M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 1 Introduction ........................... 6 1.1 Introduction ............................ 6 1.2 Contents List ............................ 7 1.2.1 Package Contents ........................ 7 1.3 Hardware Configuration ......................... 8 1.4 LED Indication ............................ 9 1.5 Installation Requirement ...................... 10 1.5.1 WARNING ........................... 10 1.5.2 SYSTEM REQUIREMENTS .................... 10 1.6 Hardware Installation ........................ 11 1.6.1 Mount the Unit ........................ 11 1.6.2 Insert the SIM Card ...................... 11 1.6.3 Connecting Power ...................... 12 1.6.4 Connecting to the Network or a Host ................ 13 1.6.5 Setup by Configuring WEB UI .................. 13 Chapter 2 Getting Started .
Page 3
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 3 Basic Network .......................... 52 3.1 WAN .............................. 52 3.1.1 Physical Interface ....................... 53 3.1.3 Internet Setup ........................ 65 3.3 LAN & VLAN ........................... 75 3.3.1 Ethernet LAN ........................ 75 3.7 IPv6 .............................. 76 3.7.1 IPv6 Configuration ...................... 80 3.9 NAT / Bridge .......................... 87 3.9.1 NAT Configuration ...................... 87 3.9.3 Virtual Server & Virtual Computer................. 91 3.9.5 Special AP & ALG ....................... 99 3.9.7 DMZ & Pass Through ...................... 1 06 3.b Routing ............................ 1 09 3.b.1 Static Routing ........................ 1 09 3.b.3 Dynamic Routing ...................... 1 14 ...
Page 4
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.1.h Options .......................... 1 74 5.5 VPN .............................. 1 79 5.5.1 Configuration ........................ 1 79 5.5.3 IPSec ........................... 1 81 5.5.5 PPTP ............................ 2 02 5.5.7 L2TP ............................ 2 15 5.5.9 GRE............................ 2 27 5.5.d OpenVPN ........................... 2 35 5.7 Redundancy ........................... 2 51 ...
Page 5
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 7.d Event Management ......................... 3 31 7.d.1 Configuration ........................ 3 34 7.d.3 Managing Events ......................... 3 40 7.d.5 Notifying Events ........................ 3 42 Chapter 9 System ............................ 3 44 9.1 System Related .......................... 3 44 9.1.1 System Related ......................... 3 44 9.3 Scheduling ............................. 3 52 9.9 External Servers ........................... 3 54 9.b MMI .............................. 3 57 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 1 Introduction 1.1 Introduction Congratulations on your purchase of this outstanding product: M2M Cellular Gateway. For M2M (Machine-to-Machine) applications, AMIT M2M Cellular Gateway is absolutely the right choice. With built-in world-class 3G HSPA+ or 4G LTE module, you just need to insert SIM card from local mobile carrier to get to Internet.
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.2 Contents List 1.2.1 Package Contents #Standard Package Items Description Contents Quantity IDG500AM‐0T001 1 1pcs M2M Cellular Gateway Cellular Antenna 2pcs Power Adapter (DC 5V/2A) 1pcs RJ45 Cable 1pcs Serial Convert Cable 1pcs 1pcs (Manual) ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.3 Hardware Configuration Left View Serial PWR LAN Right View 3G/LTE SIM 1 SIM 2 3G/LTE Antenna Antenna Reset Button ※Reset Button The RESET button provides user with a quick and easy way to resort the default setting. Press the RESET ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.4 LED Indication LED Indication Description Color When the LED color is shown in: Blue: Cellular module is in LTE Mode. Purple: Cellular module is in HSPA/3G Mode. Blue Signal Red: Cellular module is in GSM/2G Mode. Purple LTE/3G When the behavior of LED is: Red Flash (Fast): Signal Strength is 0~30% Flash (Slow, per 1.5~2 second): Signal Strength is 31~60% Steady On: Signal Strength is 61~100% LED Off: Connection is not established. Flash in Blue: Connection is establishing/re‐establishing by SIM 1. Blue Blue steady On: Uplink connection was established by SIM 1. SIM 1/2 Purple Flash alternately in Blue and Purple: Data transfers via cellular connection by SIM 1. Internet Red Flash in Red: Connection is establishing/re‐establishing by SIM 2. Red steady On: Uplink connection was established by SIM 2. ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.5 Installation Requirement 1.5.1 WARNING Do not use the product in high humidity or high temperatures. Only use the power adapter that comes with the package. Using a different voltage rating power adaptor is dangerous and may damage the product.
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.6 Hardware Installation This chapter describes how to install and configure the hardware 1.6.1 Mount the Unit The IDG500AM series can be placed on a desktop, or mounted on the wall. 1.6.2 Insert the SIM Card WARNING: BEFORE INSERTING OR CHANGING THE SIM CARD, PLEASE MAKE SURE THAT POWER OF THE DEVICE IS SWITCHED OFF. The SIM card slots are located at the right side of IDG500 series housing in order to protect the SIM card. You need to unscrew and remove the outer SIM card cover before installing or removing the SIM card. Please follow the instructions to insert or eject a SIM card. After SIM card is well placed, screw back the outer SIM card cover. Step 1: Step 2: Step 3: Loosten the screws as Push the SIM card Push the inserted SIM below and remove ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.6.3 Connecting Power There are a DC converter and a DC5V/2A power adapter in the package for you to easily connect DC power adapter to this terminal block. WARNNING: This commercial‐grade power adapter is mainly for ease of powering up the purchased device while initial configuration. It’s not for operating at wide temperature range environment. PLEASE PREPARE OR PURCHASE OTHER INDUSTRIAL‐GRADE POWER SUPPLY FOR POWERING UP THE DEVICE. 2 The maximum power consumption of IDG500‐0T001 is 5.5W. 12 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1.6.4 Connecting to the Network or a Host The IDG500 series provides one RJ45 port to connect 10/100Mbps Ethernet. It can auto detect the transmission speed on the network and configure itself automatically. Connect one Ethernet cable to the RJ45 port (LAN) of the device and plug another end of the Ethernet cable into your computer’s network port.
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 2 Getting Started 2.1 Wizard Network Setup Wizard Wired Router Network Setup Wizard will guide you through a basic configuration procedure step by step. Step‐2 is to change your login password. Go to Wizard > Network Setup Wizard > Step‐2 Item Value setting Description Old Password 1. String format: any text If you want to change password, Enter the current password in this item. New Password 1. String format: any text Enter the new password. New Password The box is unchecked by Enter the new password to re‐confirm. Confirmation default Exit NA Click the Exit button to cancel Setup Wizard. Back NA Click the Back button to go to the previous step. Next NA Click the Next button to go to the next step. ...
Page 15
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Step‐3 is to change the time zone. Go to Wizard > Network Setup Wizard > Step‐3 Item Value setting Description Time zone list 1. A Must filled setting Select the time zone for the system clock. Detect Again NA Click the Detect Again button to detect the time zone from network. Exit NA Click the Exit button to cancel Setup Wizard. Back NA Click the Back button to go to the previous step. Next NA Click the Next button to go to the next step. Item Value setting Description 1. String format: any text 2. A Must filled setting Rule Name 3. By default Always is selected. 4. The box is unchecked by default. 5. NA 15 ...
Page 16
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Step 4. Internet Connection (WAN Interface Setting) In this step of the Wizard you will be specifying how your router connects to the Internet by selecting the appropriate Physical Interface and WAN Type. For detail settings, refer to the following pages for your required settings. Go to Wizard > Network Setup Wizard > Step 4. WAN interface Step 4. WAN interface Setting Item Value setting Description Here you specify the Physical Interface that connects your router to the Internet. Physical Interface A Must filled setting The type of available Interfaces will depend on the router model. They are normally the Ethernet port and the 3G/4G wireless interface. WAN Type A Must filled setting Choose the WAN type for the selected Physical Interface above. Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next sub‐steps 16 ...
Page 17
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: Ethernet WAN Type: Dynamic IP Address Dynamic IP Settings Item Value setting Description Host Name An optional setting Enter the host name provided by your Service Provider. Enter the MAC address that you have registered with your service provider. Or Click ISP Registered MAC An Optional setting the Clone button to clone your PC’s MAC to this field. Address Usually this is the PC’s MAC address assigned to allow you to connect to Internet. Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step 17 ...
Page 18
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: Ethernet WAN Type: Static IP Address Static IP Settings Item Value setting Description WAN IP Address A Must filled setting Enter the WAN IP address given by your Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider Primary DNS A Must filled setting Enter the primary WAN DNS IP address given by your Service Provider Secondary DNS Optional setting Enter the secondary WAN DNS IP address given by your Service Provider Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step 18 ...
Page 19
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: Ethernet WAN Type: PPP over Ethernet PPPoE Settings Item Value setting Description PPPoE Account A Must filled setting Enter the PPPoE User Name provided by your Service Provider. PPPoE Password A Must filled setting Enter the PPPoE password provided by your Service Provider. Primary DNS A Must filled setting Enter the IP address of Primary DNS server. Secondary DNS Optional setting Enter the IP address of Secondary DNS server. Service Name Optional setting Enter the service name if your ISP requires it Assigned IP Address Optional setting Enter the IP address assigned by your Service Provider. Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step 19 ...
Page 20
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: Ethernet WAN Type: PPTP PPTP Settings Item Value setting Description Select either Static or Dynamic IP address for PPTP Internet connection. When Static IP Address is selected, you will need to enter the WAN IP Address, WAN Subnet Mask, and WAN Gateway. WAN IP Address (A Must filled setting): Enter the WAN IP address given by your Service Provider. IP Mode A Must filled setting WAN Subnet Mask (A Must filled setting): Enter the WAN subnet mask given by your Service Provider. WAN Gateway (A Must filled setting): Enter the WAN gateway IP address given by your Service Provider. When Dynamic IP is selected, there are no above settings required. Server IP A Must filled setting Enter the PPTP server name or IP Address. Address/name PPTP Account A Must filled setting Enter the PPTP username provided by your Service Provider. PPTP Password A Must filled setting Enter the PPTP connection password provided by your Service Provider. Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step 20 ...
Page 21
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: Ethernet WAN Type: L2TP L2TP Settings Item Value setting Description Select either Static or Dynamic IP address for L2TP Internet connection. When Static IP Address is selected, you will need to enter the WAN IP Address, WAN Subnet Mask, and WAN Gateway. WAN IP Address (A Must filled setting): Enter the WAN IP address given by your Service Provider. IP Mode A Must filled setting WAN Subnet Mask (A Must filled setting): Enter the WAN subnet mask given by your Service Provider. WAN Gateway (A Must filled setting): Enter the WAN gateway IP address given by your Service Provider. When Dynamic IP is selected, there are no above settings required. Server IP A Must filled setting Enter the L2TP server name or IP Address. Address/name PPTP Account A Must filled setting Enter the L2TP username provided by your Service Provider. PPTP Password A Must filled setting Enter the L2TP connection password provided by your Service Provider. Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step 21 ...
Page 22
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In Ethernet LAN Interface (Step‐5), configure the LAN IP Address and Subnet Mask of the device. The Ethernet LAN Interface Item Value setting Description LAN IP Address A Must filled setting Assign an IP Address for LAN, this IP address is a gateway IP. By default Select a Subnet Mask for the default LAN, and it will be assigned to DHCP server to Subnet Mask 255.255.255.0/24 is distribute IP address for client. selected. Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step 22 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. VPN Setup Wizard VPN Wizard will step by step guide you through to complete VPN tunnel setup. Step‐1: Setup Steps In Step‐1, the VPN Setup Step is a screen that displays the summary of steps for VPN setup. Click Next button to begin VPN setup. Step‐2: Select VPN Type From VPN Type dropdown box choose a VPN method to deploy. Click the Next button to go to the next step. 23 ...
Page 24
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Step‐3: Sub‐steps When IPSec is selected, go to (Step‐3) IPSec in the following page. When PPTP is selected, go to (Step‐3) PPTP in the following page. When L2TP is selected, go to (Step‐3) L2TP in the following page. When GRE is selected, go to (Step‐3) GRE in the following page. (Step‐3) IPSec When IPSec is selected in Step‐2 for VPN Type, IPSec configuration window will appear. When complete the IPSec configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. 24 ...
Page 25
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. (Step‐3) PPTP When PPTP is selected in Step‐2 for VPN Type and either PPTP client or server is selected the client or server configuration window will appear. PPTP Client When PPTP Client is selected in Step‐2 for VPN Type, PPTP configuration window will appear. When complete the PPTP Client configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. 25 ...
Page 26
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPTP Server When PPTP Server is selected in Step‐2 for VPN Type, PPTP configuration window will appear. When complete the PPTP Server configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. (Step‐3) L2TP When L2TP is selected in Step‐2 for VPN Type and either L2TP client or server is selected the client or server configuration window will appear. L2TP Client When L2TP Client is selected in Step‐2 for VPN Type, L2TP configuration window will appear. 26 ...
Page 27
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When complete the L2TP Client configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. L2TP Server When L2TP Server is selected in Step‐2 for VPN Type, L2TP configuration window will appear. When complete the L2TP Server configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. 27 ...
Page 28
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. (Step‐3) GRE When GRE is selected in Step‐2 for VPN Type, GRE configuration window will appear. When complete the GRE configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. 28 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3 Status 2.3.3 Network Status The Network Status window shows the current status for different network type, including network configuration, connecting information, modem status and traffic statistics. From the menu on the left, select Status > Network Status WAN interface IPv4 Network Status WAN interface IPv4 Network Status screen shows status information for IPv4 network. WAN interface IPv4 Network Status Item Value setting Description ID N/A It displays corresponding WAN interface WAN IDs. It displays the type of WAN physical interface. Interface N/A Depending on the model purchased, it can be Ethernet, 3G/4G, USB 3G/4G. ...
Page 30
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. DHCP server. Note: Renew button is available when DHCP WAN Type is used and WAN connection is disconnected. Release button allows user to force the device to clear its IP address setting to disconnect from DHCP server. Note: Release button is available when DHCP WAN Type is used and WAN connection is connected. Connect button allows user to manually connect the device to the Internet. Note: Connect button is available when Connection Control in WAN Type setting is set to Connect Manually (Refer to Edit button in Basic Network > WAN > Internet Setup) and WAN connection status is disconnected. Disconnect button allows user to manually disconnect the device from the Internet. Note: Connect button is available when Connection Control in WAN Type setting is set to Connect Manually (Refer to Edit button in Basic Network > WAN > Internet Setup) and WAN connection status is connected. 30 ...
Page 31
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. WAN interface IPv6 Network Status WAN interface IPv6 Network Status screen shows status information for IPv6 network. WAN interface IPv6 Network Status Item Value setting Description ID N/A It displays corresponding WAN interface WAN IDs. It displays the type of WAN physical interface. Interface N/A Depending on the model purchased, it can be Ethernet, 3G/4G, USB 3G/4G. It displays the method which public IP address is obtained from your ISP. WAN type WAN Type N/A setting can be changed from Basic Network > IPv6 > Configuration. Link‐local IP It displays the LAN IPv6 Link‐Local address. N/A Address It displays the IPv6 global IP address assigned by your ISP for your Internet Global IP Address N/A connection. It displays the connection status. The status can be connected, disconnected and Conn. Status N/A connecting. This area provides functional buttons. Action N/A Edit Button when pressed, web‐based utility will take you to the IPv6 configuration page. (Basic Network > IPv6 > Configuration.) ...
Page 32
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. LAN Interface Network Status LAN Interface Network Status screen shows IPv4 and IPv6 information of LAN network. LAN Interface Network Status Item Value setting Description It displays the current IPv4 IP Address of the gateway IPv4 Address N/A This is also the IP Address user use to access Router’s Web‐based Utility. IPv4 Subnet Mask N/A It displays the current mask of the subnet. IPv6 Link‐local It displays the current LAN IPv6 Link‐Local address. N/A Address This is also the IPv6 IP Address user use to access Router’s Web‐based Utility. It displays the current IPv6 global IP address assigned by your ISP for your Internet IPv6 Global Address N/A connection. This area provides functional buttons. Edit IPv4 Button when press, web‐based utility will take you to the Ethernet LAN Action N/A configuration page. (Basic Network > LAN & VLAN > Ethernet LAN tab). Edit IPv6 Button when press, web‐based utility will take you to the IPv6 configuration page. (Basic Network > IPv6 > Configuration.) Interface Traffic Statistics Interface Traffic Statistics screen displays the Interface’s total transmitted packets. Interface Traffic Statistics Item...
Page 33
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. LAN Interface Network Status LAN Interface Network Status screen shows IPv4 and IPv6 information of LAN network. LAN Interface Network Status Item Value setting Description It displays the current IPv4 IP Address of the gateway IPv4 Address N/A This is also the IP Address user use to access Router’s Web‐based Utility. IPv4 Subnet Mask N/A It displays the current mask of the subnet. IPv6 Link‐local It displays the current LAN IPv6 Link‐Local address. N/A Address This is also the IPv6 IP Address user use to access Router’s Web‐based Utility. It displays the current IPv6 global IP address assigned by your ISP for your Internet IPv6 Global Address N/A connection. This area provides functional buttons. Edit IPv4 Button when press, web‐based utility will take you to the Ethernet LAN Action N/A configuration page. (Basic Network > LAN & VLAN > Ethernet LAN tab). Edit IPv6 Button when press, web‐based utility will take you to the IPv6 configuration page. (Basic Network > IPv6 > Configuration.) 3G/4G Modem Status The Network Status window shows the current status for different network type, including network ...
Page 34
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Card N/A It displays the vendor’s 3G/4G modem model name. Information It displays the 3G/4G connection status. The status can be Connecting, Connected, Link Status N/A Disconnecting, and Disconnected. Signal N/A It displays the 3G/4G wireless signal level. Strength Network N/A It displays the name of the service network carrier. Name Refresh N/A Click the Refresh button to renew the information. This area provides functional buttons. Detail Button when press, windows of detail information will appear. They are the Modem Action N/A Information, SIM Status, and Service Information. Refer to next page for more. Note: Currently USB 3G/4G doesn’t support this feature. When th Detail button in the Action column is pressed, 3G/4G modem information windows such as Modem Information, SIM Status, and Service Information will appear. These windows are explained ...
Page 35
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Show SIM Status SIM Status (after Detail button) Item Value setting Description It displays the operating SIM card. The display can be SIM‐A or SIM‐B. Note: In some SIM N/A AMIT’s products, the device supports one SIM slot and only SIM‐A is available. It displays the stutus of whether the SIM is requied to be unlocked and absent of SIM card. The display can be Ready, SIM card not inserted, incorrect PIN code, PIN is required, Blocked. Ready* the PIN code is entered correctly and the SIM is unlocked. SIM card not insert* the SIM card is not detected. Check if SIM card is inserted properly. PIN Code N/A Status PIN code incorrect* the PIN code entered is incorrect. PIN is required* the PIN code is required to unlock the SIM card. Blocked* the SIM card is locked and need PUK code to unlock. It is probably due to the device had exceeded the allowed number of times to unlock. Refer to PIN Code Remaining Times This displays the remaining time of the counter that you are allowed to try to unlock SIM card with the PIN code*. Once the number of unlocking tries has been exhused the PIN Code counter will display zero then the SIM card is locked. You are not allowed to unlock with Remaining N/A the PIN code and would need to enter the PUK code to unlock instead. Times Note: You will need to enquire the telecom carrier for the PUK code to unlock or further technical services. This displays the remaining time of the counter that you are allowed to try to unlock SIM ...
Page 36
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Show Service Information Service Information (after Detail button) Item Value setting Description Operator N/A It displays the name of the carrier. It displays the cell messaging information. This is only available in GSM network and that Cell Broadcast N/A your carrier provides this information. It displays the MCC (Mobile Country Code) information that obtains from the current MCC N/A registered network. It displays the MNC (Mobile Network Code) information that obtains from the current MNC N/A registered network. It displays the LAC (Location Area Code) information in hexadecimal format, only available LAC N/A in GSM/UMTS networks. It displays the TAC (Tracking Area Code) information in hexadecimal format, only available TAC N/A in LTE network. Cell ID N/A It displays the Cell ID (CID) information in hexadecimal format. It displays the service type of the network that currently registered. It can be GSM, Service Type N/A WCDMA or LTE. ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3.7 Client List The Client List shows you the LAN Interface, IP address, Host Name, MAC Address, and Remaining Lease Time of each device that is connected to this router. Go to Status > LAN Client List LAN Client List Item Value setting Description LAN Interface N/A Client record of LAN Interface. String Format. Client record of IP Address Type and the IP Address. Type is String Format and the IP Address N/A IP Address is IPv4 Format. Host Name N/A Client record of Host Name. String Format. MAC Address N/A Client record of MAC Address. MAC Address Format. Remaining Lease N/A Client record of Remaining Lease Time. Time Format. Time 37 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3.9 Firewall Status The Firewall Status Viewer provides user a quick view of the firewall status and current firewall settings. The Firewall Status Viewer also keeps the log history of the dropped packets by the firewall rule policies. It also includes the administrator remote login settings specified in the Firewall Options. Before Status Viewer can log history ensure to enable Log Alert box for each of the Filter specified under Advanced Network > Firewall ...
Page 39
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. URL Blocking Status URL Blocking Status Item Value setting Description Activated N/A This is the URL Blocking Rule name. Blocking Rule Blocked URL N/A This is the logged packet information. IP N/A The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format. Time N/A ("Month" "Day" "Hours":"Minues":"Seconds") Note: Ensure URL Blocking Log Alert is enabled. Refer to Advanced Network > Firewall > URL Blocking tab. Check Log Alert and save the setting. Web Content Filter Status Web Content Filter Status Item Value setting Description Activated Filter ...
Page 40
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. MAC Control Status MAC Control Status Item Value setting Description Activated N/A This is the MAC Control Rule name. Control Rule Blocked MAC N/A This is the MAC address of the logged packet. Addresses IP N/A The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format. Time N/A ("Month" "Day" "Hours":"Minues":"Seconds") Note: Ensure MAC Control Log Alert is enabled. Refer to Advanced Network > Firewall > MAC Control tab. Check Log Alert and save the setting. Plication Filters Status Application Filters Status Item...
Page 41
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IPS Firewall Status IPS Firewall Status Item Value setting Description Detected N/A This is the intrusion type of the packets being blocked. Intrusion IP N/A The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format. ("Month" Time N/A "Day" "Hours":"Minues":"Seconds") Note: Ensure IPS Log Alert is enabled. Refer to Advanced Network > Firewall > IPS tab.Check Log Alert and save the setting. Firewall Options Status Firewall Options Status Item Value setting Description Enable or Disable setting status of Stealth Mode on Firewall Options. Stealth Mode N/A String Format: Disable or Enable ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3.b VPN Status The VPN Status widow shows the overall VPN tunnel status. From the menu on the left, select Status > VPN Status IPSec Status IPSec Status shows the configuration for establishing IPSec tunnel and current connection status. IPSec Status Item Value setting Description Tunnel Name N/A It displays the tunnel name you have entered to identify. Tunnel Scenario N/A It displays the Tunnel Scenario specified. Local Subnets N/A It displays the Local Subnets specified. Remote Subnets N/A It displays the Remote Subnets specified. It displays the Status of the VPN connection. The status displays are Connected, Status N/A Disconnected, Wait for traffic, and Connecting. Click on Edit Button to change IPSec setting, web‐based utility will take you to Edit Button N/A the IPSec configuration page. (Advanced Network > VPN > IPSec tab) ...
Page 43
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPTP Server/Client Status PPTP Server/Client Status shows the configuration for establishing PPTP tunnel and current connection status. PPTP Server Status Item Value setting Description User Name N/A It displays the login name of the user used for the connection. It displays the public IP address (the WAN IP address) of the connected PPTP Remote IP N/A client. Remote Virtual IP N/A It displays the IP address assigned to the connected PPTP client. Remote Call ID N/A It displays the PPTP client Call ID. It displays the Status of each of the PPTP client connection. The status displays Status N/A Connected, Disconnect, and Connecting. Click on Edit Button to change PPTP server setting, web‐based utility will take Edit Button N/A you to the PPTP server configuration page. (Advanced Network > VPN > PPTP tab) PPTP Client Status Item Value setting Description Client Name ...
