gateway. But if the device just has one Ethernet LAN port, there will be only one VLAN group for the device. Under such situation, it still supports both the NAT and Bridge mode for the Port‐based VLAN configuration.  Tag‐based VLAN Tag‐based VLAN function can group Ethernet ports, Port‐1 ~ Port‐4, and WiFi Virtual Access Points, VAP‐1 ~ VAP‐8, together with different VLAN tags for deploying subnets in Intranet. All packet flows ...
Page 101 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. For example, in a company, administrator schemes out 3 network segments, Lab, Meeting Rooms, and Office. In a Security VPN Gateway, administrator can configure Office segment with VLAN ID 12. The VLAN group is equipped with DHCP‐3 server to construct a 192.168.12.x subnet. He also configure Meeting Rooms segment with VLAN ID 11. The VLAN group is equipped with DHCP‐2 server to construct a 192.168.11.x subnet for Intranet only. That is, any client host in VLAN 11 group can’t access the Internet. At last, he configures Lab segment with VLAN ID 10. The VLAN group is equipped with DHCP‐1 server to construct a 192.168.10.x subnet. ...
Page 102 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  VLAN Groups Access Control Administrator can specify the Internet access permission for all VLAN groups. He can also configure which VLAN groups are allowed to communicate with each other. VLAN Group Internet Access Administrator can specify members of one VLAN group to be able to access Internet or not. Following is an example that VLAN groups of VID is 2 and 3 can access Internet but the one with VID is 1 cannot ...
Page 103 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Inter VLAN Group Routing: In Port‐based tagging, administrator can specify member hosts of one VLAN group to be able to communicate with the ones of another VLAN group or not. This is a communication pair, and one VLAN group can join many communication pairs. But communication pair doesn’t have the transitive property. That is, A can communicate with B, and B can communicate with C, it doesn’t imply that A can communicate with C. An example is shown at following diagram. VLAN groups of VID is 1 and 2 can access each other but the ones between VID 1 and VID 3 and between VID 2 and VID 3 can’t. ...
Page 104 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. VLAN Setting The VLAN function allows you to divide local network into different virtual LANs. There are Port‐ based and Tag‐based VLAN types. Select one that applies. Go to Basic Network > LAN & VLAN > VLAN Tab. Configuration Item Value setting Description VLAN Type Port‐based is selected by Select the VLAN type that you want to adopt for organizing you local default subnets. Port‐based: Port‐based VLAN allows you to add rule for each LAN port, and you can do advanced control with its VLAN ID. Tag‐based: Tag‐based VLAN allows you to add VLAN ID, and select member and DHCP Server for this VLAN ID. Go to Tag‐based VLAN List table. ...
Page 105 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Port‐based VLAN – Configuration Port‐based VLAN Configuration Item Value setting Description 1. A Must filled setting Define the Name of this rule. It has a default text and can not be modified. Name 2. String format: already have default texts VLAN ID A Must filled setting Define the VLAN ID number, range is 1~4094. The rule is activated according to VLAN ID and Port Members configuration when Enable is selected. Disable is selected by VLAN Tagging default. The rule is activated according Port Members configuration when Disable is selected. NAT / Bridge NAT is selected by default. Select NAT mode or Bridge mode for the rule. Port These box is unchecked by Select which LAN port(s) and VAP(s) that you want to add to the rule.
Page 106 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Members default. Note: The available member list can be different for the purchased product. Select which WAN or All WANs that allow accessing Internet. WAN & WAN All WANs is selected by Note: If Bridge mode is selected, you need to select a WAN and enter a VID to Join default. VID. LAN IP Assign an IP Address for the DHCP Server that the rule used, this IP A Must filled setting Address address is a gateway IP. 255.255.255.0(/24) is Select a Subnet Mask for the DHCP Server. Subnet Mask selected by default. Define the DHCP Server type. There are three types you can select: Server, Relay, and Disable. Relay: Select Relay to enable DHCP Relay function for the VLAN group, and DHCP Server Server is selected by you only need to fill the DHCP Server IP Address field. /Relay default. Server: Select Server to enable DHCP Server function for the VLAN group, and you need to specify the DHCP Server settings. Disable: Select Disable to disable the DHCP Server function for the VLAN group. DHCP Server If you select Relay type of DHCP Server, assign a DHCP Server IP Address IP Address ...
Page 107 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Besides, you can add some IP rules in the IP Fixed Mapping Rule List if DHCP Server for the VLAN groups is required. When Add button is applied, Mapping Rule Configuration screen will appear. Mapping Rule Configuration Item Value setting Description MAC Address A Must filled setting Define the MAC Address target that the DHCP Server wants to match. Define the IP Address that the DHCP Server will assign. If there is a request from the MAC Address filled in the above field, the IP Address A Must filled setting DHCP Server will assign this IP Address to the client whose MAC Address matched the rule. The box is unchecked by ...
Page 108 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Port‐based VLAN – Inter VLAN Group Routing Click VLAN Group Routing button, the VLAN Group Internet Access Definition and Inter VLAN Group Routing screen will appear. When Edit button is applied, a screen similar to this will appear. Inter VLAN Group Routing Item Value setting Description By default, all boxes are checked means all VLAN ID members are allow to VALN Group access WAN interface. Internet All boxes are checked by If uncheck a certain VLAN ID box, it means the VLAN ID member can’t Access default. access Internet anymore. Definition Note: VLAN ID 1 is available always, it is the default VLAN ID of LAN rule. The other VLAN IDs are available only when they are enabled. Click the expected VLAN IDs box to enable the Inter VLAN access function. Inter VLAN By default, members in different VLAN IDs can’t access each other. The The box is unchecked by Group gateway supports up to 4 rules for Inter VLAN Group Routing. default. Routing For example, if ID_1 and ID_2 are checked, it means members in VLAN ID_1 can access members of VLAN ID_2, and vice versa. Save N/A Click the Save button to save the configuration ...
Page 109 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Tag‐based VLAN – Create/Edit VLAN Rules The Tag‐based VLAN allows you to customize each LAN port according to VLAN ID. There is a default rule shows the configuration of all LAN ports and all VAPs. Also, if your device has a DMZ port, you will see DMZ configuration, too. The router supports up to a maximum of 128 tag‐based VLAN rule sets. When Add button is applied, Tag‐based VLAN Configuration screen will appear. Tag‐based VLAN Configuration Item Value setting Description VALN ID A Must filled setting Define the VLAN ID number, range is 6~4094. Internet The box is checked by Click Enable box to allow the members in the VLAN group access to Access default. internet. The box is unchecked by Check the LAN port box(es) to join the VLAN group. Port default. The box is unchecked by Check the VAP box(es) to join the VLAN group. VAP default. Note: Only the wireless gateway has the VAP list. Select a DHCP Server to these members of this VLAN group. ...
Page 110: Dhcp Server
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.3.7 DHCP Server  DHCP Server The gateway supports up to 4 DHCP servers to fulfill the DHCP requests from different VLAN groups (please refer to VLAN section for getting more usage details). And there is one default setting for whose LAN IP Address is the same one of gateway LAN interface, with its default Subnet Mask setting as “255.255.255.0”, and its default IP Pool ranges is from “.100” to “.200” as shown at the DHCP Server List page on gateway’s WEB UI. User can add more DHCP server configurations by clicking on the “Add” button behind “DHCP Server List”, or clicking on the “Edit” button at the end of each DHCP Server on list to edit its current ...
Page 111 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Fixed Mapping User can assign fixed IP address to map the specific client MAC address by select them then copy, when targets were already existed in the DHCP Client List, or to add some other Mapping Rules by manually in advance, once the target's MAC address was not ready to connect. ...
Page 112 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. DHCP Server Setting The DHCP Server setting allows user to create and customize DHCP Server policies to assign IP . Addresses to the devices on the local area network (LAN) Go to Basic Network > LAN & VLAN > DHCP Server Tab. Create/Edit DHCP Server Policy The router allows you to custom your DHCP Server Policy. It supports up to a maximum of 4 policy sets. When Add button is applied, DHCP Server Configuration screen will appear. ...
Page 113 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. DHCP Server Configuration Item Value setting Description 1. String format can be DHCP Server Enter a DHCP Server name. Enter a name that is easy for you to any text Name understand. 2. A Must filled setting LAN IP 1. IPv4 format. The LAN IP Address of this DHCP Server. Address 2. A Must filled setting 255.0.0.0 (/8) is set by Subnet Mask The Subnet Mask of this DHCP Server. default 1. IPv4 format. The IP Pool of this DHCP Server. It composed of Starting Address entered IP Pool 2. A Must filled setting in this field and Ending Address entered in this field. 1. Numberic string format. Lease Time The Lease Time of this DHCP Server. 2. A Must filled setting Domain String format can be any The Domain Name of this DHCP Server. Name text Primary DNS IPv4 format The Primary DNS of this DHCP Server. Secondary IPv4 format ...
Page 114 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Mapping Rule List on DHCP Server The router allows you to custom your Mapping Rule List on DHCP Server. It supports up to a maximum of 64 rule sets. When Fix Mapping button is applied, the Mapping Rule List screen will appear. When Add button is applied, Mapping Rule Configuration screen will appear. Mapping Rule Configuration Item Value setting Description 1. MAC Address string MAC Address format The MAC Address of this mapping rule. 2. A Must filled setting 1. IPv4 format. IP Address The IP Address of this mapping rule. 2. A Must filled setting Enabling the The box is unchecked by Click Enable box to activate this rule. Rule default. Save N/A Click the Save button to save the configuration Click the Undo button to restore what you just configured back to the Undo N/A previous setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. When the Back button is clicked the screen will return to the DHCP Server Back N/A Configuration page. ...
Page 115 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. View/Copy DHCP Client List When DHCP Client List button is applied, DHCP Client List screen will appear. When the DHCP Client is selected and Copy to Fixed Mapping button is applied. The IP and MAC address of DHCP Client will apply to the Mapping Rule List on specific DHCP Server automatically. Enable/Disable DHCP Server Options The DHCP Server Options setting allows user to set DHCP OPTIONS 66, 72, or 114. Click the Enable button to activate the DHCP option function, and the DHCP Server will add the expected options in ...
Page 116 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. DHCP Server Option Configuration Item Value setting Description 1. String format can be Enter a DHCP Server Option name. Enter a name that is easy for you to Option Name any text understand. 2. A Must filled setting DHCP Server Dropdown list of all Choose the DHCP server this option should apply to. Select available DHCP servers. Dropdown list 66 ‐ tftp ...
Page 117 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 114 Single URL URL format The box is unchecked by Enable Click Enable box to activate this setting. default. Save NA Click the Save button to save the setting. When the Undo button is clicked the screen will return back with nothing Undo NA changed. ...
Page 118: Wifi
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.5 WiFi The device may provide WiFi interface for mobile devices or BYOD devices to connect for Internet accessing. The WiFi system in the device complies with 802.11ac/11n/11g/11b standard in 2.4GHz single band or 2.4G/5GHz concurrent dual bands of operation. There are several wireless operation modes provided by this device. They are: “AP Router Mode”, “WDS Only Mode”, “WDS Hybrid Mode”, “Universal Repeater Mode”, “AP Only Mode” and “Client Mode”. You can choose the expected mode from the wireless operation mode list. However, not all operation modes are supported in the purchased device, For wireless gateway products, "AP Router", "WDS Only", and ...
Page 119 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  WDS Only Mode & WDS Hybrid Mode WDS (Wireless Distributed System) Only mode drives a wireless gateway to be a WiFi repeater for its wired Intranet. But WDS Hybrid mode drives it act as an access point for its WiFi Intranet and a WiFi repeater for its wired and WiFi Intranets at the same time. Users can thus use the features to build up a large wireless network in a large space like airports, hotels and schools …etc. While acting as a wireless bridge, multiple wireless gateways running at "WDS Only" or "WDS Hybrid" mode link together so that they can communicate with each other through wireless interface (with WDS). Thus all client hosts in their wired Intranets or WiFi Intranets can also communicate each other in the scenario. Following diagram illustrates that there are two remote wireless gateways running at "WDS Only" operation mode. They both use channel 3 to link to the local Wireless Gateway 1 through WDS approach, but the local gateway is running at "WDS Hybrid" mode and has an Internet connection. And ...
Page 120 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. and NAT. However, the gateway at "WDS Hybrid" mode joins in a WDS link network, provides DHCP servers for IP assigning and executes NAT function for Internet accessing.  Universal Repeater Mode An Access Point uses the WiFi interface to associate and link to a Wireless Gateway, so that the WiFi networks nearby the access point can link to the wireless gateway through the WiFi connection by using same SSID in whole path. The Access Point is running at "Universal Repeater" mode. Following diagram illustrates that there are two remote access points running at "Universal Repeater" operation mode, they are the Access Point 2 and the Access Point 3. They both serve as the access point for their respective "WiFi Network" behind them, but also serve as the WiFi client and try to link to the Wireless Gateway 1, the WiFi server, by using WiFi system. However, the Wireless Gateway is running at "AP Router" mode and has an Internet connection. So, the remote WiFi networks ...
Page 121 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. gateway without embedded DHCP server and NAT. However, the wireless gateway at "AP Router" mode accepts the association and linking requests from some access points to establish WiFi links for linking them all together. It also provides DHCP servers for IP assigning and executes NAT function for Internet accessing.  AP Only Mode An Access Point uses an uplink Ethernet interface to link to an external Gateway, and uses the WiFi interface to serve as an access point for the "WiFi Network" behind it. It also accept the association and linking requests from remote access points so that the WiFi networks nearby these remote access points can link to the local access point through the WiFi connection by using same SSID in whole path. The local access point is running at "AP Only" mode. Following diagram illustrates that there are two remote access points running at "Universal Repeater" operation mode, they are the Access Point 2 and the Access Point 3. They both serve as the ...
Page 122 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Internet through the Access Point 1 since those remote access points have linked to the local access point. Please be noted that the access points running at "Universal Repeater" mode will disable any DHCP server by default, so the client hosts under the access points will request their IP address from the external Gateway that has at least one DHCP server working. Besides, the external Gateway also execute ...
Page 123 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. ...
Page 124: Wifi Configuration
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.5.1 WiFi Configuration The Wi‐Fi configuration allows user to configure 2.4G or 5G Wi‐Fi setting, such as SSID or pre‐ shared key. Go to Basic Network > WiFi > WiFi Module One Tab. If the gateway is equipped with two WiFi module, there will be another WiFi Module Two. You can do the similar configurations on both WiFi modules. Basic Configuration Basic Configuration Item Value setting Description Specify the intended operation band for the WiFi module. Basically, this setting is fixed and cannot be changed once the module is integrated into the gaye product. However, there are some module with Operation Band A Must filled setting selectable band for user to choose according to his network environment. Under such situation, you can specify which operation band is suitable for the application. Press 2.4G or 5G button will lead user to Wi‐Fi Protected Setup page. WPS N/A Refer to the next sub‐section Wi‐Fi Protected Setup for more details. When WPS Setup button is clicked, a screen similar to this will appear Wi‐Fi Protected Setup Item Value setting Description ...
Page 125 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The box is checked Check the Enable box to activate WPS function. WPS by default. The configuration status of AP is displayed here. Press Set/Release button to change the configuration status.  UNCONFIGURED Configuration It means the AP settings is not configured by WPS. The status will N/A Status change to CONFIGURED after WPS.  CONFIGURED It means the AP settings has been configured by WPS. Select WPS configuration mode from Registrar or Enrollee. When Registrar is selected It means the AP will play a role of Registrar in WPS process.  Allowed STA PIN Code Enter the PIN code which client given.  Press Save button to save the current configuration. ...
Page 126 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Configuring Wi‐Fi Settings Item Value setting Description The box is checked by Check the Enable box to activate Wi‐Fi function. WiFi Module default Specify the WiFi Operation Mode accroding to your application. Go to the following table for AP Router Mode, WDS Only Mode, WDS WiFi Operation Hybrid Mode, Universal Repeater Mode, AP Only Mode, and CLient Mode Mode settings. The available operation modes are depend on the product specification. In the following, the specific configuration description for each WiFi operation mode is given. AP Router Mode For the AP Router mode, the device not only supports stations connection but also the router function. The WAN port and the NAT function are enabled. AP Router Mode Item Value setting Description The box is unchecked Check the Enable box to activate Green AP function. Green AP by default. Check the Enable box to activate this function. The box is checked by ...
Page 127 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Max. STA Limit the maximum number of client station. Check this box and enter a limitation. The box is unchecked (unlimited) by default. Apply a specific Time Schedule to this rule, otherwise leave it as (0) Always. Time Schedule A Must filled setting If the dropdown list is empty ensure Time Schedule is pre‐configured. Refer to Object Definition > Scheduling > Configuration tab. Enter the SSID for the VAP, and decide whether to broadcast the SSID or 1. String format : Any not. Network ID text The SSID is used for identifying from another AP, and client stations will (SSID) 2. The box is checked associate with AP according to SSID. If the broadcast SSID option is by default. enabled, it means the SSID will be broadcasted, and the stations can associate with this device by scanning SSID. Check the Enable box to activate this function. The box is checked by STA Isolation By default, the box is checked, it means that stations which associated to default. the same VAP cannot communicate with each other. Select a radio channel for the VAP. Each channel is corresponding to different radio band. The permissible channels depend on the Regulatory Domain. There are two available options when Auto is selected: 1. A Must filled setting.  By AP Numbers Channel ...
Page 128 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. RADIUS Shared Key When WPA or WPA2 is selected They are implementation of IEEE 802.11i. WPA only had implemented part of IEEE 802.11i, but owns the better compatibility. WPA2 had fully implemented 802.11i standard, and owns the highest security.  RADIUS Server The client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key When WPA / WPA2 is selected It owns the same setting as WPA or WPA2. The client stations can associate with this device via WPA or WPA2. When WPA‐PSK or WPA2‐PSK is selected It owns the same encryption system as WPA or WPA2. The authentication uses pre‐shared key instead of RADIUS server. When WPA‐PSK / WPA2‐PSK is selected It owns the same setting as WPA‐PSK or WPA2‐PSK. The client stations can associate with this device via WPA‐PSK or WPA2‐PSK. Select a suitable encryption method and enter the required key(s). The available method in the dropdown list depends on the Authentication you selected. None It means that the device is open system without encrypting. WEP Up to 4 WEP keys can be set, and you have to select one as current key. The key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. ...
Page 129 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. For the WDS Only mode, the device only bridges the connected wired clients to another WDS‐enabled Wi‐Fi device which the device associated with. That is, it also means the no wireless clients stat can connect to this device while WDS Only Mode is selected. WDS Only Mode Item Value setting Description The box is Check the Enable box to activate Green AP function. Green AP unchecked by default. Select a radio channel for the VAP. Each channel is corresponding to different radio band. The permissible channels depend on the Regulatory Domain. 1. A Must filled There are two available options when Auto is selected: ...
Page 130 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The check box named 802.1x shows up next to the dropdown list.  802.1x (The box is unchecked by default) When 802.1x is enabled, it means the client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key When WPA‐PSK is selected It owns the same encryption system as WPA. The authentication uses pre‐shared key instead of RADIUS server. When WPA2‐PSK is selected It owns the same encryption system as WPA2. The authentication uses pre‐shared key instead of RADIUS server. Select a suitable encryption method and enter the required key(s). The available method in the dropdown list depends on the Authentication you selected. None It means that the device is open system without encrypting. WEP Up to 4 WEP keys can be set, and you have to select one as current key. The key type can set to HEX or ASCII. 1. A Must filled If HEX is selected, the key should consist of (0 to 9) and (A to F). setting. Encryption If ASCII is selected, the key should consist of ASCII table. 2. None is selected TKIP be default. TKIP was proposed instead of WEP without upgrading hardware. Enter a Preshared Key for it. The length of key is from 8 to 63 characters. AES The newest encryption system in WiFi, it also designed for the fast 802.11n high bitrates schemes. Enter a Preshared Key for it. The length of key is from 8 to 63 characters. You are recommended to use AES encryption instead of any others for ...
Page 131 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. WDS Hybrid Mode Item Value setting Description Check the Enable box to activate this function. The box is checked by With the function been enabled, the device can auto‐learn WDS peers Lazy Mode default. without manually entering other AP’s MAC address. But at least one of the APs has to fill remote AP MAC addresses. The box is unchecked Check the Enable box to activate Green AP function. Green AP by default. Check the Enable box to activate this function. The box is checked by VAP Isolation By default, the box is checked, it means that stations which associated to default. different VAPs cannot communicate with each other.  Multiple AP Names (VAP) It means multiple SSID feature and the device support up to 8 virtual SSIDs. Select one of VAP to configure its setting at a time. 1. A Must filled setting  Multiple AP Enable 2. VAP1 and VAP8 are Names Check the enable box to activate the selected VAP. ...
Page 132 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. default. By default, the box is checked, it means that stations which associated to the same VAP cannot communicate with each other. Select a radio channel for the VAP. Each channel is corresponding to different radio band. The permissible channels depend on the Regulatory Domain. There are two available options when Auto is selected: 1. A Must filled setting.  By AP Numbers Channel 2. Auto is selected be The channel will be selected according to AP numbers (The less, the default. better).  By Less Interference The channel will be selected according to interference. (The lower, the better). Specify the preferred WiFi System. The dropdown list of Wi‐Fi system is based on IEEE 802.11 standard. WiFi System A Must filled setting  2.4G Wi‐Fi can select b, g and n only or mixed with each other.  5G Wi‐Fi can select a, n and ac only or mixed with each other. For security, there are several authentication methods supported. Client stations should provide the key when associate with this device. When Open is selected The check box named 802.1x shows up next to the dropdown list.  802.1x (The box is unchecked by default) When 802.1x is enabled, it means the client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) ...
Page 133 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. TKIP TKIP was proposed instead of WEP without upgrading hardware. Enter a Preshared Key for it. The length of key is from 8 to 63 characters. AES The newest encryption system in WiFi, it also designed for the fast 802.11n high bitrates schemes. Enter a Preshared Key for it. The length of key is from 8 to 63 characters. You are recommended to use AES encryption instead of any others for security. Save N/A Click the Save button to save the current configuration. Click the Undo button to restore configuration to previous setting before Undo N/A saving. Apply N/A Click the Apply button to apply the saved configuration. Universal Repeater Mode Universal Repeater is a technology used to extend wireless coverage. For the Universal Repeater mode, all the accociated stations within the coverage of this device can be bridged to the Root AP. Universal Repeater Mode Item Value setting Description The box is unchecked ...
Page 134 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. default. By default, the box is checked, it means that stations which associated to the same VAP cannot communicate with each other. Select a radio channel for the VAP. Each channel is corresponding to different radio band. The permissible channels depend on the Regulatory Domain. There are two available options when Auto is selected: 1. A Must filled setting.  By AP Numbers Channel 2. Auto is selected be The channel will be selected according to AP numbers (The less, the default. better).  By Less Interference The channel will be selected according to interference. (The lower, the better). For security, there are several authentication methods supported. Client stations should provide the key when associate with this device. When Open is selected The check box named 802.1x shows up next to the dropdown list.  802.1x (The box is unchecked by default) When 802.1x is enabled, it means the client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key When Shared is selected The preshared WEP key should be set for authenticating. When Auto is selected The device will select Open or Shared by requesting of client automatically. ...
Page 135 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. It owns the same setting as WPA‐PSK or WPA2‐PSK. The client stations can associate with this device via WPA‐PSK or WPA2‐PSK. Select a suitable encryption method and enter the required key(s). The available method in the dropdown list depends on the Authentication you selected. None It means that the device is open system without encrypting. WEP Up to 4 WEP keys can be set, and you have to select one as current key. The key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. 1. A Must filled setting. TKIP Encryption 2. None is selected be TKIP was proposed instead of WEP without upgrading hardware. Enter a default. Preshared Key for it. The length of key is from 8 to 63 characters. AES The newest encryption system in WiFi, it also designed for the fast 802.11n high bitrates schemes. Enter a Preshared Key for it. The length of key is from 8 to 63 characters. You are recommended to use AES encryption instead of any others for security. TKIP / AES TKIP / AES mixed mode. It means that the client stations can associate with this device via TKIP or AES. Enter a Preshared Key for it. The length of key is from 8 to 63 characters. Save N/A Click the Save button to save the current configuration. Click the Undo button to restore configuration to previous setting before Undo ...
Page 136 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. enter a limitation. The box is unchecked (unlimited) by default. Apply a specific Time Schedule to this rule, otherwise leave it as (0) Always. Time Schedule A Must filled setting If the dropdown list is empty ensure Time Schedule is pre‐configured. Refer to Object Definition > Scheduling > Configuration tab. Enter the SSID for the VAP, and decide whether to broadcast the SSID or 1. String format : Any not. Network ID text The SSID is used for identifying from another AP, and client stations will (SSID) 2. The box is checked associate with AP according to SSID. If the broadcast SSID option is by default. enabled, it means the SSID will be broadcasted, and the stations can associate with this device by scanning SSID. Check the Enable box to activate this function. The box is checked by STA Isolation By default, the box is checked, it means that stations which associated to default. the same VAP cannot communicate with each other. Select a radio channel for the VAP. Each channel is corresponding to different radio band. The permissible channels depend on the Regulatory Domain. There are two available options when Auto is selected: 1. A Must filled setting.  By AP Numbers Channel ...