Page 44
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. L2TP Server/Client Status LT2TP Status shows the configuration for establishing LT2TP tunnel and current connection status. L2TP Server Status Item Value setting Description User Name N/A It displays the login name of the user used for the connection. It displays the public IP address (the WAN IP address) of the connected L2TP Remote IP N/A client. Remote Virtual IP N/A It displays the IP address assigned to the connected L2TP client. Remote Call ID N/A It displays the L2TP client Call ID. It displays the Status of each of the L2TP client connection. The status displays Status N/A Connected, Disconnect, Connecting Click on Edit Button to change L2TP server setting, web‐based utility will take Edit Button N/A you to the L2TP server configuration page. (Advanced Network > VPN > L2TP tab) L2TP Client Status Item Value setting Description Client Name ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3.d System Mgmt. Status The System Management Status window shows the status for managing remote network devices. The type of management available in your device is depended on the device model purchased. The commonly used ones are the SNMP, TR‐069, and UPnP. From the menu on the left, select Status > System Mgmt. Status SNMP Linking Status SNMP Link Status screen shows the status of current active SNMP connections. SNMP Link Status Item Value setting Description It displays the user name for authentication. This is only available for SNMP version User Name N/A 3. ...
Page 46
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. SNMP Trap Information Show the status of current received SNMP traps. SNMP Trap Information Item Value setting Description Trap Level N/A It displays the trap level. Time N/A It displays the timestamp of trap event. Trap Event N/A It displays the IP address of the trap sender and event type. TR‐069 Status The TR‐069 Status window shows the current connection status with the TR‐068 server. TR‐069 Status Item Value setting Description It displays the current connection status with the TR‐068 server. The connection Link Status N/A status is either On when the device is connected with the TR‐068 server or Off when disconnected. ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3.f DDNS Status The DDNS Status window shows the current DDNS service used, the last update status, and the last update time to the DDNS service server. From the menu on the left, select Status > DDNS Status DDNS Status DDNS Status Item Value Setting Description It displays the name you entered to identify Host Name N/A DDNS service provider It displays the DDNS server of Provider ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3.h UPnP Port Status This page is shown UPnP Forwarded Port Summary. Go to Status > UPnP Port Status > UPnP Port Status Tab Ensure UPnP are enabled and saved Go to Advanced Network > System Management > UPnP Tab UPnP Status Item Value setting Description Remote Host N/A The field is shown remote host that connect to internal client. Protocol N/A This field is shown protocol of port forwarding. External Port N/A This field is shown external port of port forwarding. Internal Port N/A This field is shown internal port of port forwarding. Internal Client N/A This field is shown internal client that using port forwarding. 48 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3.l Internet Surfing List Internet Surfing Statistic show the conection tracks on this router. Go to Statistic & Report > Internet Surfing Statistic Internet Surfing Statistic Item Value setting Description Previous N/A Click the Previous button; you will see the previous page of track list. Next N/A Click the Next button; you will see the next page of track list. First N/A Click the First button; you will see the first page of track list. Last N/A Click the Last button; you will see the last page of track list. Export (.xml) N/A Click the Export (.xml) button to export the list to xml file. Export (.csv) N/A Click the Export (.csv) button to export the list to csv file. Refresh N/A Click the Refresh button to refresh the list. 49 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3.n Network Traffic Statistics Network traffic statistics shows traffic of each enabled interface. Go to Statistic & Report > Network Traffic Statistics Internet Surfing List Item Name Value Setting Description WAN, LAN, 2.4G(if exist), Select physical interface to show traffic. Will list all enabled interface, for Menu 5G(if exist) example, WAN1~WANn, LAN1~LANn, VAP1~8. 50 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2.3.p Device Manager Login Statistics Device Manager Login Statistic shows the login information. Go to Statistic & Report > Device Manager Login Statistics Device Manager Login Statistic Item Value setting Description Previous N/A Click the Previous button; you will see the previous page of login statistics. Next N/A Click the Next button; you will see the next page of login statistics First N/A Click the First button; you will see the first page of login statistics Last N/A Click the Last button; you will see the last page of login statistics Export (.xml) N/A Click the Export (.xml) button to export the login statistics to xml file. Export (.csv) N/A Click the Export (.csv) button to export the login statistics to csv file. Refresh N/A Click the Refresh button to refresh the login statistics 51 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 3 Basic Network 3.1 WAN The gateway provides one or more WAN interfaces to let all client hosts in Intranet of the gateway access the Internet via ISP. But ISPs in the world apply various connection protocols to let gateways or user's devices dial in ISPs and then link to the Internet via different kinds of transmit media. So, the WAN Connection lets you specify the WAN Physical Interface, WAN Internet Setup and WAN Load Balance for Intranet to access Internet. For each WAN interface, you must specify its physical interface first and then its Internet setup to connect to ISP. If the gateway has multiple WAN ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.1.1 Physical Interface The first step to configure one WAN interface is to specify which kind of connection media to be used for the WAN connection, as shown in "Physical Interface" page. In "Physical Interface" page, there are two configuration windows, "Physical Interface List" and "Interface Configuration". "Physical Interface List" window shows all the available physical interfaces. After clicking on the "Edit" button for the interface in "Physical Interface List" window the "Interface Configuration" window will appear to let you configure a WAN interface. Physical Interface List The Physical Interface List shows all WAN interfaces of the gateway device, including their name, what kinds of physical interface, their operation mode and line speed. There is one "Edit" button for each WAN interface, which can let you configure the interface. Please see "Interface Configuration" ...
Page 54
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. An example of a SDE852AM-00001 device An example of an IOG761AM‐0TDA1 device An example of an ODG761AM‐0T1 device An example of an BDG761AM‐0T1 device The contents of "Physical Interface List" in above example windows are just some examples. They vary from model to model. It depends on the model purchased. Interface Name The logic name of WAN interfaces is identified by “WAN‐1”, “WAN‐2”, …, and so on. Physical Interface This device is equipped with some kinds of WAN Interfaces to support different WAN types of connections. You can configure one by one to get proper internet connection setup. Refer to AMIT ...
Page 55
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Operation Mode There are three option items “Always‐on”, “Failover”, and “Disable” for the operation mode setting. It decides whether the corresponding WAN interface functions as the main access, as a failover access connection or disable the interface. Line Speed Specify the correct line speed (bandwidth) of uploading and downloading for each WAN interface allow the device to operate its QoS&BWM and WAN Load Balance functions normally. It is necessary to configure the parameters if you want to use QoS&BWM and WAN Load Balance functions on the gateway device. ...
Page 56
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Physical Interface]‐[Interface Configuration (WAN‐n)], n=1, 2, ... Configuration Path Ethernet 3G/4G USB 3G/4G ADSL Physical Interface Always on Always on Failover Always on Operation Mode 100Mbps / 50Mbps / 5Mbps / 21Mbps 2Mbps / 22Mbps Line Speed 100Mbps 150Mbps WAN Physical Interface Ethernet WAN Gateway DSLAM Firewall xDSL Modem 3G/4G WAN Cellular Network Gateway USB 3G/4G WAN Cellular Network Gateway...
Page 57
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. USB 3G/4G WAN: The gateway has one USB port that can support 3G/4G USB modem for a WAN connection. Please plug 3G/LTE USB dongle and follow UI setting to setup. ADSL WAN: The gateway has one ADSL modem built‐in that can be configured to be a WAN connection, please plug in RJ11 cable (normally the landline phone cable) in DSL port and follow UI setting to setup. Operation Mode There are three option items “Always on”, “Failover”, and “Disable” for the operation mode ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Physical Interface]‐[Interface Configuration (WAN‐n)], n=1, 2 Configuration Path WAN‐1 WAN‐2 Interface Name ADSL USB 3G/4G Physical Interface Always on Failover WAN‐1 □Seamless Operation Mode 2Mbps / 22Mbps 5Mbps / 21Mbps Line Speed [Internet Setup]‐[Internet Connection Configuration (WAN‐n)], n=1, 2 Configuration Path WAN‐1 WAN‐2 Interface Name Ethernet over ATM with NAT 3G/4G WAN Type [Internet Setup]‐[Ethernet over ATM with NAT WAN Type Configuration] Configuration Path WAN‐1 Interface Name Auto‐reconnect (Always on) Connection Control LLC Data Encryption 0 VPI Number 33 VCI Number UBR Schedule Type ...
Page 59
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. system starts the failback process. S 5: When failback process starts, system terminates the current WAN connection via Failover WAN interface. S 6: System changes the data routing path back to the primary WAN interface as same state as at the beginning of system normal operation. Gateway ① Disconnected DSLAM WAN‐1: ADSL ② Failover Failover WAN‐2: 3G/4G ③ Start Connecting Cellular Network Gateway DSLAM ④ Connection Back WAN‐1: ADSL Failback ⑥...
Page 60
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. transfer mission instantly by only changing routing path to failover interface. The dialing‐up time of failover connection is saved since it has been connected beforehand. For some mission‐critical applications, this gateway supports “Seamless Failover” to shorten switch time during WAN interface failover process. So, the initial status of two WAN connections for Seamless Failover is shown in following diagram. Gateway DSLAM Connected and Data Transferring WAN‐1: ADSL WAN‐2: 3G/4G Initial Status Connected but just Keep Alive Cellular Network Next, Failover and Failback processes are shown in following diagram. Their steps are: S 1: When system discovers the primary WAN connection is failed. S 2: System starts the failover process. ...
Page 61
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Gateway ① Disconnected DSLAM WAN‐1: ADSL ② Failover Failover WAN‐2: 3G/4G ③ Change Routing via WAN-2 Cellular Network Gateway DSLAM ④ Connection Back WAN‐1: ADSL Failback ⑥ Failback: Change WAN‐2: 3G/4G Routing back via WAN-1 ⑤ Leave it Keep Alive Cellular Network Dual SIM Failover Scenario: ...
Page 62
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Physical Interface]‐[Interface Configuration (WAN‐1)] Configuration Path WAN‐1 Interface Name 3G/4G Physical Interface Always on Operation Mode 50Mbps / 150Mbps Line Speed [Internet Setup]‐[Internet Connection Configuration (WAN‐1)] Configuration Path WAN‐1 Interface Name 3G/4G WAN Type [Internet Setup]‐[3G/4G WAN Type Configuration] Configuration Path WAN‐1 Interface Name SIM‐A First Preferred SIM Card So, the initial status of two WAN connections using different SIM card is shown in the following diagram. Cellular Network #1 Connected and Gateway Data Transferring SIM‐A Initial Status SIM‐B (SIM-A First) Not Connected Cellular Network #2 ...
Page 63
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. S 3: System keeps executing data transfer via SIM‐n connection until the connection failed. Once the SIM‐n connection failed, system starts the failover process again and goes back to S2 step. Cellular Network #1 ① When Disconnected Gateway SIM‐A ② Failover Failover SIM‐B ③ Start Connecting Cellular Network #2 Cellular Network #1 Gateway ⑥ Start Connecting SIM‐A Failover ⑤...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In addition, you also can setup WAN‐2 with VLAN Tagging (Tag ID 12) using ADSL WAN interface for your Intranet to access specific service in ISP. Following table list the physical interface configuration for these two WAN interfaces, and their scenarios are shown in the following diagram. [Physical Interface]‐[Interface Configuration (WAN‐n)], n=1, 2 Configuration Path WAN‐1 WAN‐2 Interface Name Ethernet ADSL Physical Interface Always on Always on Operation Mode 100Mbps / 100Mbps 2Mbps / 22Mbps Line Speed □Enable ■Enable 12 VLAN Tagging Ethernet WAN...
Page 65
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.1.3 Internet Setup After specifying the physical interface for each WAN connection, administrator must configure their connection profiles one after one to meet the dial in process of ISPs, so that all client hosts in the Intranet of the gateway can access the Internet. In "Internet Setup" page, there are some configuration windows: "Internet Connection List", "Internet Connection Configuration", "WAN Type Configuration" and related configuration windows for each WAN type. For the Internet setup of each WAN interface, you must specify its WAN type of ...
Page 66
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The contents, as shown in above screenshot, may vary depending on the model purchased. Internet Connection List The Internet Connection List shows the WAN connection profiles of all WAN interfaces in the gateway device, including interface name, the kinds of physical interface, their operation mode and WAN connection type. There is one "Edit" button for each WAN interface to let you configure its ...
Page 67
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Interface Name The logic name of WAN interfaces is identified by “WAN‐1”, “WAN‐2”, …, and so on. Physical Interface This device is equipped with some kinds of WAN Interfaces. Please refer to [Basic Network]‐ [WAN]‐[Physical Interface] section (3.1.1). Operation Mode It is "Always on", "Failover" or "Disable". Please refer to [Basic Network]‐ [WAN]‐[Physical Interface] section (3.1.1). WAN Type The supported WAN types for each WAN interface depend on the kind of interface. Following are all kinds of physical interfaces and their supported WAN types. Ethernet interface: A fixed line ISP that provides xDSL or cable modem for you to setup the WAN connection. Static IP Address WAN type: Select this option if ISP provides a fixed IP address to you. You will need to enter in the IP address, subnet mask, and gateway address, provided to you by your ISP. Dynamic IP Address WAN type: You may choose this WAN type if you connects a cable modem or a fiber (VDSL modem) for Internet connection. The assigned IP address for ...
Page 68
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. operator provides. In addition, if your 3G data plan is not with a flat rate, it’s recommended to set Connection Control mode to Connect‐on‐Demand or Manually. ADSL interface: Asymmetric digital subscriber line (ADSL) is a type of digital subscriber line (DSL) technology, a data communications technology that enables faster data transmission ...
Page 69
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Ethernet interface: there are Static IP, Dynamic IP, PPPoE, PPTP and L2TP WAN types. Static IP Address WAN Type: Settings include WAN IP Address, WAN Subnet Mask, WAN Gateway, Primary DNS, Secondary DNS, MTU, NAT, Network Monitoring, IGMP and WAN IP Alias. Dynamic IP Address WAN Type: Settings include Host Name, ISP registered MAC Address, Connection Control, Maximum Idle Time, MTU, NAT, Network Monitoring, IGMP and WAN IP Alias. PPPoE WAN Type: Settings include IPv6 Dual Stack, PPPoE Account & Password, Primary DNS / Secondary DNS, Connection Control, Maximum Idle Time, Service Name / Assigned IP ...
Page 70
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. NAT, Data Encapsulation, VPI Number, VCI Number, Schedule Type, Network Monitoring, IGMP and WAN IP Alias. RFC 1483 Bridged WAN type: Settings include Data Encapsulation, VPI Number, VCI Number, Schedule Type, Network Monitoring, IGMP and WAN IP Alias. There are some common and important configuration parameters common to all WAN Type as listed below. Network Monitoring The gateway supports failover function and the function must depend on the correct decision ...
Page 71
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Start N: the count of fails N = 0 “Loading Check” enable? Sleep for “Check Interval” Enough Sleep for traffic “Check Interval” existed? “DNS Query” “ICMP Checking” Checking Method FQDN Query ICMP Check (Target1, Target2) (Target1, Target2) Reply time Success? > “Latency Threshold” No, or “Check Timeout” occurs N = N+1 N < “Fail Threshold” Connection is Broken Try to reconnect Connection Control There are three ways for connection control, “Auto‐reconnect (Always on)”, “Dial‐on‐demand” ...
Page 72
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Manually: This gateway won’t start to establish WAN connection until you press “Connect” button on web UI. After normal data transferring between LAN and WAN sides, this gateway will disconnect WAN connection if idle time reaches value of Maximum Idle Time. Please be noted, if the WAN interface serves as the primary one for another WAN interface in Failover role, the Connection Control parameter will not be available to you to configure as the system must set it to “Auto‐reconnect (Always on)”. Auto‐reconnect / Dial‐on‐demand / Manually Scenario: As an example, WAN‐1, WAN‐2 and WAN‐3 are all Ethernet interfaces with "Always on" operation mode. Their WAN Type is set to "Dynamic IP" but with different Connection Control approaches. WAN‐1 uses "Auto‐reconnect (Always on)", WAN‐2 uses "Dial‐on‐demand" and WAN‐3 uses ...
Page 73
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Its steps are: Pre‐state: After system booting up, system tries to let the WAN connection be alive. S 1: When system discovers the WAN connection is failed. S 2: System starts to re‐connect the WAN connection till connect successfully as same as Pre‐ state. In the "Dial‐on‐demand" scenario, system will not make the WAN connection until gateway receives an Internet accessing request from Intranet. And then the connection will keep alive only when there still is data transfer. If there is no data transfer for a period that is longer than the ...
Page 74
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. ② Start Connecting Gateway Manually DSLAM xDSL Modem ③ Disconnect when ① Connect Button idle timeout Primary DNS, Secondary DNS, DHCP Servers Intranet Its steps are: Pre‐state: After system booting up, the WAN connection is disconnected. S 1: When administrator click on the "Connect" button on the "Network Status" configuration window. S 2: System starts to make the WAN connection till connect successfully. Keep the connection ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.3 LAN & VLAN This section provides a brief description of LAN and VLAN. It also explains how to create and modify virtual LANs which are more commonly known as VLANs. 3.3.1 Ethernet LAN The Local Area Network (LAN) can be used to share data or files among computers attached to a network. Following diagram illustrates the network that wired and interconnects computers. 75 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.7 IPv6 The growth of the Internet has created a need for more addresses than are possible with IPv4. IPv6 (Internet Protocol version 6) is a version of the Internet Protocol (IP) intended to succeed IPv4, which is the protocol currently used to direct almost all Internet traffic. IPv6 also implements additional features not present in IPv4. It simplifies aspects of address assignment (stateless address auto‐configuration), network renumbering and router announcements when changing Internet connectivity providers. This gateway supports various types of IPv6 connection (Static IPv6 / DHCPv6 / PPPoEv6 / 6to4 / 6in4). Please contact your ISP the type of IPv6 is supported before you proceed with IPv6 setup. Static IPv6 Static IPv6 does the same function as static IPv4. The static IPv6 provides manual setting of IPv6 address, IPv6 default gateway address, and IPv6 DNS. In above diagram depicts the IPv6 IP addressing, type in the information provided by your ISP to setup the IPv6 network. DHCPv6 DHCP in IPv6 does the same function as DHCP in IPv4. The DHCP server sends IP address, DNS ...
Page 77
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In above diagram depicts DHCP IPv6 IP addressing, the DHCPv6 server on the ISP side assigns IPv6 address, IPv6 default gateway address, and IPv6 DNS to client host’s automatically. PPPoEv6 PPPoEv6 in IPv6 does the same function as PPPoE in IPv4. The PPPoEv6 server provides configuration parameters based on PPPoEv6 client request. When PPPoEv6 server gets client request and successfully authenticates it, the server sends IP address, DNS server addresses and other required parameters to automatically configure the client. 77 ...
Page 78
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The diagram above depicts the IPv6 addressing through PPPoE, PPPoEv6 server (DSLAM) on the ISP side provides IPv6 configuration upon receiving PPPoEv6 client request. When PPPoEv6 server gets client request and successfully authenticates it, the server sends IP address, DNS server addresses and other required parameters to automatically configure the client. 6to4 6to4 is one mechanism to establish automatic IPv6 in IPv4 tunnels and to enable complete IPv6 sites communication. The only thing a 6to4 user needs is a global IPv4 address. 6to4 may be used by an individual host, or by a local IPv6 network. When used by a host, it must have a global IPv4 address connected, and the host is responsible for encapsulation of outgoing IPv6 packets and decapsulation of incoming 6to4 packets. If the host is configured to forward packets for other clients, often a local network, it is then a router. ...
Page 79
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In above diagram, the 6in4 usually needs to register to a 6in4 tunnel service, known as Tunnel Broker, in order to use. It also need end point global IPv4 address as 114.39.16.49 to complete 6in4 setting. 79 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.7.1 IPv6 Configuration The IPv6 Configuration setting allows user to set the IPv6 connection type to access the IPv6 network. Ensure IPv6 is enabled and saved Go to Basic Network > IPv6 > Configuration Tab Select IPv6 WAN Connection Type IPv6 Configuration Item Value setting Description Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity. 1. Only can be selected when IPv6 Select Static IPv6 when your ISP provides you with a set IPv6 addresses. ...
Page 81
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Static IPv6 WAN Type Configuration Static IPv6 WAN Type Configuration Item Value setting Description IPv6 Address A Must filled setting Enter the WAN IPv6 Address for the router. Subnet Prefix A Must filled setting Enter the WAN Subnet Prefix Length for the router. Length Default Gateway A Must filled setting Enter the WAN Default Gateway IPv6 address. Primary DNS An optional setting Enter the WAN primary DNS Server. Secondary DNS An optional setting Enter the WAN secondary DNS Server. The box is unchecked by Enable/Disable the MLD Snooping function MLD Snooping default ...
Page 82
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. DHCPv6 WAN Type Configuration DHCPv6 WAN Type Configuration Item Value setting Description The option [From Select the [Specific DNS] option to active Primary DNS and Secondary DNS. DNS Server] is selected by Then fill the DNS information. default Can not modified by Primary DNS Enter the WAN primary DNS Server. default Can not modified by Secondary DNS Enter the WAN secondary DNS Server. default The box is MLD unchecked by Enable/Disable the MLD Snooping function default LAN Configuration LAN Configuration ...
Page 83
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPPoEv6 WAN Type Configuration PPPoEv6 WAN Type Configuration Item Value setting Description Enter the Account for setting up PPPoEv6 connection. If you want more Account A Must filled setting information, please contact your ISP. Enter the Password for setting up PPPoEv6 connection. If you want more Password A Must filled setting information, please contact your ISP. A Must filled Enter the Service Name for setting up PPPoEv6 connection. If you want Service Name setting/Option more information, please contact your ISP. Connection Control Fixed value The value is Auto‐reconnect(Always on). Enter the MTU for setting up PPPoEv6 connection. If you want more MTU A Must filled setting information, please contact your ISP. The box is MLD Snooping unchecked by Enable/Disable the MLD Snooping function default LAN Configuration ...
Page 84
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 6to4 WAN Type Configuration 6to4 WAN Type Configuration Item Value setting Description 6to4 Address Value auto‐created IPv6 address for access the IPv6 network. Primary DNS An optional setting Enter the WAN primary DNS Server. Secondary DNS An optional setting Enter the WAN secondary DNS Server. The box is MLD unchecked by Enable/Disable the MLD Snooping function default LAN Configuration LAN Configuration Item Value setting Description Global Address An optional setting ...
Page 85
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 6in4 WAN Type Configuration Please go to find IPv6 tunnel brokers to establish 6in4 tunnel. (can find List of IPv6 tunnel brokers that support 6in4 service from wiki) Then filled the Local IPv4 address of router into Client IPv4 Address field in IPv6 tunnel broker setting page. 6in4 WAN Type Configuration Item Value setting Description Remote IPv4 A Must filled setting Filled Server IPv4 Address gotten from tunnelbroker in this field. Address Local IPv4 Address Value auto‐created IPv4 address of this router. Local IPv6 Address A Must filled setting Filled Client IPv6 Address gotten from tunnelbroker in this field. Primary DNS An optional setting Enter the WAN primary DNS Server. Secondary DNS An optional setting Enter the WAN secondary DNS Server. The box is MLD unchecked by Enable/Disable the MLD Snooping function default LAN Configuration ...
Page 86
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. the router. Address Auto‐configuration (summary) Address Auto‐configuration Item Value setting Description The box is Auto‐configuration unchecked by Check to enable the Autoconfiguration feature. default Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity. Select Stateless to manage the Local Area Network to be SLAAC + RDNSS Router Advertisement Lifetime (A Must filled setting): Enter the Router 1. Only can be Advertisement Lifetime (in seconds). 200 is setted by default. selected when Auto‐ Select Stateful to manage the Local Area Network to be Stateful (DHCPv6). Auto‐configuration configuration IPv6 Address Range(Start) (A Must filled setting) : Enter the start IPv6 Address for Type enabled the DHCPv6 range for your local computers. 0100 is setted by default. 2. Stateless is IPv6 Address Range(End) (A Must filled setting): Enter the end IPv6 Address for the selected by default DHCPv6 range for your local computers. 0200 is setted by default. IPv6 Address Lifetime (A Must filled setting) : Enter the DHCPv6 lifetime for your local computers. 36000 is setted by default. ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.9 NAT / Bridge Network address translation (NAT) is a methodology of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. The technique was originally used for ease of rerouting traffic in IP networks without renumbering every host. It has become a popular and essential tool in conserving global address space allocations in face of IPv4 address exhaustion. AMIT products embed and activate the NAT function by default except the Access Point series of products. You also can disable it in [Basic Network]‐[WAN]‐[Internet Setup]‐[WAN Type Configuration]. Following features are included in the NAT function: NAT Loopback, Virtual Server, Virtual ...