Page 137 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. They are implementation of IEEE 802.11i. WPA only had implemented part of IEEE 802.11i, but owns the better compatibility. WPA2 had fully implemented 802.11i standard, and owns the highest security.  RADIUS Server The client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key When WPA / WPA2 is selected It owns the same setting as WPA or WPA2. The client stations can associate with this device via WPA or WPA2. When WPA‐PSK or WPA2‐PSK is selected It owns the same encryption system as WPA or WPA2. The authentication uses pre‐shared key instead of RADIUS server. When WPA‐PSK / WPA2‐PSK is selected It owns the same setting as WPA‐PSK or WPA2‐PSK. The client stations can associate with this device via WPA‐PSK or WPA2‐PSK. Select a suitable encryption method and enter the required key(s). The available method in the dropdown list depends on the Authentication you selected. None It means that the device is open system without encrypting. WEP Up to 4 WEP keys can be set, and you have to select one as current key. The key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. 1. A Must filled setting. TKIP Encryption ...
Page 138: Wireless Client List
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.5.3 Wireless Client List The Wireless Client List page shows the information of wireless clients which are associated with this device. Go to Basic Network > WiFi > Wireless Client List Tab. Select Target WiFi Target Configuration Item Value setting Description Select the WiFi module to check the information of connected clients. Module Select A Must filled setting. For those single WiFi module products, this option is hidden. Specify the intended operation band for the WiFi module. Basically, this setting is fixed and cannot be changed once the module is integrated into the gaye product. However, there are some module with Operation Band A Must filled setting. selectable band for user to choose according to his network environment. Under such situation, you can specify which operation band is suitable for the application. 1. A Must filled Specify the VAP to show the associated clients information in the following Client ...
Page 139 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. MAC Address N/A It shows the MAC address of client. It shows what kind of Wi‐Fi system the client used to associate with this Mode N/A device. Rate N/A It shows the data rate between client and this device. RSSI0, RSSI1 N/A It shows the RX sensitivity (RSSI) value for each radio path. Signal N/A The signal strength between client and this device. Interface N/A It shows the VAP ID that the client associated with. Refresh N/A Click the Refresh button to update the Client List immediately. ...
Page 140: Advanced Configuration
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.5.7 Advanced Configuration This device provides advanced wireless configuration for professional user to optimize the wireless performance under the specific installation environment. Please note that if you are not familiar with the WiFi technology, just leave the advanced configuration with its default values, or the connectivity and performance may get worse with improper settings. Go to Basic Network > WiFi > Advanced Configuration Tab. Select Target WiFi Target Configuration Item Value setting Description Select the WiFi module to check the information of connected clients.
Page 141 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Advanced Configuration Item Value setting Description The default setting is It limits the available radio channel of this device. Regulatory Domain according to where The permissible channels depend on the Regulatory Domain. the product sale to It shows the time interval between each beacon packet broadcasted. Beacon Interval 100 The beacon packet contains SSID, Channel ID and Security setting. A DTIM (Delivery Traffic Indication Message) is a countdown informing clients of the next window for listening to broadcast message. When the DTIM Interval 3 device has buffered broadcast message for associated client, it sends the next DTIM with a DTIM value. RTS (Request to send) Threshold means when the packet size is over the setting value, then active RTS technique. RTS Threshold 2347 RTS/CTS is a collision avoidance technique. It means RTS never activated when the threshold is set to 2347. Wireless frames can be divided into smaller units (fragments) to improve Fragmentation 2346 performance in the presence of RF interference at the limits of RF coverage. The box is checked WMM (Wi‐Fi Multimedia) can help control latency and jitter when WMM by default transmitting multimedia content over a wireless connection. ...
Page 142 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. unchecked by the client to 5G Wi‐Fi automatically if the client is available on accessing default this 5G Wi‐Fi band. This option is only available on the module that supports 5GHz band. The box is The WIDS (Wireless Intrusion Detection System) will analyze all the WIDS unchecked by packet and make a statistic table in Wi‐Fi status. default Go to Status > Basic Network > WiFi tab for detailed WIDS status. Save N/A Click the Save button to save the current configuration. Click the Undo button to restore configuration to previous setting before Undo N/A saving. ...
Page 143: Ipv6
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.7 IPv6 The growth of the Internet has created a need for more addresses than are possible with IPv4. IPv6 (Internet Protocol version 6) is a version of the Internet Protocol (IP) intended to succeed IPv4, which is the protocol currently used to direct almost all Internet traffic. IPv6 also implements additional features not present in IPv4. It simplifies aspects of address assignment (stateless address auto‐configuration), network renumbering and router announcements when changing Internet connectivity providers. This gateway supports various types of IPv6 connection (Static IPv6 / DHCPv6 / PPPoEv6 / 6to4 / 6in4). Please contact your ISP the type of IPv6 is supported before you proceed with IPv6 setup. Static IPv6 Static IPv6 does the same function as static IPv4. The static IPv6 provides manual setting of IPv6 address, IPv6 default gateway address, and IPv6 DNS. Above diagram depicts the IPv6 IP addressing, type in the information provided by your ISP to setup the IPv6 network. ...
Page 144 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Above diagram depicts DHCP IPv6 IP addressing, the DHCPv6 server on the ISP side assigns IPv6 address, IPv6 default gateway address, and IPv6 DNS to client host’s automatically. PPPoEv6 PPPoEv6 in IPv6 does the same function as PPPoE in IPv4. The PPPoEv6 server provides configuration parameters based on PPPoEv6 client request. When PPPoEv6 server gets client request and successfully authenticates it, the server sends IP address, DNS server addresses and other required ...
Page 145 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The diagram above depicts the IPv6 addressing through PPPoE, PPPoEv6 server (DSLAM) on the ISP side provides IPv6 configuration upon receiving PPPoEv6 client request. When PPPoEv6 server gets client request and successfully authenticates it, the server sends IP address, DNS server addresses and other required parameters to automatically configure the client. 6to4 6to4 is one mechanism to establish automatic IPv6 in IPv4 tunnels and to enable complete IPv6 sites communication. The only thing a 6to4 user needs is a global IPv4 address. 6to4 may be used by an individual host, or by a local IPv6 network. When used by a host, it must have a global IPv4 address connected, and the host is responsible for encapsulation of outgoing IPv6 packets and decapsulation of incoming 6to4 packets. If the host is configured to forward packets for other clients, often a local network, it is then a router. ...
Page 146 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In above diagram, the 6in4 usually needs to register to a 6in4 tunnel service, known as Tunnel Broker, in order to use. It also need end point global IPv4 address as 114.39.16.49 to complete 6in4 setting. ...
Page 147: Ipv6 Configuration
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.7.1 IPv6 Configuration The IPv6 Configuration setting allows user to set the IPv6 connection type to access the IPv6 network. Go to Basic Network > IPv6 > Configuration Tab. IPv6 Configuration Item Value setting Description The box is unchecked IPv6 Check the Enable box to activate the IPv6 function. by default, Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity. 1. Only can be Select Static IPv6 when your ISP provides you with a set IPv6 addresses. selected when IPv6 WAN Connection Then go to Static IPv6 WAN Type Configuration. Enable Type Select DHCPv6 when your ISP provides you with DHCPv6 services. 2. A Must filled Select PPPoEv6 when your ISP provides you with PPPoEv6 account setting settings. Select 6to4 when you want to user IPv6 connection over IPv4. Select 6in4 when you want to user IPv6 connection over IPv4. ...
Page 148 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Static IPv6 WAN Type Configuration Static IPv6 WAN Type Configuration Item Value setting Description IPv6 Address A Must filled setting Enter the WAN IPv6 Address for the router. Subnet Prefix A Must filled setting Enter the WAN Subnet Prefix Length for the router. Length Default Gateway A Must filled setting Enter the WAN Default Gateway IPv6 address. Primary DNS An optional setting Enter the WAN primary DNS Server. Secondary DNS An optional setting Enter the WAN secondary DNS Server. The box is unchecked MLD Snooping Enable/Disable the MLD Snooping function by default LAN Configuration LAN Configuration Item Value setting Description Global Address ...
Page 149 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. DHCPv6 WAN Type Configuration DHCPv6 WAN Type Configuration Item Value setting Description The option [From Select the [Specific DNS] option to active Primary DNS and Secondary DNS. DNS Server] is selected by Then fill the DNS information. default Can not modified by Primary DNS Enter the WAN primary DNS Server. default Can not modified by Secondary DNS Enter the WAN secondary DNS Server. default The box is unchecked MLD Enable/Disable the MLD Snooping function by default LAN Configuration LAN Configuration Item Value setting Description Global Address Value auto‐created ...
Page 150 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPPoEv6 WAN Type Configuration PPPoEv6 WAN Type Configuration Item Value setting Description Enter the Account for setting up PPPoEv6 connection. If you want more Account A Must filled setting information, please contact your ISP. Enter the Password for setting up PPPoEv6 connection. If you want more Password A Must filled setting information, please contact your ISP. A Must filled Enter the Service Name for setting up PPPoEv6 connection. If you want Service Name setting/Option more information, please contact your ISP. Connection Fixed value The value is Auto‐reconnect(Always on). Control Enter the MTU for setting up PPPoEv6 connection. If you want more MTU A Must filled setting information, please contact your ISP. The box is unchecked MLD Snooping Enable/Disable the MLD Snooping function by default LAN Configuration LAN Configuration Item Value setting ...
Page 151 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 6to4 WAN Type Configuration 6to4 WAN Type Configuration Item Value setting Description 6to4 Address Value auto‐created IPv6 address for access the IPv6 network. Primary DNS An optional setting Enter the WAN primary DNS Server. Secondary DNS An optional setting Enter the WAN secondary DNS Server. The box is unchecked MLD Enable/Disable the MLD Snooping function by default LAN Configuration LAN Configuration Item Value setting Description Global Address An optional setting Enter the LAN IPv6 Address for the router. Link‐local Address Value auto‐created Show the link‐local address for LAN interface of router. Then go to Address Auto‐configuration (summary) for setting LAN environment. ...
Page 152 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 6in4 WAN Type Configuration Please go to find IPv6 tunnel brokers to establish 6in4 tunnel. (You can find List of IPv6 tunnel brokers that support 6in4 service from wiki.) Then enter the Local IPv4 address of router into Client IPv4 Address field in IPv6 tunnel broker setting page. 6in4 WAN Type Configuration Item Value setting Description Remote IPv4 A Must filled setting Filled Server IPv4 Address gotten from tunnel broker in this field. Address Local IPv4 Address Value auto‐created IPv4 address of this router. Local IPv6 Address A Must filled setting Filled Client IPv6 Address gotten from tunnel broker in this field. Primary DNS An optional setting Enter the WAN primary DNS Server. Secondary DNS An optional setting Enter the WAN secondary DNS Server. The box is unchecked MLD Enable/Disable the MLD Snooping function by default LAN Configuration ...
Page 153 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Then go to Address Auto‐configuration (summary) for setting LAN environment. If above setting is configured, click the save button to save the configuration and click reboot button to reboot the router. Address Auto‐configuration Address Auto‐configuration Item Value setting Description The box is unchecked Auto‐configuration Check to enable the Auto configuration feature. by default Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity. Select Stateless to manage the Local Area Network to be SLAAC + RDNSS Router Advertisement Lifetime (A Must filled setting): Enter the Router 1. Only can be Advertisement Lifetime (in seconds). 200 is setted by default. selected when Auto‐ Select Stateful to manage the Local Area Network to be Stateful (DHCPv6). Auto‐configuration configuration IPv6 Address Range (Start) (A Must filled setting) : Enter the start IPv6 Type enabled Address for the DHCPv6 range for your local computers. 0100 is setted by 2. Stateless is default. selected by default IPv6 Address Range (End) (A Must filled setting): Enter the end IPv6 Address for the DHCPv6 range for your local computers. 0200 is setted by default. IPv6 Address Lifetime (A Must filled setting) : Enter the DHCPv6 lifetime ...
Page 154: Port Forwarding
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.9 Port Forwarding Network address translation (NAT) is a methodology of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. The technique was originally used for ease of rerouting traffic in IP networks without renumbering every host. It has become a popular and essential tool in conserving global address space allocations in face of IPv4 address exhaustion. The product you purchased embeds and activates the NAT function. You also can disable the NAT function in [Basic Network]‐[WAN & Uplink]‐[Internet Setup]‐[WAN Type Configuration] page. In addition to native NAT function, you can also configure further NAT related functions in the Port ...
Page 155 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Without the need of reconfigure their PC each time, the employee from inside or outside the office can access enterprise servers. So network administrator must activate the "NAT Loopback" feature to do that. Scenario Description Local user can access mail server by FQDN or global IP when NAT loop back is enable. Global user can access mail server only when mail server is set as virtual server of the gateway. Parameter Setup Example Following 2 tables list the parameter configuration as an example for above diagram of gateway with "NAT Loopback" feature activated. Use default value for those parameters that are not mentioned in these tables. [Configuration]‐[NAT Loopback] Configuration Path ■ Enable NAT Loopback ...
Page 156 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Virtual Server & Virtual Computer]‐[Virtual Server List] Configuration Path ID 25 (SMTP) 110 (POP3) Public Port 10.0.75.101 10.0.75.101 Server IP 25 (SMTP) 110 (POP3) Private Port ■ Enable ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A, and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a NAT router. ...
Page 157 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Configuration Setting Go to Basic Network > Port Forwarding > Configuration tab. The NAT Loopback allows user to access the WAN IP address from inside your local network. Enable NAT Loopback Configuration Item Value setting Description The box is checked by NAT Loopback Check the Enable box to activate this NAT function default Save N/A Click the Save button to save the settings. Undo N/A Click Undo to cancel the settings ...
Page 158: Virtual Server & Virtual Computer
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.9.3 Virtual Server & Virtual Computer Virtual server is another name for port forwarding used by some routers. In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway (external network), by remapping the destination IP address and port number of the communication to an internal host. Port forwarding allows remote computers (a computers on the Internet) to connect to a specific computer or service within a private local‐area network (LAN). So you can deploy some servers in your Intranet with the firewall protection by your gateway. This device’s NAT firewall filters out unrecognized packets to protect your Intranet, so all hosts behind this device gateway are invisible to the outside world. If you wish, you can make some of them accessible by enabling the Virtual Server Mapping. ...
Page 159 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Virtual Server "Virtual Server" feature allows you to define some servers with the global IP address or FQDN of the gateway as if they are servers existed in the Internet. But in fact, these servers are located in the Intranet and are physically behind the gateway. The gateway serves the service requests by port forwarding the requests to the LAN servers and transfers the replies from LAN servers to the requester on the WAN side. For example, if you set an E‐mail server on the LAN side with IP address 10.0.75.101, a remote user can access the gateway for E‐mail service if you defined a virtual E‐mail server for the gateway by using the real E‐mail server on the LAN side, as shown in scenario ② in following diagram. Scenario Application Timing Set up some application servers in the Intranet of deployed network for services and are protected by the gateway firewall. In a way that the gateway appears to be the physical server to the remote users, while the real server is, in reality, operating and providing service at the LAN side behind the ...
Page 160 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The gateway executes port forwarding transferring the E‐mail service requests to the LAN servers and sends the replies from LAN servers to the requester. The E‐mail server at LAN side is the server for E‐mail service. Parameter Setup Example Following table list the parameter configuration as an example for scenario ② in above diagram. Please be noted that the E‐mail service includes SMTP and POP3 service ports. Use default value for those parameters that are not mentioned in the table. [Virtual Server & Virtual Computer]‐[Virtual Server List] Configuration Path ID 25 (SMTP) 110 (POP3) Public Port 10.0.75.101 10.0.75.101 Server IP 25 (SMTP) 110 (POP3) Private Port ■ Enable ■ Enable Rule ...
Page 161 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing To setup some hosts in the Intranet of deployed networking to be visible to outside world but also be protected by the NAT gateway firewall, use the "Virtual Computer" feature in the gateway to implement the application scenario. Scenario Description A LAN host is assigned with a global IP address to be visible to outside world. The host has an embedded FTP file server and is protected by the gateway firewall. ...
Page 162 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. ID 118.18.81.44 Global IP 10.0.75.102 Local IP ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a NAT router. A LAN host with private IP address 10.0.75.102 has an embedded FTP file server in it. The host is expected ...
Page 163 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Virtual Server & Virtual Computer Setting Go to Basic Network > Port Forwarding > Virtual Server & Virtual Computer tab. Enable Virtual Server and Virtual Computer Configuration Item Value setting Description The box is unchecked by Virtual Server Check the Enable box to activate this port forwarding function default The box is checked by Virtual Computer Check the Enable box to activate this port forwarding function default Save N/A Click the Save button to save the settings. Undo N/A Click Undo to cancel the settings. Create/Edit Virtual Server The router allows you to custom your Virtual Server rules. The router supports up to a maximum of 20 rule‐based Virtual Server sets. When Add button is applied, Virtual Server Rule Configuration screen will appear. ...
Page 164 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Virtual Server Rule Configuration Item Value setting Description Define the selected interface to be the packet‐entering interface of the router. 1. A Must filled setting 2. If the packets to be filtered are coming from WAN‐x then select WAN‐x for WAN Interface Default is ALL. this field. Select ALL for packets coming into the router from any interfaces. It can be selected WAN‐x box when WAN‐x enabled. This field is to specify the IP address of the interface selected in the WAN Server IP A Must filled setting Interface setting above. When “ICMPv4” is selected It means the option “Protocol” of packet filter rule is ICMPv4. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under Object Definition) Then check Enable box to enable this rule. When “TCP” is selected It means the option “Protocol” of packet filter rule is TCP. Public Port selected a predefined port from Well‐known Service, and Private Port is the same with Public Port number. Public Port is selected Single Port and specify a port number, and Private Protocol A Must filled setting Port can be set a Single Port number. Public Port is selected Port Range and specify a port range, and Private Port can be selected Single Port or Port Range. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under Object Definition) Then check Enable box to enable this rule. When “UDP” is selected It means the option “Protocol” of packet filter rule is UDP. Public Port selected a predefined port from Well‐known Service, and ...
Page 165 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Port can be set a Single Port number. Public Port is selected Port Range and specify a port range, and Private Port can be selected Single Port or Port Range. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under Object Definition) Then check Enable box to enable this rule. When “TCP & UDP” is selected It means the option “Protocol” of packet filter rule is TCP and UDP. Public Port selected a predefined port from Well‐known Service, and Private Port is the same with Public Port number. Public Port is selected Single Port and specify a port number, and Private Port can be set a Single Port number. Public Port is selected Port Range and specify a port range, and Private Port can be selected Single Port or Port Range. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under Object Definition) Then check Enable box to enable this rule. When “GRE” is selected It means the option “Protocol” of packet filter rule is GRE. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under Object Definition) Then check Enable box to enable this rule. When “ESP” is selected It means the option “Protocol” of packet filter rule is ESP. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under Object Definition) Then check Enable box to enable this rule. Click the Save button to save the settings. When “SCTP” is selected It means the option “Protocol” of packet filter rule is SCTP. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under Object Definition) Then check Enable box to enable this rule. When “User‐defined” is selected It means the option “Protocol” of packet filter rule is User‐defined. For Protocol Number, enter a port number. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under Object Definition) Then check Enable box to enable this rule. ...
Page 166 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Virtual Computer The router allows you to custom your Virtual Computer rules. The router supports up to a maximum of 20 rule‐based Virtual Computer sets. When Add button is applied, Virtual Computer Rule Configuration screen will appear. Virtual Computer Rule Configuration Item Value setting Description Global IP A Must filled setting This field is to specify the IP address of the WAN IP. Local IP A Must filled setting This field is to specify the IP address of the LAN IP. Enable N/A Then check Enable box to enable this rule. Save N/A Click the Save button to save the settings. ...
Page 167 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. ...
Page 168: Ip Translation
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.9.5 IP Translation IP Translation is slimier to One‐to‐One NAT. it is a feature where you can configure the gateway with multiple IP addresses issued by your Internet Service Provider (ISP) and map them to individual intranet devices with specific IP addresses. That is, configuring the IP Translation feature creates a one‐to‐one mapping between a public IP address and a private IP address of a local host. In addition, admin users also map a private IP address range to a public IP address range of equal instances. This feature offers another way to make systems behind a firewall and configured with private IP addresses appear to have public IP addresses. Scenario Application Timing Sometimes, the admin users want to manage IP Address of servers easily or easy to memorize in the Intranet, IP Translation can help local servers to map valid public IP Address in closed or Intranet Network. ...
Page 169 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Admin user setups IP Address 1.1.1.1 to substitute for 172.16.0.101 of application server on intranet network. Admin user setups IP Address 1.1.1.100 to substitute for 192.168.1.100 of NAS Device in remote intranet network.. Users in Control Center can access application server via 1.1.1.1 or NAS device via 1.1.1.100. Parameter Setup Example Following table lists the parameter configuration as an example for the gateway in above diagram. Use default value for those parameters that are not mentioned in the table. [Configuration]‐[IP Translation] Configuration Path Enable ■ IP Translation Configuration Path [IP Translation]‐[IP Translation List] 1 ID 1.1.1.1 172.16.0.101 1.1.1.100  192.168.1.100 Mapping IP address Application Server Remote NAS Description ■ Enable ■...
Page 170 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IP Translation Setting Go to Basic Network > Port Forwarding > IP Translation tab. Enable IP Translation Configuration Item Value setting Description IP Translation The box is unchecked by Check the Enable box to activate the IP translation function default Save N/A Click the Save button to save the settings. Create/Edit IP Translation Rule When Add button is applied, IP Translation Configuration screen will appear. IP Translation Configuration Item Value setting Description Mapping Source 1. A Must filled setting Specify the original IP / Domain Name to be translated. IP/Domain Name 2.IP is selected by default. Mask 1. A Must filled setting Enter the required subnet mask if Source IP is specified above. 2.255.255.255.255(/32) It can be a single IP with 255.255.255.255 (/32) subnet mask, or an IP is selected by default. group limited with proper subnet setting. ...
Page 171 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Mapping 1. A Must filled setting Specify the expected target IP / Domain Name that will be used to Destination 2.IP is selected by replace the original one. IP/Domain Name default. Mask 1. A Must filled setting Enter the required subnet mask if Destination IP is specified above. 2.255.255.255.255(/32) It can be a single IP with 255.255.255.255 (/32) subnet mask, or an IP is selected by default. group limited with proper subnet setting. Physical Interface 1. A Must filled setting Specify the interface to apply the translation rule. The enabled WAN 2.All is selected by Interface will be available in the dropdown list. default. By default, All is selected, and the translation rule will be applied to the traffics passing through all WAN interfaces. Description An optional setting. Specify a brief description or rule name for this IP Translation rule. Enable The box is unchecked by Check the Enable box to activate the translation rule. default Save N/A Click the Save button to save the settings. Undo N/A Click the Undo button to cancel the settings ...
Page 172: Dmz & Pass Through
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.9.9 DMZ & Pass Through DMZ (De Militarized Zone) Host is a host that is exposed to the Internet cyberspace but still within the protection of firewall by gateway device. So, the function allows a computer to execute 2‐way communication for Internet games, Video conferencing, Internet telephony and other special applications. In some cases when a specific application is blocked by NAT mechanism, you can indicate that LAN computer as a DMZ host to solve this problem. In "DMZ" page, there is only one configuration window for "DMZ" feature. The window lets you activate the DMZ function and specify the IP address in the Intranet to be DMZ host so that the host under DMZ function can run applications freely that would, otherwise, blocked by NAT mechanism of the gateway with DMZ feature disabled. That is, the incoming packets issued by an active application in the Internet are usually blocked outside of the NAT gateway. But the DMZ host can receive those packets and make replies. That is, it is reactive to outside world. In the meantime, it is also protected ...
Page 173 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the administrator of the gateway wants to set up some service daemons in a host that is in the Intranet to allow remote users request for services from the host actively, even the host is behind a NAT gateway. But remote users think the gateway provides those services, so users use the global IP of the gateway to request their services. Apply the DMZ feature in the NAT gateway to meet the application scenario. In addition, please also be noted that the client host is still protected by the gateway firewall. Scenario Description The DMZ host is behind a NAT gateway and receives all normal and active packets from the Internet. Remote user can access the DMZ host by using the IP address of the gateway, and the gateway will skip the NAT checking on the DMZ host. DMZ host is still protected by the gateway firewall. Parameter Setup Example Following table lists the parameter configuration as an example for the gateway in above diagram with DMZ enabling. Use default value for those parameters that are not mentioned in the table. [DMZ]‐[Configuration] Configuration Path DMZ IP Address of DMZ Host: 10.0.75.100 ■ Enable Scenario Operation Procedure In above diagram, the NAT Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the ...
Page 174 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. DMZ & Pass Through Setting The DMZ host is a host that is exposed to the Internet cyberspace but still within the protection of firewall by gateway device. Go to Basic Network > Port Forwarding > DMZ & Pass Through tab. Enable DMZ and Pass Through Configuration Item Value setting Description DMZ 1. A Must filled setting 2. Check the Enable box to activate this SDMZ function Default is ALL. Define the selected interface to be the packet‐entering interface of the router. If the packets to be filtered are coming from WAN‐x then select WAN‐ x for this field. Select ALL for packets coming into the router from any interfaces. ...
Page 175: Routing
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.b Routing If you have more than one router and subnet, you will need to enable routing function to allow packets to find proper routing path and allow different subnets to communicate with each other. Routing is the process of selecting best paths in a network. It is performed for many kinds of networks, like electronic data networks (such as the Internet), by using packet switching technology. The routing process usually directs forwarding on the basis of routing tables which maintain a record of the routes to various network destinations. Thus, constructing routing tables, which are held in the router's memory, is very important for efficient routing. Most routing algorithms use only one network path at a ...
Page 176 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the administrator of the gateway wants to specify what kinds of packets to be transferred via which one gateway interface and which peer gateway to their destination. It can be carried out by the "Static Routing" feature. Scenario Description Dedicated packet flows from the Intranet will be routed to their destination via the pre‐defined peer gateway and corresponding gateway interface that are defined in the system routing table by manual. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "Static Routing" enabling. Use default value for those parameters that are not mentioned in the tables. Configuration Path [Static Routing]‐[Configuration] ■ Enable Static Routing [Static Routing]‐[Static Routing Rule List] Configuration Path ID 173.194.72.94 188.125.73.108 Destination IP 255.255.255.255 255.255.255.255 ...