Page 88
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. NAT Loopback This feature allows you to access the WAN global IP address from your inside NAT local network. It is useful when you run a server inside your network. For example, if you set a mail server at LAN side, your local devices can access this mail server through gateway’s global IP address when enable NAT loopback feature. On either side are you in accessing the email server, at the LAN side or at the WAN side, you don’t need to change the IP address of the mail server, as shown in scenario of following diagram. 88 ...
Page 89
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Without the need of reconfigure their PC each time, the employee from inside or outside the office can access enterprise servers. So network administrator must activate the "NAT Loopback" feature to do that. Scenario Description Local user can access mail server by FQDN or global IP when NAT loop back is enable. Global user can access mail server only when mail server is set as virtual server of the gateway. Parameter Setup Example Following 2 tables list the parameter configuration as an example for above diagram of gateway with "NAT Loopback" feature activated. Use default value for those parameters that are not mentioned in these tables. [Configuration]‐[NAT Loopback] Configuration Path ■ Enable NAT Loopback 89 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Virtual Server & Virtual Computer]‐[Virtual Server List] Configuration Path ID 25 (SMTP) 110 (POP3) Public Port 10.0.75.101 10.0.75.101 Server IP 25 (SMTP) 110 (POP3) Private Port ■ Enable ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a NAT router. Activate the NAT Loopback feature on the Gateway. Define the E‐mail virtual server to be located at a server with IP address 10.0.75.101 in ...
Page 91
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.9.3 Virtual Server & Virtual Computer Virtual server is another name for port forwarding used by some routers. In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway (external network), by remapping the destination IP address and port number of the communication to an internal host. Port forwarding allows remote computers (a computers on the Internet) to connect to a specific computer or service within a private local‐area network (LAN). So you can deploy some servers in your Intranet with the firewall protection by your gateway. This device’s NAT firewall filters out unrecognized packets to protect your Intranet, so all hosts behind this device gateway are invisible to the outside ...
Page 92
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Virtual Server List "Virtual Server" feature allows you to define some servers with the global IP address or FQDN of the gateway as if they are servers existed in the Internet. But in fact, these servers are located in the Intranet and are physically behind the gateway. The gateway serves the service requests by port forwarding the requests to the LAN servers and transfers the replies from LAN servers to the requester on the WAN side. For example, if you set an E‐mail server on the LAN side with IP address 10.0.75.101, a remote user can access the gateway for E‐mail service if you defined a virtual E‐mail server for the gateway by using the real E‐mail server on the LAN side, as shown in scenario in following diagram. Scenario Application Timing Set up some application servers in the Intranet of deployed network for services and are protected by the gateway firewall. In a way that the gateway appears to be the physical server to the remote users, while the real server is, in reality, operating and providing service at the LAN side behind the gateway. Scenario Description The gateway serves as an E‐mail server for remote users E‐mail services from the ...
Page 93
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The gateway executes port forwarding transferring the E‐mail service requests to the LAN servers and sends the replies from LAN servers to the requester. The E‐mail server at LAN side is the server for E‐mail service. Parameter Setup Example Following table list the parameter configuration as an example for scenario ② in above diagram. Please be noted that the E‐mail service includes SMTP and POP3 service ports. Use default value for those parameters that are not mentioned in the table. [Virtual Server & Virtual Computer]‐[Virtual Server List] Configuration Path ID 25 (SMTP) 110 (POP3) Public Port 10.0.75.101 10.0.75.101 Server IP 25 (SMTP) 110 (POP3) Private Port ■ Enable ■ Enable Rule Scenario Operation Procedure ...
Page 94
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing To setup some hosts in the Intranet of deployed networking to be visible to outside world but also be protected by the NAT gateway firewall, use the "Virtual Computer" feature in the gateway to implement the application scenario. Scenario Description A LAN host is assigned with a global IP address to be visible to outside world. The host has an embedded FTP file server and is protected by the gateway firewall. The gateway acts as the media between the LAN host and outside world to allow ...
Page 95
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Virtual Server & Virtual Computer]‐[Virtual Computer List] Configuration Path ID 118.18.81.44 Global IP 10.0.75.102 Local IP ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a NAT router. A LAN host with private IP address 10.0.75.102 has an embedded FTP file server in it. The host is expected to be visible to the outside world with global IP address ...
Page 96
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Virtual Server The router allows you to custom your Virtual Server rules. The router supports up to a maximum of 20 rule‐based Virtual Server sets. When Add button is applied Virtual Server Rule Configuration screen will appear. Virtual Server Rule Configuration Item Value setting Description Define the selected interface to be the packet‐entering interface of the router. If the packets to be filtered are coming from WAN‐x then select WAN‐x for this 1. A Must filled setting 2. field. WAN Interface Default is ALL. Select ALL for packets coming into the router from any interfaces. It can be selected WAN‐x box when WAN‐x enabled. This field is to specify the IP address of the interface selected in the WAN Interface Server IP A Must filled setting setting above. When “ICMPv4” is selected It means the option “Protocol” of packet filter rule is ICMPv4. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Enable box to enable this rule. When “TCP” is selected Protocol It means the option “Protocol” of packet filter rule is TCP. A Must filled setting Public Port selected a predefined port from Well‐known Service, and Private Port is the same with Public Port number. Public Port is selected Single Port and specify a port number, and Private Port can be set a Single Port number. ...
Page 97
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. setting under System) Then check Enable box to enable this rule. When “UDP” is selected It means the option “Protocol” of packet filter rule is UDP. Public Port selected a predefined port from Well‐known Service, and Private Port is the same with Public Port number. Public Port is selected Single Port and specify a port number, and Private Port can be set a Single Port number. Public Port is selected Port Range and specify a port range, and Private Port can be selected Single Port or Port Range. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Enable box to enable this rule. When “TCP & UDP” is selected It means the option “Protocol” of packet filter rule is TCP and UDP. Public Port selected a predefined port from Well‐known Service, and Private Port is the same with Public Port number. Public Port is selected Single Port and specify a port number, and Private Port can be set a Single Port number. Public Port is selected Port Range and specify a port range, and Private Port can be selected Single Port or Port Range. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Enable box to enable this rule. When “GRE” is selected It means the option “Protocol” of packet filter rule is GRE. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Enable box to enable this rule. When “ESP” is selected It means the option “Protocol” of packet filter rule is ESP. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Enable box to enable this rule. Click the Save button to save the settings. When “SCTP” is selected It means the option “Protocol” of packet filter rule is SCTP. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling ...
Page 98
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Then check Enable box to enable this rule. Save N/A Click the Save button to save the settings. Undo N/A Click Undo to cancel the settings. When the Back button is clicked the screen will return to the Packet Filters Back N/A Configuration page. Create/Edit Virtual Computer The router allows you to custom your Virtual Computer rules. The router supports up to a maximum of 20 rule‐based Virtual Computer sets. When Add button is applied Virtual Computer Rule Configuration screen will appear. Virtual Computer Rule Configuration Item Value setting Description Global IP A Must filled setting This field is to specify the IP address of the WAN IP. Local IP A Must filled setting This field is to specify the IP address of the LAN IP. Enable N/A Then check Enable box to enable this rule. Save N/A ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.9.5 Special AP & ALG As a pure NAT gateway, it doesn't allow an active connection request from outside world. All this kind of requests will be ignored by the NAT gateway. But at the client hosts in the Intranet, users may use applications that need more service ports to be allowed for passing through the NAT gateway. The "Special AP" feature in the gateway can solve this problem. That is, some applications require multiple connections, like Internet games, Video conferencing, Internet ...
Page 100
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. modify an existed one. When "Add" or "Edit" button is applied the "Special AP Rule Configuration" window will appear to let you define a application rule. The parameters include the trigger port, the allowed incoming ports, the integrated time schedule rule, and the rule activation. Special AP List This feature allows you to request the gateway open a pre‐defined set range service ports for incoming packets to pass through once the trigger port is toggled in the gateway by the Intranet ...
Page 101
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Following table lists the parameter configuration as an example for the gateway in above diagram with one special application rule to be defined. Use default value for those parameters that are not mentioned in the table. [Special AP & ALG]‐[Special AP List] Configuration Path ID 554 (Quick Time 4) Trigger Port Incoming Ports 6970‐6999 ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its ...
Page 102
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When a SIP phone is behind a NAT gateway, and it is expected to make a call to or receive a call from the Internet. The "SIP ALG" feature must be activated in the NAT gateway. ...
Page 103
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. A local user wants to make one call to the SIP Phone #2 by using the SIP Phone #1, the NAT Gateway will monitor the calling process, open up required service ports for incoming packets and make the address and port translation for the voice communication. First, the calling starts from the SIP Phone #1 to the SIP server. Then the SIP server ...
Page 104
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Special AP List Item Value setting Description Define the selected interface to be the packet‐entering interface of the router. If the packets to be filtered are coming from WAN‐x then select WAN‐x for this 1. A Must filled setting 2. field. WAN Interface Default is ALL. Select ALL for packets coming into the router from any interfaces. It can be selected WAN‐x box when WAN‐x enabled. When Popular Applications is selected “User‐defined” Port is set a port number, and Incoming Ports can be set a port number or a port range. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. When Popular Applications is selected “Battle.net” Port and Incoming Ports will be defined automatically. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. When Popular Applications is selected “Dialpad” Port and Incoming Ports will be defined automatically. Trigger Port A Must filled setting Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. When Popular Applications is selected “ICU II” Port is the same with Incoming Ports. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) ...
Page 105
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When Popular Applications is selected “PC‐to‐Phone” Port is the same with Incoming Ports. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. When Popular Applications is selected “Quick Time 4” Port is the same with Incoming Ports. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. Save N/A Click Save to save the settings. 105 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.9.7 DMZ & Pass Through DMZ (De Militarized Zone) Host is a host that is exposed to the Internet cyberspace but still within the protection of firewall by gateway device. So, the function allows a computer to execute 2‐way communication for Internet games, Video conferencing, Internet telephony and other special applications. In some cases when a specific application is blocked by NAT mechanism, you can indicate that LAN computer as a DMZ host to solve this problem. In "DMZ" page, there is only one configuration window for "DMZ" feature. The window lets you activate the DMZ function and specify the IP address in the Intranet to be DMZ host so that the host under DMZ function can run applications freely that would, otherwise, blocked by NAT mechanism of the gateway with DMZ feature disabled. That is, the incoming packets issued by an active application in ...
Page 107
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the administrator of the gateway wants to set up some service daemons in a host that is in the Intranet to allow remote users request for services from the host actively, even the host is behind a NAT gateway. But remote users think the gateway provides those services, so users use the global IP of the gateway to request their services. Apply the DMZ feature in the NAT gateway to meet the application scenario. In addition, please also be noted that the client host is still protected by the gateway firewall. Scenario Description The DMZ host is behind a NAT gateway and receives all normal and active packets from the Internet. Remote user can access the DMZ host by using the IP address of the gateway, and the gateway will skip the NAT checking on the DMZ host. DMZ host is still protected by the gateway firewall. Parameter Setup Example Following table lists the parameter configuration as an example for the gateway in ...
Page 108
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Configure a host in the Intranet to be the DMZ Host and activate the rule, whose IP address is 10.0.75.100. Assume there is an X server installed in the DMZ host. Then, the remote user can request services from the X server in the DMZ host by skipping the NAT checking by the gateway. ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.b Routing If you have more than one router and subnet, you will need to enable routing function to allow packets to find proper routing path and allow different subnets to communicate with each other. Routing is the process of selecting best paths in a network. It is performed for many kinds of networks, like electronic data networks (such as the Internet), by using packet switching technology. The routing process usually directs forwarding on the basis of routing tables which maintain a record of the routes to various network destinations. Thus, constructing routing tables, which are held in the router's memory, is very important for efficient routing. Most routing algorithms use only one network path at a time. The routing tables record your pre‐defined routing paths for some specific destination subnets. It is static routing. However, if the contents of routing tables record the obtained routing paths from neighbor routers by using some protocols, such as RIP, OSPF and BGP. It is dynamic routing. These both routing approaches will be illustrated one after one. 3.b.1 Static Routing "Static Routing" function lets you define the routing paths for some dedicated hosts/servers or ...
Page 110
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. applied the "Static Routing Rule Configuration" window will appear to let you define a static routing rule. The parameters include the destination IP address and subnet mask of dedicated host/server or subnet, the IP address of peer gateway, the metric and the rule activation. Configuration Just check the "Enable" box to activate the "Static Routing" feature. Static Routing Rule List The Static Routing Rule List shows the setup parameters of all static routing rule enteries.
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. destination. It can be carried out by the "Static Routing" feature. Scenario Description Dedicated packet flows from the Intranet will be routed to their destination via the pre‐ defined peer gateway and corresponding gateway interface that are defined in the system routing table by manual. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "Static Routing" enabling. Use default value for those parameters that are not mentioned in the tables. Configuration Path [Static Routing]-[Configuration] Static Routing ■...
Page 112
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Static Routing Setting The static routing setting allows user to create and customize static routing rules through the router based on their office setting. Go to Basic Network > Routing > Static Routing Tab Static Routing Tab Item Value setting Description Enable Static The box is unchecked by Check the Enable box to activate this function ...
Page 113
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IPv4 Static Routing Item Value setting Description 1. IPv4 Format Destination IP The Destination IP of this static routing rule. 2. A Must filled setting 255.255.255.0 (/24) is set Subnet Mask The Subnet Mask of this static routing rule. by default 1. IPv4 Format Gateway IP The Gateway IP of this static routing rule. 2. A Must filled setting Interface Auto is set by default The Interface of this static routing rule. 1. Numberic String Format Metric The Metric of this static routing rule. 2. A Must filled setting Enabling the The box is unchecked by Click Enable box to activate this rule. rule default. Save NA Click the Save button to save the configuration Click the Undo button to restore what you just configured back to the previous Undo NA setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.b.3 Dynamic Routing Dynamic Routing, also called adaptive routing, describes the capability of a system, through which routes are characterized by their destination, to alter the path that the route takes through the system in response to a change in network conditions. The adaptation is intended to allow as many routes as possible to remain valid (that is, have destinations that can be reached) in response to the change. This gateway supports dynamic routing protocol, such as RIPv1/RIPv2 (Routing Information ...
Page 115
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. These three dynamic routing protocols are described as follows. RIP Scenario The Routing Information Protocol (RIP) is one of the oldest distance‐vector routing protocols, which employs the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from the source to a destination. The maximum 115 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. number of hops allowed for RIP is 15. This hop limit, however, also limits the size of networks that RIP can support. A hop count of 16 is considered an infinite distance, in other words the route is considered unreachable. RIP implements the split horizon, route poisoning and holddown mechanisms to prevent incorrect routing information from being propagated. RIP Configuration In the "RIP Configuration" window, you can just choose the version of RIP protocol to activate the dynamic routing feature, or disable it. OSPF Scenario Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing algorithm and falls into the group of interior routing protocols, operating within a single autonomous system (AS). OSPF is perhaps the most widely used interior gateway protocol (IGP) in large enterprise networks. IS‐IS, another link‐state dynamic routing protocol, is more common in large service provider networks. The most widely used exterior gateway protocol is ...
Page 117
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. the "OSPF Area List" caption to allow you to add one new OSPF area. The "Edit" button at the end of each OSPF area definition can let you modify it. OSPF Area Configuration To configure one OSPF area, you must specify related parameters including the area subnet, the area ID and area activation by an "Enable" box. Following diagram is an example for the scenario. ...
Page 118
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Following tables list the parameter configuration as an example for the OSPF gateway in above diagram. Use default value for those parameters that are not mentioned in the tables. Configuration Path [Dynamic Routing]-[OSPF Configuration] OSPF ■ Enable Backbone Subnet 10.0.0.0/16 Configuration Path [Dynamic Routing]-[OSPF Area List] Area Subnet 10.0.75.0/24 10.0.76.0/24 Area ID 10.0.75.254 10.0.76.254 Area ■ Enable ■ Enable Scenario Operation Procedure In above diagram, the OSPF Gateway is one gateway of the enterprise backbone (area ...
Page 119
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The BGP Neighbor List shows all BGP neighbors definition. There also be one "Add" button at the "BGP Neighbor List" caption that can let you add and create one new BGP neighbor. The "Edit" button at the end of each BGP neighbor definition can let you modify it.
Page 120
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. some other border gateways for exchanging routing information. The BGP gateway will distribute the collected routing information in its dominated AS. Then all routers in the AS know how to route packets to other AS. Parameter Setup Example Following tables list the parameter configuration as an example for the BGP gateway in above diagram. Use default value for those parameters that are not mentioned in the tables. Configuration Path [Dynamic Routing]-[BGP Configuration] ■ Enable Self ID Configuration Path [Dynamic Routing]-[BGP Neighbor List] Neighbor IP 10.101.0.1 10.102.0.1 10.103.0.1 10.104.0.1 Neighbor ID Neighbor ■ Enable ■ Enable ■ Enable ■...
Page 121
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Dynamic Routing Setting The dynamic routing setting allows user to customize RIP, OSPF, and BGP protocol through the router based on their office setting. Go to Basic Network > Routing > Dynamic Routing Tab Description Item Value setting Enable Dynamic The box is unchecked by ...
Page 122
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The OSPF configuration setting allows user to customize OSPF protocol through the router based . on their office setting Item Value setting Description Enable OSPF Disable is set by default Click Enable box to activate the OSPF protocol. 1. IPv4 Format Router ID The Router ID of this router on OSPF protocol 2. A Must filled setting The Authentication method of this router on OSPF protocol. Select None will disable Authentication on OSPF protocol. Select Text will enable Text Authentication with entered the Key in this field on Authentication None is set by default OSPF protocol. Select MD5 will enable MD5 Authentication with entered the ID and Key in these fields on OSPF protocol. 1. Classless Inter Domain Routing (CIDR) Subnet Backbone Mask Notation. (Ex: The Backbone Subnet of this router on OSPF protocol. Subnet 192.168.1.0/24) 2. A Must filled setting 122 ...
Page 123
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit OSPF Area Rules The router allows you to custom your OSPF Area List rules. It supports up to a maximum of 32 rule sets. When Add button is applied OSPF Area Rule Configuration screen will appear. Item Value setting Description 1. Classless Inter Domain Routing (CIDR) Subnet Area Subnet Mask Notation. (Ex: The Area Subnet of this router on OSPF Area List. 192.168.1.0/24) 2. A Must filled setting 1. IPv4 Format Area ID The Area ID of this router on OSPF Area List. 2. A Must filled setting The box is unchecked by Area Enable Click Enable box to activate this rule. default. Save N/A Click the Save button to save the configuration 123 ...
Page 124
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The BGP configuration setting allows user to customize BGP protocol through the router based on their office setting Item Value setting Description Enable BGP The box is unchecked by Check the Enable box to activate the BGP protocol. function default ASN 1. Numberic String The ASN Number of this router on BGP protocol. Format 2. A Must filled setting Router ID 1. IPv4 Format The Router ID of this router on BGP protocol. 2. A Must filled setting Create/Edit BGP Network Rules The router allows you to custom your BGP Network rules. It supports up to a maximum of 32 rule sets. When Add button is applied BGP Network Rule Configuration screen will appear. Item Value setting Description 1. IPv4 Format The Network Subnet of this router on BGP Network List. It composes of entered ...
Page 125
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit BGP Neighbor Rules The router allows you to custom your BGP Neighbor rules. It supports up to a maximum of 32 rule sets. When Add button is applied BGP Neighbor Rule Configuration screen will appear. Item Value setting Description 1. IPv4 Format Neighbor IP The Neighbor IP of this router on BGP Neighbor List. 2. A Must filled setting 1. Numberic String Format Remote ASN The Remote ASN of this router on BGP Neighbor List. 2. A Must filled setting The box is unchecked by Neighbor Enable Click Enable box to activate this rule. default. Save N/A Click the Save button to save the configuration 125 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.b.5 Routing Information The routing information allows user to view the routing table and policy routing information based on their office setting. Policy Routing Information is available when the Load Balanced is . enabled and the Load Balance Strategy is By User Policy Go to Basic Network > Routing > Routing Information Tab Item...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.d Client & Server & Proxy This section presents application clients, servers or proxies running in the gateway system. There are mainly Dynamic DNS client and DHCP server in the current gateway device. 3.d.1 DNS & DDNS How does user access your server if your WAN IP address changes all the time? One way is to register a new domain name, and maintain your own DNS server. Another simpler way is to apply a ...
Page 128
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. service provider, the host name of the gateway, and the user name (or E‐mail address) and password (or key) for authenticating to the service provider successfully. This device supports most popular third‐ party DDNS service provider, including DynDNS.org(Dynamic), DynDNS.org(Custom), No‐IP.com, TZO.com, and DHS.org. Before you enable Dynamic DNS, you need to register an account with one of these Dynamic DNS servers that we list in Provider field. Once the IP address of a WAN interface in the gateway has changed, the dynamic DNS agent in the gateway will inform the DDNS server with the new IP address. The server automatically re‐maps your domain name with the changed IP address. So, other hosts in the Internet world will be able to link to your gateway by using your domain name regardless of the changing global IP adress. Dynamic DNS Scenario Scenario Application Timing When the IP address of the Gateway is often changed by ISP, and other hosts in the Internet want to link to the gateway device by using its corresponding domain name. ...
Page 129
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Use default value for those parameters that are not mentioned in the table. [Dynamic DNS]‐[Dynamic DNS] Configuration Path ■ Enable DDNS No‐IP.com Provider JP‐NB Host Name Chinghuihsieh Username / E‐mail ddnspassword Password / Key Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and gets a dynamic IP 118.18.81.33 for WAN‐1 interface. It serves as a NAT router. Configure the required parameters for DDNS function by referring to above setup ...
Page 130
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. DNS & DDNS Setting The DNS & DDNS setting allows user to create/modify pre‐defined domain name list and setup Dynamic DNS feature. Go to Basic Network > Client / Server / Proxy > Dynamic DNS Tab Create/Edit Pre‐defined Domain Name List The router allows you to custom your pre‐defined domain name list. It supports up to a maximum of 128 sets. When Add button is applied Pre‐defined Domain Name Configuration screen will appear. Pre‐defined Domain Name Configuration Item Value setting Description 1. String format can be Domain Name any text ...
Page 131
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Setup Dynamic DNS The router allows you to custom your Dynamic DNS settings. DDNS (Dynamic DNS) Configuration Item Value setting Description Enable DDNS The box is unchecked by Check the Enable box to activate this function function default WAN Interface WAN 1 is set by default Selected the WAN Interface IP Address of the router. DynDNS.org (Dynamic) is Provider Your DDNS provider of Dynamic DNS. set by default 1. String format can be Host Name any text Your registered host name of Dynamic DNS. 2. A Must filled setting 1. String format can be User Name / E‐ any text Your User name or E‐mail addresss of Dynamic DNS. Mail 2. A Must filled setting 1. String format can be Password / Key any text Your Password or Key of Dynamic DNS. 2. A Must filled setting ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.d.3 DHCP Server DHCP Server The gateway supports up to 4 DHCP servers to fulfill the DHCP requests from different VLAN groups (please refer to VLAN section for getting more usage details). And there is one default setting for whose LAN IP Address is the same one of gateway LAN interface, with its default ...
Page 133
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. DHCP Clients List To show the DHCP clients list with some details/information like the LAN Interface, IP Address, Host Name, MAC Address and the Remaining Lease Time. Fixed Mapping User can assign fixed IP address to map the specific client MAC address by select them then copy, when targets were already existed in the DHCP Client List, or to add some other Mapping Rules by ...
Page 134
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. DHCP Server Setting The DHCP Server setting allows user to create and customize DHCP Server policies to assign IP . Addresses to the devices on the local area network (LAN) Go to Basic Network > Client / Server / Proxy > DHCP Server Tab Create/Edit DHCP Server Policy The router allows you to custom your DHCP Server Policy. It supports up to a maximum of 4 policy sets. When Add button is applied DHCP Server Configuration screen will appear. 134 ...