Page 177 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Static Routing Setting In "Static Routing" page, there are three configuration windows for static routing feature. They are the "Configuration" window, "Static Routing Rule List" window and "Static Routing Rule Configuration" window. The "Configuration" window lets you activate the global static routing feature only. Even you have defined many static routing rules for the gateway, if you want to disable them temporarily, just uncheck the Enable box to disable it. The "Static Routing Rule List" window lists all your defined static routing rule entries. Using "Add" or "Edit" button to add and create one new static routing rule or to modify an existed one. ...
Page 178 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Static Routing Rules The Static Routing Rule List shows the setup parameters of all static routing rule entries. To configure a static routing rule, you must specify related parameters including the destination IP address and subnet mask of dedicated host/server or subnet, the IP address of peer gateway, the metric and the rule activation. The router allows you to custom your static routing rules. It supports up to a maximum of 64 rule sets. When Add button is applied, Static Routing Rule Configuration screen will appear, while the "Edit" button at the end of each static routing rule can let you modify the rule. IPv4 Static Routing Item Value setting Description Destination 1. IPv4 Format The Destination IP of this static routing rule. IP 2. A Must filled setting 255.255.255.0 (/24) is set Subnet Mask ...
Page 179 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Click the Undo button to restore what you just configured back to the Undo NA previous setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. When the Back button is clicked the screen will return to the Static Back NA Routing Configuration page. ...
Page 180: Dynamic Routing
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.b.3 Dynamic Routing Dynamic Routing, also called adaptive routing, describes the capability of a system, through which routes are characterized by their destination, to alter the path that the route takes through the system in response to a change in network conditions. The adaptation is intended to allow as many routes as possible to remain valid (that is, have destinations that can be reached) in response to the change. This gateway supports dynamic routing protocols, including RIPv1/RIPv2 (Routing Information Protocol), OSPF (Open Shortest Path First), and BGP (Border Gateway Protocol), for you to establish routing table automatically. The feature of dynamic routing will be very useful when there are lots of subnets in your network. Generally speaking, RIP is suitable for small network. OSPF is more suitable for medium network. BGP is more used for big network infrastructure. ...
Page 181 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. OSPF detects changes in the topology, such as link failures, and converges on a new loop‐free routing structure within seconds. It computes the shortest path tree for each route using a method based on Dijkstra's algorithm, a shortest path first algorithm. The OSPF routing policies for constructing a route table are governed by link cost factors (external metrics) associated with each routing interface. Cost factors may be the distance of a router (round‐ trip time), data throughput of a link, or link availability and reliability, expressed as simple unit‐less numbers. This provides a dynamic process of traffic load balancing between routes of equal cost. An OSPF network may be structured, or subdivided, into routing areas to simplify administration and optimize traffic and resource utilization. Areas are identified by 32‐bit numbers, expressed either simply in decimal, or often in octet‐based dot‐decimal notation, familiar from IPv4 address notation. ...
Page 182 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Description The OSPF gateway gathers routing information from the backbone gateways in area 0 by using OSPF dynamic routing protocol. The OSPF gateway will forward its routing information to other routers that are under the gateway and not linked to the enterprise backbone. Parameter Setup Example Following tables list the parameter configuration as an example for the OSPF gateway in above diagram. Use default value for those parameters that are not mentioned in the tables. [Dynamic Routing]‐[OSPF Configuration] Configuration Path ■ Enable OSPF 10.0.0.0/16 Backbone Subnet [Dynamic Routing]‐[OSPF Area List] Configuration Path ID 10.0.75.0/24 10.0.76.0/24 Area Subnet ...
Page 183 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. BGP Scenario Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information between autonomous systems (AS) on the Internet. The protocol is often classified as a path vector protocol but is sometimes also classed as a distance‐ vector ...
Page 184 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Description The BGP gateway dominates an autonomous system (AS) of networking and links with some other border gateways for exchanging routing information. The BGP gateway will distribute the collected routing information in its dominated AS. Then all routers in the AS know how to route packets to other AS. Parameter Setup Example Following tables list the parameter configuration as an example for the BGP gateway in above diagram. Use default value for those parameters that are not mentioned in the tables. [Dynamic Routing]‐[BGP Configuration] Configuration Path ■ Enable BGP 100 Self ID [Dynamic Routing]‐[BGP Neighbor List] Configuration Path 1 4 ID 10.101.0.1 10.102.0.1 10.103.0.1 10.104.0.1...
Page 185 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Dynamic Routing Setting The dynamic routing setting allows user to customize RIP, OSPF, and BGP protocol through the router based on their office setting. In the "Dynamic Routing" page, there are seven configuration windows for dynamic routing feature. They are the "RIP Configuration" window, "OSPF Configuration" window, "OSPF Area List", "OSPF Area Configuration", "BGP Configuration", "BGP Neighbor List" and "BGP Neighbor Configuration" window. RIP, OSPF and BGP protocols can be configured individually. ...
Page 186 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Enable RIP The RIP configuration setting allows user to customize RIP protocol through the router based on their . office setting RIP Configuration Item Value setting Description Select Disable will disable RIP protocol. RIP Enable Disable is set by default Select RIP v1 will enable RIPv1 protocol. Select RIP v2 will enable RIPv2 protocol. Enable OSPF The OSPF configuration setting allows user to customize OSPF protocol through the router based on . their office setting OSPF Configuration Item Value setting Description OSPF Disable is set by default Click Enable box to activate the OSPF protocol. 1. IPv4 Format Router ID The Router ID of this router on OSPF protocol 2. A Must filled setting The Authentication method of this router on OSPF protocol. ...
Page 187 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Select MD5 will enable MD5 Authentication with entered the ID and Key in these fields on OSPF protocol. 1. Classless Inter Domain Routing (CIDR) Subnet Backbone Mask Notation. (Ex: The Backbone Subnet of this router on OSPF protocol. Subnet 192.168.1.0/24) 2. A Must filled setting Create/Edit OSPF Area Rules The router allows you to custom your OSPF Area List rules. It supports up to a maximum of 32 rule sets. When Add button is applied, OSPF Area Rule Configuration screen will appear. OSPF Area Configuration Item Value setting Description 1. Classless Inter Domain Routing (CIDR) Subnet Area Subnet Mask Notation. (Ex: The Area Subnet of this router on OSPF Area List. 192.168.1.0/24) 2. A Must filled setting 1. IPv4 Format Area ID The Area ID of this router on OSPF Area List. 2. A Must filled setting The box is unchecked by Area Click Enable box to activate this rule. default. Save N/A ...
Page 188 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Enable BGP The BGP configuration setting allows user to customize BGP protocol through the router based on their office setting BGP Network Configuration Item Value setting Description BGP The box is unchecked by Check the Enable box to activate the BGP protocol. default ASN 1. Numberic String The ASN Number of this router on BGP protocol. Format 2. A Must filled setting Router ID 1. IPv4 Format The Router ID of this router on BGP protocol. 2. A Must filled setting Create/Edit BGP Network Rules The router allows you to custom your BGP Network rules. It supports up to a maximum of 32 rule sets. When Add button is applied, BGP Network Rule Configuration screen will appear. ...
Page 189 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Item Value setting Description Network 1. IPv4 Format The Network Subnet of this router on BGP Network List. It composes of Subnet 2. A Must filled setting entered the IP address in this field and the selected subnet mask. The box is unchecked by Network Click Enable box to activate this rule. default. Save N/A Click the Save button to save the configuration Create/Edit BGP Neighbor Rules The router allows you to custom your BGP Neighbor rules. It supports up to a maximum of 32 rule sets. When Add button is applied, BGP Neighbor Rule Configuration screen will appear. BGP Neighbor Configuration Item Value setting Description 1. IPv4 Format Neighbor IP The Neighbor IP of this router on BGP Neighbor List. 2. A Must filled setting 1. Numberic String Format Remote ASN The Remote ASN of this router on BGP Neighbor List. 2. A Must filled setting The box is unchecked by ...
Page 190: B.5 Routing Information
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.b.5 Routing Information The routing information allows user to view the routing table and policy routing information based on their office setting. Policy Routing Information is available when the Load Balance function is . enabled and the Load Balance Strategy is By User Policy Go to Basic Network > Routing > Routing Information Tab. Routing Table Item Value setting Description Destination IP N/A Routing record of Destination IP. IPv4 Format. Subnet Mask N/A Routing record of Subnet Mask. IPv4 Format. Gateway IP N/A Routing record of Gateway IP. IPv4 Format. Metric ...
Page 191: Dns & Ddns
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.d DNS & DDNS How does user access your server if your WAN IP address changes all the time? One way is to register a new domain name, and maintain your own DNS server. Another simpler way is to apply a domain name to a third‐party DDNS service provider. The service can be free or charged. If you want to ...
Page 192 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the IP address of the Gateway is often changed by ISP, and other hosts in the Internet want to link to the gateway device by using its corresponding domain name, the gateway must provide the dynamic DNS function to carry out the requirement. Scenario Description Apply one account to the DDNS provider for DDNS service before DDNS function in the gateway can work. The gateway asks the DDNS server to re‐map the domain name and WAN's IP address of the gateway once the IP address has been changed. Parameter Setup Example Following table lists the parameter configuration as an example for the gateway in above diagram with "Dynamic DNS" enabling. Use default value for those parameters that are not mentioned in the table. [Dynamic DNS]‐[Dynamic DNS] Configuration Path ■ Enable DDNS No‐IP.com Provider JP‐NB Host Name Chinghuihsieh Username / E‐mail ddnspassword Password / Key ...
Page 193 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and gets a dynamic IP 118.18.81.33 for WAN‐1 interface. It serves as a NAT router. Configure the required parameters for DDNS function by referring to above setup example. When the gateway has booted up and has gotten a dynamic IP address for the WAN interface, the DDNS agent in the gateway tries to request the DDNS server with the mapping between the domain name and the obtained WAN IP address of the gateway. The DDNS server broadcasts the mapping to other DNS servers for DNS hosting service in the Internet world. So, other hosts in the Internet can link to the gateway by using the domain name. Once the gateway has dynamically changed its WAN IP address from ISP, the DDNS agent tries again to request the DDNS server with the re‐mapping between the domain name and the new WAN IP address of the gateway. ...
Page 194 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. DNS & DDNS Setting The DNS & DDNS setting allows user to create/modify pre‐defined domain name list and setup Dynamic DNS feature. Go to Basic Network > DNS & DDNS > Configuration Tab. Create/Edit Pre‐defined Domain Name List The router allows you to custom your pre‐defined domain name list. It supports up to a maximum of 128 sets. When Add button is applied, Pre‐defined Domain Name Configuration screen will appear. Pre‐defined Domain Name Configuration Item Value setting Description 1. String format can be Domain any text Enter a domain name that mapping the IP Address. Name ...
Page 195 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Setup Dynamic DNS The router allows you to custom your Dynamic DNS settings. DDNS (Dynamic DNS) Configuration Item Value setting Description The box is unchecked by DDNS Check the Enable box to activate this function. default WAN Interface WAN 1 is set by default Select the WAN Interface IP Address of the router. DynDNS.org (Dynamic) is Provider Your DDNS provider of Dynamic DNS. set by default 1. String format can be Host Name any text Your registered host name of Dynamic DNS. 2. A Must filled setting 1. String format can be User Name / E‐ any text Your User name or E‐mail addresss of Dynamic DNS. Mail 2. A Must filled setting 1. String format can be Password / Key any text Your Password or Key of Dynamic DNS. 2. A Must filled setting Save N/A Click Save to save the settings ...
Page 196: Qos
This is useful when there are certain types of data you want to give higher priority to, such as voice packets given higher priority than Web data packets. To utilize your network throughput completely, administrator must define bandwidth control rules carefully to balance the utilization of network bandwidth for all users to access. It is indeed required that an access gateway satisfies the requirements of latency‐critical applications, minimum access right guarantee, fair bandwidth usage for same subscribed condition and flexible bandwidth management. AMIT Security Gateway provides a Rule‐based QoS to carry out the requirements. 3.f.1 QoS Configuration This gateway provides lots of flexible rules for you to set QoS policies. Basically, you need to know three parts of information before you create your own policies. First, “who” needs to be managed? Second, “what” kind of service needs to be managed? The last part is “how” you prioritize. Once you have this information, you can continue to learn functions in this section in more detail. ...
Page 197 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In above diagram, a QoS rule is organized by the premise part and the conclusion part. In the premise part, you must specify the WAN interface, host group, service type in the packets, packet flow direction to be watched and the sharing method of group control or individual control. However, in the conclusion part, you must make sure which kind of system resource to distribute and the control function based on the chosen system resource for the rule. The Rule‐based QoS has following features. Multiple Group Categories Specify the group category in a QoS rule for the target objects to be applied on. ...
Page 198 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. There are 4 resources can be applied in a QoS rule: bandwidth, connection sessions, priority queues and DiffServ Code Point (DSCP). Control function that acts on target objects for specific services of packet flow is based on these resources. For bandwidth resource, control functions include guaranteeing bandwidth and limiting bandwidth. For priority queue resource, control function is setting priority. For DSCP resource, control function is DSCP marking. The last resource is Connection Sessions; the related control function is limiting connection sessions. Individual / Group Control One QoS rule can be applied to individual member or whole group in the target group. This feature depends on model. ...
Page 199 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. packets from some client hosts in the Intranet. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "Rule‐based QoS" enabling. Use default value for those parameters that are not mentioned in the tables. [Rule‐based QoS]‐[Configuration] Configuration Path ■ Enable Rule‐based QoS ■ Enable Flexible Bandwidth Management [Rule‐based QoS]‐[QoS Rule Configuration] Configuration Path Interface All WANs IP 10.0.75.196 Subnet Mask: 255.255.255.252 (/30) Group Service DSCP DiffServ Code Point IP Precedence 4(CS4) DiffServ Code Points Resource DSCP Marking AF Class2(High Drop) Control Function Inbound QoS Direction Group Control Sharing Method (0) Always Time Schedule ■ Enable Rule Scenario Operation Procedure This rule means IP packets from all WAN interfaces to LAN IP address 10.0.75.196 ~ 10.0.75.199 which have DiffServ code points with “IP Precedence 4(CS4)” value will be modified by “DSCP Marking” control function with “AF Class 2(High Drop)” value at any time. ...
Page 200 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the administrator of the gateway wants to limit the connection sessions from some client hosts (IP 10.0.75.16~31) to 20000 sessions totally for accessing the Internet, he can use the "Rule‐based QoS" function to carry out it by defining an QoS rule as shown in above diagram. Scenario Description Specify the maximum connection sessions from some client hosts (IP 10.0.75.16~31) for accessing the Internet. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "Rule‐based QoS" enabling. Use default value for those parameters that are not mentioned in the tables. [Rule‐based QoS]‐[Configuration] Configuration Path ■ Enable Rule‐based QoS ■ Enable Flexible Bandwidth Management [Rule‐based QoS]‐[QoS Rule Configuration] Configuration Path WAN‐1 Interface IP 10.0.75.16 Subnet Mask: 255.255.255.240 (/28) Group Service Connection Sessions Resource Set Session Limitation 20000 Control Function Outbound QoS Direction Group Control Sharing Method (0) Always Time Schedule ...
Page 201 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. ■ Enable Rule Scenario Operation Procedure This rule defines that all client hosts, whose IP address is in the range of 10.0.75.16~31, can access the Internet via "WAN‐1" interface under the limitation of the maximum 20000 connection sessions totally at any time ...
Page 202 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. QoS Configuration Setting In "QoS Configuration" page, there are some configuration windows for QoS function. They are the "Configuration" window, “System Resource Configuration” window, "QoS Rule List" window, and "QoS Rule Configuration" window. The "Configuration" window can let you activate the Rule‐based QoS function. In addition, you can also enable the "Flexible Bandwidth Management" (FBM) feature for better utilization of system bandwidth by FBM algorithm. Second, the “System Configuration” window can let you configure the total bandwidth and session of each WAN. Third, the "QoS Rule List" window lists all your defined QoS rules. At last, the "QoS Rule Configuration" window can let you define one QoS rule. Go to Basic Network > QoS > Configuration tab. Enable QoS Function Configuration Item ...
Page 203 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Setup System Resource System Resource Configuration Item Value Setting Description 1. A Must filled setting. Define the system queues that are available for the QoS settings. Type of System 2. Bandwidth Queue, The supported type of system queues are Bandwidth Queue and Priority Queue and 6 are set by Queues. default. Value Range: 1 ~ 6. Select the WAN interface and then the following WAN Interface Resource screen will show the related resources for configuration.  Bandwidth of Upstream / Downstream Specify total upload / download bandwidth of the selected WAN. Value Range: WAN‐1 is selected by For Gigabit Ethernet:1~1024000Kbps, or 1~1000Mbps; WAN Interface default. For Fast Ethernet: 1~102400Kbps, or 1~100Mbps; ...
Page 204 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit QoS Rules After enabled the QoS function and configured the system resources, you have to further specify some QoS rules for provide better service on the interested traffics. The gateway supports up to a maximum of 128 rule‐based QoS rule sets. When Add button is applied, QoS Rule Configuration screen will appear. QoS Rule Configuration Item Value setting Description Interface 1. A Must filled Specify the WAN interface to apply the QoS rule. setting. Select All WANs or a certain WAN‐n to filter the packets entering to or 2. All WANs is leaving from the interface(s). selected by default. Group 1. A Must filled Specify the Group category for the QoS rule. It can be Src. MAC Address, setting. IP, or Host Name. 2. Src. MAC Address is selected by default. Select Src. MAC Address to prioritize packets based on MAC; Select IP to prioritize packets based on IP address and Subnet Mask; Select Host Name to prioritize packets based on a group of a pre‐ configured group of host from the dropdown list. If the dropdown list is empty, ensure if any group is pre‐configured. Note: The required host groups must be created in advance and ...
Page 205 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Object Definition > Grouping > Host Grouping. Service 1. A Must filled Specify the service type of traffics that have to be applied with the QoS setting. rule. It can be All, DSCP, TOS, User‐defined Service, or Well‐known 2. All is selected by Service. default. Select All for all packets. Select DSCP for DSCP type packets only. Select TOS for TOS type packets only. You have to select a service type (Minimize‐Cost, Maximize‐Reliability, Maximize‐Throughput, or Minimize‐Delay) from the dropdown list as well. Select User‐defined Service for user‐defined packets only. You have to define the port range and protocol as well. Select Well‐known Service for specific application packets only. You have to select the required service from the dropdown list as well. Resource, and A Must filled setting Specify the Resource Type and corresponding Control function for the Control Function QoS rule. The available Resource options are Bandwidth, Connection Sessions, Priority Queues, and DiffServ Codepoints. Bandwidth: Select Bandwidth as the resource type for the QoS Rule, and you have to assign the min rate, max rate and rate unit as the bandwidth settings in the Control Function / Set MINR & MAXR field. Connection Sessions: Select Connection Sessions as the resource type for the QoS Rule, and you have to assign supported session number in the Control Function / Set Session Limitation field. ...
Page 206 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. destination group. Specify the preferred sharing method for how to apply the QoS rule on the selected group. It can be Individual Control or Group Control. 1. A Must filled setting. Sharing Method Individual Control: If Individual Control is selected, each host in the 2. Group Control is group will have his own QoS service resource as specified in the rule. selected by default. Group Control: If Group Control is selected, all the group hosts share the same QoS service resource. 1. A Must filled Apply Time Schedule to this rule, otherwise leave it as (0) Always. (refer setting. to Object Definition > Scheduling > Configuration settings) Time Schedule 2. (0) Always is selected by default. The box is unchecked Click Enable box to activate this QoS rule. Rule Enable by default. Save N/A Click the Save button to save the settings. ...
Page 207: Redundancy
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.h Redundancy In engineering, redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system, usually in the form of a backup or fail‐safe. In an IP networking, the access gateway is the critical part of the networking system. Redundant gateway plays the backup one of the master gateway and it will take over the data transmitting job once it finds the master gateway failed. The purchased gateway can serve as the redundant gateway of core router in the enterprise by using the Virtual Router Redundancy Protocol (VRRP). 3.h.1 VRRP The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol providing device redundancy. It allows a backup router or switch to automatically take over if the primary (master) router or switch fails. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP network. ...
Page 208 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the enterprise gateway needs a reliable connection to the Internet, administrator can setup a group of VRRP redundant gateways as the enterprise entry gateway. Each member gateway connects to different ISP for a redundant connection to the Internet. So, the enterprise gateway is reliable even the master connection is failed. Scenario Description When the master gateway is disabled of its Internet connection, the backup gateway whose priority is the highest among the ones with alive Internet connection will take over the data communication duty and serves as the master. Once the backup gateway is recovered from terminated Internet connection and its priority is higher than the one of the master gateway, the data communication duty will return to it. Parameter Setup Example Following tables list the parameter configuration as a group example for the gateways in above diagram with "VRRP" enabling. ...
Page 209: Vrrp
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Use default value for those parameters that are not mentioned in the tables.  Master Gateway [Ethernet LAN]‐[Configuration] ([Basic Network]‐[LAN&VLAN]) Configuration Path 10.0.75.1 LAN IP Address 255.255.255.0 (/24) Subnet Mask [VRRP]‐[Configuration] Configuration Path ■ Enable VRRP Virtual Server ID Priority of Virtual Server 10.0.75.200 Virtual Server IP Address  Backup Gateway [Ethernet LAN]‐[Configuration] ([Basic Network]‐[LAN&VLAN]) Configuration Path LAN IP Address 10.0.75.2 255.255.255.0 (/24) Subnet Mask [VRRP]‐[Configuration] Configuration Path ■ Enable VRRP Virtual Server ID Priority of Virtual Server 10.0.75.200 Virtual Server IP Address Scenario Operation Procedure In above diagram, the Master Gateway and the Backup Gateway are the redundant gateway group of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The master gateway has the IP address of ...
Page 210 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. VRRP Setting The Virtual Router Redundancy Protocol (VRRP) setting allows user to assign available Internet Protocol (IP) routers to participating hosts automatically. Go to Basic Network > Redundancy > VRRP tab. VRRP Item Value setting Description The box is unchecked by VRRP Check the Enable box to activate this VRRP function. default. 1. Numberic String Virtual Server Specify the Virtual Server ID on VRRP of the gateway. The value range is Format ID from 1 to 255. 2. A Must filled setting 1. Numberic String Priority of Specify the Priority of Virtual Server on VRRP of the gateway. The value Format ...
Page 211: Chapter 5 Object Definition
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 5 Object Definition 5.1 Scheduling Scheduling provides ability of adding/deleting time schedule rules, which can be applied to other functionality. Go to Object Definition > Scheduling > Configuration tab. Button description Item Value setting Description Add N/A Click the Add button to configure time schedule rule Delete N/A Click the Delete button to delete selected rule(s) ...
Page 212 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When Add button is applied, Time Schedule Configuration and Time Period Definition screen will appear. Time Schedule Configuration Item Value Setting Description Rule Name String: any text Set rule name Rule Policy Default Inactivate Inactivate/activate the function been applied to in the time period below Time Period Definition Item Value Setting Description Week Day Select from menu Select everyday or one of weekday Start Time Time format (hh :mm) Start time in selected weekday ...
Page 213: Grouping
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.5 Grouping The Grouping function allows user to make group for some services. 5.5.1 Host Grouping Go to Object Definition > Grouping > Host Grouping tab. The Host Grouping function allows user to make host group for some services, such as QoS, Firewall, and Communication Bus. The supported service types could be different for the purchased product. When Add button is applied, Host Group Configuration screen will appear. Host Group Configuration Item Value setting Description 1. String format can Enter a group name for the rule.It is a name that is easy for you to be any text Group Name understand. 2. A Must filled Value Range: at least 1 character is required. setting Member List NA This field will indicate the hosts (members) contained in the group. Multiple Bound The boxes are Binding the services that the host group can be applied. If you enable the Services unchecked by Firewall, the produced group can be used in firewall service. Same as by ...
Page 214 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. default enable Qos and Bus & Protocol. Note: The supported service type can be different for the purchased product. Select the member type for the host group. It can be IP Address‐based, MAC Address‐based, or Host Name‐based. 1. IP Address‐based When IP Address‐based is selected, only IP address can be added in is selected by Member to Join. Member Type default. When MAC Address‐based is selected, only MAC address can be added in 2. A Must filled Member to Join. setting When Host Name‐based is selected, only host name can be added in Member to Join. Add the members to the group in this field. You can enter the member information as specified in the Member Type Member to Join N/A above, and press the Join button to add. Only one member can be add at a time, so you have to add the members to the group one by one. The box is Check the Enable checkbox to activate the host group rule. So that the Group unchecked by group can be bound to selected service(s) for further configuration. default ...
Page 215: External Server
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.7 External Server The External Server setting allows user to add external server. Go to Object Definition > External Server > External Server tab. Create external server When Add button is applied, External Server Configuration screen will appear. ...
Page 216 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. External Server Configuration Item Value setting Description 1. String format can be Sever Name any text Enter a server name. Enter a name that is easy for you to understand.. 2. A Must filled setting Server IP/FQDN A Must filled setting This field is to specify the external server IP. Server Port A Must filled setting This field is to specify the external server port. Specify the Server Type of the external server, and enter the required settings for the accessing the server. Email Server (A Must filled setting) : When Email Server is selected, User Name, and Password are also required. User Name (String format: any text) Password (String format: any text) RADIUS Server (A Must filled setting) : When RADIUS Server is selected, the following settings are also required. Accounting Port (A Must filled setting) Primary : Shared Key (String format: any text) Authentication Protocol (By default CHAP is selected) Session Timeout (By default 1) The values must be between 1 and 60. Idle Timeout: (By default 1) The values must be between 1 and 26. Secondary : Server Type A Must filled setting Shared Key (String format: any text) Authentication Protocol (By default CHAP is selected) Session Timeout (By default 1) The values must be between 1 and 60. ...