Page 135
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. DHCP Server Configuration Item Value setting Description 1. String format can be DHCP Server any text Enter a DHCP Server name. Enter a name that is easy for you to understand. Name 2. A Must filled setting LAN IP 1. IPv4 format. The LAN IP Address of this DHCP Server. Address 2. A Must filled setting 255.0.0.0 (/8) is set by Subnet Mask The Subnet Mask of this DHCP Server. default 1. IPv4 format. The IP Pool of this DHCP Server. It composed of Starting Address entered in this IP Pool 2. A Must filled setting field and Ending Address entered in this field. 1. Numberic string format. Lease Time The Lease Time of this DHCP Server. 2. A Must filled setting String format can be any Domain Name The Domain Name of this DHCP Server. text Primary DNS IPv4 format The Primary DNS of this DHCP Server. Secondary IPv4 format The Secondary DNS of this DHCP Server. ...
Page 136
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Mapping Rule List on DHCP Serve The router allows you to custom your Mapping Rule List on DHCP Server. It supports up to a maximum of 64 rule sets. When Fix Mapping button is applied, the Mapping Rule List screen will appear. When Add button is applied Mapping Rule Configuration screen will appear. Mapping Rule Configuration Item Value setting Description 1. MAC Address string MAC Address format The MAC Address of this mapping rule. 2. A Must filled setting 1. IPv4 format. IP Address The IP Address of this mapping rule. 2. A Must filled setting Enabling the The box is unchecked by Click Enable box to activate this rule. Rule default. Save N/A Click the Save button to save the configuration Click the Undo button to restore what you just configured back to the previous Undo N/A setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. When the Back button is clicked the screen will return to the DHCP Server Back ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 3.d.5 DHCP Server Options The DHCP Server Options setting allows user to set DHCP OPTIONS 66 72 114. DHCP Server will add these options in its sending out DHCPOFFER DHCPACK packages. Option Meaning 66 TFTP server name [RFC 2132] 72 Default World Wide Web Server [RFC 2132] 114 URL [RFC 3679] Go to Basic Network > Client / Server / Proxy > DHCP Server Options Tab Enable/Disable DHCP Server Options Create/Edit DHCP Server Options The router supports up to a maximum of 99 option settings. When Add/Edit button is applied DHCP Server Option Configuration screen will appear. 137 ...
Page 138
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. DHCP Server Option Configuration Item Value setting Description 1. String format can be Option Name any text Enter a DHCP Server Option name. Enter a name that is easy for you to understand. 2. A Must filled setting DHCP Server Dropdown list of all Choose the DHCP server this option should apply to. Select available DHCP servers. Dropdown list 66 ‐ tftp Option Select Choose the specific option you want to set. 72 – www 114 ‐ url Each different options has different value types. Single IP Address 66 Single FQDN Dropdown list of DHCP Type server option value’s type ...
Page 139
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Save/Undo DHCP Server Options Click Save to restart DHCP server, forcing settings to take effect immediately. 139 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter5 Advanced Network 5.1 Firewall The firewall functions include Packet Filters, URL Blocking, Web Content Filters, MAC Control, Application Filters, IPS and some firewall options. 5.1.1 Firewall Configuration Firewall Configuration Enable Firewall check box will activate all firewall functions. The firewall configuration allows user to enable or disable all functions including Packet Filters, URL Blocking, Web Content Filters, MAC Control, Application Filters, IPS, and Firewall Options. ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.1.3 Packet Filters "Packet Filters" function can let you define some filtering rules for incoming and outgoing packets. So the gateway can control what packets are allowed or blocked to pass through it. A packet filter rule should indicate from and to which interface the packet enters and leaves the gateway, the source and destination IP addresses, and destination service port type and port number. Lastly, the time schedule to which the rule will be active. In "Packet Filters" page, there are three configuration windows for packet filtering function. They are the "Configuration" window, "Packet Filter Rule List" window, and "Packet Filter Rule Configuration" window. The "Configuration" window can let you activate the packet filtering function and specify to black listing or to white listing Inbound or Outbound packets defined in the "Packet Filter Rule List" ...
Page 142
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Packet Filter Rule List The "Packet Filter Rule List" shows the setup parameters of all packet filtering rules. There also be one "Add" button at the "Packet Filter Rule List" caption, that can let you add and create one new packet filtering rule. The "Edit" button at the end of each packet filtering rule can let you modify the rule. Refer to the following sub‐sections for more reference. Packet Filter Rule Configuration When you want to add a new packet filtering rule or edit one already existed, the "Packet Filter Rule Configuration" window shows up for you to configure. The parameters in a rule include the rule name, the from and to which interface the packet enters and leaves, the source and ...
Page 143
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. administrator wants to deny only specific packets from going through, he can use the "Packet Filters" function by defining the black list to carry out to meet the requirement. It is contrasting to above diagram. Scenario Description To only allow dedicated packets that match to one packet filtering rule to flow through the gateway and block other packets that are not defined in the “Packet Filter Rule List” entry. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "Packet Filters" enabling. Use default value for those parameters that are not mentioned in the tables. [Packet Filters]‐[Configuration] Configuration Path ■ Enable Packet Filters Deny all to pass except those match the following rules. Black List / White List [Packet Filters]‐[Packet Filter Rule List] Configuration Path ID Access 80 Access 443 Rule Name ...
Page 144
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Packet Filter Setting The packet filter setting allows user to create and customize packet filter policies to allow or reject specific inbound/outbound packets through the router based on their office setting. Enabling Packet Filter Go to Advanced Network > Firewall > Packet Filters Tab Enabling Packet Filters Item Name Value setting Description Enable Packet The box is unchecked by Check the Enable box to activate Packet Filter function Filter function default When Deny those match the following rules is selected, as the name suggest, Black List / Deny those match the White List packets specified in the rules will be blocked –black listed. In contrast, with Allow following rules is set by (Filter Method those match the following rules, you can specifically white list the packets to pass default Selection) and the rest will be blocked. The box is unchecked by Log Alert Check the Enable box to activate Event Log. default Save N/A Click Save to save the settings Undo ...
Page 145
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Filter Rules The router allows you to customize your packet filtering rules. It supports up to a maximum of 20 filter rule sets. When Add button is applied Filter Rule Configuration screen will appear. Create/Edit Filter Rules Item Name Value setting Description 1. String format can be Rule Name any text Enter a packet filter rule name. Enter a name that is easy for you to remember. 2. A Must filled setting Define the selected interface to be the packet‐entering interface of the router. If the packets to be filtered are coming from LAN to WAN then select LAN for this field. Or VLAN‐1 to WAN then select VLAN‐1 for this field. Other examples are From Interface A Must filled setting VLAN‐1 to VLAN‐2. VLAN‐1 to WAN. Select Any to filter packets coming into the router from any interfaces. Please note that two identical interfaces are not accepted by the router. i.e. VLAN‐ 1 to VLAN‐1. Define the selected interface to be the packet‐leaving interface of the router. If the packets to be filtered are entering from LAN to WAN then select WAN for this To Interface A Must filled setting field. Or VLAN‐1 to WAN then select WAN for this field. Other examples are VLAN‐ 1 to VLAN‐2. VLAN‐1 to WAN. Select Any to filter packets leaving the router from any interfaces. 145 ...
Page 146
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Please note that two identical interfaces are not accepted by the router. i.e. VLAN‐ 1 to VLAN‐1. This field is to specify the Source IP address. Select Any to filter packets coming from any IP addresses. Select Specific IP Address to filter packets coming from an IP address. Select IP Range to filter packets coming from a specified range of IP address. Source IP A Must filled setting Select IP Address‐based Group to filter packets coming from a pre‐defined group. Note: group must be pre‐defined before this option become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. This field is to specify the Destination IP address. Select Any to filter packets that are entering to any IP addresses. Select Specific IP Address to filter packets entering to an IP address entered in this field. Select IP Range to filter packets entering to a specified range of IP address entered Destination IP A Must filled setting in this field. Select IP Address‐based Group to filter packets entering to a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. This field is to specify the Source MAC address. Select Any to filter packets coming from any MAC addresses. Select Specific MAC Address to filter packets coming from a MAC address. Source MAC A Must filled setting Select MAC Address‐based Group to filter packets coming from a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. For Protocol, select Any to filter any protocol packets Then for Source Port, select a predefined port dropdown box when Well‐known Service is selected, otherwise select User‐defined Service and specify a port range. Then for Destination Port, select a predefined port dropdown box when Well‐...
Page 147
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. known Service is selected, otherwise select User‐defined Service and specify a port range. For Protocol, select GRE to filter GRE packets For Protocol, select ESP to filter ESP packets For Protocol, select SCTP to filter SCTP packets For Protocol, select User‐defined to filter packets with specified port number. Then enter a pot number in Protocol Number box. Apply Time Schedule to this rule, otherwise leave it as Always. Time Schedule A Must filled setting If the dropdown list is empty ensure Time Schedule is pre‐configured. Refer to System > Scheduling > Scheduling Setting tab The box is unchecked by Enabling the rule Click Enable box to activate this rule then save the settings. default. Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings When the Back button is clicked the screen will return to the Packet Filters Back N/A Configuration page. 147 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.1.5 URL Blocking "URL Blocking" function can let you define blocking or allowing rules for incoming and outgoing Web request packets. With defined rules, gateway can control the Web requests containing the complete URL, partial domain name or pre‐defined keywords. For example, one can filter out or allow only the Web requests based on domain input suffixes like .com or .org or keywords like “bct” or “mpe”. An URL blocking rule should indicate the URL, partial domain name or included keywords in the Web requests from and to the gateway and what destination service port. In addition, the integrated time schedule can be applied to activate rules based on date and time. Gateway logs and displays illegal web accessing, in the web‐based utility, that matches rules in the defined URL blocking rule entry in the black‐list or in the exclusion of the white‐list. In "URL Blocking" page, there are three configuration windows. They are the "Configuration" ...
Page 149
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. redirection for invalid accessing when needed. When you choose "Allow all to pass except those match the following rules" for the "URL Blocking Rule List", you are setting the defined URL blocking rules to belong to the black list. The packets, listed in the rule list, will be blocked if one pattern in the requests matches to one rule. Other Web requests can pass through the gateway. In contrast, when you choose "Deny all to pass ...
Page 150
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. URL Blocking with Black List Scenario Scenario Application Timing When the administrator of the gateway wants to block the Web requests with some dedicated patterns, he can use the "URL Blocking" function to carry out to block specific Web requests by defining the black list as shown in above diagram. Certainly, when the administrator wants to allow only the Web requests with some dedicated patterns to go through the gateway, he can use the "URL Blocking" function by defining the white list to carry out to meet the requirement. It is contrasting to above diagram. Scenario Description Web requests with dedicated patterns in the black list will be blocked by the gateway. Other ones can pass through the gateway. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in ...
Page 151
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. ■ Enable Invalid Access Web Redirection [URL Blocking]‐[URL Blocking Rule List] Configuration Path 1 ID Block sex & sexygirl Block playboy Rule Name sex;sexygirl playboy URL/Domain Name/Keyword ■ Enable ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface, 118.18.81.33 for WAN‐1 interface. It serves as a NAT router. Enable the URL blocking function and specify the "URL Blocking Rule List" is a black list and configure two URL blocking rules for the gateway. Create one rule to deny the Web ...
Page 152
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Item Value setting Description Enable URL The box is unchecked by Blocking Check the Enable box to activate this filter function default function When Deny those match the following rules is selected, as the name suggest, Black List / Deny those match the White List (Filter packets specified in the rules will be blocked –black listed. In contrast, with Allow following rules is set by Method those match the following rules, you can specifically white list the packets to pass default Selection) and the rest will be blocked. The box is unchecked by Log Alert Check the Enable box to activate to activate Event Log. default Invalid Access The box is unchecked by Check the Enable box to activate this function. When the user attempts to open a Web Redirection default blocked http URL by the web browser, it will redirect to a warning page. Create/Edit Filter Rules The router supports up to a maximum of 20 URL blocking rule sets. Ensure that the URL Blocking is enabled before we can create blocking rules. ...
Page 153
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Select IP Range to filter packets coming from a specified range of IP address entered in this field. Select IP Address‐based Group to filter packets coming from a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. This field is to specify the Source MAC address. Select Any to filter packets coming from any MAC addresses. Select Specific MAC Address to filter packets coming from a MAC address entered in this field. Source MAC A Must filled setting Select MAC Address‐based Group to filter packets coming from a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. Specify URL, Domain Name, or Keyword list to filtering rule. It supports up to a maximum of 10 Keywords in a rule by using the delimiter “;”. URL / Domain In the Black List mode, if the matching rule is found, the packets with http header Name / A Must filled setting will be dropped. Keyword In the White List mode, if the matching rule is found, the packets with http header will be accepted and other packets with http header will be dropped. Apply Time Schedule to this rule, otherwise leave it as Always. Time Schedule A Must filled setting If the dropdown list is empty ensure Time Schedule is pre‐configured. Refer to System > Scheduling setting. Enabling the The box is unchecked by Click Enable box to activate this rule. rule default. ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.1.9 Web Content Filters "Web Content Filters" function can block HTML requests with some specific extension file names, like ".exe", ".bat" (applications), "mpeg” (video), and so on. It also blocks HTML requests with some script types, like Java Applet, Java Scripts, cookies and Active X. In "Web Content Filters" page, there are three configuration windows for the filtering function. They are the "Configuration" window, "Web Content Filter List" window, and "Web Content Filter Configuration" window. ...
Page 155
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The "Web Content Filter List" shows the setup parameters of all filtering rules. There also be one "Add" button at the “Web Content Filter List" caption, that can let you add and create one new Web content filtering rule. The "Edit" button at the end of each filtering rule can let you modify the rule. Refer to the following sub‐sections for more reference. Web Content Filter Configuration When you want to add a new Web content filtering rule or edit one existed rule, the "Web Content Filter Configuration" window will appear when you click on the Add or Edit button to ...
Page 156
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Following tables list the parameter configuration as an example for the gateway in above diagram with "Web Content Filters" enabling. Use default value for those parameters that are not mentioned in the tables. [Web Content Filters]‐[Configuration] Configuration Path ■ Enable Web Content Filter ■ Cookie ■ Java ■ ActiveX Popular File Extension List ■ Enable Log Alert [Web Content Filters]‐[Web Content Filter List] Configuration Path ID execution files Rule Name .exe; .com User‐defined File Extension List ■ Enable Rule ...
Page 157
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Extension List unchecked by default pattern matching rule define as the packet with the keyword “Cookie:”. Selection Check the Java box to activate this filter function, as the name suggests, this pattern matching rule define as the packet with the keyword “.js”, “.class”, “.jar”, “.jsp”, “ .java”, “.jse”, “.jcm”, “.jtk” , or ”.jad”. Check the ActiveX box to activate this filter function, as the name suggests, this pattern matching rule define as the packet with the keyword “.ocx”, “.cab”, “.ole”, “.olb”, “.com”, “.vbs”, “.vrm”, or “.viv”. If one of the matching rules is found, the packets with http header will be dropped. The box is unchecked by Log Alert Check the Enable box to activate to activate Event Log. default Create/Edit Filter Rules The router supports up to a maximum of 20 filter rule sets. Ensure that the Web Content Filers is enabled before we can create filter rules. When Add button is applied Filter Rule Configuration screen will appear. Web Content Filter Configuration Item Value setting Description 1. String format can be Enter a web content filter rule name. Enter a name that is easy for you to Rule Name any text understand. 2. A Must filled setting This field is to specify the Source IP address. Select Any to filter packets coming from any IP addresses. Source IP ...
Page 158
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. entered in this field. Select IP Address‐based Group to filter packets coming from a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. This field is to specify the Source MAC address. Select Any to filter packets coming from any MAC addresses. Select Specific MAC Address to filter packets coming from a MAC address entered in this field. Source MAC A Must filled setting Select MAC Address‐based Group to filter packets coming from a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. User‐defined Specify file extension list to filtering rule. It supports up to a maximum of 10 file File Extension A Must filled setting extension names in a rule by using the delimiter “;”. List (Use ; to If the matching rule is found, the packets with http header will be dropped. Concatenate) Apply Time Schedule to this rule, otherwise leave it as Always. Time Schedule A Must filled setting If the dropdown list is empty ensure Time Schedule is pre‐configured. Refer to System > Scheduling setting. Enabling the The box is unchecked by Click Enable box to activate this rule. rule default. Save N/A Click the Save button to save the configuration ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.1.b MAC Control "MAC Control" function allows you to assign the accessibility to the gateway for different users based on device’s MAC address, including wired hosts or WiFi stations. In "MAC Control" page, there are three configuration windows for MAC control function. They are the "Configuration" window, "MAC Control Rule List" window, and "MAC Control Rule Configuration" window. The "Configuration" window can let you activate the MAC Control function and specify to black listing or to white listing the devices in the "MAC Control Rule List" entry. Furthermore, log ...
Page 160
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. their MAC addresses match to one rule. Other client hosts can connect to the gateway. In contrast, when you choose "Deny all to pass except those match the following rules" for the "MAC Control Rule List", you are setting the defined MAC control rules to belong to the white list. The client hosts, listed in the rule, in the Intranet will be allowed for the connection to the gateway if their MAC addresses match to one rule. Other client hosts can't connect to the gateway. MAC Control Rule List The "MAC Control Rule List" shows the setup parameters of all MAC control rules. There also be one "Add" button at the “MAC Control Rule List" caption, that can let you add and create one new ...
Page 161
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the administrator of the gateway wants to reject some client hosts with specific MAC addresses in the Intranet to connect to the gateway, he can use the "MAC Control" function to carry out to reject by defining the black list as shown in above diagram. Certainly, when the administrator wants to allow only the client hosts with dedicated MAC addresses to connect to the gateway, he can use the "MAC Control" function by defining the white list to carry out to meet the requirement. It is contrasting to above diagram. Scenario Description To only reject client hosts with dedicated MAC addresses in the black list to connect to the gateway and block other hosts that are not defined in the “MAC Control Rule List” ...
Page 162
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. ■ Enable Log Alert [MAC Control]‐[MAC Control Rule List] Configuration Path ID Block JP NB Rule Name 20:6A:6A:6A:6A:6B MAC Address ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface, 118.18.81.33 for WAN‐1 interface. It serves as a NAT router. Enable the MAC control function and specify the "MAC Control Rule List" is a black list, and configure one MAC control rule for the gateway to deny the connection request ...
Page 163
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. MAC Control Setting The MAC control setting allows user to create and customize MAC address policies to allow or reject packets with specific source MAC address. Before you proceed ensure that the Firewall is enabled and saved. Go to Advanced Network > Firewall > Configuration tab. Enabling MAC Control Go to Advanced Network > Firewall > MAC Control Tab Enabling MAC Control Item Value setting Description Enable MAC The box is unchecked by Check the Enable box to activate the MAC filter function Control function default When Deny MAC Address Below is selected, as the name suggest, packets Black List / ...
Page 164
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit MAC Control Rules The router supports up to a maximum of 20 filter rule sets. Ensure that the MAC Control is enabled before we can create control rules. When Add button is applied Filter Rule Configuration screen will appear. Create/Edit MAC Control Rules Item Value setting Description 1. String format can be Rule Name any text Enter a MAC Control rule name. Enter a name that is easy for you to remember. 2. A Must fill setting 1. MAC Address string MAC Address (Ues: to Format Specify the Source MAC Address to filter rule. Compose) 2. A Must fill setting Apply Time Schedule to this rule, otherwise leave it as Always. Time Schedule A Must fill setting If the dropdown list is empty ensure Time Schedule is pre‐configured. Refer to System > Scheduling > Scheduling Setting tab Enabling the The box is unchecked by Click Enable box to activate this rule, then save the settings. rule default. ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.1.d Application Filters Application Filter function can categorize Internet Protocol packets based on their application layer data and allow or deny their passing of gateway. It supports the application filters for various Internet chat software, P2P download, Proxy, and A/V streaming. You can select the applications to be blocked after the function is enabled, and may also specify schedule rule to apply. 165 ...
Page 166
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the administrator of the gateway wants to block some P2P or Stream applications, he can use the "Application Filters" function to activate by checking the "Enable" box. Scenario Description Applications, by checking the "Enable" box, will be rejected or limited connection sessions to access the Internet. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "Application Filters" enabling. Use default value for those parameters that are not mentioned in the tables. Configuration Path [Application Filters]‐[Configuration] ■ Enable Application Filter ...
Page 167
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Application Filters Item Setting Value setting Description Enable The box is unchecked by Application Check the Enable box to activate this filter function default Filters function The box is unchecked by Log Alert Check the Enable box to activate Event Log. default Create/Edit Filter Rules The router supports up to a maximum of 20 filter rule sets. Ensure that the Application Filers is enabled before we can create filter rules. When Add button is applied Filter Rule Configuration screen will appear. 167 ...
Page 168
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Application Filter Rule Configuration Item Value setting Description 1. String format can be Enter a Application filter rule name. Enter a name that is easy for you to Rule Name any text understand. 2. A Must filled setting This field is to specify the Source IP address. Select Any to filter packets coming from any IP addresses. Select Specific IP Address to filter packets coming from an IP address entered in this field. Select IP Range to filter packets coming from a specified range of IP address Source IP A Must filled setting entered in this field. Select IP Address‐based Group to filter packets coming from a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. This field is to specify the Source MAC address. Select Any to filter packets coming from any MAC addresses. Select Specific MAC Address to filter packets coming from a MAC address entered in this field. Source MAC A Must filled setting Select MAC Address‐based Group to filter packets coming from a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.1.f IPS Intrusion Prevention Systems are network security appliances that monitor network and/or system activities for malicious activity. The main functions of IPS are to identify malicious activity, log information about this activity, attempt to block/stop it and report it. You can enable the IPS function and check the listed intrusion activities when needed. There are some intrusion prevention items need a further Threshold parameter to work properly for intrusion detection. ...
Page 170
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IPS Scenario Scenario Application Timing The administrator provides some application servers in the Intranet of deployed networking and has to open specific ports to make services for employees oversea or Internet users. There are some risks to always open service ports in the internet for admin users. In order to avoid such attacked risks, please enable IPS functions. Scenario Description The gateway serves as an E‐mail server, Web Server and open TCP‐Port 8080 allowing user to access web‐based utility of Gateway, so remote users or unknown users can ...
Page 171
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Operation Procedure In above diagram, the gateway detects incoming packets which TCP ports are 25, 80,110,443 and 8080 then forward to transfer the E‐mail service requests to the LAN servers and send the replies from LAN servers back to the requester. System will block lots of packets in seconds. IPS Setting The Intrusion Prevention System (IPS) setting allows user to customize intrusion prevention rules to prevent malicious packets. Enabling IPS Firewall Go to Advanced Network > Firewall > IPS Tab ...
Page 172
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Setup Intrusion Prevention Rules The router allows you to select intrusion prevention rules you may want to enable. Ensure that the IPS is enabled before we can enable defenses. Setup Intrusion Prevention Rules Item Name Value setting Description SYN Flood 1. A Must filled setting Click Enable box to activate this intrusion prevention rule and enter Defense 2. The box is unchecked by default. the traffic threshold in this field. UDP Flood 3. traffic threshold is set to 300 by Click Enable box to activate this intrusion prevention rule and enter Defense default the traffic threshold in this field. 4. The value range can be from 10 to ICMP Flood Click Enable box to activate this intrusion prevention rule and enter Defense 10000. the traffic threshold in this field. 1. A Must filled setting 2. The box is unchecked by default. Port Scan 3. traffic threshold is set to 200 by Click Enable box to activate this intrusion prevention rule and enter Defection ...
Page 173
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Block Ping of Death Block IP Spoof Block TCP Flag Scan Block Smurf Block Traceroute Block Fraggle Attack 1. A Must filled setting 2. The box is unchecked by default. ARP Spoofing 3. traffic threshold is set to 300 by Click Enable box to activate this intrusion prevention rule and enter Defence default the traffic threshold in this field. 4. The value range can be from 10 to 10000. Save NA Click Save to save the settings Undo NA Click Undo to cancel the settings 173 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.1.h Options There are some useful functions in this page. “Stealth Mode” lets gateway not to respond to port scans from the WAN so that makes it less susceptible to discovery and attacks on the Internet. ”SPI” enables gateway to record the packet information like IP address, port address, ACK, SEQ number and so on while they pass through the router. And the gateway checks every incoming packet to detect if this packet is valid. “Discard Ping from WAN” makes any host on the WAN side can`t ping this product. It means this device won`t reply any ICMP packet from Internet. “Remote Administrator Hosts” enables only the LAN users to browse the web‐based utility to ...
Page 175
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. SPI Scenario Scenario Application Timing Users in Network‐A initiate to access cloud server through Gateway which records connected sessions. Sometimes, unknown users will simulate the Packet but use different Src IP to masquerade. Scenario Description In order to prevent security leak when local users surf the internet. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in ...
Page 176
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Discard Ping from WAN and Remote Administrator Hosts Scenario Scenario Application Timing “Discard Ping from WAN” makes any host on the WAN side can`t ping this gateway reply any ICMP packet from Internet while with “Remote Administrator Hosts” allowing to browse the web‐based utility to perform administration task remotely. Scenario Description In order to prevent security leak when local users surf the internet. Following tables list the parameter configuration as an example for the gateway in above diagram. ...
Page 177
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Firewall Setting The firewall options setting allows network administrator to modify the behavior of the Firewall and to enable Remote Router Access Control. Enabling Firewall Options Go to Advanced Network > Firewall > Options Tab Enabling Firewall Options Item Value setting Description Enable Stealth The box is unchecked by Check the Enable box to activate Stealth Mode function mode function default Enable SPI The box is checked by Check the Enable box to activate SPI function function default Discard Ping The box is unchecked by Check the Enable box to activate Discarding Ping function from WAN default Remote Router Access Control The router allows network administrator to manage router remotely. The network administrator can assign specific IP address and service port to allow accessing the router. 177 ...
Page 178
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Remote Administrator Host Definition Item Value setting Description Protocol HTTP is set by default Select HTTP or HTTPS method for router access. This field is to specify the remote host to assign access right for remote access. Select Any IP to allow any remote hosts IP A Must filled setting Select Specific IP to allow the remote host coming from a specific subnet. An IP address entered in this field and a selected Subnet Mask to compose the subnet. 1. 80 for HTTP by default Service Port 2. 443 for HTTPS by This field is to specify a Service Port to HTTP or HTTPS connection. default Enabling the The box is unchecked by Click Enable box to activate this rule. rule default. Save N/A Click Enable box to activate this rule then save the settings. Undo N/A Click Undo to cancel the settings 178 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.5 VPN A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefitting from the functionality, security and management policies of the private network. This is done by establishing a virtual point‐to‐point connection through the use of dedicated connections, encryption, or a combination of the two. The ...
Page 180
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. VPN Configuration Item Value setting Description The box is VPN unchecked by Check the Enable box to enable all VPN functions default Save N/A Click the Save button to save the settings 180 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.5.3 IPSec Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPSec includes protocols for establishing mutual authentication between agents at the beginning of the ...
Page 182
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Configuration The "Configuration" window is to enable the IPSec VPN function. In addition, if you want to activate the network neighborhood communication to work between both Intranets of local and remote peers in the IPSec VPN tunnel, you can check the "NetBIOS over IPSec" box. Moreover, if your security gateway is under a NAT router and you want to create an IPSec VPN tunnel between your ...
Page 183
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Site to Site Tunnel Scenario Scenario Application Timing The security gateway can be located at branch office or mobile office. When the client hosts behind the security gateway want to make a secure communication with the ones behind another security gateway in headquarters or another branch office, both security gateways need to establish a VPN tunnel first. Both Intranets of security gateways have their own subnet and the "Site to Site" tunnel scenario is used. "Site" ...
Page 184
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel s2s‐101 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.76.0 Local Subnet 255.255.255.0 Local Netmask Disable Full Tunnel 10.0.75.0 Remote Subnet 255.255.255.0 Remote Netmask 118.18.81.33 Remote Gateway [IPSec]‐[Authentication] Configuration Path Key Management IKE+Pre‐shared Key 12345678 User Name Network‐A...
Page 185
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel s2s‐201 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.75.0 Local Subnet 255.255.255.0 Local Netmask Disable Full Tunnel 10.0.76.0 Remote Subnet 255.255.255.0 Remote Netmask 203.95.80.22 Remote Gateway [IPSec]‐[Authentication] Configuration Path IKE+Pre‐shared Key 12345678 Key Management User Name Network‐B Local ID User Name Network‐A Remote ID ...
Page 186
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Dynamic VPN Tunnel Scenario Business Security Gateway can ignore IP information of clients when using Dynamic VPN, so it is suitable for users to build VPN tunnels with Business Security Gateway from a remote mobile site. Remote peer is a site will be indicated in the negotiation packets, including what remote subnet is. It must be noted that the remote peer has to initiate the tunnel establishing process first in this application scenario. Scenario Application Timing If the security gateway in headquarters wants to allow any traveling employees to securely access the enterprise operation systems to access office resources from ...
Page 187
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Dynamic VPN is suitable for the Initiator being a mobile site or a mobile device with a dynamic IP, only the Responder has a “Static IP” or a “FQDN”. Two phases (IKE and IPSec) to negotiate for establishing an IPSec VPN tunnel with pre‐ shared key and optional X‐Auth account / password. Parameter Setup Example For Network‐A at HQ Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network‐A. Use default value for those parameters that are not mentioned in these 5 tables. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel dvpn‐101 Tunnel Name WAN 1 Interface Dynamic VPN Tunnel Scenario Always on Operation Mode [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.76.0 Local Subnet 255.255.255.0 Local Netmask [IPSec]‐[Authentication] Configuration Path IKE+Pre‐shared Key 12345678 Key Management ...
Page 188
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. ones in the setup example and they are not shown in followings. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel dvpn‐201 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode ■ Enable Keep alive Ping FQDN www.abc.com , Interval 120 sec [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.75.0 Local Subnet 255.255.255.0 Local Netmask Full Tunnel Disable 10.0.76.0 Remote Subnet 255.255.255.0 Remote Netmask 203.95.80.22 or www.abc.com Remote Gateway ...
Page 189
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. server or database resources in the Intranet of Network‐A at HQ with a secured link. That means, the security gateway in headquarters supports "Dynamic VPN" function and then you, as a mobile user, can access its Intranet resources from remote side with a secured link; even your device is not on a fixed IP address. "Full Tunnel"‐enabled Site to Site Tunnel Scenario In "Site to Site" tunnel scenario, the client hosts of remote site can securely access the enterprise resources in the Intranet of headquarters gateway via an established VPN tunnel, as described above. But the regular Internet accessing at remote site still go through the WAN interface of remote gateway, not the VPN tunnel. If you want all packets to be transferred from the Network‐B at branch office via this VPN tunnel, including the enterprise resource accessing and the Internet accessing, you can refer to following scenario example. When Full Tunnel function of remote Business Security Gateway is enabled, all data traffic from remote clients behind remote Business Security Gateway will go over the VPN tunnel. That is, if a user is operating at a PC that is in the Intranet of remote Business Security Gateway, all application packets and private data packets from the PC will be transmitted securely in the VPN tunnel to access the ...
Page 190
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing The security gateway can be located at branch office or mobile office. When the client hosts behind the security gateway want to make a secure communication with the ones behind another security gateway in headquarters or another branch office, both security gateways need establish a VPN tunnel first. Both Intranets of security gateways have their own subnet and the "Site to Site" tunnel scenario is used. "Site" means a subnet of client hosts. Moreover, since the "Full Tunnel" feature is enabled at branch office site, all packet flows will go through the established VPN tunnel between both ...
Page 191
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel s2s‐101 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.76.0 Local Subnet 255.255.255.0 Local Netmask Disable Full Tunnel 10.0.75.0 Remote Subnet 255.255.255.0 Remote Netmask 118.18.81.33 Remote Gateway [IPSec]‐[Authentication] Configuration Path IKE+Pre‐shared Key 12345678 Key Management User Name Network‐A Local ID User Name Network‐B Remote ID ...
Page 192
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel s2s‐201 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.75.0 Local Subnet 255.255.255.0 Local Netmask ■ Enable Full Tunnel 10.0.76.0 Remote Subnet 255.255.255.0 Remote Netmask 203.95.80.22 Remote Gateway [IPSec]‐[Authentication] Configuration Path IKE+Pre‐shared Key 12345678 Key Management User Name Network‐B Local ID User Name Network‐A Remote ID [IPSec]‐[IKE Phase] Configuration Path ...
Page 193
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IPSec Setting The IPsec Setting allows user to create and configure IPSec tunnels. Before you proceed ensure that the VPN is enabled and saved. To enable VPN, go to Advanced Network > VPN > Configuration tab. Enabling IPSec Go to Advanced Network > VPN > IPSec tab Enable IPSec Window Item Value setting Description Unchecked by IPsec Click the Enable box to enable IPSec function. default Unchecked by NetBIOS over IPSec Click the Enable box to enable NetBIOS over IPSec function. default Unchecked by NAT Traversal Click the Enable box to enable NAT Traversal function. ...
Page 194
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 194 ...
Page 195
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Tunnel Configuration Window Item Value setting Description Unchecked by Tunnel Check the Enable box to activate the IPSec tunnel default 1. A Must fill setting Tunnel Name 2. String format can Enter a tunnel name. Enter a name that is easy for you to identify. be any text 1. A Must fill setting 2. WAN 1 is selected Interface by default Select WAN interface on which IPSec tunnel is to be established. Select an IPSec tunneling scenario from the dropdown box for your application. 1. A Must fill setting Select Site‐to‐Site, Site‐to‐Host, Host‐to‐Site, Host‐to‐Host, or Dynamic VPN. 2. Site to site is Tunnel Scenario With Site‐to‐Site or Site‐to‐Host or Host‐to‐Site, IPSec operates in tunnel mode. The selected by default difference among them is the number of subnets. With Host‐to‐Host, IPSec operates in transport mode. Select from the dropdown box to setup your gateway for Hub‐and‐Spoke IPsec VPN Deployments. 1. An optional Select None if your deployments will not support Hub or Spoke encryption. setting Hub and Spoke Select Hub for a Hub role in the IPSec design. ...
Page 196
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Local & Remote Configuration Window Item Value setting Description Specify the Local Subnet IP address and Subnet Mask. Click the Add or Delete button to add or delete a Local Subnet. Note_1: When Dynamic VPN option in Tunnel Scenario is selected, there will be A Must fill setting Local Subnet List only one subnet available. Note_2: When Host‐to‐Site or Host‐to‐Host option in Tunnel Scenario is selected, Local Subnet will not be available. Note_3: When Hub and Spoke option in Hub and Spoke is selected, there will be only one subnet available. Unchecked by Click Enable box to enable Full Tunnel. Full Tunnel default Note: Full tunnel is available only for Site‐to‐Site specified in Tunnel Scenario. Specify the Remote Subnet IP address and Subnet Mask. Remote Subnet List A Must fill setting Click the Add or Delete button to add or delete Remote Subnet setting. 1. A Must fill setting. 2. Format can be a Remote Gateway Specify the Remote Gateway. ipv4 address or FQDN Authentication Configuration Window Item Value setting Description Select Key Management from the dropdown box for this IPSec tunnel. ...
Page 197
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Item Value setting Description 1. A must fill setting Specify the IKE version for this IPSec tunnel. Select v1 or v2 IKE Version 2. v1 is selected by Note: IKE versions will not be available when Dynamic VPN option in Tunnel default Scenario is selected, or AH option in Encapsulation Protocol is selected. Main Mode is set by Specify the Negotiation Mode for this IPSec tunnel. Select Main Mode or Negotiation Mode default default Aggressive Mode. Specify the X‐Auth role for this IPSec tunnel. Select Server, Client, or None. Selected None no X‐Auth authentication is required. Selected Server this gateway will be an X‐Auth server. Click on the X‐Auth Account None is selected by button to create remote X‐Auth client account. X‐Auth default Selected Client this gateway will be a X‐Auth client. Enter User name and Password to be authenticated by the X‐Auth server gateway. Note: X‐Auth Client will not be available for Dynamic VPN option selected in Tunnel Scenario. 1. Unchecked by default Dead Peer Click Enable box to enable DPD function. Specify the Timeout and Delay time in 2. Default Timeout Detection (DPD) seconds. 180s and Delay 30s 1. A Must fill setting Phase1 Key Life 2. Default 3600s ...
Page 198
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. IPSec Phase Window Item Value setting Description 1. A Must fill setting Phase2 Key Life 2. 28800s is set by Specify the Phase2 Key Life Time in second. Time default 3. Max. 86400s IPSec Proposal Definition Window Item Value setting Description Specify the Encryption method None/AES‐auto/AES128/AES192/AES256/DES/3DES Specify Authentication method IPSec Proposal None/MD5/SHA1/SHA2‐256/SHA2‐512 A Must fill setting Definition Specify the PFS Group None/Group1/ Group2/ Group5/ Group14/ Group15/ Group16/ Group17/ Group18/ Click Enable to enable this setting Save N/A Click Save to save the settings Undo N/A Click Undo button to cancel the settings Back N/A Click Back button to return to the previous page. ...
Page 199
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Manual Key Management This section describes parameters available for configuring tunnel authentications manually as described in Key Management section under Authentication configuration window in the previous pages. When Manually option is selected for Key Management described in Authentication Configuration Window, a series of configuration windows for Manual IPSec Tunnel configuration will appear. The configuration windows are the Tunnel configuration, the Local & Remote Configuration, the Authentication, the Manual Proposal. The windows may look similar to the ones below. Tunnel Configuration Window Item Value setting ...
Page 200
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1. A Must fill setting Interface 2. WAN 1 is selected Select WAN interface on which IPSec is to be established. by default Select an IPSec tunneling scenario from the dropdown box for your application. 1. A Must fill setting Select Site‐to‐Site, Site‐to‐Host, Host‐to‐Site, or Host‐to‐Host. Tunnel Scenario 2. Site to site is With Site‐to‐Site or Site‐to‐Host or Host‐to‐Site, IPSec operates in tunnel mode. The selected by default difference among them is the number of subnets. With Host‐to‐Host, IPSec operates in transport mode. There are three available operation modes. Always On, Failover, Load Balance. Define whether the IPSec tunnel is a failover tunnel function or an always on tunneling Note: If this IPSec is a failover tunneling, you will need to select the primary IPSec tunnel from which to failover to. 1. A Must fill setting Define whether the IPSec tunnel connection will take part in load balance Operation Mode 2. Alway on is function of the gateway. You will not need to select with WAN interface as selected by default the system will automatically utilize the available WAN interfaces to balance traffic loads. For more details on WAN Load Balance, refer to Load Balance Usage in this manual. On gateway’s web‐based utility, go to Basic Network > WAN > Load Balance tab. Note: Failover and Load Balance functions are not available for Dynamic VPN specified in Tunnel Scenario. 1. A Must fill setting Encapsulation Select the Encapsulation Protocol from the dropdown box for this IPSec 2. ESP is selected by Protocol tunnel. Available encapsulations are ESP and AH. ...
Page 201
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Authentication Configuration Window Item Value setting Description Select Key Management from the dropdown box for this IPSec tunnel. In this section Manually is the option selected. Key Management A Must fill setting For IKE+Pre‐shared Key and IKE+X.509 option, please refer to the table in previous 5 pages where key management is described. Specify the Local ID for this IPSec tunnel to authenticate. Local ID An optional setting Select the Key ID for Local ID and enter the Key ID (English alphabet or number). Specify the Remote ID for this IPSec tunnel to authenticate. Remote ID An optional setting Select Key ID for Remote ID and enter the Key ID (English alphabet or number). Manual Proposal Window Item Value setting Description Outbound SPI Hexadecimal format Specify the Outbound SPI for this IPSec tunnel. Inbound SPI Hexadecimal format Specify the Inbound SPI for this IPSec tunnel. Specify the Encryption Method and Encryption key 1. A Must fill setting Available encryption methods are DES/3DES/AES128/AES192/AES256 Encryption 2. Hexadecimal The key length for DES is 16, 3DES is 48, AES128 is 32, AES192 is 48, AES256 is 64. format Note: When AH option in Encapsulation is selected, encryption will not be available. ...
Page 202
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.5.5 PPTP The Point‐to‐Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. The PPTP specification does not describe encryption or authentication features and relies on the Point‐to‐Point Protocol being tunneled to implement security functionality. However, the most ...
Page 203
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. time. Define and choose either one role for your router in the "Configuration" window and configure all required parameters beneath the "Configuration" window. Then configure parameters on another gateway to takes another role. Above diagram is the server role configuration and following diagram shows the client role configuration. When you want to configure "PPTP Server" role for the security gateway, there are 4 more configuration windows: "PPTP Server Configuration", "PPTP Server Status", "User Account List" and "User Account Configuration". However, when you want to configure "PPTP Client" role for the security gateway, there are 3 more configuration windows: "PPTP Client Configuration", "PPTP Client List & ...
Page 204
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. "MS‐CHAP v2" for the authentication protocol, you also can specify if the PPTP server needs the MPPE encryption and its key length for the authentication process. PPTP Server Status "PPTP Server Status" window shows the dialing in status to the PPTP VPN server, including the used user name, remote IP address, the obtained virtual IP address and call ID of all PPTP clients. User Account List "User Account List" lists your defined user accounts that can be accepted by the PPTP server. User Account Configuration "User Account Configuration" window can let you specify the required parameters for a PPTP client account, such as user name, password and account activation. Add one new user account by ...
Page 205
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Above diagram illustrates the security gateway at headquarters playing the PPTP VPN server role. The PPTP tunnel is established by starting from PPTP client, the Security Gateway 2 in Network‐B or the mobile device, like notebook. All client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of ...
Page 206
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. For Network‐A at HQ Following 3 tables list the parameter configuration for above example diagram of PPTP VPN server in Network‐A. Use default value for those parameters that are not mentioned in these tables. [PPTP]‐[Configuration] Configuration Path ■ Enable PPTP Server Client/Server [PPTP]‐[PPTP Server Configuration] Configuration Path ■ Enable PPTP Server 192.168.101.253 Server Virtual IP 10 IP Pool Starting Address (that means 192.168.101.10) 50 IP Pool Ending Address (that means 192.168.101.50) MS‐CHAP Authentication Protocol ■ Enable 128 bits MPPE Encryption [PPTP]‐[User Account Configuration] Configuration Path ID 1 User‐1 User‐2 User Name 1234 4321 ...
Page 207
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. "PPTP Client Configuration" window can let you enable the PPTP client function by checking the "Enable" box. PPTP Client List & Status "PPTP Client List & Status" window shows your defined PPTP clients and their tunnel connection status. Only some important information for all tunnels are shown in the list as following diagram. Configuration for A PPTP Client "Configuration for A PPTP Client" window let you specify the required parameters for a PPTP VPN client, such as "PPTP Client Name", "Interface", "Operation Mode", "Remote IP/FQDN", "User Name", "Password", "Default Gateway/Remote Subnet", "Authentication Protocol", "MPPE Encryption", "NAT before Tunneling", "LCP Echo Type" and tunnel activation. Please be noted the "Default Gateway/Remote Subnet" configuration item. There are two options, "Default Gateway" and "Remote Subnet". When you choose "Remote Subnet", you need specify one more setting: the remote subnet. It is for the Intranet of PPTP VPN server. So, at PPTP client peer, the packets whose destination is in the dedicated subnet will be transferred via the PPTP VPN tunnel. Others will be transferred based on current routing policy of the security gateway at PPTP client peer. But, if you choose "Default Gateway" option for the PPTP client peer, all packets will be transferred via the PPTP VPN tunnel. That means the remote PPTP VPN server gateway controls the flowing of any ...
Page 208
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Above diagram illustrates the Security Gateway 2 or the mobile device playing the PPTP VPN client role. The PPTP tunnel is established by the PPTP client making the tunnel connection request initiation and the Security Gateway 1 in Network‐A of headquarters serves as the PPTP VPN server responding to the request. Once the tunnel has been established, all client hosts behind the Security Gateway 2 or the mobile device can ...
Page 209
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The PPTP Server must have a Static IP or a FQDN, and maintain a Client list (account / password). The Client may be a mobile user or mobile site, and requesting the PPTP tunnel connection with its account / password. PPTP protocol is used for establishing a PPTP VPN tunnel. The PPTP Client’s “Default Gateway/Remote Subnet” setting determines how the Internet traffic from PPTP client site is handled. Parameter Setup Example For Network‐B at Mobile Office Following 3 tables list the parameter configuration for above example diagram of PPTP VPN client in Network‐B. Use default value for those parameters that are not mentioned in these tables. [PPTP]‐[Configuration] Configuration Path ■ Enable PPTP ...
Page 210
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2 is configured to "Default Gateway", the Internet accessing of PPTP Client peer also go through the established PPTP VPN tunnel, and the Security Gateway 1 can control the accessing as same as the HQ resource accessing. PPTP Setting The PPTP setting allows user to create and configure PPTP tunnels. Before you proceed ensure that the VPN is enabled and saved. To enable VPN, go to Advanced Network > VPN > Configuration tab. Enabling PPTP Go to Advanced Network > VPN > PPTP tab Enable PPTP Window Item Value setting Description Unchecked by PPTP Click the Enable box to activate PPTP function. default Specify the role of PPTP. Select Server or Client role your gateway will take. Below Client/Server A Must fill setting are the configuration windows for PPTP Server and for Client. Save N/A Click Save button to save the settings 210 ...
Page 211
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPTP Server The gateway supports up to a maximum of 10 PPTP user accounts. When Server in the Client/Server field is selected, the PPTP server configuration window will appear. PPTP Server Configuration Window Item Value setting Description Unchecked by PPTP Server Check the Enable box to enable PPTP server role of the gateway. default 1. A Must fill setting Specify the PPTP server Virtual IP address. The virtual IP address will serve as the Server Virtual IP 2. Default is virtual DHCP server for the PPTP clients. Clients will be assigned a virtual IP address 192.168.10.1 from it after the PPTP tunnel has been established. IP Pool Starting ...
Page 212
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. PPTP Server Status Window Item Value setting Description It displays the User Name, Remote IP, Remote Virtual IP, Remote Call ID of the PPTP Server Status N/A connected PPTP clients. User Account List Window Item Value setting Description This is the PPTP authentication user account entry. You can create and add accounts for remote clients to establish PPTP VPN connection to the gateway device. Max.of 10 user Click Add button to add user account. Enter User name and password. Then check User Account List accounts the enable box to enable the user. Click Save button to save new user account. The selected user account can permanently be deleted by clicking the Delete button. PPTP Client When select Client in Client/Server, a series PPTP Client Configuration will appear. PPTP Client Setting Window Item...
Page 213
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit PPTP Client The gateway supports up to a maximum of 32 simultaneous PPTP tunnels. When Add/Edit button is applied a series PPTP Client Configuration will appear. PPTP Client Configuration Window Item Value setting Description Tunnel Name A Must fill setting Enter a tunnel name. Enter a name that is easy for you to identify. 1. A Must fill setting Select WAN interface on which PPTP tunneling is to be established. Interface 2. WAN1 is selected by default 1. A Must fill setting There are three available operation modes. Always On, Failover, Load Balance. 2. Alwasy on is Failover/ Always Define whether the PPTP client is a failover tunnel function or an selected by default always on tunnel. Note: If this PPTP is a failover tunneling, you will need to select a primary IPSec tunnel from which to failover to. Operation Mode Load Balance Define whether the PPTP tunnel connection will take part in load balance function of the gateway. You will not need to select which WAN interface as the system will automatically utilize the available WAN interfaces to balance traffic loads. For more details on WAN Load Balance, refer to Load Balance Usage in this manual. On gateway’s web‐based utility, go to Basic Network > WAN > Load Balance tab. 1. A Must fill setting. Enter the public IP address or the FQDN of the PPTP server. 2. Format can be a Remote IP/FQDN ...