Page 217 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Login URL (String format: any text) Shared Secret (String format: any text) N/AS/Gateway ID (String format: any text) Location ID (String format: any text) Location Name (String format: any text) TACACS+ Server (A Must filled setting) : When TACACS+ Server is selected, the following settings are also required. Shared Key (String format: any text) Session Timeout (String format: any number) The values must be between 1 and 60. SCEP Server (A Must filled setting) : When SCEP Server is selected, the following settings are also required. Path (String format: any text, By default cgi‐bin is filled) Application (String format: any text, By default pkiclient.exe is filled) Server IP/FQDN A Must filled setting Specify the IP address or FQDN used for the external server. Specify the Port used for the external server. If you selected a certain server type, the default server port number will be set. For Email Server 25 will be set by default; For Syslog Server, port 514 will be set by default; For RADIUS Server, port 1812 will be set by default; Server Port A Must filled setting For Active Directory Server, port 389 will be set by default; For LDAP Server, port 389 will be set by default; For UAM Server, port 80 will be set by default; For TACACS+ Server, port 49 will be set by default; For SCEP Server, port 80 will be set by default; The box is checked by Server Click Enable to activate this External Server. default Save N/A Click the Save button to save the settings Undo N/A Click the Undo button to cancel the settings ...
Page 218: Certificate
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.9 Certificate In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. The certificate includes information about the key, information about its owner's identity, and the digital signature of an entity that has verified the certificate's contents are genuine. If the signature is valid, and the person ...
Page 219 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Root CA Certificate Configuration Item Value setting Description 1. String format can be Name any text Enter a Root CA Certificate name. It will be a certificate file name 2. A Must filled setting This field is to specify the key attribute of certificate. Key Type to set public‐key cryptosystems. It only supports RSA now. Key Length to set s the size measured in bits of the key used in a Key A Must filled setting cryptographic algorithm. Digest Algorithm to set identifier in the signature algorithm identifier of certificates This field is to specify the information of certificate. Country(C) is the two‐letter ISO code for the country where your organization is located. State(ST) is the state where your organization is located. Subject Name A Must filled setting Location(L) is the location where your organization is located. Organization(O) is the name of your organization. Organization Unit(OU) is the name of your organization unit. Common Name(CN) is the name of your organization. Email is the email of your organization. It has to be email address style. Validity Period A Must filled setting This field is to specify the validity period of certificate. Setup SCEP ...
Page 220 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. SCEP Configuration Description Item Value setting The box is unchecked by SCEP Check the Enable box to activate SCEP function. default Automatically When SCEP is activated, check the Enable box to activate this function. re‐enroll The box is unchecked by It will be automatically check which certificate is aging. If certificate is aging default aging, it will activate SCEP function to re‐enroll automatically. certificates ...
Page 221: My Certificate
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.9.3 My Certificate My Certificate includes a Local Certificate List. Local Certificate List shows all generated certificates by the root CA for the gateway. And it also stores the generated Certificate Signing Requests (CSR) which will be signed by other external CAs. The signed certificates can be imported as the local ones of the gateway. Self‐signed Certificate Usage Scenario Scenario Application Timing When the enterprise gateway owns the root CA and VPN tunneling function, it can generate its own local certificates by being signed by itself or import any local certificates that are signed by other external CAs. Also import the trusted certificates for other CAs and Clients. In addition, since it has the root CA, it also can sign Certificate Signing Requests (CSR) to form corresponding certificates for others. These certificates can be used for two remote peers to make sure their identity during establishing a VPN tunnel. Scenario Description Gateway ...
Page 222 IPSec VPN tunnel establishing, as shown in above diagram. The configuration example must be combined with the ones in following two sections to complete the whole user scenario. Use default value for those parameters that are not mentioned in the tables. [My Certificate]‐[Root CA Certificate Configuration] Configuration Path HQRootCA Name Key Type: RSA Key Length: 1024‐bits Key Country(C): TW State(ST): Taiwan Location(L): Tainan Subject Name Organization(O): AMITHQ Organization Unit(OU): HQRD Common Name(CN): HQRootCA E‐mail: hqrootca@amit.com.tw [My Certificate]‐[Local Certificate Configuration] Configuration Path HQCRT Self‐signed: ■ Name Key Type: RSA Key Length: 1024‐bits Key Country(C): TW State(ST): Taiwan Location(L): Tainan Subject Name Organization(O): AMITHQ Organization Unit(OU): HQRD Common Name(CN): HQCRT E‐mail: hqcrt@amit.com.tw Configuration Path ...
Page 223 IPSec VPN tunnel establishing, as shown in above diagram. The configuration example must be combined with the ones in following two sections to complete the whole user scenario. Use default value for those parameters that are not mentioned in the tables. [My Certificate]‐[Local Certificate Configuration] Configuration Path BranchCRT Self‐signed: □ Name Key Type: RSA Key Length: 1024‐bits Key Country(C): TW State(ST): Taiwan Location(L): Tainan Subject Name Organization(O): AMITBranch Organization Unit(OU): BranchRD Common Name(CN): BranchCRT E‐mail: branchcrt@amit.com.tw [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel s2s‐102 Tunnel Name WAN 1 ...
Page 224 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 255.255.255.0 Local Netmask Disable Full Tunnel 10.0.76.0 Remote Subnet 255.255.255.0 Remote Netmask 203.95.80.22 Remote Gateway [IPSec]‐[Authentication] Configuration Path IKE+X.509 Local Certificate: BranchCRT Remote Certificate: HQCRT Key Management User Name Network‐B Local ID User Name Network‐A Remote ID [IPSec]‐[IKE Phase] Configuration Path Main Mode Negotiation Mode None X‐Auth Scenario Operation Procedure In above diagram, "Gateway 1" is the gateway of Network‐A in headquarters and the subnet of its Intranet ...
Page 225 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. My Certificate Setting The My Certificate setting allows user to create local certificates. In "My Certificate" page, there are two configuration windows for the "My Certificate" function. The "Local Certificate List" window shows the stored certificates or CSRs for representing the gateway. The "Local Certificate Configuration" window can let you fill required information necessary for corresponding certificate to be generated by itself, or corresponding CSR to be signed by other CAs. Go to Object Definition > Certificate > My Certificate tab. Create local certificate When ...
Page 226 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Local Certificate Configuration Item Value setting Description Name 1. String format can be Enter a certificate name. It will be a certificate file name any text If Self‐signed is checked, it will be signed by root CA. If Self‐signed is not 2. A Must filled setting checked, it will generate a certificate signing request (CSR). Key A Must filled setting This field is to specify the key attributes of certificate. Key Type to set public‐key cryptosystems. Currently, only RSA is supported. Key Length to set the length in bits of the key used in a cryptographic algorithm. It can be 512/768/1024/1536/2048. Digest Algorithm to set identifier in the signature algorithm identifier of certificates. It can be MD5/SHA‐1. Subject Name A Must filled setting This field is to specify the information of certificate. Country(C) is the two‐letter ISO code for the country where your organization is located. State(ST) is the state where your organization is located. Location(L) is the location where your organization is located. Organization(O) is the name of your organization. Organization Unit(OU) is the name of your organization unit. ...
Page 227 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Import Item Value setting Description Import A Must filled setting Select a certificate file from user’s computer, and click the Apply button to import the specified certificate file to the gateway. PEM Encoded 1. String format can be This is an alternative approach to import a certificate. any text You can directly fill in (Copy and Paste) the PEM encoded certificate string, 2. A Must filled setting and click the Apply button to import the specified certificate to the gateway. Apply N/A Click the Apply button to import the certificate. Cancel N/A Click the Cancel button to discard the import operation and the screen will return to the My Certificates page. ...
Page 228: Trusted Certificate
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.9.5 Trusted Certificate Trusted Certificate includes Trusted CA Certificate List, Trusted Client Certificate List, and Trusted Client Key List. The Trusted CA Certificate List places the certificates of external trusted CAs. The Trusted Client Certificate List places the others' certificates what you trust. And the Trusted Client Key List places the others’ keys what you trusted. Self‐signed Certificate Usage Scenario Scenario Application Timing (same as the one described in "My Certificate" section) ...
Page 229 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Parameter Setup Example (same as the one described in "My Certificate" section) For Network‐A at HQ Following tables list the parameter configuration as an example for the "Trusted Certificate" function used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The configuration example must be combined with the ones in "My Certificate" and "Issue Certificate" sections to complete the setup for the whole user scenario. [Trusted Certificate]‐[Trusted Client Certificate List] Configuration Path Import Command Button [Trusted Certificate]‐[Trusted Client Certificate Import from a File] Configuration Path BranchCRT.crt File For Network‐B at Branch Office Following tables list the parameter configuration as an example for the "Trusted Certificate" function used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The configuration example must be combined with the ones in "My Certificate" and "Issued Certificate" sections to complete the setup for the whole user scenario. [Trusted Certificate]‐[Trusted CA Certificate List] Configuration Path Import Command Button [Trusted Certificate]‐[Trusted CA Certificate Import from a File] Configuration Path HQRootCA.crt File [Trusted Certificate]‐[Trusted Client Certificate List] Configuration Path Import Command Button [Trusted Certificate]‐[Trusted Client Certificate Import from a File] ...
Page 230 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In Gateway 2 import the certificates of the root CA and HQCRT that were generated and signed by Gateway 1 into the "Trusted CA Certificate List" and "Trusted Client Certificate List" of Gateway 2. Import the obtained BranchCRT certificate (the derived BranchCSR certificate after Gateway 1’s root CA signature) into the "Trusted Client Certificate List" of the Gateway 1 and the "Local Certificate List" of the Gateway 2. For more details, refer to the Network‐B operation procedure in "My Certificate" section of this manual. ...
Page 231 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Trusted Certificate Setting The Trusted Certificate setting allows user to import trusted certificates and keys. Go to Object Definition > Certificate > Trusted Certificate tab. Import Trusted CA Certificate When Import button is applied, a Trusted CA import screen will appear. You can import a Trusted CA certificate from an existed certificate file, or directly paste a PEM encoded string as the certificate. Trusted CA Certificate List Item Value setting Description Import from a A Must filled setting Select a CA certificate file from user’s computer, and click the Apply button File to import the specified CA certificate file to the gateway. Import from a 1. String format can be This is an alternative approach to import a CA certificate. PEM any text You can directly fill in (Copy and Paste) the PEM encoded CA certificate 2. A Must filled setting string, and click the Apply button to import the specified CA certificate to the gateway. Apply N/A Click the Apply button to import the certificate. Cancel ...
Page 232 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. certificate from the SECP server. If SCEP is enabled (Refer to Object Definition > Certificate > Configuration), you can click Get CA button, a Get CA Configuration screen will appear. Get CA Configuration Item Value setting Description SCEP Server A Must filled setting Select a SCEP Server to identify the SCEP server for use. The server detailed information could be specified in External Servers. Refer to Object Definition > External Server > External Server. You may click Add Object button to generate. CA Identifier 1. String format can be Fill in optional CA Identifier to identify which CA could be used for signing any text certificates. ...
Page 233 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Trusted Client Certificate List Item Value setting Description Import from a A Must filled setting Select a certificate file from user’s computer, and click the Apply button to import the specified certificate file to the gateway. File Import from a 1. String format can be This is an alternative approach to import a certificate. You can directly fill in (Copy and Paste) the PEM encoded certificate string, and click PEM any text the Apply button to import the specified certificate to the gateway. 2. A Must filled setting Apply N/A Click the Apply button to import certificate. Cancel N/A Click the Cancel button to discard the import operation and the screen will return to the Trusted Certificates page. Import Trusted Client Key When Import button is applied, a Trusted Client Key Import screen will appear. You can import a Trusted Client Key from an existed file, or directly paste a PEM encoded string as the key. ...
Page 234 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Trusted Client Key List Item Value setting Description Select a certificate key file from user’s computer, and click the Apply button to Import from a A Must filled setting import the specified key file to the gateway. File Import from a 1. String format can be This is an alternative approach to import a certificate key. You can directly fill in (Copy and Paste) the PEM encoded certificate key string, and PEM any text click the Apply button to import the specified certificate key to the gateway. 2. A Must filled setting Apply N/A Click the Apply button to import the certificate key. Cancel N/A Click the Cancel button to discard the import operation and the screen will return to the Trusted Certificates page. ...
Page 235: Issue Certificate
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.9.7 Issue Certificate When you have a Certificate Signing Request (CSR) that needs to be certificated by the root CA of the device, you can issue the request here and let Root CA sign it. There are two approaches to issue a certificate. One is from a CSR file importing from the managing PC and another is copy‐paste the CSR codes in gateway’s web‐based utility, and then click on the "Sign" button. If the gateway signs a CSR successfully, the "Signed Certificate View" window will show the resulted certificate contents. In addition, a "Download" button is available for you to download the certificate to a file in the managing PC. ...
Page 236 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. client hosts in these both subnets can communicate with each other. Parameter Setup Example (same as the one described in "My Certificate" section) For Network‐A at HQ Following tables list the parameter configuration as an example for the "Issue Certificate" function used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The configuration example must be combined with the ones in "My Certificate" and "Trusted Certificate" sections to complete the setup for whole user scenario. [Issue Certificate]‐[Certificate Signing Request Import from a File] Configuration Path C:/BranchCSR Browse Sign Command Button ...
Page 237 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Issue Certificate Setting The Issue Certificate setting allows user to import Certificate Signing Request (CSR) to be signed by root CA. Go to Object Definition > Certificate > Issue Certificate tab. Import and Issue Certificate Certificate Signing Request (CSR) Import from a File Item Value setting Description Certificate Signing Select a certificate signing request file you’re your Request (CSR) Import A Must filled setting computer for importing to the gateway. from a File Certificate Signing 1. String format can be any text Enter (copy‐paste) the certificate signing request Request (CSR) Import 2. A Must filled setting ...
Page 238: Chapter 9 Security
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 9 Security 9.1 VPN A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefitting from the functionality, security and management policies of the private network. This is done by establishing a virtual point‐to‐point connection through the use of dedicated connections, encryption, or a combination of the two. The tunnel ...
Page 239: Configuration
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.1.1 Configuration The VPN configuration allows user to enable or disable all the VPN functions of the gateway device. The VPN enables check box must be checked to enable to allow IPSec, PPTP, L2TP and GRE to function. Go to Security > VPN > Configuration tab VPN Configuration Enable VPN check box will activate all VPN related functions. VPN Configuration ...
Page 240: Ipsec
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.1.3 IPSec Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPSec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. ...
Page 241 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Site to Site Tunnel Scenario Scenario Application Timing The security gateway can be located at branch office or mobile office. When the client hosts behind the security gateway want to make a secure communication with the ones behind another security gateway in headquarters or another branch office, both security gateways need to establish a VPN tunnel first. Both Intranets of security gateways have their own subnet and the "Site to Site" tunnel scenario is used. "Site" means a subnet of client hosts. Scenario Description Both Initiator and Responder of IPSec tunnel must have a “Static IP” or a “FQDN” for "Site to Site" scenario. Any peer gateway can be worked as an Initiator or a Responder of the IPSec VPN tunnel. Two phases (IKE and IPSec) to negotiate for establishing an IPSec VPN tunnel with pre‐shared key and optional X‐Auth account / password. Parameter Setup Example For Network‐A at HQ Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in ...
Page 242 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Network‐A. Use default value for those parameters that are not mentioned in these 5 tables. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec Configuration Path [IPSec]‐[Tunnel Configuration] ■ Enable Tunnel Tunnel Name s2s‐101 WAN 1 Interface Tunnel Scenario Site to Site Always on Operation Mode Configuration Path [IPSec]‐[Local & Remote Configuration] Local Subnet 10.0.76.0 Local Netmask 255.255.255.0 Disable Full Tunnel Remote Subnet 10.0.75.0 255.255.255.0 Remote Netmask 118.18.81.33 Remote Gateway [IPSec]‐[Authentication] Configuration Path IKE+Pre‐shared Key 12345678 Key Management ...
Page 243 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IPSec Proposal Definition is same for both peers. Use the default ones in the setup example and they are not shown in followings. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel s2s‐201 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode [IPSec]‐[Local & Remote Configuration] Configuration Path ...
Page 244 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. resources in the Intranet of Network‐A at HQ in a secured link. Dynamic VPN Tunnel Scenario Business Security Gateway can ignore IP information of clients when using Dynamic VPN, so it is suitable for users to build VPN tunnels with Business Security Gateway from a remote mobile site. Remote peer is a site will be indicated in the negotiation packets, including what remote subnet is. It must be noted that the remote peer has to initiate the tunnel establishing process first in this application scenario. ...
Page 245 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Description Dynamic VPN is suitable for the Initiator being a mobile site or a mobile device with a dynamic IP, only the Responder has a “Static IP” or a “FQDN”. Two phases (IKE and IPSec) to negotiate for establishing an IPSec VPN tunnel with pre‐shared key and optional X‐Auth account / password. Parameter Setup Example For Network‐A at HQ Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network‐A. Use default value for those parameters that are not mentioned in these 5 tables. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel dvpn‐101 Tunnel Name WAN 1 Interface Dynamic VPN Tunnel Scenario Always on Operation Mode [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.76.0 Local Subnet 255.255.255.0 Local Netmask [IPSec]‐[Authentication] Configuration Path ...
Page 246 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Use default value for those parameters that are not mentioned in these 5 tables. Please also note that the authentication parameters of both peers must match each other to complete the authentication process successfully, and it is just for an example here. In addition, Negotiation Mode and X‐Auth in "IKE Phase" configuration window should be also matched on both peers. And there is at least one proposal entity in IKE Proposal Definition and at least one proposal entity in IPSec Proposal Definition are the same for both peers. Use the default ones in the setup example and they are not shown in followings. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel dvpn‐201 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode ■ Enable ...
Page 247 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. (or FQDN:www.abc.com) for WAN interface. However, Network‐B is in the mobile office and the subnet of its Intranet is 10.0.75.0/24. The security gateway for Network‐B has a dynamic IP address of 118.18.81.33 for WAN interface or private IP address of 10.253.253.1 in Cellular Network Establish an IPSec VPN tunnel with "Dynamic VPN" scenario by starting from the mobile site. So both Intranets of 10.0.75.0/24 and 10.0.76.0/24 can securely communicate each other. Finally, the client hosts in the Intranet of Network‐B at mobile office can access the server or database resources in the Intranet of Network‐A at HQ with a secured link. That means, the security gateway in headquarters supports "Dynamic VPN" function and then you, as a mobile user, can access its Intranet resources from remote side with a secured link; even your device is not on a fixed IP address. ...
Page 248 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing The security gateway can be located at branch office or mobile office. When the client hosts behind the security gateway want to make a secure communication with the ones behind another security gateway in headquarters or another branch office, both security gateways need establish a VPN tunnel first. Both Intranets of security gateways have their own subnet and the "Site to Site" tunnel scenario is used. "Site" means a subnet of client hosts. Moreover, since the "Full Tunnel" feature is enabled at branch office site, all packet flows will go through the established VPN tunnel between both sites, including the HQ resource accessing and regular Internet accessing. Scenario Description Both Initiator and Responder of IPSec tunnel must have a “Static IP” or a “FQDN” for "Site to Site" scenario. ...
Page 249 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Network‐A. Use default value for those parameters that are not mentioned in these 5 tables. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec Configuration Path [IPSec]‐[Tunnel Configuration] ■ Enable Tunnel Tunnel Name s2s‐101 WAN 1 Interface Tunnel Scenario Site to Site Always on Operation Mode Configuration Path [IPSec]‐[Local & Remote Configuration] Local Subnet 10.0.76.0 Local Netmask 255.255.255.0 Disable Full Tunnel Remote Subnet 10.0.75.0 255.255.255.0 Remote Netmask 118.18.81.33 Remote Gateway [IPSec]‐[Authentication] Configuration Path IKE+Pre‐shared Key 12345678 Key Management ...
Page 250 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. And there is at least one proposal entity in IKE Proposal Definition and at least one proposal entity in IPSec Proposal Definition is same for both peers. Use the default ones in the setup example and they are not shown in followings. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec Configuration Path [IPSec]‐[Tunnel Configuration] ■ Enable Tunnel s2s‐201 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode Configuration Path ...
Page 251 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. through the established VPN tunnel. That means, the security gateway in branch office supports "Full Tunnel" feature and the client hosts behind it can access not only the server or database resources in the Intranet of Network‐A at HQ, but also the Internet in a secured connection. The HQ gateway controls and secures the IP networking request flows from the branch office. ...
Page 252 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IPSec Setting The IPSec Setting allows user to create and configure IPSec tunnels. Before you proceed ensure that the VPN is enabled and saved. To enable VPN, go to Security > VPN > Configuration tab. Go to Security > VPN > IPSec tab. Enable IPSec Configuration Window Item Value setting Description Unchecked by IPsec Click the Enable box to enable IPSec function. default NetBIOS over Unchecked by Click the Enable box to enable NetBIOS over IPSec function. IPSec default Unchecked by NAT Traversal Click the Enable box to enable NAT Traversal function. default The specified value will limit the maximum number of simultaneous IPSec Max. Concurrent 16 is set by default tunnel connection. The default value can be different for the purchased IPSec Tunnels model. Save N/A Click Save to save the settings Undo N/A ...
Page 253 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When Add/Edit button is applied, a series of configuration screens will appear. They are Tunnel Configuration, Local & Remote Configuration, Authentication, IKE Phase, IKE Proposal Definition, IPSec Phase, and IPSec Proposal Definition. You have to configure the tunnel details for both local and remote VPN devices. Tunnel Configuration Window ...
Page 254 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Select Hub for a Hub role in the IPSec design. Select Spoke for a Spoke role in the IPSec design. Note: Hub and Spoke are available only for Site‐to‐Site VPN tunneling specified in Tunnel Scenario. It is not available for Dynamic VPN tunneling application. There are three available operation modes. Always On, Failover, Load Balance. Failover/ Always Define whether the IPSec tunnel is a failover tunnel function or an Always on tunnel. Note: If this IPSec is a failover tunneling, you will need to select a primary IPSec tunnel from which to failover to. 1. A Must fill setting Load Balance Define whether the IPSec tunnel connection will take part in Operation Mode 2. Alway on is load balance function of the gateway. You will not need to select with WAN selected by default interface as the system will automatically utilize the available WAN interfaces to balance traffic loads. For more details on WAN Load Balance, refer to Load Balance Usage in this manual. On gateway’s web‐based utility, go to Basic Network > WAN > Load Balance tab. Note: Failover and Load Balance functions are not available for Dynamic VPN specified in Tunnel Scenario. 1. A Must fill setting Encapsulation Select the Encapsulation Protocol from the dropdown box for this IPSec 2. ESP is selected by Protocol tunnel. Available encapsulations are ESP and AH. default Check the Enable box to enable Keep alive function. 1. Unchecked by Select Ping IP to keep live and enter the IP address to ping. default Enter the ping time interval in seconds. Keep alive 2. 30s is set by Value Range: 30 ~ 999 seconds. default ...
Page 255 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Local & Remote Configuration Window Item Value setting Description Specify the Local Subnet IP address and Subnet Mask. Click the Add or Delete button to add or delete a Local Subnet. Note_1: When Dynamic VPN option in Tunnel Scenario is selected, there A Must fill setting Local Subnet List will be only one subnet available. Note_2: When Host‐to‐Site or Host‐to‐Host option in Tunnel Scenario is selected, Local Subnet will not be available. Note_3: When Hub and Spoke option in Hub and Spoke is selected, there will be only one subnet available. Click Enable box to enable Full Tunnel. Unchecked by Full Tunnel Note: Full tunnel is available only for Site‐to‐Site specified in Tunnel default Scenario. Remote Subnet Specify the Remote Subnet IP address and Subnet Mask. A Must fill setting List Click the Add or Delete button to add or delete Remote Subnet setting. 1. A Must fill setting. 2. Format can be a Remote Gateway Specify the Remote Gateway. ipv4 address or FQDN Authentication Configuration Window ...
Page 256 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Select User Name for Local ID and enter the username. The username may include but can’t be all numbers. Select FQDN for Local ID and enter the FQDN. Select User@FQDN for Local ID and enter the User@FQDN. Select Key ID for Local ID and enter the Key ID (English alphabet or number). Specify the Remote ID for this IPSec tunnel to authenticate. Selected User Name for Remote ID and enter the username. The username may include but can’t be all numbers. Select FQDN for Local ID and enter the FQDN. Remote ID An optional setting Select User@FQDN for Remote ID and enter the User@FQDN. Select Key ID for Remote ID and enter the Key ID (English alphabet or number).. Note: Remote ID will be not available when Dynamic VPN option in Tunnel Scenario is selected. IKE Phase Window Item Value setting Description Specify the IKE version for this IPSec tunnel. Select v1 or v2 1. A must fill setting Note: IKE versions will not be available when Dynamic VPN option in IKE Version 2. v1 is selected by Tunnel Scenario is selected, or AH option in Encapsulation Protocol is default selected. Main Mode is set by Specify the Negotiation Mode for this IPSec tunnel. Select Main Mode or Negotiation Mode default default Aggressive Mode. Specify the X‐Auth role for this IPSec tunnel. Select Server, Client, or None.
Page 257 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Note: X‐Auth Client will not be available for Dynamic VPN option selected in Tunnel Scenario. 1. Unchecked by default Click Enable box to enable DPD function. Specify the Timeout and Delay Dead Peer 2. Default Timeout time in seconds. Detection (DPD) 180s and Value Range: 0 ~ 999 seconds for Timeout and Delay. Delay 30s 1. A Must fill setting Phase1 Key Life Specify the Phase1 Key Life Time. 2. Default 3600s Time Value Range: 30 ~ 86400. 3. Max. 86400s IKE Proposal Definition Window Item Value setting Description Specify the Phase 1 Encryption method. AES‐ auto/AES128/AES192/AES256/DES/3DES Specify the Authentication method. IKE Proposal None/MD5/SHA1/SHA2‐256/SHA2‐512 A Must fill setting Definition Specify the DH Group None/Group1/ Group2/ Group5/ Group14/ Group15/ Group16/ Group17/ Group18/ Check Enable box to enable this setting ...
Page 258 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3. Max. 86400s IPSec Proposal Definition Window Item Value setting Description Specify the Encryption method None/AES‐auto/AES128/AES192/AES256/DES/3DES Specify Authentication method IPSec Proposal None/MD5/SHA1/SHA2‐256/SHA2‐512 A Must fill setting Definition Specify the PFS Group None/Group1/ Group2/ Group5/ Group14/ Group15/ Group16/ Group17/ Group18/ Click Enable to enable this setting Save N/A Click Save to save the settings Undo N/A Click Undo button to cancel the settings Back N/A Click Back button to return to the previous page. Manual Key Management When the Manually option is selected for Key Management as described in Authentication Configuration Window, a series of configuration windows for Manual IPSec Tunnel configuration will ...
Page 259 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Item Value setting Description Select Key Management from the dropdown box for this IPSec tunnel. In this section Manually is the option selected. Key Management A Must fill setting For IKE+Pre‐shared Key and IKE+X.509 option, please refer to the table in previous 5 pages where key management is described. Specify the Local ID for this IPSec tunnel to authenticate. Local ID An optional setting Select the Key ID for Local ID and enter the Key ID (English alphabet or number). Specify the Remote ID for this IPSec tunnel to authenticate. Remote ID An optional setting Select Key ID for Remote ID and enter the Key ID (English alphabet or number). Local & Remote Configuration Window Item Value setting Description Local Subnet A Must fill setting Specify the Local Subnet IP address and Subnet Mask. Local Netmask A Must fill setting Specify the Local Subnet Mask. Remote Subnet A Must fill setting Specify the Remote Subnet IP address Remote Netmask A Must fill setting Specify the Remote Subnet Mask. 1. A Must fill setting ...
Page 260 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Manual Proposal Window Item Value setting Description Specify the Outbound SPI for this IPSec tunnel. Outbound SPI Hexadecimal format Value Range: 0 ~ FFFF. Specify the Inbound SPI for this IPSec tunnel. Inbound SPI Hexadecimal format Value Range: 0 ~ FFFF. Specify the Encryption Method and Encryption key Available encryption methods are DES/3DES/AES128/AES192/AES256 1. A Must fill setting The key length for DES is 16, 3DES is 48, AES128 is 32, AES192 is 48, Encryption 2. Hexadecimal AES256 is 64. format Note: When AH option in Encapsulation is selected, encryption will not be available. Specify the Authentication Method and Authentication key Available encryptions are None/MD5/SHA1/SHA2‐256 1. A Must fill setting Enter the key string (String length by the method which choose) Authentication 2. Hexadecimal The key length for MD5 is 32, SHA1 is 40, SHA2‐256 is 64. format Note: When AH option in Encapsulation Protocol is selected, None option in Authentication will not be available. Save N/A Click Save to save the settings Undo N/A Click Undo button to cancel the settings ...
Page 261 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Tunnel Configuration Window Item Value setting Description Unchecked by Tunnel Check the Enable box to activate the Dynamic IPSec VPN tunnel default 1. A Must fill setting Enter a tunnel name. Enter a name that is easy for you to identify. Tunnel Name 2. String format can Value Range: 1 ~ 19 characters. be any text 1. A Must fill setting Interface 2. WAN 1 is selected Select WAN interface on which IPSec tunnel is to be established. by default 1. A Must fill setting Tunnel Scenario 2. Dynamic VPN is The IPSec tunneling scenario is fixed to Dynamic VPN. selected by default 1. A Must fill setting The available operation mode is Always On. Failover and Load Balance Operation Mode 2. Alway on is options are not available for the Dynamic IPSec scenario. selected by default 1. A Must fill setting Encapsulation Select the Encapsulation Protocol from the dropdown box for this IPSec 2. ESP is selected by Protocol tunnel. Available encapsulations are ESP and AH. default ...
Page 262 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Authentication Configuration Window Item Value setting Description 1. A Must fill setting Select Key Management from the dropdown box for this IPSec tunnel. Key Management 2. Pre‐shared Key 8 IKE+Pre‐shared Key: user needs to set a key (Min. 8 characters). to 32 characters. Specify the Local ID for this IPSec tunnel to authenticate. Select User Name for Local ID and enter the username. The username may include but can’t be all numbers. Local ID An optional setting Select FQDN for Local ID and enter the FQDN. Select User@FQDN for Local ID and enter the User@FQDN. Select Key ID for Local ID and enter the Key ID (English alphabet or number). Specify the Remote ID for this IPSec tunnel to authenticate. Selected User Name for Remote ID and enter the username. The username may include but can’t be all numbers. Select FQDN for Local ID and enter the FQDN. Remote ID An optional setting Select User@FQDN for Remote ID and enter the User@FQDN. Select Key ID for Remote ID and enter the Key ID (English alphabet or number).. Note: Remote ID will be not available when Dynamic VPN option in Tunnel Scenario is selected. For the rest IKE Phase, IKE Proposal Definition, IPSec Phase, and IPSec Proposal Definition settings, they are the same as that of creating an IPSec Tunnel described in previous section. Please refer to the related description. ...
Page 263: Pptp
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.1.5 PPTP The Point‐to‐Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. The PPTP specification does not describe encryption or authentication features and relies on the Point‐to‐Point Protocol being tunneled to implement security functionality. However, the most common ...
Page 264 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPTP VPN Server Scenario Scenario Application Timing The Scenario diagram illustrates the security gateway 1 at headquarter playing the PPTP VPN server role. The PPTP tunnel is established by starting from PPTP client, the Security Gateway 2 in Network‐B or the mobile device, like notebook. All client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established PPTP tunnel. Usually, these hosts at PPTP client peer access the Internet directly via the ...
Page 265 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. For Network‐A at HQ, following 3 tables list the parameter configuration for above example diagram of PPTP VPN server in Network‐A. Use default value for those parameters that are not mentioned in these tables. [PPTP]‐[Configuration] Configuration Path ■ Enable PPTP Server Client/Server [PPTP]‐[PPTP Server Configuration] Configuration Path ■ Enable PPTP Server 192.168.101.253 Server Virtual IP IP Pool Starting Address 10 (that means 192.168.101.10) 50 IP Pool Ending Address (that means 192.168.101.50) Authentication Protocol MS‐CHAP ■ Enable 128 bits MPPE Encryption [PPTP]‐[User Account Configuration] Configuration Path 1 ID User‐1 User‐2 User Name 1234 4321 Password ■ Enable ■...
Page 266 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPTP VPN Client Scenario Scenario Application Timing Above diagram illustrates the Security Gateway 2 or the mobile device playing the PPTP VPN client role. The PPTP tunnel is established by the PPTP client making the tunnel connection request initiation and the Security Gateway 1 in Network‐A of headquarters serves as the PPTP VPN server responding to the request. Once the tunnel has been established, all client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established PPTP tunnel. Usually, these hosts at PPTP client peer access the Internet directly via the WAN interface of Security Gateway 2. Only the packets whose destination is ...
Page 267 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Description PPTP Tunneling is a Client and Server based tunneling technology. The PPTP Server must have a Static IP or a FQDN, and maintain a Client list (account / password). The Client may be a mobile user or mobile site, and requesting the PPTP tunnel connection with its account / password. PPTP protocol is used for establishing a PPTP VPN tunnel. The PPTP Client’s “Default Gateway/Remote Subnet” setting determines how the Internet traffic from PPTP client site is handled. Parameter Setup Example For Network‐B at Mobile Office Following 3 tables list the parameter configuration for above example diagram of PPTP VPN client in Network‐B. Use default value for those parameters that are not mentioned in these tables. [PPTP]‐[Configuration] Configuration Path ■ Enable PPTP Client Client/Server ...
Page 268 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. However, Network‐B is in the mobile office and the subnet of its Intranet is 10.0.75.0/24. The security gateway for Network‐B has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a PPTP client. The PPTP client uses "User‐1" user account to dial in the PPTP server at HQ for establishing a PPTP VPN tunnel. So both Intranets of 10.0.75.0/24 and 10.0.76.0/24 can securely communicate each other. Finally, the client hosts in the Intranet of Network‐B at mobile office can access the server or database resources in the Intranet of Network‐A at HQ in a secured link. However, if the "Default Gateway/Remote Subnet" parameter in the Security Gateway 2 is configured to "Default Gateway", the Internet accessing of PPTP Client peer also go through the established PPTP VPN tunnel, and the Security Gateway 1 can control the accessing as same as the HQ resource accessing. Please be noted the "Default Gateway/Remote Subnet" configuration item. There are two options, "Default ...
Page 269 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPTP Setting The PPTP setting allows user to create and configure PPTP tunnels. Before you proceed, ensure that the VPN is enabled and saved. To enable VPN, go to Security > VPN > Configuration tab. Go to Security > VPN > PPTP tab. Enable PPTP Enable PPTP Window Item Value setting Description Unchecked by PPTP Click the Enable box to activate PPTP function. default Specify the role of PPTP. Select Server or Client role your gateway will take. Client/Server A Must fill setting Below are the configuration windows for PPTP Server and for Client. Save N/A Click Save button to save the settings As a PPTP Server The gateway supports up to a maximum of 10 PPTP user accounts. When Server in the Client/Server field is selected, the PPTP server configuration window will appear. ...
Page 270 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPTP Server Configuration Window Item Value setting Description Unchecked by PPTP Server Check the Enable box to enable PPTP server role of the gateway. default 1. A Must fill setting Specify the PPTP server Virtual IP address. The virtual IP address will serve Server Virtual IP 2. Default is as the virtual DHCP server for the PPTP clients. Clients will be assigned a 192.168.0.1 virtual IP address from it after the PPTP tunnel has been established. This is the PPTP server’s Virtual IP DHCP server. User can specify the first IP IP Pool Starting 1. A Must fill setting address for the subnet from which the PPTP client’s IP address will be Address 2. Default is 10 assigned. This is the PPTP server’s Virtual IP DHCP server. User can specify the last IP IP Pool Ending 1. A Must fill setting address for the subnet from which the PPTP client’s IP address will be Address 2. Default is 100 assigned. 1. A Must fill setting Select single or multiple Authentication Protocols for the PPTP server with Authentication 2. Unchecked by which to authenticate PPTP clients. Available authentication protocols are Protocol default PAP/CHAP/MS‐CHAP/MS‐CHAPv2. Specify whether to support MPPE Protocol. Click the Enable box to enable MPPE and from dropdown box to select 40 bits/56 bits/128 bits. ...
Page 271 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. User Account List Window Item Value setting Description This is the PPTP authentication user account entry. You can create and add accounts for remote clients to establish PPTP VPN connection to the gateway device. Max.of 10 user Click Add button to add user account. Enter User name and password. User Account List accounts Then check the enable box to enable the user. Click Save button to save new user account. The selected user account can permanently be deleted by clicking the Delete button. As a PPTP Client When select Client in Client/Server, a series PPTP Client Configuration will appear. PPTP Client Configuration Item Value setting Description Unchecked by PPTP Client Check the Enable box to enable PPTP client role of the gateway. default Save N/A Click Save button to save the settings. Undo N/A Click Undo button to cancel the settings. ...
Page 272 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPTP Client Configuration Window Item Value setting Description Tunnel Name A Must fill setting Enter a tunnel name. Enter a name that is easy for you to identify. 1. A Must fill setting Select WAN interface on which PPTP tunneling is to be established. Interface 2. WAN1 is selected by default 1. A Must fill setting There are three available operation modes. Always On, Failover, Load 2. Alwasy on is Balance. selected by default Failover/ Always Define whether the PPTP client is a failover tunnel function or an always on tunnel. Note: If this PPTP is a failover tunneling, you will need to select a primary IPSec tunnel from which to failover to. Operation Mode Load Balance Define whether the PPTP tunnel connection will take part in load balance function of the gateway. You will not need to select which WAN interface as the system will automatically utilize the available WAN interfaces to balance traffic loads. For more details on WAN Load Balance, refer to Load Balance Usage in this manual. On gateway’s web‐based utility, go to Basic Network > WAN & Uplink > Load Balance tab. 1. A Must fill setting. Enter the public IP address or the FQDN of the PPTP server. 2. Format can be a Remote IP/FQDN ipv4 address or FQDN Username A Must fill setting Enter the Username for this PPTP tunnel to be authenticated when ...
Page 273 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. connect to PPTP server. A Must fill setting Enter the Password for this PPTP tunnel to be authenticated when connect Password to PPTP server. A Must fill setting Specify a gateway for this PPTP tunnel to reach PPTP server. If the gateway uses its gateway IP address to connect to the internet to Default Gateway / connect to the PPTP server then select Default Gateway, otherwise, Remote Subnet specified a subnet and its netmask –the remote subnet, if the default gateway is not used to connect to the PPTP server. The Remote Subnet format must be IP address/netmask (e.g. 10.0.0.2/24). 1. A Must fill setting Specify one ore multiple Authentication Protocol for this PPTP tunnel. Authentication 2. Unchecked by Available authentication methods are PAP/CHAP/MS‐CHAP/MS‐CHAPv2 Protocol default 1. Unchecked by Specify whether PPTP server supports MPPE Protocol. Click the Enable box default to enable MPPE. MPPE Encryption 2. an optional setting Note: when MPPE Encryption is enabled, the Authentication Protocol PAP/CHAP options will not be available. 1. Unchecked by Check the Enable box to enable NAT function for this PPTP tunnel. NAT before default Tunneling 2. an optional setting Auto is set by default Specify the LCP Echo Type for this PPTP tunnel. Auto, User‐defined, ...
Page 274: L2Tp
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.1.7 L2TP Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy. This Gateway can behave as a L2TP server and a L2TP client both at the same time. Deploy a security gateway for local office and establish a virtual private network with the remote gateway of another office by using L2TP tunneling. So, all client hosts behind local security gateway can make data communication with others behind remote gateway. Or when you are a mobile user with your notebook or carrying along a security gateway and you want to access the servers and database in company headquarters (HQ). Moreover, the security gateway in HQ supports the L2TP VPN server function. So you can dial in the HQ gateway and access ...
Page 275 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Above diagram illustrates the security gateway at headquarters playing the L2TP VPN server role. The L2TP tunnel is established by starting from L2TP client, the Security Gateway 2 in Network‐B or the mobile device, like notebook. All client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established L2TP tunnel. Usually, these hosts at L2TP client peer access the Internet directly via the WAN interface of Security Gateway 2. Only the packets whose destination is in the dedicated subnet to Network‐A will be transferred via the L2TP tunnel. Scenario Description L2TP Tunneling is a Client and Server based tunneling technology. ...
Page 276 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [L2TP]‐[User Account Configuration] Configuration Path 1 ID User‐1 User‐2 User Name 1234 4321 Password ■ Enable ■ Enable Account Scenario Operation Procedure In above diagram, Network‐A is in the headquarters, and the subnet of its Intranet is 10.0.76.0/24. The security gateway for Network‐A has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN interface. It serves as a L2TP server. However, Network‐B is in the mobile office and the subnet of its Intranet is 10.0.75.0/24. The security gateway for Network‐B has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a L2TP client. L2TP server provides two user accounts, User‐1 and User‐2, for L2TP clients dialing in. Establish a L2TP VPN tunnel by starting from the L2TP client site. So both Intranets of 10.0.75.0/24 and 10.0.76.0/24 can securely communicate each other. Finally, the client hosts in the Intranet of Network‐B at mobile office can access the server or database resources in the Intranet of Network‐A at HQ in a secured link. ...
Page 277 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. L2TP VPN Client Scenario Scenario Application Timing Above diagram illustrates the Security Gateway 2 or the mobile device playing the L2TP VPN client role. The L2TP tunnel is established by the L2TP client making the tunnel connection request initiation and the Security Gateway 1 in Network‐A of headquarters serves as the L2TP VPN server responding to the request. Once the tunnel has been established, all client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established L2TP tunnel. Usually, these hosts at L2TP client peer access the Internet directly via the WAN interface of Security Gateway 2. Only the packets whose destination is in the dedicated subnet to Network‐A will be transferred via the L2TP tunnel. But if L2TP client peer is configured to all packets are delivered via the L2TP tunnel, as shown in the diagram by configuring the L2TP tunnel is ...
Page 278 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. L2TP Tunneling is a Client and Server based tunneling technology. The L2TP Server must have a Static IP or a FQDN, and maintain a Client list (account / password). The Client may be a mobile user or mobile site, and requesting the L2TP tunnel connection with its account / password. L2TP protocol is used for establishing a L2TP VPN tunnel. The L2TP Client’s “Default Gateway/Remote Subnet” setting determines how the Internet traffic from L2TP client site is handled. The L2TP over IPSec is usually used for BYOD devices to establish a secure VPN tunnel between mobile employees and company office. Parameter Setup Example For Network‐B at Mobile Office Following 3 tables list the parameter configuration for above example diagram of L2TP VPN client in Network‐B. Use default value for those parameters that are not mentioned in these tables. [L2TP]‐[Configuration] Configuration Path ■ Enable L2TP Client Client/Server ...
Page 279 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. security gateway for Network‐A has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN interface. It serves as a L2TP server. However, Network‐B is in the mobile office and the subnet of its Intranet is 10.0.75.0/24. The security gateway for Network‐B has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a L2TP client. The L2TP client uses "User‐1" user account to dial in the L2TP server at HQ for establishing a L2TP VPN tunnel. So both Intranets of 10.0.75.0/24 and 10.0.76.0/24 can securely communicate each other. Finally, the client hosts in the Intranet of Network‐B at mobile office can access the server or database resources in the Intranet of Network‐A at HQ in a secured link. However, if the "Default Gateway/Remote Subnet" parameter in the Security Gateway 2 is configured to "Default Gateway", the Internet accessing of L2TP Client peer also go through the established L2TP VPN tunnel, and the Security Gateway 1 can control the accessing as same as the HQ resource accessing. Please be noted that "Default Gateway/Remote Subnet" configuration item. There are two options, "Default ...
Page 280 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. L2TP Setting The L2TP setting allows user to create and configure L2TP tunnels. Before you proceed ensure that the VPN is enabled and saved. To enable VPN, go to Security > VPN > Configuration tab. Go to Security > VPN > L2TP tab. Enable L2TP Enable L2TP Window Item Value setting Description Unchecked by L2TP Click the Enable box to activate L2TP function. default Specify the role of L2TP. Select Server or Client role your gateway will take. Client/Server A Must fill setting Below are the configuration windows for L2TP Server and for Client. Save N/A Click Save button to save the settings As a L2TP Server When select Server in Client/Server, the L2TP server Configuration will appear. ...
Page 281 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. L2TP Server Configuration Item Value setting Description The box is unchecked When click the Enable box L2TP Server by default It will active L2TP server The box is unchecked When click the Enable box. L2TP over IPSec by default It will enable L2TP over IPSec and need to fill in the Pre‐shared Key. Specify the L2TP server Virtual IP Server Virtual IP A Must filled setting It will set as this L2TP server local virtual IP IP Pool Starting Specify the L2TP server starting IP of virtual IP pool A Must filled setting Address It will set as the starting IP which assign to L2TP client IP Pool Ending Specify the L2TP server ending IP of virtual IP pool A Must filled setting Address It will set as the ending IP which assign to L2TP client Specify the Authentication Protocol which this L2TP server allowed. Authentication A Must filled setting Selected PAP/CHAP/MS‐CHAP/MS‐CHAPv2 Protocol ‐>It will set as the authentication protocol which is checked. Specify the MPPE Protocol which this L2TP server allowed. When Click the Enable box ‐>It will enable MPPE MPPE Encryption A Must filled setting ...
Page 282 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. User Account List Item Value setting Description Specify the User Account which allow client to authenticate. Click Add button to add user account. Click Delete button to delete user account. Click Enable button to enable user account. User Account List N/A Specify Username ‐>Fill in the username. Specify Password ‐>Fill in the password Click save button to save user account. As a L2TP Client When select Client in Client/Server, a series L2TP Client Configuration will appear. L2TP Client Configuration Item Setting Value setting Description L2TP Client The box is unchecked When click the Enable box by default It will activate L2TP Client. Save N/A Click the Save button to save the configuration. Undo N/A Click the Undo button to recovery the configuration. ...
Page 283 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit L2TP Client When Add/Edit button is applied a series of configuration screen will appear. L2TP Client Configuration Item Setting Value setting Description When fill in the name Tunnel Name A Must filled setting It will be used to identify it in the tunnel list Define the selected interface to be the used for this L2TP tunnel Select WAN‐1 for this IPSec tunnel using. Interface A Must filled setting (WAN‐1 is available only when WAN‐1 interface is enabled) The same applies to other WAN interfaces (i.e. WAN‐2). 1. A Must fill setting There are three available operation modes. Always On, Failover, Load Operation Mode 2. Alwasy on is Balance. ...
Page 284 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. selected by default Failover/ Always Define whether the L2TP client is a failover tunnel function or an always on tunnel. Note: If this L2TP is a failover tunneling, you will need to select a primary IPSec tunnel from which to failover to. Load Balance Define whether the L2TP tunnel connection will take part in load balance function of the gateway. You will not need to select which WAN interface as the system will automatically utilize the available WAN interfaces to balance traffic loads. For more details on WAN Load Balance, refer to Load Balance Usage in this manual. On gateway’s web‐based utility, go to Basic Network > WAN & Uplink > Load Balance tab. The box is When click the Enable box. L2TP over IPSec unchecked by It will enable L2TP over IPSec and need to fill in the Pre‐shared Key. default Remote LNS Specify the Remote LNS IP/FQDN for this L2TP tunnel. A Must filled setting IP/FQDN Fill in the IP address or FQDN. Specify the Remote LNS Port for this L2TP tunnel. Remote LNS Port A Must filled setting Fill in the value for LNS port. Specify the Username for this L2TP tunnel to authenticate when connect Username A Must filled setting to server. Fill in the string as username. Specify the Password for this L2TP tunnel to authenticate when connect to Password A Must filled setting server. The box is Tunneling unchecked by Specify the Tunneling Password for this L2TP tunnel to authenticate. ...
Page 285 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Selected Disable ‐>Disable LCP Echo and it will be not available. Service Port A Must filled setting Specify the Service Port for this L2TP tunnel to use. The box is When click Enable Tunnel unchecked by It will enable this L2TP tunnel default Save N/A Click the Save button to save the configuration. Undo N/A Click the Undo button to recovery the configuration. Back N/A Click the Back button to return the last page. ...
Page 286: Gre
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.1.9 GRE Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that encapsulate a wide variety of network layer protocols inside virtual point‐to‐point links over an Internet Protocol internetwork. Deploy a security gateway for local office and establish a virtual private network with the remote gateway of another office by using GRE tunneling. So, all client hosts behind local security gateway can make data communication with others behind remote gateway. The most popular scenario is the security gateway is located at a branch office. Employees in the branch office want to use their client ...
Page 287 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. the WAN interface of Security Gateway 2. Only the packets whose destination is in the dedicated subnet to Network‐A will be transferred via the GRE tunnel. Scenario Description GRE Tunneling is similar to IPSec Tunneling, client requesting the tunnel establishment with the server. Both the client and the server must have a Static IP or a FQDN. Any peer gateway can be worked as either a client or a server, even using the same set of configuration rule. GRE Tunneling protocol is used for establishing a GRE VPN tunnel. Parameter Setup Example For Network‐A at HQ Following 2 tables list the parameter configuration for above example diagram of GRE VPN server in Network‐A. Use default value for those parameters that are not mentioned in these tables. [GRE]‐[Configuration] Configuration Path ■ Enable GRE ...
Page 288 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Establish a GRE VPN tunnel by starting from the GRE client site. So both Intranets of 10.0.75.0/24 and 10.0.76.0/24 can communicate each other. Finally, the client hosts in the Intranet of Network‐B at mobile office can access the server or database resources in the Intranet of Network‐A at HQ in a tunnel. GRE Tunnel at Branch Office Scenario Application Timing Above diagram illustrates the security gateway in headquarters playing the GRE client role. In fact, the GRE tunnel establishment can be started from either site. The GRE tunnel is established by starting from GRE client, the Security Gateway 2 in Network‐B. All client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established GRE tunnel. Usually, these hosts at GRE client peer access the Internet directly via the WAN interface of Security Gateway 2. Only the packets whose destination is in the dedicated subnet to Network‐A will be transferred via the GRE tunnel. But if GRE client peer is configured to all packets are delivered via the GRE tunnel, as shown in the diagram by configuring the GRE tunnel is the default gateway at GRE client peer, the Internet accessing packets will be also sent to the Security Gateway 1 in Network‐A and be re‐transferred to the Internet. That means the Internet accessing of GRE Client peer is also controlled by the Security Gateway 1, the LGRE VPN server. ...
Page 289 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Any peer gateway can be worked as either a client or a server, even using the same set of configuration. GRE Tunneling protocol is used for establishing a GRE VPN tunnel. If the GRE server at HQ supports DMVPN Hub function, like Cisco router as the VPN concentrator, the GRE client at branch office can activate the DMVPN spoke function here since it is implemented by GRE over IPSec tunneling. The GRE Client’s “Default Gateway/Remote Subnet” setting determines how the Internet traffic from GRE client site is handled. Parameter Setup Example For Network‐B at Branch Office Following 2 tables list the parameter configuration for above example diagram of GRE VPN server in Network‐B. Use default value for those parameters that are not mentioned in these tables. [GRE]‐[Configuration] Configuration Path ■ Enable GRE ...