Page 214
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Subnet the PPTP server then select Default Gateway, otherwise, specified a subnet and its netmask –the remote subnet, if the default gateway is not used to connect to the PPTP server. The Remote Subnet format must be IP address/netmask (e.g. 10.0.0.2/24). 1. A Must fill setting Specify one ore multiple Authentication Protocol for this PPTP tunnel. Authentication 2. Unchecked by Available authentication methods are PAP/CHAP/MS‐CHAP/MS‐CHAPv2 Protocol default 1. Unchecked by Specify whether PPTP server supports MPPE Protocol. Click the Enable box to default enable MPPE. MPPE Encryption 2. an optional setting Note: when MPPE Encryption is enabled, the Authentication Protocol PAP/CHAP options will not be available. 1. Unchecked by Check the Enable box to enable NAT function for this PPTP tunnel. NAT before default Tunneling 2. an optional setting Auto is set by default Specify the LCP Echo Type for this PPTP tunnel. Auto, User‐defined, Disable. Auto the system sets the Interval and Max. Failure Time. LCP Echo Type User‐defined enter the Interval and Max. Failure Time. Disable disable the LCP Echo. Unchecked by Check the Enable box to enable this PPTP tunnel. Tunnel default ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.5.7 L2TP Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy. This Gateway can behave as a L2TP server and a L2TP client both at the same time. Deploy a security gateway for local office and establish a virtual private network with the remote gateway of another office by using L2TP tunneling. So, all client hosts behind local security gateway can make data communication with others behind remote gateway. Or when you are a mobile user with your notebook or carrying along a security gateway and you want to access the servers and database in company headquarters (HQ). Moreover, the security ...
Page 216
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. beneath the "Configuration" window. Then configure parameters on another gateway to take another role. Above diagram is the server role configuration and following diagram shows the client role configuration. When you want to configure "L2TP Server" role for the security gateway, there are 4 more configuration windows: "L2TP Server Configuration", "L2TP Server Status", "User Account List" and ...
Page 217
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. the L2TP server needs the MPPE encryption and its key length for the authentication process. L2TP Server Status "L2TP Server Status" window shows the dialing in status to the L2TP VPN server, including the used user name, remote IP address, the obtained virtual IP address and call ID of all L2TP clients. User Account List "User Account List" lists your defined user accounts that can be accepted by the L2TP server. User Account Configuration "User Account Configuration" window can let you specify the required parameters for a L2TP client account, such as user name, password and account activation. Add one new user account by ...
Page 218
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Above diagram illustrates the security gateway at headquarters playing the L2TP VPN server role. The L2TP tunnel is established by starting from L2TP client, the Security Gateway 2 in Network‐B or the mobile device, like notebook. All client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of ...
Page 219
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In above diagram, Network‐A is in the headquarters, and the subnet of its Intranet is 10.0.76.0/24. The security gateway for Network‐A has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN interface. It serves as a L2TP server. However, Network‐B is in the mobile office and the subnet of its Intranet is ...
Page 220
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. peer, the packets whose destination is in the dedicated subnet will be transferred via the L2TP VPN tunnel. Others will be transferred based on current routing policy of the security gateway at L2TP client peer. But, if you choose "Default Gateway" option for the L2TP client peer, all packets will be transferred via the L2TP VPN tunnel. That means the remote L2TP VPN server gateway controls the ...
Page 221
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. peer is configured to all packets are delivered via the L2TP tunnel, as shown in the diagram by configuring the L2TP tunnel is the default gateway at L2TP client peer, the Internet accessing packets will be also sent to the Security Gateway 1 in Network‐A and be re‐transferred to the Internet. That means the Internet accessing of L2TP Client peer is also controlled by the Security Gateway 1, the L2TP VPN server. Scenario Description L2TP Tunneling is a Client and Server based tunneling technology. The L2TP Server must have a Static IP or a FQDN, and maintain a Client list (account / password). The Client may be a mobile user or mobile site, and requesting the L2TP ...
Page 222
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 10.0.76.0/24. The security gateway for Network‐A has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN interface. It serves as a L2TP server. However, Network‐B is in the mobile office and the subnet of its Intranet is 10.0.75.0/24. The security gateway for Network‐B has the IP address of 10.0.75.2 for ...
Page 223
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. L2TP Server Configuration Item Value setting Description The box is When click the Enable box L2TP unchecked by It will activate L2TP functions. default Specify the role of L2TP. Selected Server Client/Server A Must filled setting ‐>Set as a L2TP server and jump to server configuration page Selected Client ‐>Set as a L2TP client and jump to client configuration page The box is When click the Enable box L2TP Server unchecked by It will active L2TP server default The box is When click the Enable box. L2TP over IPSec unchecked by It will enable L2TP over IPSec and need to fill in the Pre‐shared Key. default Specify the L2TP server Virtual IP Server Virtual IP A Must filled setting It will set as this L2TP server local virtual IP IP Pool Starting Specify the L2TP server starting IP of virtual IP pool A Must filled setting Address ...
Page 224
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. User Account List Item Value setting Description Specify the User Account which allow client to authenticate. Click Add button to add user account. Click Delete button to delete user account. Click Enable button to enable user account. User Account List N/A Specify Username ‐>Fill in the username. Specify Password ‐>Fill in the password Click save button to save user account. When select Client in Client/Server, a series L2TP Client Configuration will appear. L2TP Client Configuration Item Setting Value setting Description L2TP Client The box is When click the Enable box unchecked by It will activate L2TP Client. default Save N/A Click the Save button to save the configuration. Undo N/A Click the Undo button to recovery the configuration. ...
Page 225
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When Add/Edit button is applied a series of configuration screen will appear. L2TP Client Configuration Item Setting Value setting Description When fill in the name Tunnel Name A Must filled setting It will be used to identify it in the tunnel list Define the selected interface to be the used for this L2TP tunnel Select WAN‐1 for this IPSec tunnel using. Interface A Must filled setting (WAN‐1 is available only when WAN‐1 interface is enabled) The same applies to other WAN interfaces (i.e. WAN‐2). The box is When click the Enable box. L2TP over IPSec unchecked by It will enable L2TP over IPSec and need to fill in the Pre‐shared Key. default Remote LNS Specify the Remote LNS IP/FQDN for this L2TP tunnel. A Must filled setting IP/FQDN Fill in the IP address or FQDN. Specify the Remote LNS Port for this L2TP tunnel. Remote LNS Port A Must filled setting Fill in the value for LNS port. Specify the Username for this L2TP tunnel to authenticate when connect to server. Username A Must filled setting Fill in the string as username. ...
Page 226
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Protocol Click the PAP/CHAP/MS‐CHAP/MS‐CHAP v2 ‐>The protocol will be enable which box is click. When click the Enable box The box is ‐>It will enable MPPE for this L2TP tunnel. MPPE Encryption unchecked by Note_1: If Enable box is be click, Authentication Protocol PAP/CHAP will be not default available. The box is When click the Enable box NAT before unchecked by ‐>It will enable NAT for this L2TP tunnel. Tunneling default Specify the LCP Echo Type for this L2TP tunnel. Select Auto ‐>Auto setting the Interval and Max. Failure Time. LCP Echo Type A Must filled setting Selected User‐defined ‐>Fill in the Interval and Max. Failure Time for LCP. Selected Disable ‐>Disable LCP Echo and it will be not availabe. Service Port A Must filled setting Specify the Service Port for this L2TP tunnel to use. The box is When click Enable Tunnel unchecked by It will enable this L2TP tunnel default Save ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.5.9 GRE Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that encapsulate a wide variety of network layer protocols inside virtual point‐to‐point links over an Internet Protocol internetwork. Deploy a security gateway for local office and establish a virtual private network with the remote gateway of another office by using GRE tunneling. So, all client hosts behind local security gateway can make data communication with others behind remote gateway. The most popular scenario is the ...
Page 228
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The "Configuration" window is to enable the GRE VPN function by checking the Enable box. GRE Tunnel List "GRE Tunnel List" window shows all your defined GRE tunnel profiles and parameters include Tunnel Name, Interface, Operation Mode, IP address of local peer, IP address of remote peer, Key, TTL, if keep alive or not, tunnel as the Default Gateway or specifying the remote subnet to flow through the tunnel, and tunnel activation. GRE Rule Configuration "GRE Rule Configuration" window can let you specify all parameters for a GRE VPN tunnel. Take a GRE tunnel between the gateway in headquarters and the one in branch office as an example fo ...
Page 229
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. GRE Tunneling is similar to IPSec Tunneling, client requesting the tunnel establishment with the server. Both the client and the server must have a Static IP or a FQDN. Any peer gateway can be worked as either a client or a server, even using the same set of configuration rule. GRE Tunneling protocol is used for establishing an GRE VPN tunnel. Parameter Setup Example For Network‐A at HQ Following 2 tables list the parameter configuration for above example diagram of GRE VPN server in Network‐A. Use default value for those parameters that are not mentioned in these tables. Configuration Path [GRE]‐[Configuration] ■ Enable GRE [GRE]‐[GRE Rule Configuration] Configuration Path GRE HQ Tunnel Name Interface WAN 1 Always on Operation Mode 203.95.80.22 Tunnel IP Remote IP 118.18.81.33 1234 Key TTL Remote Subnet 10.0.75.0/24 Default Gateway/Remote Subnet ■ Enable Tunnel ...
Page 230
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Above diagram illustrates the security gateway in headquarters playing the GRE client role. In fact, the GRE tunnel establishment can be started from either site. The GRE tunnel is established by starting from GRE client, the Security Gateway 2 in Network‐B. All client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established GRE tunnel. Usually, these hosts at GRE client peer access the Internet directly via the WAN ...
Page 231
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Internet traffic from GRE client site is handled. Parameter Setup Example For Network‐B at Branch Office Following 2 tables list the parameter configuration for above example diagram of GRE VPN server in Network‐B. Use default value for those parameters that are not mentioned in these tables. [GRE]‐[Configuration] Configuration Path ■ Enable GRE [GRE]‐[GRE Rule Configuration] Configuration Path GRE BO Tunnel Name WAN 1 Interface Operation Mode Always on 118.18.81.33 Tunnel IP 203.95.80.22 Remote IP 1234 Key TTL Default Gateway Default Gateway/Remote Subnet ■ Enable Tunnel Scenario Operation Procedure In above diagram, Network‐A is in the headquarters, and the subnet of its Intranet is ...
Page 232
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. GRE Setting The GRE setting allows user to create and configure GRE tunnels. Before you proceed ensure that the VPN is enabled and saved. To enable VPN, go to Advanced Network > VPN > Configuration tab. . Enabling GRE Go to Advanced Network > VPN > GRE tab Enable GRE Window Item Value setting Description Unchecked by GRE Click the Enable box to enable GRE function. default 1. 32 is set by default Max. Concurrent 2. Max. of 32 It specifies the maximum number of simultaneous GRE tunnel connections. GRE Tunnels connections Save N/A Click Save button to save the settings Undo N/A Click Undo button to cancel the settings 232 ...
Page 233
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit GRE tunnel The router supports up to a maximum of 32 simultaneous GRE tunnel connections. Ensure that the GRE enable box is checked to enable before we can setup GRE. When Add/Edit button is applied a series of configuration screen will appear. GRE Rule Configuration Window Item Value setting Description Tunnel Name A Must fill setting Enter a tunnel name. Enter a name that is easy for you to identify. 1. A Must fill setting Select WAN interface on which GRE tunnel is to be established. Interface 2. WAN 1 is selected by default There are three available operation modes. Always On, Failover, Load Balance. Failover/ Always Define whether the GRE tunnel is a failover tunnel function or an Always on tunnel. Note: If this GRE is a failover tunneling, you will need to select a primary GRE tunnel from which to failover to. 1. A Must fill setting Load Balance Define whether the GRE tunnel connection will take part in load Operation Mode 2. Alway on is balance function of the gateway. You will not need to select with WAN interface as selected by default the system will automatically utilize the available WAN interfaces to balance traffic loads. For more details on WAN Load Balance, refer to Load Balance Usage in this manual. On gateway’s web‐based utility, go to Basic Network > WAN > Load Balance tab. ...
Page 234
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 1. A Must fill setting TTL Specify TTL hop‐count value for this GRE tunnel. 2. 1 to 255 range 1. Unchecked by Check the Enable box to enable Keep alive function. default Keep alive Select Ping IP to keep live and enter the IP address to ping. 2. 30s is set by Enter the ping time interval in seconds. default Specify a gateway for this GRE tunnel to reach GRE server. If the gateway uses its gateway IP address to connect to the internet to connect to Default the GRE server then select Default Gateway, otherwise, specified a subnet and its Gateway/Remote A Must fill setting netmask –the remote subnet, if the default gateway is not used to connect to the Subnet GRE server. The Remote Subnet format must be IP address/netmask (e.g. 10.0.0.2/24). Unchecked by Specify whether the gateway will support DMVPN Spoke for this GRE tunnel. Check DMVPN Spoke default Enable box to enable DMVPN Spoke. 1. Unchecked by default Check Enable box to add pre‐shared key for GRE tunnel connection. GRE Pre‐shared Key 2. Pre‐shared Key 8 Enter a DMVPN spoke authentication Pre‐shared Key. to 32 character Note: Pre‐shared Key will not be available when DMVPN Spoke is not enabled. length Unchecked by Check Enable box to enable NAT‐Traversal. ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.5.d OpenVPN OpenVPN is an application that implements virtual private network (VPN) techniques for creating secure point‐to‐point or site‐to‐site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. OpenVPN allows peers to authenticate each other using a Static key or certificates.When used in a multi‐client‐server configuration, it allows the server to release an authentication certificate for every client, using signature and Certificate authority. It uses the OpenSSL encryption library extensively, as well as the SSLv3/TLSv1 protocol, and contains many security and control features. Deploy a security gateway for local office and establish a virtual private network with the remote gateway of another office by using OpenVPN. So, all client hosts behind local security gateway can make data communication with others behind remote gateway. In the case when you are a mobile user with your notebook or carrying along a security gateway to access the servers and database in company headquarters (HQ). And that the security gateway in HQ supports the OpenVPN server function. You can dial in the HQ gateway and access the HQ ...
Page 236
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 236 ...
Page 237
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. In "OpenVPN" page, there is the "Configuration" window to enable the OpenVPN function. The security gateway can either take "OpenVPN Server" role or "OpenVPN Client" role or they both. Define and choose either one role for your router in the "Configuration" window and configure all required parameters beneath the "Configuration" window. Then configure parameters on another gateway to take another role. Above diagram is the server role configuration and following diagram shows the client role configuration. To configure "OpenVPN Server or Client" role for the security gateway as follows: Configuration The "Configuration" window is to enable the OpenVPN by checking the Enable box. In the ...
Page 238
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. OpenVPN VPN Server Scenario When you want the security gateway to play an OpenVPN server role, check the "Enable" box and choose "Server" option in the "OpenVPN Configuration" window. And make its related configuration in following sections. Also refer to the above server role diagram. OpenVPN Server Configuration In the "OpenVPN Server Configuration" window you will enable the OpenVPN server function, specify the virtual IP address of OpenVPN server, define the pool of virtual IP addresses that will assign to remote OpenVPN clients dialing in the security gateway, and the authentication protocol. Once you select "MS‐CHAP" or "MS‐CHAP v2" for the authentication protocol, you also can specify if the OpenVPN server needs the MPPE encryption and its key length or not for the authentication process. OpenVPN Server Advanced Configuration There are advanced settings available. Check the "Enable" box of Advanced Configuration. ...
Page 239
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. server role. The OpenVPN tunnel is established by starting from OpenVPN client, the Security Gateway 2 in Network‐B or the mobile device, like notebook. All client hosts behind the Security Gateway 2 or the mobile device can access the resources in the ...
Page 240
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 10.0.76.253 Gateway 255.255.255.0/24 Netmask Blowfish Encryption Cipher SHA‐1 Hash Algorithm Scenario Operation Procedure In above diagram, Network‐A is in the headquarters, and the subnet of its Intranet is 10.0.76.0/24. The security gateway for Network‐A has the IP address of 10.0.76.2 for ...
Page 241
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Configuration for An OpenVPN Client "Configuration for An OpenVPN Client" window let you specify the required parameters for an OpenVPN VPN client, such as "OpenVPN Client Name", "Interface", "Protocol", "Port", "Remote IP/FQDN", "Remote Subnet", "Authorization Mode", "Encryption Cipher", "Hash Algorithm," and tunnel activation. 241 ...
Page 242
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Above diagram illustrates the Security Gateway 2 or the mobile device playing the OpenVPN VPN client role. The OpenVPN tunnel is established by the OpenVPN client making the tunnel connection request initiation and the Security Gateway 1 in Network‐ A of headquarters serves as the OpenVPN server responding to the request. Once the tunnel has been established, all client hosts behind the Security Gateway 2 or the ...
Page 243
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Blowfish Encryption Cipher SHA‐1 Hash Algorithm Scenario Operation Procedure In above diagram, Network‐A is in the headquarters, and the subnet of its Intranet is 10.0.76.0/24. The security gateway for Network‐A has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN interface. It serves as an OpenVPN server. However, Network‐B is in the mobile office and the subnet of its Intranet is ...
Page 244
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When Server Configuration is selected Item Value setting Description The box is unchecked by OpenVPN Server Click the Enable to activate OpenVPN Server functions. default Define the selected Protocol for the OpenVPN Server which to be. Select TCP /UDP for OpenVPN Server which to be. A Must filled setting Select TCP for OpenVPN Server which to be. Protocol By default TCP is ‐>The OpenVPN will use TCP protocol, and Port will be set 443 automatically. selected. Select UDP for OpenVPN Server which to be. ‐> The OpenVPN will use UDP protocol, and Port will be set 1194 automatically. A Must filled setting Port Specify the Port for the OpenVPN Server to use. By default 443 is set. Specify the Tunnel Device for the OpenVPN Server to use. A Must filled setting Select TUN for OpenVPN Server which to be. Tunnel Device By default TUN is ‐>The OpenVPN will use TUN tunnel device. selected. Select TAP for OpenVPN Server which to be. ‐> The OpenVPN will use TAP tunnel device. Specify Static Key/TLS for the OpenVPN Server. Select Static Key for OpenVPN Server which to be. A Must filled setting ‐>The OpenVPN will use static key authorization mode. The items Local Endpoint IP ...
Page 245
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Advanced Network > Certificate > Trusted Certificates. Server Cert. could be generated in Certificate. Refer to Advanced Network > Certificate > My Certificates. DH PEM should let user enter the content. Specify the Local Endpoint IP Address. Local Endpoint A Must filled setting Note_1: Local Endpoint IP Address will be available only when Static Key is be IP Address chose in Authorization Mode. Remote Specify the Remote Endpoint IP Address. Endpoint IP A Must filled setting Note_1: Remote Endpoint IP Address will be available only when Static Key is be Address chose in Authorization Mode. Specify the Static Key. Static Key A Must filled setting Note_1: Static Key will be available only when Static Key is be chose in Authorization Mode. Specify the Server Virtual IP. Server Virtual IP A Must filled setting Note_1: Server Virtual IP will be available only when TLS is be chose in Authorization Mode. A Must filled setting Specify the DHCP‐Proxy Mode. DHCP‐Proxy The box is checked by Note_1: DHCP‐Proxy Mode will be available only when TAP is be chose in Tunnel Mode default. Device. Specify the OpenVPN server virtual IP pool. Starting Address: It will set as the starting IP which assign to OpenVPN client. IP Pool A Must filled setting ...
Page 246
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When select Advanced Configuration in OpenVPN Server Configuration will appear. Item Value setting Description By default TLS‐RSA‐ Specify the OpenVPN server TLS Cipher. TLS Cipher WITH‐AES128‐SHA is Note_1: TLS Cipher will be available only when TLS is be chose in Authorization selected. Mode. LZO By default Adaptive is Specify the OpenVPN server LZO Compression. Compression selected. Specify the OpenVPN server TLS Auth. Key. TLS Auth. Key String format: any text Note_1: TLS Auth. Key will be available only when TLS is be chose in Authorization Mode. Redirect Default The box is checked by Specify the OpenVPN server Redirect Default Gateway. Gateway default The box is checked by Client to Client Specify the OpenVPN server Client to Client. default The box is checked by Duplicate CN Specify the OpenVPN server Duplicate CN. default A Must filled setting ...
Page 247
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. CCD‐Dir Default String format: any text Specify the OpenVPN server CCD‐Dir Default File. File Client Connection String format: any text Specify the OpenVPN server Client Connection Script. Script Additional String format: any text Specify the OpenVPN server Additional Configuration. Configuration When select Client in Client/Server, a series OpenVPN Client Configuration will appear. When Add/Edit button is applied a series OpenVPN Client Configuration will appear. Item Value setting Description OpenVPN Client A Must filled setting When fill in the name, it will be used to identify it in the tunnel list. Name Define the selected interface to be the used for this OpenVPN Client tunnel. Interface A Must filled setting Select WAN‐1 for this OpenVPN Client tunnel by default. Define the selected Protocol for the OpenVPN Client which to be. Select TCP /UDP for OpenVPN Client which to be. A Must filled setting Select TCP for OpenVPN Client which to be. Protocol By default TCP is ...
Page 248
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Select TAP for OpenVPN Client which to be. ‐> The OpenVPN will use TAP tunnel device. Specify the Remote IP/FQDN for this OpenVPN Client tunnel. Remote IP/FQDN A Must filled setting Fill in the IP address or FQDN. Specify Remote Subnet for this OpenVPN Client tunnel. Remote Subnet A Must filled setting Filled the remote subnet address and selected remote subnet mask. Specify Static Key/TLS for the OpenVPN Server. Select Static Key for OpenVPN Server which to be. ‐>The OpenVPN will use static key authorization mode. The items Local Endpoint IP A Must filled setting Address, Remote Endpoint IP Address and Static Key will be display. Authorization Mode By default TLS is Select TLS for OpenVPN Server which to be. selected. ‐>The OpenVPN will use TLS authorization mode. The items CA Cert., and Client Cert. will be display. CA Cert. could be generated in Certificate. Refer to Advanced Network > Certificate > Trusted Certificates. Client Cert. could be generated in Certificate. Refer to Advanced Network > Certificate > My Certificates. Specify the Local Endpoint IP Address. Local Endpoint IP A Must filled setting Note_1: Local Endpoint IP Address will be available only when Static Key is be Address chose in Authorization Mode. Specify the Remote Endpoint IP Address. Remote Endpoint IP A Must filled setting Note_1: Remote Endpoint IP Address will be available only when Static Key is be Address chose in Authorization Mode. Specify the Static Key. Static Key A Must filled setting ...
Page 249
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. When select Advanced Configuration in OpenVPN Server Configuration will appear. OpenVPN Client Advanced Configuration Item Value setting Description By default TLS‐RSA‐ Specify the OpenVPN client TLS Cipher. TLS Cipher WITH‐AES128‐SHA is Note_1: TLS Cipher will be available only when TLS is be chose in Authorization selected. Mode. LZO By default Adaptive is Specify the OpenVPN client LZO Compression. Compression selected. Specify the OpenVPN client TLS Auth. Key. TLS Auth. Key String format: any text Note_1: TLS Auth. Key will be available only when TLS is be chose in Authorization (Optional) Mode. User Name Specify the OpenVPN client User Name. String format: any text (Optional) Password Specify the OpenVPN client Password. String format: any text (Optional) The box is unchecked by NAT ...
Page 250
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Specify the Client IP Address. Selected the Dynamic IP/Static IP Select Static IP for OpenVPN client which to be. By default Dynamic IP is Client IP Address ‐> Specify IP Address selected ‐>Fill in the IP Address. Specify Subnet Mask ‐>Fill in the Subnet Mask A Must filled setting Tunnel MTU The value is 1500 by Specify the OpenVPN client Tunnel MTU. default Specify the OpenVPN client Tunnel UDP Fragment. Tunnel UDP The value is 1500 by Note_1: Tunnel UDP Fragment will be available only when UDP is be chose in Fragment default Protocol. Specify the OpenVPN client Tunnel UDP MSS‐Fix. Tunnel UDP The box is unchecked by Note_1: Tunnel UDP MSS‐Fix will be available only when UDP is be chose in MSS‐Fix default. Protocol. nsCertType The box is unchecked by Specify the OpenVPN client nsCertType Verification. Verification default. Redirect The box is checked by Specify the OpenVPN client Redirect Internet Traffic. ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.7 Redundancy In engineering, redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system, usually in the form of a backup or fail‐safe. In an IP networking, the access gateway is the critical part of the networking system. Redundant gateway plays the backup one of the master gateway and it will take over the data transmitting job once it finds the master gateway failed. AMIT security gateway can serve as the redundant gateway of core router in the enterprise by using the Virtual Router Redundancy Protocol (VRRP). 5.7.1 VRRP The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol providing device redundancy. It allows a backup router or switch to automatically take over if the primary ...
Page 252
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. function can join one group of redundant gateways to serve as the backup one for the master gateway. Fill same values of virtual server ID and IP for these gateways, and each gateway owns its own priority as the sequence in the backup list. They construct a VRRP redundant gateway group. Following diagram illustrates the group example with two member gateways. Scenario Application Timing When the enterprise gateway needs a reliable connection to the Internet, administrator can setup a group of VRRP redundant gateways as the enterprise entry gateway. Each member gateway connects to different ISP for a redundant connection to the Internet. So, the enterprise gateway is reliable even the master connection is failed. Scenario Description When the master gateway is disabled of its Internet connection, the backup gateway whose priority is the highest among the ones with alive Internet connection will take ...
Page 253
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Parameter Setup Example Following tables list the parameter configuration as a group example for the gateways in above diagram with "VRRP" enabling. Use default value for those parameters that are not mentioned in the tables. Master Gateway [Ethernet LAN]‐[Configuration] ([Basic Network]‐[LAN&VLAN]) Configuration Path 10.0.75.1 LAN IP Address 255.255.255.0 (/24) Subnet Mask [VRRP]‐[Configuration] Configuration Path ■ Enable VRRP Virtual Server ID Priority of Virtual Server Virtual Server IP Address 10.0.75.200 Backup Gateway [Ethernet LAN]‐[Configuration] ([Basic Network]‐[LAN&VLAN]) Configuration Path 10.0.75.2 LAN IP Address 255.255.255.0 (/24) Subnet Mask [VRRP]‐[Configuration] Configuration Path ■ Enable VRRP Virtual Server ID Priority of Virtual Server Virtual Server IP Address 10.0.75.200 ...
Page 254
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. VRRP Setting T he Virtual Router Redundancy Protocol (VRRP) setting allows user to assign available Internet Protocol (IP) routers to participating hosts automatically. Go to Advanced Network > Redundancy > VRRP Tab VRRP Item Value setting Description Enable VRRP The box is unchecked by Check the Enable box to activate this VRRP function function default 1. Numberic String Virtual Server ID Format Define the Virtual Server ID on VRRP of the router. The value range is from 1 to 255. 2. A Must filled setting 1. Numberic String Priority of Define the Priority of Virtual Server on VRRP of the router. The value range is from ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.9 System Management System management refers to enterprise‐wide administration of distributed systems including (and commonly in practice) computer systems. Centralized management has a time and effort trade‐off that is related to the size of the company, the expertise of the IT staff, and the amount of technology being used. This device supports many system management protocols, such as TR‐069, SNMP, Telnet with CLI and UPnP. You can setup those configurations in the "System Management" section. 5.9.1 TR‐069 TR‐069 (Technical Report 069) is a Broadband Forum technical specification entitled CPE WAN ...
Page 256
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. time interval for job inquiry. Except the inquiry time, there are no activities between the ACS server and the gateways until the next inquiry cycle. But if the ACS server has new jobs that are expected to do by the gateways urgently, it will ask these gateways by using connection request related information for immediate connection for inquiring jobs and executing. Scenario Application Timing When the enterprise data center wants to use an ACS server to manage remote gateways geographically distributed elsewhere in the world, the gateways in all branch offices must have an embedded TR‐069 agent to communicate with the ACS server. So ...
Page 257
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [TR‐069]‐[Configuration] Configuration Path ■ Enable TR‐069 ACS URL http://qaamit.acslite.com/cpe.php ACSUserName ACS User Name ACSPassword ACS Password 8099 ConnectionRequest Port ConnReqUserName ConnectionRequest User Name ConnReqPassword ConnectionRequest Password ■ Enable Interval 900 Inform Scenario Operation Procedure In above diagram, the ACS server can manage multiple gateways in the Internet. The "Gateway 1" is one of them and has 118.18.81.33 IP address for its WAN‐1 interface. When all remote gateways have booted up, they will try to connect to the ACS server. ...
Page 258
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. TR‐069 Item Value setting Description The box is unchecked TR‐069 Enable Check the Enable box for activate TR‐069 by default When you finish set basic network wan 1~wan n, you can choose wan 1~wan n Auto is selected by Interface When you finish set advance network > vpn > Ipsec/pptp/l2tp/GRE, you can default. choose Ipsec/pptp/l2tp/GRE tunnel, the interface just like ACS URL A Must filled setting You can ask ACS manager provide ACS URL and manually set You can ask ACS manager provide ACS username and manu ACS Username A Must filled setting ally set ACS Password A Must filled setting You can ask ACS manager provide ACS password and manually set ConnectionRequest A Must filled setting You can ask ACS manager provide ACS ConnectionRequest Port and manually set Port ConnectionRequest You can ask ACS manager provide ACS ConnectionRequest Username and A Must filled setting Username manually set ConnectionRequest You can ask ACS manager provide ACS ConnectionRequest Password and A Must filled setting ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.9.3 SNMP In brief, SNMP, the Simple Network Management Protocol, is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events. In typical SNMP uses, one or more administrative computers, called managers, have the task of ...
Page 260
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. SNMP Configuration Check the "Enable" box to activate the SNMP function for the gateway. Drive the function to work by specifying the access interfaces of SNMP protocol, the supported protocol versions, the read/write communities, the trap event receivers and the allowed IP address from outside to access the gateway by using SNMP protocol. User Privacy Definition However, if SNMPv3 is not listed in the supporting of the "Configuration" window, the "User ...
Page 261
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. is used, the authority of user can be defined to be Read‐only or Read/Write both. SNMP Management Scenario Scenario Application Timing There are two application scenarios of SNMP Network Management Systems (NMS). Local NMS is in the Intranet and manage all devices that support SNMP protocol in the Intranet. Another one is the Remote NMS to manage some devices whose WAN interfaces are connected together by using a switch or a router with UDP forwarding. If you want to manage some devices and they all have supported SNMP protocol, use ...
Page 262
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Use SNMPv3 version of protocol can protected the transmitting of SNMP commands and responses. The remote NMS with privilege IP address can manage the devices, but other remote NMS can't. Parameter Setup Example Following tables list the parameter configuration as an example for the Gateway 1 in above diagram with "SNMP" enabling at LAN and WAN interfaces. Use default value for those parameters that are not mentioned in the tables. [SNMP]‐[Configuration] Configuration Path ■ LAN ■ WAN SNMP Enable ...
Page 263
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. NMS and the managed devices, use SNMPv3 version of protocol. The remote NMS without privilege IP address can't manage the "Gateway 1", since "Gateway 1" allows only the NMS with privilege IP address can manage it via its WAN interface. SNMP Setting The SNMP allows user to configure SNMP relevant setting which includes interface, version, access control and trap receiver Ensure Configuration are enabled and saved Go to Advanced Network > System Management > SNMP ...
Page 264
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. port number You can fill in any port number. But you must ensure the port number is not to be 2. The default SNMP used. port is 161 3. A Must filled setting Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings Create/Edit Multiple Community The SNMP allows you to custom your access control for version 1 and version 2 user. The router supports up to a maximum of 10 community sets. When Add button is applied Multiple Community Rule Configuration screen will appear. Multiple Community Rule Configuration Item Value setting Description 1. Read Only is selected by default Specify this version 1 or version v2c user’s community that will be allowed Read 2. A Must filled Only (GET and GETNEXT) or Read‐Write (GET, GETNEXT and SET) access Community setting respectively. 3. String format: any ...
Page 265
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit User Privacy The SNMP allows you to custom your access control for version 3 user. The router supports up to a maximum of 128 User Privacy sets. When Add button is applied User Privacy Rule Configuration screen will appear. User Privacy Rule Configuration Item Value setting Description User Name 1. A Must filled Specify the User Name for this version 3 user. setting The maximum length of the user name is 32. 2. String format: any text Password 1. String format: any When your Privacy Mode is authNoPriv or authPriv, you must specify the text Password for this version 3 user. The minimum length of the password is 8. The maximum length of the password is 64. Authentication 1. None is selected When your Privacy Mode is authNoPriv or authPriv, you must specify the by default Authentication types for this version 3 user. Selected the authentication types MD5/ SHA‐1 to use. Encryption 1. None is selected When your Privacy Mode is authPriv, you must specify the Encryption protocols ...
Page 266
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. You must specify the Authentication and Password. Selected the authPriv. You must specify the Authentication, Password, Encryption and Privacy Key. Privacy Key 1. String format: any When your Privacy Mode is authPriv, you must specify the Privacy Key for this text version 3 user. The minimum length of the privacy key is 8. The maximum length of the privacy key is 64. Authority 1. Read is selected Specify this version 3 user’s Authority that will be allowed Read Only (GET and by default GETNEXT) or Read‐Write (GET, GETNEXT and SET) access respectively. OID Filter Prefix 1. The default value The OID Filter Prefix restricts access for this version 3 user to the subtree rooted at is 1 the given OID. 2. A Must filled The range of the each OID number is 1‐2080768. setting 3. String format: any legal OID Enable 1.The box is checked Click Enable to enable this version 3 user. by default Save N/A Click the Save button to save the configuration. But it does not apply to SNMP functions. When you return to the SNMP main page. It will show “Click on save button to apply your changes” remind user to click main page Save button. Undo N/A Click Undo to cancel the settings Back ...
Page 267
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. which is the same v1. When you selected v3. The configuration screen will provide the version 3 must filled items Trap Event Receiver Rule Configuration Item Value setting Description 1. A Must filled setting Specify the trap Server IP. Server IP 2. String format: any The DUT will send trap to the server IP. Ipv4 address 1. String format: any port number Specify the trap Server Port. 2. The default SNMP Server Port You can fill in any port number. But you must ensure the port number is not to be trap port is 162 used. 3. A Must filled setting 1. v1 is selected by Select the version for the trap SNMP Version default Selected the v1. 267 ...
Page 268
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. The configuration screen will provide the version 1 must filled items. Selected the v2c. The configuration screen will provide the version 2c must filled items. Selected the v3. The configuration screen will provide the version 3 must filled items. 1. A v1 and v2c Must filled setting Specify the Community Name for this version 1 or version v2c trap. Community Name 2. String format: any The maximum length of the community name is 32. text 1. A v3 Must filled setting Specify the User Name for this version 3 trap. User Name 2. String format: any The maximum length of the user name is 32. text 1. A v3 Must filled When your Privacy Mode is authNoPriv or authPriv, you must specify the setting Password for this version 3 trap. Password 2. String format: any The minimum length of the password is 8. text The maximum length of the password is 64. Specify the Privacy Mode for this version 3 trap. Selected the noAuthNoPriv. 1. A v3 Must filled You do not use any authentication types and encryption protocols. setting Privacy Mode Selected the authNoPriv. 2. noAuthNoPriv is You must specify the Authentication and Password. selected by default ...
Page 269
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. If you use some particular private mib, you must fill the enterprise name, number and OID. Options Item Value setting Description 1. The default value is AMIT Specify the Enterprise Name for the particular private mib. Enterprise Name 2. A Must filled setting The maximum length of the enterprise name is 10. 3. String format: any text The default value is 12823 (AMIT Enterprise Specify the Enterprise Number for the particular private mib. Enterprise Number Number) The range of the enterprise number is 1‐2080768. 2. A Must filled setting 3. String format: any number 1. The default value is 1.3.6.1.4.1.12823.4.4.9 Specify the Enterprise OID for the particular private mib. (AMIT Enterprise OID) The range of the each OID number is 1‐2080768. Enterprise OID 2. A Must filled setting The maximum length of the enterprise OID is 31. 3. String format: any The seventh number must be identical with the enterprise number. legal OID Click the Save button to save the configuration and apply your changes to SNMP ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.9.5 Telnet with CLI A command‐line interface (CLI), also known as command‐line user interface, and console user interface are means of interacting with a computer program where the user (or client) issues commands to the program in the form of successive lines of text (command lines). The interface is usually implemented with a command line shell, which is a program that accepts commands as text input and converts commands to appropriate operating system functions. Programs with ...
Page 271
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Telnet & SSH Scenario Scenario Application Timing When the administrator of the gateway wants to manage it from remote site in the Intranet or Internet, he may use "Telnet with CLI" function to do that by using "Telnet" or "SSH" utility. Scenario Description The Local Admin or the Remote Admin can manage the Gateway by using "Telnet" or "SSH" utility with privileged user name and password. The data packets between the Local Admin and the Gateway or between the Remote Admin and the Gateway can be plain texts or encrypted texts. Suggest they are plain texts in the ...
Page 272
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Configuration Path [Telnet with CLI]-[Configuration] Telnet with CLI LAN: ■ Enable WAN: ■ Enable Connection Type Telnet: Service Port 23 ■ Enable SSH: Service Port 22 ■ Enable Scenario Operation Procedure In above diagram, "Local Admin" or "Remote Admin" can manage the "Gateway" in the ...
Page 273
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Configuration Item Value setting Description Telnet with CLI 1. The LAN Enable box Check the Enable box to activate the Telnet with CLI function for connecting from WAN/LAN interfaces. is checked by default. 2. The WAN Enable box is unchecked by default. Check the Telnet Enable box to activate telnet service. Check the SSH Enable box to Connection Type 1. The Telnet Enable activate SSH service. You can set which number of Service Port you want to provide box is checked by for the corresponding service. default. By default Service Port is 23. 2. The SSH Enable box is unchecked by default. By default Service Port is 22. Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings Configuration ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.9.7 UPnP UPnP Internet Gateway Device (IGD) Standardized Device Control Protocol is a NAT port mapping protocol and is supported by some NAT routers. It is a common communication protocol of automatically configuring port forwarding. Applications using peer‐to‐peer networks, multiplayer gaming, and remote assistance programs need a way to communicate through home and business gateways. Without IGD one has to manually configure the gateway to allow traffic through, a process which is error prone and time consuming. This device supports the UPnP Internet ...
Page 275
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When one client host in the Intranet wants to run peer‐to‐peer applications, like multiplayer gaming, the NAT gateway needs the UPnP function to automatically setup or remove port mapping rules in the gateway. Scenario Description Usually, the active port service attempt to access the gateway from the Internet will be ignored by the gateway for security. Normal NAT mechanism has the connection tracking feature to direct the response packets from the Internet back to the source end of request packets in the Intranet. Once one application in the Intranet host needs an additional service port to be ...
Page 276
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. presence and establish functional network services. Go to Advanced Network > System Management > UPnP UPnP Configuration Item Name Value Setting Description UPnP Default checked Check to enable UPnP functionality Click the Save button to save changes Save N/A Click the Undo button to revert changes Undo N/A 276 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.b Certificate In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. The certificate includes information about the key, information about its owner's identity, and the digital signature of an entity that has verified the certificate's contents are genuine. If the signature is valid, and the person examining the certificate trusts the signer, then they know they can use that key to ...
Page 278
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Root CA Certificate Configuration Item Value setting Description 1. String format can be Name any text Enter a Root CA Certificate name. It will be a certificate file name 2. A Must filled setting This field is to specify the key attribute of certificate. Key Type to set public‐key cryptosystems. It only supports RSA now. Key A Must filled setting Key Length to set s the size measured in bits of the key used in a cryptographic algorithm. Digest Algorithm to set identifier in the signature algorithm identifier of certificates This field is to specify the information of certificate. Country(C) is the two‐letter ISO code for the country where your organization is located. State(ST) is the state where your organization is located. Subject Name A Must filled setting Location(L) is the location where your organization is located. Organization(O) is the name of your organization. Organization Unit(OU) is the name of your organization unit. Common Name(CN) is the name of your organization. Email is the email of your organization. It has to be email address style. Validity Period A Must filled setting This field is to specify the validity period of certificate. SCEP Configuration Go to Advanced Network > Certificate > Configuration SCEP Configuration ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.b.3 My Certificates My Certificates include Root CA and Local Certificate List. Root CA is the top‐most certificate of the tree, the private key of which is used to "sign" other certificates. Local Certificate List shows all generated certificates by the root CA for the gateway. And it also stores the generated Certificate Signing Requests (CSR) which will be signed by other external CAs. The signed certificates can be imported as the local ones of the gateway. In "My Certificates" page, there are four configuration windows for the "My Certificates" function. The "Root CA" window can let you generate or delete the certificate of root CA. "Root CA Configuration" window can let you fill required information necessary for generating the root CA. ...
Page 280
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Local Certificate List Click on the "Generate" button and fill the required information for one certificate of the gateway. There may be multiple certificates to be used for different applications to represent the gateway. You also can import certificates signed by other root CAs for the gateway. You may remove unused ones by checking the Select box of those certificates and clicking on the "Delete" button. Local Certificate Configuration The required information to be filled for the certificate or CSR includes the name, key and subject name. It is a certificate if the "Self‐signed" box is checked, otherwise, it is a CSR. Self‐signed Certificate Usage Scenario Scenario Application Timing When the enterprise gateway owns the root CA and VPN tunneling function, it can ...
Page 281
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Gateway 2 creates a CSR (BranchCSR) to let the root CA of the Gateway 1 sign it to be the BranchCRT certificate. Import the certificate into the Gateway 2 as a local certificate. In addition, also import the certificates of the root CA of the Gateway 1 into the Gateway 2 as the trusted ones. (Please also refer to following two sub‐sections) Establish an IPSec VPN tunnel with IKE and X.509 protocols by starting from either peer, so that all client hosts in these both subnets can communicate with each other. Parameter Setup Example For Network‐A at HQ Following tables list the parameter configuration as an example for the "My Certificates" function used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The configuration example must be combined with the ...
Page 282
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.76.0 Local Subnet 255.255.255.0 Local Netmask Disable Full Tunnel 10.0.75.0 Remote Subnet 255.255.255.0 Remote Netmask 118.18.81.33 Remote Gateway Configuration Path [IPSec]‐[Authentication] IKE+X.509 Local Certificate: HQCRT Remote Certificate: BranchCRT Key Management User Name Network‐A Local ID User Name Network‐B Remote ID [IPSec]‐[IKE Phase] Configuration Path Negotiation Mode Main Mode None X‐Auth For Network‐B at Branch Office Following tables list the parameter configuration as an example for the "My ...
Page 283
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.75.0 Local Subnet 255.255.255.0 Local Netmask Disable Full Tunnel 10.0.76.0 Remote Subnet 255.255.255.0 Remote Netmask 203.95.80.22 Remote Gateway Configuration Path [IPSec]‐[Authentication] IKE+X.509 Local Certificate: BranchCRT Remote Certificate: HQCRT Key Management User Name Network‐B Local ID User Name Network‐A Remote ID [IPSec]‐[IKE Phase] Configuration Path Main Mode Negotiation Mode None X‐Auth Scenario Operation Procedure In above diagram, "Gateway 1" is the gateway of Network‐A in headquarters and the ...
Page 284
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Go to Advanced Network > Certificate > My Certificates When Add button is applied, Local Certificate Configuration screen will appear. Local Certificate Configuration Item Value setting Description 1. String format can be Enter a certificate name. It will be a certificate file name Name any text If Self‐signed is checked, it will be signed by root CA. If Self‐signed is not 2. A Must filled setting checked, it will generate a certificate signing request (CSR). This field is to specify the key attribute of certificate. Key Type to set public‐key cryptosystems. It only supports RSA now. Key Length to set s the size measured in bits of the key used in a Key A Must filled setting cryptographic algorithm. Digest Algorithm to set identifier in the signature algorithm identifier of certificates This field is to specify the information of certificate. Country(C) is the two‐letter ISO code for the country where your organization is located. State(ST) is the state where your organization is located. Location(L) is the location where your organization is located. Subject Name A Must filled setting Organization(O) is the name of your organization. Organization Unit(OU) is the name of your organization unit. Common Name(CN) is the name of your organization. Email is the email of your organization. It has to be email address setting ...
Page 285
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Select SCEP Server to choice which scep server want to connect. It could be generated in External Server. Refer to System > External Servers > External Servers. You may click Add Object button to generate. Select CA Certificate to choice which certificate could be accepted by SCEP server for authentication. It could be generated in Trusted Certificates. Select CA Encryption Certificate to choice which certificate could be accepted by SCEP server for encryption data information. It could be generated in Trusted Certificates. CA Identifier is for SCEP server identifier which CA is used for signing certificates. When Import button is applied, Import screen will appear. Import Item Value setting Description Import A Must filled setting It could select a certificate file from user’s computer for importing to DUT. 1. String format can be PEM Encoded any text It could input the certificate pem encoded to DUT. 2. A Must filled setting Apply N/A Click the Apply button to import certificate. When the Cancel button is clicked the screen will return to the My Certificates Cancel N/A page. 285 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.b.5 Trusted Certificates Trusted Certificates include Trusted CA Certificate List and Trusted Client Certificate List. The Trusted CA Certificate List places the certificates of external trusted CAs. However, the Trusted Client Certificate List places the others' certificates what you trust. In "Trusted Certificates" page, there are six configuration windows for the "Trusted Certificates" ...
Page 287
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. uploading to the gateway. Click on the "Apply" button to store it in the gateway to serve as one trusted CA certificate. Then it will be shown in the "Trusted CA Certificate List". Trusted CA Certificate Import from a PEM Copy the contents of one CA certificate in PEM format to this window and use "Apply" button to store it in the gateway to serve as one trusted CA certificate. It will appear in the "Trusted CA Certificate List". Trusted Client Certificate List Just click on the "Import" button and select one client certificate file of the management PC to ...
Page 288
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing (same as the one described in "My Certificates" section) When the enterprise gateway owns the root CA and VPN tunneling function, it can generate its own local certificates by being signed by itself. Also imports the trusted certificates for other CAs and Clients. These certificates can be used for two remote ...
Page 289
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Trusted Certificates]‐[Trusted Client Certificate Import from a File] Configuration Path BranchCRT.crt File For Network‐B at Branch Office Following tables list the parameter configuration as an example for the "Trusted Certificates" function used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The configuration example must be combined with the ones in "My Certificates" and "Issue Certificates" sections to complete the setup for the whole user scenario. [Trusted Certificates]‐[Trusted CA Certificate List] Configuration Path Import ...
Page 290
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Go to Advanced Network > Certificate > Trusted Certificates When Import button is applied, Trusted CA import screen will appear. Trusted Certificates Item Value setting Description Import A Must filled setting It could select a CA certificate file from user’s computer for importing to DUT. 1. String format can be PEM Encoded any text It could input the CA certificate pem encoded to DUT. 2. A Must filled setting Apply N/A Click the Apply button to import certificate. When the Cancel button is clicked the screen will return to the Trusted Certificates Cancel N/A page. ...
Page 291
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Save N/A Click Save to save the settings When the Cancel button is clicked the screen will return to the Trusted Certificates Cancel N/A page. Trusted Client Certificate List Go to Advanced Network > Certificate > Trusted Certificates When Import button is applied, Trusted Client import screen will appear. Trusted Client Certificate List Item Value setting Description Import A Must filled setting It could select a certificate file from user’s computer for importing to DUT. 1. String format can be PEM Encoded any text It could input the certificate pem encoded to DUT. 2. A Must filled setting Apply N/A Click the Apply button to import certificate. When the Cancel button is clicked the screen will return to the Trusted Certificates Cancel N/A page. ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.b.7 Issue Certificates When you have a Certificate Signing Request (CSR) that needs to be certificated by the root CA of the device, you can issue the request here and let Root CA sign it. There are two approaches to issue a certificate. One is from a CSR file importing from the managing PC and another is copy‐ paste the CSR codes in gateway’s web‐based utility, and then click on the "Sign" button. In "Issue Certificates" page, there are three configuration windows for the "Issue Certificates" function. The "Certificate Signing Request (CSR) Import from a File" window let you browse the ...
Page 293
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. generate corresponding certificate based on the imported CSR. The "Signed Certificate View" window will display the resulted certificate contents, and you can download the certification to a file in the managing PC by clicking on the "Download" button. The default name of the saved certification file is "issued.crt". You need to change to a preferred file name. Certificate Signing Request (CSR) Import from a PEM Copy the contents of one CSR in PEM format to this window, and use "Sign" button to generate corresponding certificate based on the pasted CSR contents. The "Signed Certificate View" ...
Page 294
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Self‐signed Certificate Usage Scenario Scenario Application Timing (same as the one described in "My Certificates" section) When the enterprise gateway owns the root CA and VPN tunneling function, it can generate its own local certificates by being signed by itself. Also imports the trusted certificates for other CAs and Clients. These certificates can be used for two remote ...