Page 290 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Security Gateway 1. So both Intranets of 10.0.75.0/24 and 10.0.76.0/24 can communicate each other. Finally, the client hosts in the Intranet of Network‐B at branch office can access the server or database resources in the Intranet of Network‐A at HQ in a tunnel. However, if the "Default Gateway/Remote Subnet" parameter in the Security Gateway 2 is configured to "Default Gateway", the Internet accessing of GRE Client peer also go through the established GRE VPN tunnel, and the Security Gateway 1 can control the accessing as same as the HQ resource accessing. ...
Page 291 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. GRE Setting The GRE setting allows user to create and configure GRE tunnels. Before you proceed, ensure that the VPN is enabled and saved. To enable VPN, go to Security > VPN > Configuration tab. Go to Security > VPN > GRE tab. Enable GRE Enable GRE Window Item Value setting Description Unchecked by GRE Tunnel Click the Enable box to enable GRE function. default It specifies the maximum number of simultaneous GRE tunnel 1. 32 is set by default Max. Concurrent connections. 2. Max. of 32 GRE Tunnels Note: The maximum supported tunnels can be different for the purchased connections gateway. Save N/A Click Save button to save the settings Undo N/A Click Undo button to cancel the settings Create/Edit GRE tunnel When Add/Edit button is applied, a GRE Rule Configuration screen will appear. ...
Page 292 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. GRE Rule Configuration Window Item Value setting Description Tunnel Name A Must fill setting Enter a tunnel name. Enter a name that is easy for you to identify. 1. A Must fill setting Select WAN interface on which GRE tunnel is to be established. Interface 2. WAN 1 is selected by default There are three available operation modes. Always On, Failover, Load Balance. Failover/ Always Define whether the GRE tunnel is a failover tunnel function or an Always on tunnel. Note: If this GRE is a failover tunneling, you will need to select a primary GRE tunnel from which to failover to. 1. A Must fill setting Load Balance Define whether the GRE tunnel connection will take part in Operation Mode 2. Alway on is load balance function of the gateway. You will not need to select with WAN selected by default interface as the system will automatically utilize the available WAN interfaces to balance traffic loads. For more details on WAN Load Balance, refer to Load Balance Usage in this manual. On gateway’s web‐based utility, go to Basic Network > WAN & Uplink > Load Balance tab. Note: Failover and Load Balance functions are not available for Dynamic VPN specified in Tunnel Scenario. ...
Page 293 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Tunnel IP An Optional setting Enter the Tunnel IP address. Enter the Remote IP address of remote GRE tunnel gateway. Normally this Remote IP A Must fill setting is the public IP address of the remote GRE gateway. Key An Optional setting Enter the Key for the GRE connection. 1. A Must fill setting TTL Specify TTL hop‐count value for this GRE tunnel. 2. 1 to 255 range 1. Unchecked by Check the Enable box to enable Keep alive function. Keep alive default Select Ping IP to keep live and enter the IP address to ping. 2. 5s is set by default Enter the ping time interval in seconds. Specify a gateway for this GRE tunnel to reach GRE server. If the gateway uses its gateway IP address to connect to the internet to Default Gateway / connect to the GRE server then select Default Gateway, otherwise, A Must fill setting Remote Subnet specified a subnet and its netmask –the remote subnet, if the default gateway is not used to connect to the GRE server. The Remote Subnet format must be IP address/netmask (e.g. 10.0.0.2/24). Unchecked by Specify whether the gateway will support DMVPN Spoke for this GRE DMVPN Spoke default tunnel. Check Enable box to enable DMVPN Spoke. 2. Pre‐shared Key 8 Enter a DMVPN spoke authentication Pre‐shared Key. IPSec Pre‐shared to 32 character ...
Page 294: Openvpn
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.1.b OpenVPN OpenVPN is an application that implements virtual private network (VPN) techniques for creating secure point‐to‐point or site‐to‐site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. OpenVPN allows peers to authenticate each other using a Static Key (pre‐shared key) or certificates. When used in a multi‐client‐server configuration, it allows the server to release an authentication certificate ...
Page 295 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. As shown in the diagram, the M2M‐IoT Gateway is configured as an OpenVPN TUN Client, and connects to an OpenVPN UN Server. Once the OpenVPN TUN connection is established, the connected TUN client will be assigned a virtual IP (10.8.0.2) which is belong to a virtual subnet that is different to the local subnet in Control Center. With such connection, the local networked devices will get a virtual IP 10.8.0.x if its traffic goes through the OpneVPN TUN connection when Redirect Internet Traffic settings is enabled; Besides, the SCADA Server in Control Center can access remote attached serial device(s) with the virtual IP address (10.8.0.2). ...
Page 296 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Open VPN Setting Go to Security > VPN > OpenVPN tab. The OpenVPN setting allows user to create and configure OpenVPN tunnels. Enable OpenVPN Enable OpenVPN and select an expected configuration, either server or client, for the gateway to operate. Configuration Item Value setting Description OpenVPN The box is unchecked by Check the Enable box to activate the OpenVPN function. default Server/ Server Configuration is When Server is selected, as the name indicated, server configuration will ...
Page 297 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. As an OpenVPN Server If Server is selected, an OpenVPN Server Configuration screen will appear. OpenVPN Server Configuration window can let you enable the OpenVPN server function, specify the virtual IP address of OpenVPN server, when remote OpenVPN clients dial in the and the authentication protocol. OpenVPN Server Configuration Item Value setting Description OpenVPN The box is unchecked by Click the Enable to activate OpenVPN Server functions. Server default. Protocol 1. A Must filled setting Define the selected Protocol for connecting to the OpenVPN Server.
Page 298 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required.  Select TCP , or TCP /UDP 2. By default TCP is selected. ‐> The TCP protocol will be used to access the OpenVPN Server, and Port will be set as 4430 automatically.  Select UDP ‐> The UDP protocol will be used to access the OpenVPN Server, and Port will be set as 1194 automatically. Port 1. A Must filled setting Specify the Port for connecting to the OpenVPN Server. 2. By default 4430 is Value Range: 1 ~ 65535. set. Tunnel 1. A Must filled setting Specify the type of Tunnel Scenario for connecting to the OpenVPN Server. Scenario 2. By default TUN is It can be TUN for TUN tunnel scenario, or TAP for TAP tunnel scenario. selected. Authorization 1. A Must filled setting Specify the authorization mode for the OpenVPN Server. ...
Page 299 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. the connected OpenVPN clients. Note: Gateway will be available only when TAP is chosen in Tunnel Device, and DHCP‐Proxy Mode is unchecked (disabled). Netmask By default ‐ select one ‐ Specify the Netmask setting for the OpenVPN server. It will be assigned to is selected. the connected OpenVPN clients. Value Range: 255.255.255.0/24 (only support class C) Note_1: Netmask will be available when TAP is chosen in Tunnel Device, and DHCP‐Proxy Mode is unchecked (disabled). Note_2: Netmask will also be available when TUN is chosen in Tunnel Device. Redirect ...
Page 300 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When Advanced Configuration is selected, an OpenVPN Server Advanced Configuration screen will appear. OpenVPN Server Advanced Configuration Item Value setting Description TLS Cipher 1. A Must filled setting. Specify the TLS Cipher from the dropdown list. 2. TLS‐RSA‐WITH‐ It can be TLS‐RSA‐WITH‐AES128‐SHA / TLS‐DHE‐DSS‐AES256‐SHA / TLS‐ AES128‐SHA is selected DHE‐DSS‐AES128‐SHA / TLS‐RSA‐WITH‐AES256‐SHA / TLS‐RSA‐WITH‐RC4‐ by default MD5 / None. Note: TLS Cipher will be available only when TLS is chosen in Authorization Mode. ...
Page 301 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Fragment 2. The value is 1500 by Value Range: 0 ~ 1500. default Note: Tunnel UDP Fragment will be available only when UDP is chosen in Protocol. Tunnel UDP 1. An Optional setting. Check the Enable box to activate the Tunnel UDP MSS‐Fix Function. MSS‐Fix 2. The box is unchecked Note: Tunnel UDP MSS‐Fix will be available only when UDP is chosen in by default. Protocol. CCD‐Dir 1. An Optional setting. Specify the CCD‐Dir Default File. Default File 2. String format: any text Value Range: 0 ~ 256 characters. Client 1. An Optional setting. Specify the Client Connection Script.
Page 302 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. As an OpenVPN Client If Client is selected, an OpenVPN Client List screen will appear. When Add button is applied, OpenVPN Client Configuration screen will appear. OpenVPN Client Configuration window let you specify the required parameters for an OpenVPN VPN client, such as "OpenVPN Client Name", "Interface", "Protocol", "Tunnel Scenario", "Remote IP/FQDN", "Remote Subnet", "Authorization Mode", "Encryption Cipher", "Hash Algorithm" and tunnel activation. OpenVPN Client Configuration Item Value setting Description ...
Page 303 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. OpenVPN Client A Must filled setting The OpenVPN Client Name will be used to identify the client in the tunnel Name list. Value Range: 1 ~ 32 characters. Interface 1. A Must filled Define the physical interface to be used for this OpenVPN Client tunnel. setting 2. By default WAN‐1 is selected. Protocol 1. A Must filled Define the Protocol for the OpenVPN Client.  Select TCP setting 2. By default TCP is ‐>The OpenVPN will use TCP protocol, and Port will be set as 443 selected. automatically.  Select UDP ‐> The OpenVPN will use UDP protocol, and Port will be set as 1194 automatically. Port 1. A Must filled Specify the Port for the OpenVPN Client to use. Value Range: 1 ~ 65535. setting 2. By default 443 is ...
Page 304 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Key will be displayed. Local Endpoint IP A Must filled setting Specify the Local Endpoint IP Address. Address Note: Local Endpoint IP Address will be available only when Static Key is chosen in Authorization Mode. Remote Endpoint A Must filled setting Specify the Remote Endpoint IP Address. IP Address Note: Remote Endpoint IP Address will be available only when Static Key is chosen in Authorization Mode. Static Key A Must filled setting Specify the Static Key. Note: Static Key will be available only when Static Key is chosen in Authorization Mode. Encryption Cipher By default Blowfish Specify the Encryption Cipher. is selected. It can be Blowfish/AES‐256/AES‐192/AES‐128/None. Hash Algorithm By default SHA‐1 is Specify the Hash Algorithm.
Page 305 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When Advanced Configuration is selected, an OpenVPN Client Advanced Configuration screen will appear. OpenVPN Advanced Client Configuration Item Value setting Description TLS Cipher 1. A Must filled setting. Specify the TLS Cipher from the dropdown list. 2. TLS‐RSA‐WITH‐ It can be TLS‐RSA‐WITH‐AES128‐SHA / TLS‐DHE‐DSS‐AES256‐SHA / TLS‐ AES128‐SHA is selected DHE‐DSS‐AES128‐SHA / TLS‐RSA‐WITH‐AES256‐SHA / TLS‐RSA‐WITH‐ by default RC4‐MD5 / None. Note: TLS Cipher will be available only when TLS is chosen in Authorization Mode. ...
Page 306 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Note: User Name will be available only when TLS is chosen in Authorization Mode. Bridge TAP to By default VLAN 1 is Specify the setting of “Bridge TAP to” to bridge the TAP interface to a selected certain local network interface or VLAN. Note: Bridge TAP to will be available only when TAP is chosen in Tunnel Scenario and NAT is unchecked. Firewall The box is unchecked Check the box to activate the Firewall Protection function. Protection ...
Page 307: Firewall
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.3 Firewall The firewall functions include Packet Filters, URL Blocking, Web Content Filters, MAC Control, Application Filters, IPS and some firewall options. The supported function can be different for the purchased gateway. 9.3.1 Firewall Configuration Enable Firewall check box will activate all firewall functions. The firewall configuration allows user to enable or disable all functions including Packet Filters, URL Blocking, Web Content Filters, MAC Control, Application Filters, IPS, and Firewall Options. Go to Security > Firewall > Configuration Tab. ...
Page 308: Packet Filter
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.3.3 Packet Filter "Packet Filter" function can let you define some filtering rules for incoming and outgoing packets. So the gateway can control what packets are allowed or blocked to pass through it. A packet filter rule should indicate from and to which interface the packet enters and leaves the gateway, the source and destination IP addresses, and destination service port type and port number. In addition, the time schedule to which the rule will be active. Packet Filter with White List Scenario Scenario Application Timing When the administrator of the gateway wants to allow only specific packets through the gateway, he can use the "Packet Filters" function to carry out to allow specific packets by defining the white list as shown in above diagram. Certainly, when the administrator wants to deny only specific packets from going through, he can use the "Packet Filters" function by defining the black list to carry out to meet the requirement. It is contrasting to above diagram. Scenario Description To only allow dedicated packets that match to one packet filtering rule to flow through the gateway and block other packets that are not defined in the “Packet Filter Rule List” entry. ...
Page 309 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "Packet Filters" enabling. Use default value for those parameters that are not mentioned in the tables. [Packet Filter]‐[Configuration] Configuration Path ■ Enable Packet Filters Deny all to pass except those match the following rules. Black List / White List [Packet Filter]‐[Packet Filter Rule List] Configuration Path 1 ID Access 80 Access 443 Rule Name IP Range: 10.0.75.200 ~ 10.0.75.250 IP Range: 10.0.75.200 ~ 10.0.75.250 Source IP Specific IP Address: 0.0.0.0 Specific IP Address: 0.0.0.0 Destination IP User‐defined Service: 80 ~ 80 User‐defined Service: 443 ~ 443 Destination Port TCP Protocol ■ Enable ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface, 118.18.81.33 for WAN‐...
Page 310 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Packet Filter Setting The packet filter setting allows user to create and customize packet filter policies to allow or reject specific inbound/outbound packets through the router based on their office setting. Go to Security > Firewall > Packet Filter Tab. Enable Packet Filter Enabling Packet Filters Item Name Value setting Description The box is unchecked by Packet Filter Check the Enable box to activate Packet Filter function default When Deny those match the following rules is selected, as the name Deny those match the Black List / suggest, packets specified in the rules will be blocked –black listed. In following rules is set by ...
Page 311 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Packet Filter Rules The gateway allows you to customize your packet filtering rules. It supports up to a maximum of 20 filter rule sets. When Add button is applied, Packet Filter Rule Configuration screen will appear. Packet Filter Rule Configuration Item Name Value setting Description 1. String format can be Enter a packet filter rule name. Enter a name that is easy for you to Rule Name any text remember. 2. A Must filled setting Define the selected interface to be the packet‐entering interface of the router. If the packets to be filtered are coming from LAN to WAN then ...
Page 312 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2. By default Any is router. If the packets to be filtered are entering from LAN to WAN then selected select WAN for this field. Or VLAN‐1 to WAN then select WAN for this field. Other examples are VLAN‐1 to VLAN‐2. VLAN‐1 to WAN. Select Any to filter packets leaving the router from any interfaces. Please note that two identical interfaces are not accepted by the router. i.e. VLAN‐1 to VLAN‐1. This field is to specify the Source IP address. Select Any to filter packets coming from any IP addresses. Select Specific IP Address to filter packets coming from an IP address. 1. A Must filled setting Select IP Range to filter packets coming from a specified range of IP Source IP 2. By default Any is address. selected Select IP Address‐based Group to filter packets coming from a pre‐defined group. Note: group must be pre‐defined before this option become available. Refer to Object Definition > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. This field is to specify the Destination IP address. Select Any to filter packets that are entering to any IP addresses. Select Specific IP Address to filter packets entering to an IP address entered in this field. Select IP Range to filter packets entering to a specified range of IP address 1. A Must filled setting entered in this field. Destination IP 2. By default Any is Select IP Address‐based Group to filter packets entering to a pre‐defined selected group selected. Note: group must be pre‐defined before this selection become available. Refer to Object Definition > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. This field is to specify the Source MAC address. Select Any to filter packets coming from any MAC addresses. ...
Page 313 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. known Service is selected, otherwise select User‐defined Service and specify a port range. Then for Destination Port, select a predefined port dropdown box when Well‐known Service is selected, otherwise select User‐defined Service and specify a port range. For Protocol, select UDP to filter UDP packets Then for Source Port, select a predefined port dropdown box when Well‐ known Service is selected, otherwise select User‐defined Service and specify a port range. Then for Destination Port, select a predefined port dropdown box when Well‐known Service is selected, otherwise select User‐defined Service and specify a port range. For Protocol, select GRE to filter GRE packets For Protocol, select ESP to filter ESP packets For Protocol, select SCTP to filter SCTP packets For Protocol, select User‐defined to filter packets with specified port number. Then enter a pot number in Protocol Number box. Apply Time Schedule to this rule, otherwise leave it as Always. Time Schedule A Must filled setting If the dropdown list is empty ensure Time Schedule is pre‐configured. Refer to Object Definition > Scheduling > Configuration tab The box is unchecked by Rule Click Enable box to activate this rule then save the settings. default. Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings When the Back button is clicked the screen will return to the Packet Filters Back N/A Configuration page. ...
Page 314: Url Blocking
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.3.5 URL Blocking "URL Blocking" function can let you define blocking or allowing rules for incoming and outgoing Web request packets. With defined rules, gateway can control the Web requests containing the complete URL, partial domain name, or pre‐defined keywords. For example, one can filter out or allow only the Web requests based on domain input suffixes like .com or .org or keywords like “bct” or “mpe”. An URL blocking rule should specify the URL, partial domain name, or included keywords in the Web requests from and to the gateway and also the destination service port. Besides, a certain time schedule can be applied to activate the URL Blocking rules during pre‐defined time interval(s). The ...
Page 315 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the administrator of the gateway wants to block the Web requests with some dedicated patterns, he can use the "URL Blocking" function to block specific Web requests by defining the black list as shown in above diagram. Certainly, when the administrator wants to allow only the Web ...
Page 316 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. URL Blocking Setting The URL Blocking setting allows user to create and customize URL blocking policies to allow or reject http packets with specific keyword, domain name, or URL. In "URL Blocking" page, there are three configuration windows. They are the "Configuration" window, "URL Blocking Rule List" window, and "URL Blocking Rule Configuration" window. The "Configuration" window can let you activate the URL blocking function and specify to black listing or to white listing the packets defined in the "URL Blocking Rule List" entry. In addition, log alerting can be enabled to record on‐going events for any disallowed Web request packets. Refer to "System Status" in "6.1.1 System Related" section in this user manual for how to view recorded log. The "URL Blocking Rule List" window lists all your defined URL blocking rule entry. And finally, the "URL Blocking Rule Configuration" window can let you define URL blocking rules. The parameters in a rule include the rule name, the Source IP or MAC, the URL/Domain Name/Keyword, the destination service ports, the integrated time schedule rule and the rule activation. Go to Security > Firewall > URL Blocking Tab. Enable URL Blocking Configuration Item Value setting ...
Page 317 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit URL Blocking Rules The Gateway supports up to a maximum of 20 URL blocking rule sets. Ensure that the URL Blocking is enabled before we can create blocking rules. When Add button is applied, the URL Blocking Rule Configuration screen will appear. URL Blocking Rules Configuration Item Value setting Description 1. String format can be any Specify an URL Blocking rule name. Enter a name that is easy for you to Rule Name text understand. 2. A Must filled setting This field is to specify the Source IP address.  Select Any to filter packets coming from any IP addresses.  Select Specific IP Address to filter packets coming from an IP address entered in this field.  Select IP Range to filter packets coming from a specified range of IP Source IP 1. A Must filled setting 2. Any is set by default address entered in this field.  Select IP Address‐based Group to filter packets coming from a pre‐ defined group selected. Note: group must be pre‐defined before this option become available. Refer to Object Definition > Grouping > Host ...
Page 318 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. selection become available. Refer to Object Definition > Grouping > Host grouping. Specify URL, Domain Name, or Keyword list for URL checking. 1. A Must filled setting  In the Black List mode, if a matched rule is found, the packets will be URL / Domain 2. Supports up to a Name / maximum of 10 Keywords dropped.  In the White List mode, if a matched rule is found, the packets will be Keyword in a rule by using the delimiter “;”. accepted and the others which don’t match any rule will be dropped. This field is to specify the Destination Port number.  Select Any to filter packets going to any Port.  Select Specific Service Port to filter packets going to a specific Port entered in Destination 1. A Must filled setting Port 2. Any is set by default this field.  Select Port Range to filter packets going to a specific range of Ports entered in this field. Apply a specific Time Schedule to this rule, otherwise leave it as (0) Always. Time A Must filled setting If the dropdown list is empty ensure Time Schedule is pre‐configured. Refer to Schedule Rule Object Definition > Scheduling > Configuration tab. ...
Page 319: Mac Control
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.3.9 MAC Control "MAC Control" function allows you to assign the accessibility to the gateway for different users based on device’s MAC address, including wired hosts or WiFi stations. MAC Control with Black List Scenario Scenario Application Timing When the administrator of the gateway wants to reject some client hosts with specific MAC addresses in the Intranet to connect to the gateway, he can use the "MAC Control" function to carry out to reject by defining the black list as shown in above diagram. Certainly, when the administrator wants to allow only the client hosts with dedicated MAC addresses to connect to the gateway, he can use the "MAC Control" function by defining the white list to carry out to meet the requirement. It is contrasting to above diagram. ...
Page 320 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "MAC Control" enabling. Use default value for those parameters that are not mentioned in the tables. [MAC Control]‐[Configuration] Configuration Path ■ Enable MAC Control Allow all to pass except those match the following rules. Black List / White List ■ Enable Log Alert [MAC Control]‐[MAC Control Rule List] Configuration Path ID Block JP NB Rule Name 20:6A:6A:6A:6A:6B MAC Address ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface, 118.18.81.33 for WAN‐...
Page 321 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. MAC Control Setting The MAC control setting allows user to create and customize MAC address policies to allow or reject packets with specific source MAC address. Before you proceed, ensure that the Firewall is enabled and saved. Go to Security > Firewall > Configuration tab. Go to Security > Firewall > MAC Control Tab. Enable MAC Control Enabling MAC Control Item Value setting Description The box is unchecked by MAC Control Check the Enable box to activate the MAC filter function default When Deny MAC Address Below is selected, as the name suggest, packets Black List / Deny MAC Address specified in the rules will be blocked –black listed. In contrast, with Allow White List Below is set by default MAC Address Below, you can specifically white list the packets to pass and the rest will be blocked. The box is unchecked by Log Alert Check the Enable box to activate Event Log. default Known MAC Select a MAC Address from LAN Client List. Click the Copy to to copy the from LAN PC N/A selected MAC Address to the filter rule. List Save N/A ...
Page 322 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit MAC Control Rules The gateway supports up to a maximum of 20 filter rule sets. Ensure that the MAC Control is enabled before we can create control rules. When Add button is applied, Filter Rule Configuration screen will appear. MAC Control Rule Configuration Item Value setting Description 1. String format can be Enter a MAC Control rule name. Enter a name that is easy for you to Rule Name any text remember. 2. A Must fill setting 1. MAC Address string MAC Address (Use: to Format Specify the Source MAC Address to filter rule. Compose) 2. A Must fill setting Apply Time Schedule to this rule, otherwise leave it as Always. 1. A Must filled setting. Time 2. (0) Always is selected If the dropdown list is empty ensure Time Schedule is pre‐configured. Schedule by default Refer to Object Definition > Scheduling > Configuration tab. The box is unchecked by Click the Enable box to activate this rule. Enable default. Save ...
Page 323: Ips
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.3.d IPS Intrusion Prevention System (IPS) is network security appliances that monitor network and/or system activities for malicious activity. The main functions of IPS are to identify malicious activity, log information about this activity, attempt to block/stop it and report it. You can enable the IPS function and check the listed intrusion activities when needed. There are some intrusion prevention items need a further Threshold parameter to work properly for intrusion detection. You can enable the log alerting so that system will record Intrusion events when corresponding intrusions are detected. ...
Page 324 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. web‐based utility of Gateway, so remote users or unknown users can request those services from the gateway. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "IPS" enabling. Use default value for those parameters that are not mentioned in the tables. [IPS]‐[Configuration] Configuration Path ■ Enable ISP ■ Enable Log Alert [IPS]‐[Intrusion Prevention] Configuration Path ■ Enable 300 Packets/second SYN Flood Defense ■ Enable 200 Packets/second Port Scan Detection ■ Enable Block IP Spoof ■ Enable Block TCP Flag Scan Scenario Operation Procedure In above diagram, the gateway detects incoming packets which TCP ports are 25, 80,110,443 and 8080 then forward to transfer the E‐mail service requests to the LAN servers and send the replies from LAN servers back to the requester. System will block lots of packets in seconds. ...
Page 325 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IPS Setting The Intrusion Prevention System (IPS) setting allows user to customize intrusion prevention rules to prevent malicious packets. Go to Security > Firewall > IPS Tab. Enable IPS Firewall Configuration Item Value setting Description The box is unchecked by IPS Check the Enable box to activate IPS function default The box is unchecked by Log Alert Check the Enable box to activate Event Log. default Save N/A Click Save to save the settings Undo N/A ...
Page 326 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Intrusion Prevention Item Value setting Description SYN Flood Click Enable box to activate this intrusion prevention rule and 1. A Must filled setting Defense enter the traffic threshold in this field. 2. The box is unchecked by default. UDP Flood 3. Traffic threshold is set to 300 by Click Enable box to activate this intrusion prevention rule and Defense default enter the traffic threshold in this field. 4. The value range can be from 10 to ICMP Flood Click Enable box to activate this intrusion prevention rule and Defense 10000. enter the traffic threshold in this field. 1. A Must filled setting 2. The box is unchecked by default. Port Scan 3. Traffic threshold is set to 200 by Click Enable box to activate this intrusion prevention rule and Defection default enter the traffic threshold in this field. 4. The value range can be from 10 to 10000. Block Land Attack Block Ping of Death ...
Page 327 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Block Traceroute Block Fraggle Attack 1. A Must filled setting 2. The box is unchecked by default. ARP Spoofing 3. Traffic threshold is set to 300 by Click Enable box to activate this intrusion prevention rule and Defence default enter the traffic threshold in this field. 4. The value range can be from 10 to 10000. Save NA Click Save to save the settings Undo NA Click Undo to cancel the settings ...
Page 328: Options
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.3.f Options There are some useful functions in this page. First, “Stealth Mode” lets gateway not to respond to port scans from the WAN so that makes it less susceptible to discovery and attacks on the Internet. Second, ”SPI” enables gateway to record the packet information like IP address, port address, ACK, SEQ number and so on while they pass through the router. And the gateway checks every incoming packet to detect if this packet is valid. Third, “Discard Ping from WAN” makes any host on the WAN side can`t ping this product. It means this device won`t reply any ICMP packet from Internet. And finally, “Remote Administrator Hosts” enables only the LAN users to browse the web‐based utility to perform administration task locally. This feature also enables you to perform administration task also from a remote host. If this feature is enabled, only the specified IP address ...
Page 329 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "SPI" enabling. [Options]‐[Firewall Options] Configuration Path ■ Enable SPI Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.200 for WAN interface. It serves as a NAT router. Activate the SPI feature at the Gateway. Users in Network‐A initiate to access cloud server through Gateway. Sometimes, unknown users will simulate the Packet but use different Src IP to masquerade. System will block such packets from unknown users. Discard Ping from WAN and Remote Administrator Hosts Scenario ...
Page 330 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Description Enable the Discard Ping from WAN function to prevent security leak when local users surf the internet. Following tables list the parameter configuration as an example for the gateway in above diagram. [Options]‐[Firewall Options] Configuration Path ■ Enable Discard Ping from WAN ■ Enable HTTPS , ANY : 8080 Remote Administrator Hosts Please disable “SPI” Function. Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.200 for WAN interface. It serves as a NAT router. Activate the features at the Gateway. Remote users can’t get response via Ping Utility, but can access the web‐based utility of Gateway via port 8080 of TCP. ...
Page 331 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Firewall Options Setting The firewall options setting allows network administrator to modify the behavior of the firewall and to enable Remote Router Access Control. Go to Security > Firewall > Options Tab. Enable Firewall Options Firewall Options Item Value setting Description The box is unchecked by Stealth Mode Check the Enable box to activate the Stealth Mode function default. The box is checked by SPI Check the Enable box to activate the SPI function default. Discard Ping The box is unchecked by Check the Enable box to activate the Discard Ping from WAN function from WAN default. Define Remote Administrator Host The router allows network administrator to manage router remotely. The network administrator can assign specific IP address and service port to allow accessing the router. ...
Page 332 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Remote Administrator Host Definition Item Value setting Description Protocol HTTP is set by default Select HTTP or HTTPS method for router access. This field is to specify the remote host to assign access right for remote access. Select Any IP to allow any remote hosts IP A Must filled setting Select Specific IP to allow the remote host coming from a specific subnet. An IP address entered in this field and a selected Subnet Mask to compose the subnet. 1. 80 for HTTP by default Service Port 2. 443 for HTTPS by This field is to specify a Service Port to HTTP or HTTPS connection. default Enabling the The box is unchecked by Click Enable box to activate this rule. rule default. Save N/A Click Enable box to activate this rule then save the settings. Undo N/A Click Undo to cancel the settings ...
Page 333: Chapter B Administration
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter b Administration b.1 Configure & Manage Configure & Manage refers to enterprise‐wide administration of distributed systems including (and commonly in practice) computer systems. Centralized management has a time and effort trade‐off that is related to the size of the company, the expertise of the IT staff, and the amount of technology being used. This device supports many system management protocols, such as Command Script, TR‐069, SNMP, and Telnet with CLI. You can setup those configurations in the "Configure & Manage" section. b.1.1 Command Script Command script configuration is the application that allows administrator to setup the pre‐defined configuration in plain text style and apply configuration on startup. Go to Administration > Command Script > Configuration Tab. Enable Command Script Configuration ...
Page 334 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Configuration Item Value setting Description The box is unchecked by Configuration Check the Enable box to activate the Command Script function. default Edit/Backup Plain Text Command Script You can edit the plain text configuration settings in the configuration screen as above. Plain Text Configuration Item Value setting Description Clean NA Clean text area. (You should click Save button to further clean the configuration already saved in the system.) Backup NA Backup and download configuration. Save NA Save configuration ...
Page 335 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The supported plain text configuration items are shown in the following list. For the settings that can be executed with standard Linux commands, you can put them in a script file, and apply to the system configure with STARTUP command. For those configurations without corresponding Linux command set to configure, you can configure them with proprietary command set. Configuration Content Key Value Description setting OPENVPN_ENABLED 1 : enable ...
Page 336 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. ICMP request packets to the destination specified in PPP_PING_IPADDR. PPP_PING_IPADDR IP Specify an IP address as the target for sending DNS query/ICMP request. PPP_PING_INTVL seconds Specify the time interval for between two DNS Query or ICMP checking packets. STARTUP Script file For the configurations that can be configured with standard Linux commands, you can put them in a script file, and apply the script file with STARTUP command. For example, STARTUP=#!/bin/sh STARTUP=echo “startup done” > /tmp/demo Plain Text System Configuration with Telnet In addition to the web‐style plain text configuration as mentioned above, the gateway system also allow ...
Page 337: B.1.3 Tr-069
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. b.1.3 TR‐069 TR‐069 (Technical Report 069) is a Broadband Forum technical specification entitled CPE WAN Management Protocol (CWMP). It defines an application layer protocol for remote management of end‐user devices, like this gateway device. As a bidirectional SOAP/HTTP‐based protocol, it provides the communication between customer‐premises equipment (CPE) and Auto Configuration Servers (ACS). The Security Gateway is such CPE. ...
Page 338 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The ACS server can configure, upgrade with latest FW and monitor these gateways. Remote gateways inquire the ACS server for jobs to do in each time period. The ACS server can ask the gateways to execute some urgent jobs. Parameter Setup Example Following tables list the parameter configuration as an example for the Gateway 1 in above diagram with "TR‐069" enabling. Use default value for those parameters that are not mentioned in the tables. [TR‐069]‐[Configuration] Configuration Path ■ Enable TR‐069 ACS URL http://qaamit.acslite.com/cpe.php ACS User Name ACSUserName ACSPassword ACS Password ConnectionRequest Port 8099 ConnReqUserName ConnectionRequest User Name ConnectionRequest Password ConnReqPassword ■ Enable Interval 900 Inform Scenario Operation Procedure In above diagram, the ACS server can manage multiple gateways in the Internet. The "Gateway 1" is one of them and has 118.18.81.33 IP address for its WAN‐1 interface. When all remote gateways have booted up, they will try to connect to the ACS server. Once the connections are established successfully, the ACS server can configure, upgrade with latest FW and monitor these gateways. Remote gateways inquire the ACS server for jobs to do in each time period. If the ACS server needs some urgent jobs to be done by the gateways, it will issue the "Connection Request" ...
Page 339 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. TR‐069 Setting In "TR‐069" page, there is only one configuration window for TR‐069 function. In the window, you must specify the related information for your security gateway to connect to the ACS. Drive the function to work by specifying the URL of the ACS server, the account information to login the ACS server, the service port and the account information for connection requesting from the ACS server, and the time interval for job inquiry. Except the inquiry time, there are no activities between the ACS server and the gateways until the next inquiry cycle. But if the ACS server has new jobs that are expected to do by the gateways urgently, it will ask these gateways by using connection request related information for immediate connection for inquiring jobs and executing. ...
Page 340 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. by default. Standard : the ACS Server is a standard one, which is fully comply with TR‐069. AMIT’s ACS Data Model : Select this data model if you intend to use AMIT’s Cloud ACS Server to managing the deployed gateways. ACS URL A Must filled setting You can ask ACS manager provide ACS URL and manually set ACS Username A Must filled setting You can ask ACS manager provide ACS username and manually set ACS Password A Must filled setting You can ask ACS manager provide ACS password and manually set 1. A Must filled setting ConnectionRequest You can ask ACS manager provide ACS ConnectionRequest Port and 2. By default 8099 is Port manually set set ConnectionRequest You can ask ACS manager provide ACS ConnectionRequest Username A Must filled setting UserName and manually set ConnectionRequest You can ask ACS manager provide ACS ConnectionRequest Password and A Must filled setting Password manually set The box is checked by When the Enable box is checked, the gateway (CPE) will periodicly send Inform default inform message to ACS Server. The value is 900 by Inform Interval ...
Page 341: Snmp
(such as type and description of the variable), are described by Management Information Bases (MIBs). The device supports several public MIBs and one private MIB for the SNMP agent. The supported MIBs are as follow: MIB-II (RFC 1213, Include IPv6), IF-MIB, IP-MIB, TCP-MIB, UDP-MIB, SMIv1 and SMIv2, SNMPv2-TM and SNMPv2-MIB, and AMIB (AMIT Private MIB) SNMP Management Scenario ...
Page 342 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing There are two application scenarios of SNMP Network Management Systems (NMS). Local NMS is in the Intranet and manage all devices that support SNMP protocol in the Intranet. Another one is the Remote NMS to manage some devices whose WAN interfaces are connected together by using a switch or a router with UDP forwarding. If you want to manage some devices and they all have supported SNMP protocol, use either one application scenario, especially the management of devices in the Intranet. In managing devices in the Internet, the TR‐069 is the better solution. Please ...
Page 343 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In above diagram, the NMS server can manage multiple devices in the Intranet or a UDP‐reachable network. The "Gateway 1" is one of the managed devices, and it has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN‐1 interface. It serves as a NAT router. At first stage, the NMS manager prepares related information for all managed devices and records them in the NMS system. Then NMS system gets the status of all managed devices by using SNMP get commands. When the manager wants to configure the managed devices, the NMS system allows him to do that by using SNMP set commands. The "UserName1" account is used if the manager uses SNMPv3 protocol for configuring the "Gateway 1". Only the "UserName1" account can let the "Gateway 1" ...
Page 344 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. SNMP Setting The SNMP allows user to configure SNMP relevant setting which includes interface, version, access control and trap receiver. Go to Administration > Configure & Manage > SNMP tab. Enable SNMP SNMP Item Value setting Description Select the interface for the SNMP and enable SNMP functions. When Check the LAN box. 1.The LAN box is SNMP Enable It will activate SNMP functions and you can access SNMP from LAN side. checked by default When Check the WAN box. It will activate SNMP functions and you can access SNMP from WAN side. Select the version for the SNMP When Check the v1 box. 1.The v1 box is It means you can access SNMP by version 1. Supported ...
Page 345 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Undo N/A Click Undo to cancel the settings Create/Edit Multiple Community The SNMP allows you to custom your access control for version 1 and version 2 user. The router supports up to a maximum of 10 community sets. When Add button is applied, Multiple Community Rule Configuration screen will appear. Multiple Community Rule Configuration Item Value setting Description 1. Read Only is selected by default Specify this version 1 or version v2c user’s community that will be allowed ...
Page 346 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit User Privacy The SNMP allows you to custom your access control for version 3 user. The router supports up to a maximum of 128 User Privacy sets. When Add button is applied, User Privacy Rule Configuration screen will appear. User Privacy Rule Configuration Item Value setting Description User Name 1. A Must filled Specify the User Name for this version 3 user. setting The maximum length of the user name is 32. 2. String format: any text Password ...
Page 347 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Privacy Mode 1. noAuthNoPriv is Specify the Privacy Mode for this version 3 user. selected by default Selected the noAuthNoPriv. You do not use any authentication types and encryption protocols. Selected the authNoPriv. You must specify the Authentication and Password. Selected the authPriv. You must specify the Authentication, Password, Encryption and Privacy Key. Privacy Key 1. String format: any When your Privacy Mode is authPriv, you must specify the Privacy Key for text this version 3 user. The minimum length of the privacy key is 8. The maximum length of the privacy key is 64. Authority 1. Read is selected Specify this version 3 user’s Authority that will be allowed Read Only (GET by default and GETNEXT) or Read‐Write (GET, GETNEXT and SET) access respectively. OID Filter Prefix 1. The default value The OID Filter Prefix restricts access for this version 3 user to the sub‐tree is 1 rooted at the given OID. 2. A Must filled The range of the each OID number is 1‐2080768. setting 3. String format: any legal OID Enable 1.The box is checked Click Enable to enable this version 3 user. by default Save N/A ...
Page 348 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When you selected v2c, the configuration screen is exactly the same as that of v1, except the version. When you selected v3, the configuration screen will provide more setting items for the version 3 Trap. Trap Event Receiver Rule Configuration Item Value setting Description 1. A Must filled setting Specify the trap Server IP. Server IP 2. String format: any The DUT will send trap to the server IP. Ipv4 address 1. String format: any port number Specify the trap Server Port. 2. The default SNMP Server Port You can fill in any port number. But you must ensure the port number is trap port is 162 not to be used. 3. A Must filled setting ...
Page 349 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Select the version for the trap Selected the v1. The configuration screen will provide the version 1 must filled items. 1. v1 is selected by SNMP Version Selected the v2c. default The configuration screen will provide the version 2c must filled items. Selected the v3. The configuration screen will provide the version 3 must filled items. 1. A v1 and v2c Must filled setting Specify the Community Name for this version 1 or version v2c trap. Community Name 2. String format: any The maximum length of the community name is 32. text 1. A v3 Must filled setting Specify the User Name for this version 3 trap. User Name 2. String format: any The maximum length of the user name is 32. text 1. A v3 Must filled When your Privacy Mode is authNoPriv or authPriv, you must specify the setting Password for this version 3 trap. Password 2. String format: any The minimum length of the password is 8. text The maximum length of the password is 64. Specify the Privacy Mode for this version 3 trap. Selected the noAuthNoPriv. 1. A v3 Must filled You do not use any authentication types and encryption protocols. setting Selected the authNoPriv. ...
Page 350 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Undo N/A Click Undo to cancel the settings. Back N/A Click the Back button to return the last page. Edit SNMP Options If you use some particular private MIB, you must fill the enterprise name, number and OID. Options Item Value setting Description 1. The default value is AMIT Specify the Enterprise Name for the particular private MIB. Enterprise Name 2. A Must filled setting The maximum length of the enterprise name is 10. 3. String format: any text The default value is 12823 (AMIT Enterprise Enterprise Specify the Enterprise Number for the particular private MIB. Number) Number The range of the enterprise number is 1‐2080768. 2. A Must filled setting 3. String format: any number 1. The default value is 1.3.6.1.4.1.12823.4.4.9 Specify the Enterprise OID for the particular private MIB. ...
Page 351: Telnet With Cli
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. b.1.7 Telnet with CLI A command‐line interface (CLI), also known as command‐line user interface, and console user interface are means of interacting with a computer program where the user (or client) issues commands to the program in the form of successive lines of text (command lines). The interface is usually implemented with a command line shell, which is a program that accepts commands as text input and converts commands to appropriate operating system functions. Programs with command‐ line interfaces are generally easier to automate via scripting. The device supports both Telnet and SSH (Secure Shell) CLI with default service port 23 and 22, respectively. Telnet & SSH Scenario ...
Page 352 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. privileged user name and password. The data packets between the Local Admin and the Gateway or between the Remote Admin and the Gateway can be plain texts or encrypted texts. Suggest they are plain texts in the Intranet for Local Admin to use "Telnet" utility, and encrypted texts in the Internet for Remote Admin to use "SSH" utility. Parameter Setup Example Following table lists the parameter configuration as an example for the Gateway in above diagram with "Telnet with CLI" enabling at LAN and WAN interfaces. Use default value for those parameters that are not mentioned in the table. Configuration Path [Telnet with CLI]‐[Configuration] LAN: ■ Enable WAN: ■ Enable Telnet with CLI Telnet: Service Port 23 ■ Enable Connection Type SSH: Service Port 22 ■ Enable Scenario Operation Procedure In above diagram, "Local Admin" or "Remote Admin" can manage the "Gateway" in the Intranet or Internet. The "Gateway" is the gateway of Network‐A, and the subnet of its Intranet is 10.0.75.0/24. ...
Page 353 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Telnet with CLI Setting The Telnet with CLI setting allows administrator to access this device through the traditional Telnet program. Before you can telnet (login) to the device, please configure the related settings and password with care. The password management part allows you to set root password for logging telnet and SSH. ...
Page 354 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Configuration Item Value setting Description root 1. String: any text but no Type old password and specify new password to change root password. Note: You are highly recommended to change the default telnet password with blank character yours before the device is deployed. 2. The default password for telnet is ‘m2mamit’. Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings ...
Page 355: System Operation
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. b.3 System Operation System Operation allows the network administrator to manage system, settings such as web‐based utility access password change, system information, system time, system log, firmware/configuration backup & restore, and reset & reboot. b.3.1 Password & MMI Go to Administration > System Operation > Password & MMI tab. Change Password Change password screen allows network administrator to change the web‐based MMI login password to access gateway. Change Password Item Value Setting Description 1. String: any text 2. The default Old Password Enter the current password to enable you unlock to change password. password for web‐ based MMI is ‘admin’. New Password String: any text Enter new password. New Password String: any text ...
Page 356 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. elapsed. The setting allows administrator to enable automatic logout and set the logout idle time. When the login timeout is disabled, the system won’t logout the administrator automatically. Web UI Item Value Setting Description Enter the login trial counting value. If someone tried to login the web GUI with incorrect password for more 3 times is set by Login than the counting value, an warning message “Already reaching default maximum Password‐Guessing times, please wait a few seconds!” will be displayed and ignore the following login trials. The Enable box is Check the Enable box to activate the auto logout function, and specify the Login Timeout unchecked by default maximum idle time as well. Select the protocol that will be used for GUI access. It can be GUI Access http/https is selected http/https, http only, or https only. Protocol ...
Page 357: System Information
The display also shows the current System time. It is particularly useful when firmware has been upgraded and system configuration file has been loaded. Go to Administration > System Operation > System Information tab. System Name Item Value Setting Description 1. an optional item Enter the system name for identification purpose. System Name 2. AMIT is set by It can be the manufacture, or any name for a device deployment. default. System Information Item Value Setting Description It displays the WAN Type of WAN‐1 Interface Internet connection WAN Type N/A configured. ...
Page 358: System Time
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. b.3.5 System Time The gateway provides manually setup and auto‐synchronized approaches for the administrator to setup the system time for the gateway. Go to Administration > System Operation > System Time tab. System Time Information Item Value Setting Description 1. It is an optional item. Select a time zone where this device locates. Time Zone 2. Not yet configured is selected by default. Check the Enable button to activate the time auto‐synchronization 1. Checked by default. function with a certain NTP server. Auto‐ 2. Auto is selected by You can enter the IP or FQDN for the NTP server you expected, or leave it synchronization default. as auto mode so that the available server will be used for time synchronization one by one. 1. It is an optional item. Check the Enable button to activate the daylight saving function. Daylight Saving ...
Page 359 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The first one is “Sync with Timer Server”. Based on your selection of time zone and time server in above time information configuration window, system will communicate with time server by NTP Protocol to get system date and time after you click on the Sync with Timer Server button. Note: Remember to select a correct time zone for the device, otherwise, you will just get the UTC (Coordinated Universal Time) time, not the local time for the device. ...
Page 360: System Log
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. b.3.7 System Log System Log screen contains various event log tools facilitating network administrator to perform local event logging and remote reporting. Go to Administration > System Operation > System Log tab. View & Email Log History View button is provided for network administrator to view log history on the gateway. Email Now button enables administrator to send instant Email for analysis. ...
Page 361 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Web Log List Window Item Value Setting Description Time column N/A It displays event time stamps Log column N/A It displays Log messages Web Log List Button Description Item Value setting Description Previous N/A Click the Previous button to move to the previous page. Next N/A Click the Next button to move to the next page. First N/A Click the First button to jump to the first page. Last N/A Click the Last button to jump to the last page. Download N/A Click the Download button to download log to your PC in tar file format. Clear N/A Click the Clear button to clear all log. Back N/A Click Back button to return to the previous page. ...
Page 362 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Web Log Type Category Setting Window Item Value Setting Description System Checked by default Check to log system events and to display in the Web Log List window. Attacks Checked by default Check to log attack events and to display in the Web Log List window. Drop Checked by default Check to log packet drop events and to display in the Web Log List window. Check to log system login events and to display in the Web Log List Login message Checked by default window. Debug Un‐checked by default Check to log debug events and to display in the Web Log List window. Email Alert Email Alert screen allows network administrator to select the type of event to log and be sent to the destined Email account. Email Alert Setting Window Item Value Setting Description Check Enable box to enable sending event log messages to destined Email Enable Un‐checked by default account defined in the E‐mail Addresses blank space. Select one email server from the Server dropdown box to send Email. If none has been available, click the Add Object button to create an outgoing Server N/A ...
Page 363 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Syslogd Syslogd screen allows network administrator to select the type of event to log and be sent to the designated Syslog server. Syslogd Setting Window Item Value Setting Description Un‐checked by Check Enable box to activate the Syslogd function, and send event logs to a syslog Enable default server Select one syslog server from the Server dropdown box to sent event log to. If none has been available, click the Add Object button to create a system log server. Server N/A You may also add an system log server from the Object Definition > External Server >...
Page 364: Backup & Restore
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. b.3.9 Backup & Restore In the Backup & Restore window, you can upgrade the device firmware when new firmware is available, and also backup / restore the device configuration. In addition to the factory default settings, you can also customize a special configuration setting as a customized default value. With this customized default value, you can reset the device to the expected default setting if needed. ...
Page 365: B.3.B Reboot & Reset
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. b.3.b Reboot & Reset For some special reason or situation, you may need to reboot the gateway or reset the device configuration to its default value. In addition to perform these operations through the Power ON/OFF, or pressing the reset button on the device panel, you can do it through the web GUI too. In the Reboot & Reset window, you can reboot this device by clicking the “Reboot” button, and reset this device to default settings by clicking the “Reset” button. ...
Page 366: Ftp
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. b.5 FTP The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. FTP is built on a client‐server model architecture and uses separate control and data connections between the client and the server. FTP users ...
Page 367: Server Configuration
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. b.5.1 Server Configuration This section allows user to setup the embedded FTP and SFTP server for retrieving the interested fog files. Go to Administration > FTP > Server Configuration tab. Enable FTP Server Configuration Item Value setting Description Check Enable box to activate the embedded FTP Server function. With the FTP Server enabled, you can retrieve or delete the stored log The box is unchecked by FTP files via FTP connection. default. Note: The embedded FTP Server is only for log downloading, so no any write permission is implemented for user file upload to the storage. Specify a port number for FTP connection. The gateway will listen for FTP Port Port 21 is set by default incoming FTP connections on the specified port. 300 seconds is set by Specify the maximum timeout interval for the FTP connection. Supported Timeout default. range is 60 to 7200 seconds. ...
Page 368 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Check the Enable box to activate the support of PASV mode for a FTP PASV Mode Optional setting connection from FTP clients. Port Range of Port 50000 ~ 50031 is Specify the port range to allocate for PASV style data connection. PASV Mode set by default. Auto Report Check the Enable box to activate the support of overriding the IP address External IP in Optional setting advertising in response to the PASV command. PASV Mode ASCII Transfer Check the Enable box to activate the support of ASCII mode data transfers. Optional setting Mode Binary mode is supported by default. FTPS (FTP over Check the Enable box to activate the support of secure connections via Optional setting SSL/TLS) SSL/TLS. Enable SFTP Server ...
Page 369: User Account
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. b.5.3 User Account This section allows user to setup user accounts for logging to the embedded FTP and SFTP server to retrieve the interested fog files. Go to Administration > FTP > User Account tab. Create/Edit FTP User Accounts When Add button is applied, User Account Configuration screen will appear. Configuration Item Value setting Description User Name String : non‐blank string Enter the user account for login to the FTP server. Password String : no blank Enter the user password for login to the FTP server. Directory N/A Select a root directory after user login. ...
Page 370: B.7 Diagnostic
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. b.7 Diagnostic This gateway supports simple network diagnosis tools for the administrator to troubleshoot and find the root cause of the abnormal behavior or traffics passing through the gateway. There can be a Packet Analyzer to help record the packets for a designated interface or specific source/destination host, and another Ping and Tracert tools for testing the network connectivity issues. ...
Page 371 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3. NOTE that File Size can not Size and Unit for the split files. be less than 4 KB Define the interface(s) that Packet Analyzer should work on. At least, one interface is required, but multiple selections are also accepted. The supported interfaces can be:  WAN: When the WAN is enabled at Physical Interface, it can be selected here.  Packet Interfaces ASY: This means the serial communication interface. It is An optional setting used to capture packets appearing in the Field Communication. Therefore, it can only be selected when specific field communication protocol, like Modbus, is enabled.  VAP: This means the virtual AP. When WiFi and VAP are enabled, it can be selected here. Save N/A Click the Save button to save the configuration. Click the Undo button to restore what you just configured back to Undo N/A the previous setting. Once you enabled the Packet Analyzer function on specific Interface(s), you can further specify some filter rules to capture the packets which matched the rules. ...
Page 372 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Capture Fitters Item Value setting Description Filter Optional setting Check Enable box to activate the Capture Filter function. Source MACs Optional setting Define the filter rule with Source MACs, which means the source MAC address of packets. Packets which match the rule will be captured. Up to 10 MACs are supported, but they must be separated with “;”, e.g. AA:BB:CC:DD:EE:FF; 11:22:33:44:55:66 The packets will be captured when match any one MAC in the rule. Source IPs Optional setting Define the filter rule with Source IPs, which means the source IP address of packets. Packets which match the rule will be captured. Up to 10 IPs are supported, but they must be separated with “;”, e.g. 192.168.1.1; 192.168.1.2 The packets will be captured when match any one IP in the rule. Source Ports Optional setting Define the filter rule with Source Ports, which means the source port of packets. Packets which match the rule will be captured. Up to 10 IPs are supported, but they must be separated with “;”, e.g. 80; 53 The packets will be captured when match any port in the rule. Destination MACs Optional setting Define the filter rule with Destination MACs, which means the destination MAC address of packets. ...
Page 373: Diagnostic Tools
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. b.7.3 Diagnostic Tools The Diagnostic Tools provide some frequently used network connectivity diagnostic tools (approaches) for the network administrator to check the device connectivity. Go to Administration > Diagnostic > Diagnostic Tools tab. Diagnostic Tools Item Value setting Description This allows you to specify an IP / FQDN and the test interface, so system Ping Test Optional Setting will try to ping the specified device to test whether it is alive after clicking on the Ping button. A test result window will appear beneath it. command is a network diagnostic tool for displaying Trace route (tracert) the route (path) and measuring transit delays of packets across an IP network. Trace route proceeds until all (three) sent packets are lost for more than twice, then the connection is lost and the route cannot be evaluated. Tracert Test Optional setting First, you need to specify an IP / FQDN, the test interface and the protocol (UDP or ICMP), and by default, it is UDP. ...
Page 374: Chapter D Service
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter d Service d.1 Cellular Toolkit In Cellular Toolkit Service section, the device supports Data Usage, SMS, SIM PIN, USSD, and Network Scan. You can setup these aspects of cellular applications by using embedded 3G/LTE module in the device. d.1.1 Data Usage Most mobile phone users have no unlimited data plan so the telecom charges may exceed the bill upper limit. Data Usage feature can monitor the network traffic and show a simple chart so that users can easily control the condition. ...
Page 375 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When Add button is applied, 3G/4G Data Usage Profile Configuration screen will appear. You can create up to four data usage profiles, one profile for each SIM card used in the Gateway. 3G/4G Data Usage Profile Configuration Item Setting Value setting Description SIM Select 3G/4G‐1 and SIM A by Choose a cellular interface (3G/4G‐1 or 3G/4G‐2), and a SIM card bound to default. the selected cellular interface to configure its data usage profile. Carrier Name It is an optional item. Fill in the Carrier Name for the selected SIM card for identification. Cycle Period Days by default The first box has three types for cycle period. They are Days, Weekly and Monthly. ...
Page 376: Sms
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. d.1.3 SMS Short Message Service (SMS) is a text messaging service component of phone, Web, or mobile communication systems. It uses standardized communications protocols to allow fixed line or mobile 13 phone devices to exchange short text messages. SMS as used on modern handsets originated from radio telegraphy in radio memo pagers using standardized phone protocols. These were defined in 1985 as part of the Global System for Mobile Communications (GSM) series of standards as a means of sending messages of up to 160 characters to ...
Page 377 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. ...
Page 378 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. SMS Summary Show Unread SMS, Received SMS, Remaining SMS, and edit SMS context to send, read SMS from SIM card. SMS Summary Item Value setting Description If SIM card insert to router first time, unread SMS value is zero. When Unread SMS N/A received the new SMS but didn’t read, this value plus one. This value record the existing SMS numbers from SIM card, When received Received SMS N/A the new SMS, this value plus one. This value is SMS capacity minus received SMS, When received the new Remaining SMS N/A SMS, this value minus one. Click New SMS button, a New SMS screen appears. User can set the SMS New SMS N/A setting from this screen. Refer to New SMS in the next page. Click SMS Inbox button, a SMS Inbox List screen appears. User can read or SMS Inbox N/A delete SMS, reply SMS or forward SMS from this screen. Refer to SMS Inbox List in the next page. New SMS You can set the SMS setting from this screen. ...
Page 379 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. New SMS Item Value setting Description Write the receivers to send SMS. User need to add the semicolon and Receivers N/A compose multiple receivers that can group send SMS. Write the SMS context to send SMS. The router supports up to a maximum Text Message N/A of 1023 character for SMS context length. If send SMS OK, result will show Send OK, otherwise Send Failed will be Result N/A displayed. Send N/A Click Send button, SMS will send. SMS Inbox List You can read or delete SMS, reply SMS or forward SMS from this screen. SMS Inbox List Item Value setting Description ID N/A The number or SMS. From Phone N/A What the phone number from SMS Number Timestamp ...
Page 380: Sim Pin
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. d.1.5 SIM PIN Sometimes we will activate a password on mobile phones to prevent other people accessing our phones when phones get lost or stolen. Generally speaking, this password setting can be applied on end devices (e.g. mobile phone) or SIM card. The later one is what we are going to focus at this section. With most cases in the world, users need to insert a SIM card (a.k.a. UICC) into end devices to get on cellular network for voice service or data surfing. The SIM card is usually released by mobile operators or service providers. Each SIM card has a unique number (so‐called ICCID) for network owners or service providers to identify each subscriber. As SIM card plays an important role between ...
Page 381 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Step 1] [Step 2] [Step 3] Step 1: Pres “Unlock” button to unlock a SIM card. Step 2: Enter the correct PIN code, and then press “OK”. Please note an important message “3 attempts remaining” on top of screen. The maximum times of failure trial are 3. If you enter incorrect PIN code for three times, this SIM card will be locked and you can’t try your ...
Page 382 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. SIM PIN Setting With the SIM PIN Function window, it allows you to enable or disable SIM lock (which means protected by PIN code), or change PIN code. You can also see the information of remaining times of failure trials as we mentioned earlier. If you run out of these failure trials, you need to get a PUK code to unlock SIM card. Go to Applications > Mobile Application > SIM PIN Tab Select a SIM Card Configuration Window Item Value setting Description Physical The box is 3G/4G‐1 by Choose a cellular interface (3G/4G‐1 or 3G/4G‐2) to change the SIM PIN Interface default setting for the selected SIM Card. ...
Page 383 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Enable / Change PIN Code Enable or Disable PIN code (password) function, and even change PIN code function. SIM function Window Item Setting Value setting Description SIM lock Depend on SIM card Click the Enable button to activate the SIM lock function. For the first time you want to enable the SIM lock function, you have to fill in the PIN code as well, and then click Save button to apply the setting. Remaining times Depend on SIM card Represent the remaining trial times for the SIM PIN unlocking. Save NA Click the Save button to apply the setting. Change PIN NA Click the Change PIN code button to change the PIN code (password). Code If the SIM Lock function is not enabled, the Change PIN code button is disabled. In the case, if you still want to change the PIN code, you have to enable the SIM Lock function first, fill in the PIN code, and then click the Save button to enable. After that, You can click the Change PIN code button to change the PIN code. ...
Page 384 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Note: If you changed the PIN code for a certain SIM card, you must also change the corresponding PIN code specified in the Basic Network > WAN & Uplink > Internet Setup > Connection with SIM Card page. Otherwise, it may result in wrong SIM PIN trials with invalid (old) PIN code. Unlock with a PUK Code The PUK Function window is only available for configuration if that SIM card is locked by PUK code. It means that SIM card is locked and needs additional PUK code to unlock. Usually it happens after too many trials of incorrect PIN code, and the remaining times in SIM Function table turns to 0. In this situation, you need to contact your service provider and request a PUK code for your SIM card, and try to unlock the locked SIM card with the provided PUK code. After unlocking a SIM card by PUK code successfully, the SIM lock function will be activated automatically. ...
Page 385 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PIN code.  Scenario of activating PIN code on SIM card An operation owner would like to enable SIM lock function with a default PIN code “0000” on a new SIM card. This SIM card was inserted in SIM‐A slot for 3G/4G‐1 WAN connection. Configuration: Configuration Path [Cellular Toolkit]‐[SIM PIN]‐[Configuration] 3G/4G‐1 Physical Interface SIM Status Ready SIM‐A SIM Selection SIM Function [Cellular Toolkit]‐[SIM PIN]‐[SIM Function] Configuration Path Enable, PIN Code: 0000 SIM Lock [Display Remaining Times] Remaining Times  Scenario of changing PIN code on SIM card An operation owner would like to change PIN code from default “0000” to “1234” on a SIM card. This SIM card was inserted in SIM‐A slot for 3G/4G‐1 WAN connection. Configuration: [Cellular Toolkit]‐[SIM PIN]‐[Configuration] Configuration Path 3G/4G‐1 Physical Interface SIM PIN SIM Status SIM‐A SIM Selection SIM Function [Cellular Toolkit]‐[SIM PIN]‐[SIM Function]‐[Change PIN Code] Configuration Path ...
Page 386 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. An operation owner entered incorrect PIN code at configuration page for 3G/4G‐1 WAN, and then it caused that SIM card was locked by PUK code. He called service number, and he was informed the PUK code for his SIM card is “12345678”. Then he tried to unlock that SIM card with that PUK code, and set a new PIN code “5678”. Configuration: [Cellular Toolkit]‐[SIM PIN]‐[Configuration] Configuration Path Physical Interface 3G/4G‐1 SIM PIN SIM Status SIM Selection SIM‐A PUK Function [Service]‐[SIM PIN]‐[PUK Function] Configuration Path PUK Lock PUK Status [Display Remaining Times] Remaining Times 12345678 PUK Code 5678 New PIN Code ...
Page 387: Ussd
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. d.1.7 USSD Unstructured Supplementary Service Data (USSD) is a protocol used by GSM cellular telephones to communicate with the service provider's computers. USSD can be used for WAP browsing, prepaid callback service, mobile‐money services, location‐based content services, menu‐based information 14 services, and as part of configuring the phone on the network. An USSD message is up to 182 alphanumeric characters in length. Unlike Short Message Service (SMS) messages, USSD messages create a real‐time connection during an USSD session. The connection remains open, allowing a two‐way exchange of a sequence of data. This makes USSD more responsive 13 than services that use SMS. In "USSD" page, there are four windows for the USSD function. The "Configuration" window can let you specify which 3G/4G module (physical interface) is used for the USSD function, and system will show which SIM card in the module is the current used one. The second window is the "USSD Profile List" ...
Page 388 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. command for the profile in the third window, the "USSD Profile Configuration". When you want to start the activation of an USSD connection session to the USSD server, select the USSD profile or type in the correct pre‐command, and then click on the "Send" button for the session. The responses from the USSD server will be displayed beneath the "USSD Command" line. When commands typed in the "USSD Command" field are sent, received responses will be displayed in the "USSD Response" blank space. User can communicate with the USSD server by sending USSD commands and getting USSD responses via the gateway. An USSD Session Scenario Scenario Application Timing ...
Page 389 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [USSD]‐[Configuration] Configuration Path 3G/4G‐1 SIM Status: SIM_A Physical Interface [USSD]‐[USSD Profile Configuration] Configuration Path roaming setting Profile Name *135# USSD Command Roaming function Comments [USSD]‐[USSD Request] Configuration Path roaming setting Profile Name *135# USSD Command USSD Response Scenario Operation Procedure In above diagram, the "Vo3G Gateway" is the initiator of an USSD session requesting for data roaming services in ChungHwa mobile operator. First, administrator selects one 3G/4G module as the physical interface of the USSD session. And then, he defines an USSD profile named as "roaming setting" with command "*135#" for further use. In the "USSD Request" window, from the USSD Profile dropdown box select the "roaming setting" profile and the "USSD Command" field shows "*135#". Click on the "Send" button to send out the ...
Page 390 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. USSD Setting The USSD function allow user to send USSD to ISP, then ISP will provide some service for user. Go to Service > Cellular Toolkit > USSD tab. USSD Configuration Configuration Item Value setting Description Choose a cellular interface (3G/4G‐1 or 3G/4G‐2) to configure the USSD Physical The box is 3G/4G‐1 by setting for the connoted cellular service (identified with SIM_A or Interface default. SIM_B). SIM Status N/A Show the connoted cellular service (identified with SIM_A or SIM_B). Create / Edit USSD Profile The cellular gateway allows you to custom your USSD profile. It supports up to a maximum of 35 USSD profiles. When Add button is applied, USSD Profile List Configuration screen will appear. ...
Page 391 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. USSD Profile List Item Value setting Description Profile Name N/A Enter a name for the USSD profile. Enter the USSD command defined for the profile. Normally, it is a command string composed with numeric keypad “0~9”, USSD Command N/A “*”, and “#”. The USSD commands are highly related to the cellular service, please check with your service provider for the details. Comments N/A Enter a brief comment for the profile. Send USSD Request When send the USSD command, the USSD Response screen will appear. When click the Clear button, the USSD Response will disappear. USSD Request Item Value setting Description USSD Profile N/A Select a USSD profile name from the dropdown list. USSD N/A The USSD Command string of the selected profile will be shown here. Command Click the Send button to send the USSD command, and the USSD USSD Response N/A Response screen will appear. You will see the response message of the corresponding service, receive the service SMS. ...
Page 392: Network Scan
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. d.1.9 Network Scan "Network Scan" function can let administrator specify the device how to connect to the mobile system for data communication in each 3G/4G interface. For example, administrator can specify which generation of mobile system is used for connection, 2G, 3G or LTE. Moreover, he can define their connection sequence for the gateway device to connect to the mobile system automatically. Administrator also can scan the mobile systems in the air manually, select the target operator system ...
Page 393 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. the "Network Provider List" window and it appears when the Manually Scan Approach is selected in the Configuration window. By clicking on the "Scan" button and wait for 1 to 3 minutes, the found mobile operator system will be displayed for you to choose. Click again on the "Apply" button to drive system to connect to that mobile operator system for the dedicated 3G/4G interface. Configuration Item Value setting Description Physical The box is 3G/4G‐1 by Choose a cellular interface (3G/4G‐1 or 3G/4G‐2) for the network scan Interface default function. SIM Status N/A Show the connoted cellular service (identified with SIM_A or SIM_B). When Auto selected, the network will be register automatically. If the Auto is selected by Network Type ...
Page 394: Event Handling
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. d.3 Event Handling Event handling is the application that allows administrator to setup the pre‐defined events, handlers, or response behavior with individual profiles. With properly configuring the event management function, administrator can easily and remotely obtain the status and information via the purchased gateway. Moreover, he can also handle and manage some important system related functions, even to the field bus devices and D/O devices which are already well connected to. ...
Page 395 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. advanced useful purposes. For example, sending/receiving remote managing SMS for the gateway’s routine maintaining, the field bus device status monitoring, digital sensors detection controlling, and so on. All of such management and notification function can be realized effectively via the Event Handling feature. The following is the summary lists for the provided profiles, and events:  Profiles (Rules): • SMS Configuration and Accounts • Email Accounts • Digital Input (DI) profiles • Digital Output (DO) profiles • Modbus Managing Event profiles • Modbus Notifying Event profiles  Managing Events: • Trigger Type: SMS, SNMP Trap, and Digital Input (DI). • Actions: Get the Network Status; or Configure the LAN/VLAN behavior, WIFI behavior, NAT ...
Page 396: Configuration
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. d.3.1 Configuration Event handling is the service that allows administrator to setup the pre‐defined events, handlers, or response behavior with individual profiles. Go to Service > Event Handling > Configuration Tab. Enable Event Management Configuration Item Value setting Description Event The box is unchecked by Check the Enable box to activate the Event Management function. Management default Enable SMS Management To use the SMS management function, you have to configure some important settings first. ...
Page 397 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Delete Managed The box is unchecked Check the Enable box to delete the received managing event SMS after it SMS after by default has been processed. Processing Create / Edit SMS Account Setup the SMS Account for managing the gateway through the SMS. It supports up to a maximum of 5 accounts. You can click the Add / Edit button to configure the SMS account. SMS Account Configuration Item Value setting Description Phone 1. Mobile phone number Specify a mobile phone number as the SMS account identifier. Number format 2. A Must filled setting Phone 1. Any text Specify a brief description for the SMS account. Description 2. An Optional setting Application A Must filled setting Specify the application type. It could be Event Trigger, Notify Handle, or both. ...
Page 398 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create / Edit Email Service Account Setup the Email Service Account for event notification. It supports up to a maximum of 5 accounts. You can click the Add / Edit button to configure the Email account. Email Service Configuration Item Value setting Description Email Server ‐‐‐ Option ‐‐‐ Select an Email Server profile from External Server setting for the email account setting. Email 1. Internet E‐mail address Specify the Destination Email Addresses. Addresses format 2. A Must filled setting Enable The box is unchecked by Click Enable box to activate this account. default. Save NA Click the Save button to save the configuration ...
Page 399 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Digital Input (DI) Profile Rule (DI/DO support required) Setup the Digital Input (DI) Profile rules. It supports up to a maximum of 10 profiles. When Add button is applied, the Digital Input (DI) Profile Configuration screen will appear. Digital Input (DI) Profile Configuration Item Value setting Description DI Profile 1. String format Specify the DI Profile Name. Name 2. A Must filled setting Description 1. Any text Specify a brief description for the profile. 2. An Optional setting DI Source ID1 by default Specify the DI Source. It could be ID1 or ID2. The number of available DI source could be different for the purchased product. Normal Level Low by default Specify the Normal Level. It could be Low or High. Signal Active 1. Numberic String format Specify the Signal Active Time. It could be from 1 to 10 seconds. Time 2. A Must filled setting Profile The box is unchecked by Click Enable box to activate this profile setting. ...
Page 400 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Digital Output (DI) Profile Rule (DI/DO support required) Setup the Digital Output (DO) Profile rules. It supports up to a maximum of 10 profiles. When Add button is applied, the Digital Output (DO) Profile Configuration screen will appear. Digital Output (DO) Profile Configuration Item Value setting Description DO Profile 1. String format Specify the DO Profile Name. Name 2. A Must filled setting Description 1. Any text Specify a brief description for the profile. 2. An Optional setting DO Source ID1 by default Specify the DO Source. It could be ID1. Normal Level Low by default Specify the Normal Level. It could be Low or High. Total Signal 1. Numberic String format Specify the Total Signal Period. It could be from 10 to 10000 milliseconds. Period 2. A Must filled setting Repeat & The box is unchecked by Check the Enable box to activate the repeated Digital Output, and specify Counter default. the Repeat times. The Repeat Counter could be from 0 to 9999. Duty Cycle ...
Page 401 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Modbus Notifying Events Profile (Modbus support required) Setup the Modbus Notifying Events Profile. It supports up to a maximum of 10 profiles. You can click the Add / Edit button to configure the profile. Modbus Notifying Events Profile Item Value setting Description Modbus 1. String format Specify the Modbus profile name. Name 2. A Must filled setting Description 1. Any text Specify a brief description for the profile. 2. An Optional setting Read Read Holding Registers by Specify the Read Function for Notifying Events. Function default Modbus Serial by default Specify the Modbus Mode. It could be Serial or TCP. ...
Page 402 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Mode IP 1. NA for Serial on Specify the IP for TCP on Modbus Mode. IPv4 Format. Modbus Mode. 2. A Must filled setting for TCP on Modbus Mode. Port 1. NA for Serial on Specify the Port for TCP on Modbus Mode. It could be from 1 to 65535. Modbus Mode. 2. A Must filled setting for TCP on Modbus Mode. Device ID 1. Numberic String format Specify the Device ID of the modbus device. It could be from 1 to 247. 2. A Must filled setting Register 1. Numberic String format Specify the Register number of the modbus device. It could be from 0 to 2. A Must filled setting 65535. Logic Logic Comparator ‘>’ by Specify the Logic Comparator for Notifying Events. It could be ‘>’, ‘<’, ‘=’, Comparator default. ‘>=’, or ‘<=’. Value 1. Numberic String format Specify the Value. It could be from 0 to 65535. 2. A Must filled setting Enable The box is unchecked by Click Enable box to activate this profile setting. default. Save NA ...
Page 403 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Modbus Managing Events Profile (Modbus support required) Setup the Modbus Managing Events Profile. It supports up to a maximum of 10 profiles. You can click the Add / Edit button to configure the profile. Modbus Managing Events Profile Item Value setting Description Modbus 1. String format Specify the Modbus profile name. Name 2. A Must filled setting Description 1. Any text Specify a brief description for the profile. 2. An Optional setting Write Write Single Registers by Specify the Write Function for Managing Events. Function default Modbus Serial by default Specify the Modbus Mode. It could be Serial or TCP. Mode IP 1. NA for Serial on Specify the IP for TCP on Modbus Mode. IPv4 Format. ...
Page 404 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Modbus Mode. 2. A Must filled setting for TCP on Modbus Mode. Port 1. NA for Serial on Specify the Port for TCP on Modbus Mode. It could be from 1 to 65535. Modbus Mode. 2. A Must filled setting for TCP on Modbus Mode. Device ID 1. Numberic String format Specify the Device ID of the modbus device. It could be from 1 to 247. 2. A Must filled setting Register 1. Numberic String format Specify the Register number of the modbus device. It could be from 0 to 2. A Must filled setting 65535. Value 1. Numberic String format Specify the Value. It could be from 0 to 65535. 2. A Must filled setting Enable The box is unchecked by Click Enable box to activate this profile setting. default. Save NA Click the Save button to save the configuration Undo NA Click the Undo button to restore what you just configured back to the previous setting. ...
Page 405: Managing Events
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. d.3.3 Managing Events Managing Events allow administrator to define the relationship (rule) among event trigger, handlers and response. Go to Service > Event Handling > Managing Events Tab. Enable Managing Events Configuration Item Value setting Description Managing The box is unchecked by Check the Enable box to activate the Managing Events function. Events default Create/Edit Managing Events Rules Setup the Managing Event rules. It supports up to a maximum of 128 rules. When Add button is applied, the Managing Event Configuration screen will appear. Managing Event Configuration Item Value setting Description Event SMS (or SNMP Trap) by Specify the Event type (SMS, SNMP Trap, or DI) and an event identifier / default profile. SMS: Select SMS and fill the message in the textbox to as the trigger condition for the event; SNMP: Select SNMP Trap and fill the message in the textbox to specify ...
Page 406 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. certain Digital Input Event; Note: The available Event Type could be different for the purchased product. Description String format : any text. Enter a brief description for the Managing Event. Action All box is unchecked by Specify Network Status, or at least one rest action to take when the default. expected event is triggered. Network Status: Select Network Status Checkbox to get the network status as the action for the event; LAN&VLAN: Select LAN&VLAN Checkbox and the interested sub‐items (Port link On/Off), the gateway will to change the settings as the action for the event; WiFi: Select WiFi Checkbox and the interested sub‐items (WiFi radio On/Off), the gateway will to change the settings as the action for the event; NAT: Select NAT Checkbox and the interested sub‐items (Virtual Server Rule On/Off, DMZ On/Off), the gateway will to change the settings as the action for the event; Firewall: Select Firewall Checkbox and the interested sub‐items (Remote Administrator Host ID On/Off), the gateway will to change the settings as the action for the event; VPN: Select VPN Checkbox and the interested sub‐items (IPSec Tunnel ON/Off, PPTP Client On/Off, L2TP Client On/Off, OpenVPN Client On/Off), the gateway will to change the settings as the action for the event; GRE: Select GRE Checkbox and the interested sub‐items (GRE Tunnel On/Off), the gateway will to change the settings as the action for the event; System Manage: Select System Manage Checkbox and the interested sub‐ items (WAN SSH Service On/Off, TR‐069 On/Off), the gateway will to change the settings as the action for the event; Administration: Select Administration Checkbox and the interested sub‐ items (Backup Configuration, Restore Configuration, Reboot, Save Current ...
Page 407: Notifying Events
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. d.3.5 Notifying Events Notifying Events Setting allows administrator to define the relationship (rule) between event trigger and handlers. Go to Service > Event Handling > Notifying Events Tab. Enable Notifying Events Notifying Events Item Value setting Description Notifying Events The box is unchecked by Check the Enable box to activate the Notifying Events function. default Create/Edit Notifying Events Rules Setup your Notifying Event rules. It supports up to a maximum of 128 rules. When Add button is applied, the Notifying Event Configuration screen will appear. Notifying Event Configuration Item Value setting Description Event Digital Input (or WAN) by Specify the Event type and corresponding event configuration. The default supported Event Type could be: Digital Input: Select Digital Input and a DI profile you defined to specify a certain Digital Input Event; ...
Page 408 M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. WAN: Select WAN and a trigger condition to specify a certain WAN Event; LAN&VLAN: Select LAN&VLAN and a trigger condition to specify a certain LAN&VLAN Event; WiFi: Select WiFi and a trigger condition to specify a certain WiFi Event; DDNS: Select DDNS and a trigger condition to specify a certain DDNS Event; Administration: Select Administration and a trigger condition to specify a certain Administration Event; Modbus: Select Modbus and a Modbus Notifying Event profile you defined to specify a certain Modbus Event; Data Usage: Select Data Usage, the SIM Card (Cellular Service) and a trigger condition to specify a certain Data Usage Event; Note: The available Event Type could be different for the purchased product. Description String format : any text. Enter a brief description for the Notifying Event. Action All box is unchecked by Specify at least one action to take when the expected event is triggered. default. Digital Output: Select Digital Output checkbox and a DO profile you defined as the action for the event; SMS: Select SMS, and the gateway will send out a SMS to all the defined SMS accounts as the action for the event; Syslog: Select Syslog and select/unselect the Enable Checkbox to as the action for the event; SNMP Trap: Select SNMP Trap, and the gateway will send out SNMP Trap to the defined SNMP Event Receivers as the action for the event; Email Alert: Select Email Alert, and the gateway will send out an Email to the defined Email accounts as the action for the event; ...

This manual is also suitable for:

Idg761am-0p001 Vhg760am-0t001