Page 295
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Issue Certificates]‐[Certificate Signing Request Import from a File] Configuration Path C:/BranchCSR Browse Sign Command Button [Issue Certificates]‐[Signed Certificate View] Configuration Path Download (default name is "issued.crt") Command Button Scenario Operation Procedure (same as the one described in "My Certificates" section) In above diagram, the "Gateway 1" is the gateway of Network‐A in headquarters and the subnet of its Intranet is 10.0.76.0/24. It has the IP address of 10.0.76.2 for LAN ...
Page 296
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Issued Certificate Go to Advanced Network > Certificate > Issued Certificates Certificate Signing Request (CSR) Import from a File Item Value setting Description Certificate Signing It could select a certificate signing request file from user’s Request (CSR) Import A Must filled setting computer for importing to DUT. from a File Certificate Signing 1. String format can be any text It could input the certificate signing request pem encoded Request (CSR) Import 2. A Must filled setting to DUT. from a PEM When root CA is exist, click the Sign button to be signed by Sign N/A root CA 296 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.d Communication Bus The IOG product series provides the DB‐9 male port for various serial communication use through connecting the RS‐232 or RS‐485 serial device to an IP‐based Ethernet LAN. These communication protocols make user access serial devices anywhere over a local LAN or the Internet easily. They include "Virtual COM" and "Modbus". 5.d.1 Port Configuration Before using the function of Virtual COM or Modbus, you need to configure the DB‐9 male port first. In "Port Configuration" page, there is only one configuration window for the serial port settings. The "Configuration" window can let you specify serial port parameters including the operation mode being "Virtual COM", "Modbus" or disabled, the interface being "RS‐232" or "RS‐485", the baud rate, the data bit length, the stop bit length, the flow control being "RTS/CTS", "DTS/DSR" or "None", and the parity. The port configuration screen allows user to select and switch from one communication protocol to another for the serial port. The type of the supported protocols varies with gateway model purchased. They are Virtual COM, Modbus, and IEC60870‐5. User may pre‐configure all of them in each of the protocol configuration screen and use port configuration screen to do a quick ...
Page 298
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Go to Advanced Network > Communication Bus > Port Configuration tab Port Configuration Window Item Value setting Description Serial Port N/A It displays the serial pot ID of the serial port. It displays the current selected mode of operation for the serial interface. Operation Mode Disable is set by default Depending on the model purchased the available mode are Virtual COM, Modbus, and IEC 60870‐5. Interface RS‐232 is set by default Select RS‐232 or RS‐485 connection to map to IP‐based network. Select the appropriate baud rate for serial device communication Baud Rate 19200 is set by default RS‐232: 9600 / 19200 / 38400 / 57600 / 115200 RS‐485: 9600 / 19200 / 38400 / 57600 / 115200 / 230400 / 460800 Data Bits 8 is set by default Select 8 or 7 for data bits 1 is set by default Stop Bits Select 1 or 2 for stop bits Select None / RTS,CTS / DTS, DSR for Flow Control Flow Control None is set by default Parity None is set by default ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 5.d.3 Virtual COM Create a virtual COM port on user’s PC/Host to provide access to serial device connected to serial port on AMIT IOG gateway. Therefore, users can access, control, and manage serial devices through Internet (fixed line, or cellular network) anywhere. This application is often known as Ethernet pass‐ through communication. There are four modes for virtual com connection: TCP Client, TCP Server, UDP, and RFC2217. In "Virtual COM" page, there are two configuration windows for the virtual COM function. The "Configuration" window can let you specify the operation mode. When "TCP Client" mode is selected, there are three more configuration parameters need to ...
Page 300
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. TCP clients to connect to the gateway by using their IP addresses if the trust type is "Specific IP". Furthermore, when the "UDP" mode is selected for the virtual COM function, there are two more configuration parameters need to specify. They are the WAN interface and the listen port. In the "UDP" mode, there is another "Legal IP Definition (UDP)" window can let you define four hosts as UDP peers to connect to the gateway by using their IP addresses. At last, when the "RFC‐2217" mode is selected for the virtual COM function, there are five more configuration parameters need to specify. They are the WAN interface, the listen port, the trust type to allow all remote client hosts to connect to the gateway or allow only 4 client hosts to connect, the connection idle timeout and the alive check timeout. In the " RFC‐2217" mode, there is another ...
Page 301
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Parameter Setup Example Following tables list the parameter configuration as an example for "TCP Client" mode in "Virtual COM" function, as shown in above diagram. Use default value for those parameters that are not mentioned in the tables. [Virtual COM]‐[Configuration] Configuration Path TCP Client Operation Mode On‐demand Connection Control Connection Idle Timeout 1 (0‐60) min 1 (0‐60) min Alive Check Timeout Configuration Path [Virtual COM]‐[Legal IP/FQDN Definition (TCP Client)] 1 ID 140.116.82.98 To Host 4001 Remote Port ■ Enable Definition Scenario Operation Procedure In above diagram, the "IOG Gateway" is the gateway that attaches a serial device and the gateway has a 3G/LTE WAN interface to connect to the Internet. A remote Internet host computer whose IP address is 140.116.82.98 has a management system in it to ...
Page 302
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the administrator wants the gateway to waits passively to be contacted by the host computer, allowing the host computer to establish a connection with and get data from the serial device, the operation mode for the "Virtual COM" function is required to be "TCP Server". In this mode, IOG gateway provides a unique "IP: Port" address on a TCP/IP network. It supports up to 4 simultaneous connections, so that multiple hosts can collect data from the same serial device at the same time. Scenario Description When the Internet Host Computer wants to get the serial data via the IOG Gateway, it will try to establish a TCP connection to the gateway if the connection is off. After the data has been transferred, the gateway automatically disconnects from the ...
Page 303
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [Virtual COM]‐[Trusted IP Definition] Configuration Path 1 ID 140.116.82.98 Host ■ Enable Definition Scenario Operation Procedure In above diagram, the "IOG Gateway" is the gateway that attaches a serial device and the gateway has a 3G/LTE WAN interface to connect to the Internet. A remote Internet host computer whose IP address is 140.116.82.98 has a management system in it to collect and process the serial data via the gateway. Please be noted that the operation mode of the virtual COM function in the gateway is "TCP Server". When the Internet Host Computer wants to collect data from the serial device via the gateway, it will establish a TCP connection to the "IOG Gateway" if the connection is off. After the data has been transferred, the gateway automatically disconnects from the ...
Page 304
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Internet Host Computer is the trusted one in the "IOG Gateway" for communicating UDP data with the serial device. Parameter Setup Example Following tables list the parameter configuration as an example for the "UDP" mode in "Virtual COM" function, as shown in above diagram. Use default value for those parameters that are not mentioned in the tables. [Virtual COM]‐[Configuration] Configuration Path Operation Mode WAN Interface All WANs 4001 Listen Port Configuration Path [Virtual COM]‐[Legal IP Definition (UDP)] 1 ID 140.116.82.98 Host ■ Enable Definition Scenario Operation Procedure In above diagram, the "IOG Gateway" is the gateway that attaches a serial device and ...
Page 305
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Configure the gateway as the TCP (Transmission Control Protocol) Client. In TCP Client mode, device initiates a TCP connection with a TCP server when there is data to transmit. Device disconnects from the server when the connection is Idle for a specified period. You may also enable full time connection with the TCP server. Enable TCP Client Mode Window Item Value setting Description Operation Mode A Must filled setting Select TCP Client. Choose Always on for a TCP full time connection. Otherwise, choose On‐Demand Always on is set by Connection Control to initiate TCP connection only when required to transmit and disconnect at idle default timeout. Enter the idle time out in minutes. The idle time out is used to disconnect the TCP connection when idle time Connection Idle 1. 0 is set by default elapsed . Timeout 2. Range 0 to 60 min. Idle time out is only available when On‐Demand is selected in the Connection Control field. Input the time period of alive check timeout. The TCP connection will be Alive Check Timeout 0 is set by default terminated if it doesn’t receive response of alive‐check longer than this timeout setting Save N/A ...
Page 306
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Specify TCP Server Window Item Value setting Description Press Edit button to enter IP address or FQDN of the remote TCP server to transmit To Host A Must filled setting serial data. 1.A Must filled setting Remote Port Enter the TCP port number. This is the listen port of the remote TCP server. 2.Default value is 4001 0 is set by default (0 Local Port The TCP port that local device is binding. means auto) The box is unchecked by Enable Check the Enable box to enable the TCP server connection. default Save N/A Click the Save button to save the configuration 306 ...
Page 307
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Enable TCP Server Mode Configure the gateway as the TCP (Transmission Control Protocol) Server. The TCP Server waits for connections to be initiated by a remote TCP client device to receive serial data. The setting allows user to specify specific TCP clients or allow any to send serial data for serial data transmission bandwidth control and access control. The TCP Server supports up to 4 simultaneous connections to receive serial data from multiple TCP clients. Enable TCP Server Mode Window Item Value setting Description Operation Mode A Must filled setting ...
Page 308
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Specify TCP Clients for TCP Server Access Specify TCP Clients Window Item Value setting Description Host A Must filled setting Enter the IP address range of allowed TCP clients. The box is unchecked by Enable Check the Enable box to enable the rule. default Save N/A Click Save button to save the settings. Enable UDP Mode UDP (User Datagram Protocol) enables applications using UDP socket programs to communicate with the serial ports on the serial server. T he UDP mode provides connectionless communications, which ...
Page 309
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Specify Remote UDP Specify Remote UDP hosts Window Item Value setting Description Host A Must filled setting Press Edit button to enter IP address range of remote UDP hosts. Remote Port 4001 is set by default Indicate the UDP port of peer UDP hosts. The box is unchecked by Enable Check the Enable box to enable the rule. default Save N/A Click Save button to save the settings. Enable RFC‐2217 Mode RFC‐2217 defines general COM port control options based on telnet protocol. With the RFC‐2217 mode, remote host can monitor and manage remote serially attached devices, as though they were connected to the local serial port. When a virtual serial port on the local serial device is being created, it is required to specify the IP‐address of the remote hosts to establish connection with. Enable RFC‐2217 Mode Window Item Value setting Description Operation Mode A Must filled setting ...
Page 310
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Save N/A Click Save button to save the settings. Specify Remote Host for Access Specify RFC‐2217 Clients for Access Window Item Value setting Description Host A Must filled setting Enter the IP address range of allowed clients. The box is unchecked by Enable Check the Enable box to enable the rule. default Save N/A Click Save button to save the settings. 310 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 7 Applications 7.1 Mobile Application Whether there is the mobile application existed in your purchased gateway depends on its product category. In Mobile Application section, the device supports SMS Management, USSD Management, Network Scan and SMS‐based Remote Management. You can setup these four aspects of mobile applications by using embedded 3G/LTE module in the device. 7.1.1 SMS Short Message Service (SMS) is a text messaging service component of phone, Web, or mobile ...
Page 312
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. you specify which 3G/4G module (physical interface) is used for the SMS function, and system will show which SIM card in the module is the current used one. In addition, the supported media to store SMS messages in the gateway now has only "SIM Card Only" option. The second window is the "Alter Rule List" and it shows all your defined altering rules for SMS messages, like auto‐forwarding messages to another mobile phone set, message forwarding by email and message forwarding by syslog. By using the third window, "Alter Rule Configuration", you can define an altering rule for SMS messages. At last, the "SMS Summary" window displays information such as the numbers of unread SMS messages, total received SMS messages and SMS messages in free space. Moreover, a "New SMS" button can let you compose and send a new SMS message. The "SMS Inbox" button can let you check all received SMS messages. The SMS function allow user to send SMS, read and delete SMS from SIM Card. Configuration setting Go to Application > Mobile Application > SMS Configuration Item Value setting Description Physical The box is 3G/4G‐1 by Choose the 3G/4G‐1 or 3G/4G‐2 to change setting of cellular module1 or cellular Interface default module2. The box is checked by This is the SMS switch. If the box checked that the SMS function enable, if the box SMS default unchecked that the SMS function disable. SIM Status ...
Page 313
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. SMS Summary Show Unread SMS, Received SMS, Remaining SMS, and edit SMS context to send, read SMS from SIM card. SMS Summary Item Value setting Description If SIM card insert to router first time, unread SMS value is zero. When received the Unread SMS N/A new SMS but didn’t read, this value plus one. This value record the existing SMS numbers from SIM card, When received the new Received SMS N/A SMS, this value plus one. This value is SMS capacity minus received SMS, When received the new SMS, this Remaining SMS N/A value minus one. Click New SMS button, a New SMS screen appears. User can set the SMS setting New SMS N/A from this screen. Refer to New SMS in the next page. Click SMS Inbox button, a SMS Inbox List screen appears. User can read or delete SMS Inbox N/A SMS, reply SMS or forward SMS from this screen. Refer to SMS Inbox List in the next page. New SMS User can set the SMS setting from this screen. New SMS Item...
Page 314
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. SMS Inbox List User can read or delete SMS, reply SMS or forward SMS from this screen. SMS Inbox List Item Value setting Description ID N/A The number or SMS. From Phone N/A What the phone number from SMS Number Timestamp N/A What time receive SMS SMS Text N/A Preview the SMS text. Preview User can check the box, then click Delete button to delete SMS. User click The box is unchecked by Action Reply/Forward button to reply/forward SMS. User click Detail button to read the default SMS detail, and Detail SMS Message screen appears. Refresh N/A Refresh the SMS Inbox List. Delete N/A Delete the SMS for all checked box from Action. Close N/A Close the Detail SMS Message screen. ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 7.1.3 USSD Unstructured Supplementary Service Data (USSD) is a protocol used by GSM cellular telephones to communicate with the service provider's computers. USSD can be used for WAP browsing, prepaid callback service, mobile‐money services, location‐based content services, menu‐based information 13 services, and as part of configuring the phone on the network. An USSD messageis up to 182 alphanumeric characters in length. Unlike Short Message Service ...
Page 316
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. the activation of an USSD connection session to the USSD server, select the USSD profile or type in the correct pre‐command, and then click on the "Send" button for the session. The responses from the USSD server will be displayed beneath the "USSD Command" line. When commands typed in the "USSD Command" field are sent, received responses will be displayed in the "USSD Response" blank space. User can communicate with the USSD server by sending USSD commands and getting USSD responses via the voice gateway. An USSD Session Scenario Scenario Application Timing ...
Page 317
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. [USSD]‐[Configuration] Configuration Path 3G/4G‐1 SIM Status: SIM_A Physical Interface [USSD]‐[USSD Profile Configuration] Configuration Path roaming setting Profile Name *135# USSD Command Roaming function Comments Configuration Path [USSD]‐[USSD Request] roaming setting Profile Name *135# USSD Command USSD Response Scenario Operation Procedure In above diagram, the "Vo3G Gateway" is the initiator of an USSD session requesting for data roaming services in ChungHwa mobile operator. First, administrator selects one 3G/4G module as the physical interface of the USSD ...
Page 318
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. SIM Status N/A Depend on currently SIM status. USSD Profile List setting The USSD allows you to custom your profile. The router supports up to a maximum of 35 USSD profile list. When Add button is applied USSD Profile List Configuration screen will appear. USSD Profile List Item Value setting Description Profile Name N/A The Profile Name that user can key in. USSD Command N/A The USSD command that user can key in. Comments N/A The Comments is this profile comment. USSD Request When send the USSD command, the USSD Response screen will appear. When click the Clear button, the USSD Response will disappear. USSD Request Item Value setting Description USSD Profile ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 7.1.5 Network Scan "Network Scan" function can let administrator specify the device how to connect to the mobile system for data communication in each 3G/4G interface. For example, administrator can specify which generation of mobile system is used for connection, 2G, 3G or LTE. Moreover, he can define their connection sequence for the gateway device to connect to the mobile system automatically. ...
Page 320
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Configuration Item Value setting Description Physical The box is 3G/4G‐1 by Choose the 3G/4G‐1 or 3G/4G‐2 to change setting of cellular module1 or cellular Interface default module2. SIM Status N/A Depend on currently SIM status. When Auto selected, the network will be register automatically. If the prefer option The box is Auto by Network Type selected, network will be register for your option first. If the only option selected, default network will be register for your option only. The box is Auto by When Auto selected, Band List all box checked, and user can’t select any option. Band Selection default User need to select the Manual option, then allow to change the Band List setting. All box is checked by The Band List’s options depend on module, and user need to select option at least Band List default one for all network type. When Auto selected, cellular module register automatically. If the Manually selected, Network Provider List will shown. when Manually is selected in the dropdown list for Scan Approach, a network provider list screen appears. Press Scan button to scan for the nearest base stations. Select preferred base stations then click Apply button to apply settings. ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 7.1.7 SMS Management "SMS‐based Remote Management" function can let administrator manage the gateway device remotely by using text SMS (Short Message Service) application in the mobile system. Users can send managing SMS messages to this gateway to perform necessary actions, such as to get WAN status, to connect / disconnect / reconnect WAN connection or to reboot the system. In addition, gateway can also send SMS notification messages automatically to users for alert events. Moreover, only the assigned person with connection key can link with the gateway via the SMS system. Administrator can further limit the assigned person by specifying phone numbers to allow communicate with the gateway via the SMS system. Only these phones can SMS control the gateway. Furthermore, the SMS messages can be removed after being processed by the system to clear up the memory to receive more other ...
Page 322
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. receive the managing events and if the gateway will issue alerting SMS messages upon events happened. In the "Managing Event List" and "Notified Event List" windows, there are managing events and notified events to be selected to enable gateway to execute corresponding actions and make responses once selected events happened. At last, the sixth window is "Access Control Configuration" window. Administrator can enable the access control here to specify only some defined phone numbers can communicate with the gateway via the SMS system. In the "Specific Phone Number Definition" ...
Page 323
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Use default value for those parameters that are not mentioned in the tables. Configuration Path [Remote Management]‐[Configuration] ■ Enable SMS Remote Management 3G/4G‐1 Physical Interface [Remote Management]‐[Management Configuration] Configuration Path ■ Enable Delete Managed SMS after Processing ■ Enable Send Confirmed SMS Security Key 1234 [Remote Management]‐[Event Configuration] Configuration Path ■ Enable Managing Event List [Remote Management]‐[Managing Event List] Configuration Path ID Reboot Device Event ■ Enable [Remote Management]‐[Access Control Configuration] Configuration Path ...
Page 324
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. SMS Management Setting SMS management is the application that allows administrator to remotely managing the gateway via issuing some Managing Event SMS, or got the instant alerts from the remote gateway with notifying event SMS. Enabling SMS Management Go to Applications > Mobile Application > SMS Management Tab SMS Management Item Value setting Description SMS Remote The box is unchecked by Check the Enable box to activate SMS Remote Management function Management default Managing The box is unchecked by Check the Enable box to activate Managing Events function Events default Notifying Events The box is unchecked by ...
Page 325
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Management Configuration Item Value setting Description Delete Managed The box is unchecked Check the Enable box to delete the received managing event SMS after it has SMS after by default been processed. Processing Delete All N/A Press the Active button to delete all the received SMS. Received SMS Security Key The box is unchecked Click the Enable box to enable the security key for validating the received by default SMS. Once the function is enabled, you have to enter the security key behind the checkbox. The received managing events SMS must have the designated security key as an initial identifier, then corresponding handlers will become effective for further processing. Save NA Click the Save button to save the configuration SMS Account Definition Setup your SMS Account. It supports up to a maximum of 5 accounts. You can click the Edit button for each ID to edit the account. ...
Page 326
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Managing Events Rules Setup your Managing Event rules. It supports up to a maximum of 128 rules. When Add button is applied, the Managing Event Configuration screen will appear. Managing Event Configuration Item Value setting Description Event SMS (or SNMP Trap) by Specify the Event type (SMS, SNMP Trap, DI, or Modbus) and event code. default Select SMS and fill the message in the textbox to specify SMS Event; Select SNMP Trap and fill the message in the textbox to specify SNMP Trap Event; Select DI and select profile from Digital Input (DI) Profile List to specify DI Event; Select Modbus and select profile from Modbus Definition to specify Modbus Event. Handlers All box is unchecked by Specify the related Handlers for the managing event. default. Select Power Checkbox and select the handlers you want to specify Power Handlers; Select WAN Checkbox and select the handlers you want to specify WAN Handlers ; Select LAN&VLAN Checkbox and select the handlers you want to specify LAN&VLAN Handlers; Select WiFi Checkbox and select the handlers you want to specify WiFi Handlers; Select NAT Checkbox and select the handlers you want to specify NAT Handlers; ...
Page 327
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Response None by default Specify the Response to be taken for the managing event. Select None to specify no response; Select DO and select profile from Digital Output (DO) Profile List to specify the DO Response; Select SMS to specify the SMS Response; Select SNMP Trap to specify the SNMP Trap Response; Select Modbus and select profile from Modbus Definition to specify the Modbus Response. Managing The box is unchecked by Click Enable box to activate this Managing Event setting. Event default. Save NA Click the Save button to save the configuration 327 ...
Page 328
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Notifying Events Rules Setup your Notifying Event rules. It supports up to a maximum of 128 rules. When Add button is applied, the Notifying Event Configuration screen will appear. Notifying Event Configuration Item Value setting Description Event DI‐1 (or WAN) by default Specify the Event type and event condition. Select DI‐1 and select the event condition to specify DI‐1 Event; Select Power‐1 and select the event condition to specify Power‐1 Event; Select WAN and select the event condition to specify WAN Event; Select LAN&VLAN and select the event condition to specify LAN&VLAN Event; Select WiFi and select the event condition to specify WiFi Event; Select Client&Server&Proxy and select the event condition to specify Client&Server&Proxy Event; Select System Related and the event condition to specify System Related Event. Handlers All box is unchecked by Specify the Handlers to take reaction when the event is triggered. default. Select DO Checkbox and select the profile from Digital Output (DO) Profile List to specify DO Handlers; Select SMS to specify the SMS Handler; Select Web Log and select/unselect the Enable Checkbox to specify the Web Log Handler; Select SNMP Trap to specify the SNMP Trap Handler; Select Email and select the profile from Email Definition to specify the Email Handler; ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 7.1.b SIM PIN Sim Pin is the application of that allows user to enable, disable or change sim card password. It can also unlock the PUK when password is locked. Configuration setting Go to Applications > Mobile Application > SIM PIN Tab Configuration Item Value setting Description Physical The box is 3G/4G‐1 by Choose the 3G/4G‐1 or 3G/4G‐2 to change setting of cellular module1 or Interface default cellular module2. SIM Status N/A Show what is the current SIM card and the sim card condition. SIM Selection N/A Press theSwitch button then router would switch sim card to another ...
Page 330
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. SIM function Application Enable or Disable pin code(password) function even the change pin code function. SIM Function Item Value setting Description SIM lock Depend on sim card If Enable is ticked when you enter this window, it represents that pin code is Enable otherwise it represents Disable. If you want to change the setting, you need to fill in the password then click Save. Remaining times Depend on sim card Represent the SIM PIN number of times that you can try unlocking. Save NA Click the Save button to save the configuration Change PIN NA pin code(password) Click the Change PIN code button to change the Code configuration. When Change PIN Code button is clicked then applied screen will appear. Item Value setting Description Current PIN N/A It need you fill in the current pin code password then you can change the Code pin code. ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 7.d Event Management Event management is the application that allows administrator to setup the pre‐defined events, handlers, or response behavior with individual profiles. With properly configuring the event management function, administrator can easily and remotely obtain the status and information via the purchased gateway. Moreover, he can also handle and manage some important system related ...
Page 332
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. take action to change the functionality or collect the required status for administration. Besides, the gateway has to reply to the event issuer with proper response that indicates the managing event is received and it is under processing. It could be a SMS event issued from the administrator to change the Wi‐Fi setting (ON or OFF), or to change the WAN connection (disconnect or re‐connect). To use the event management function, First of all, you have to enable the event management ...
Page 333
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. the Event Management feature. The following is the summary list for the provided profiles, and events: Profiles (Rules): SMS Accounts • Email Accounts • Digital Input (DI) and Digital Output (DO) profiles • • Modbus Read/Write profile Managing Events: Trigger Type: SMS, SNMP Trap, DI, and Modbus. • Handlers: WAN behavior, LAN/VLAN behavior, WIFI behavior, NAT behavior, Firewall • behavior, System Management, System Related, D/O profile. Response: None, DO, SMS, SNMP Trap, and Modbus Profile. • Notifying Events: • Trigger Type: DI Profile, Power Status, WAN Status, LAN & VLAN Status, WiFi Status, ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 7.d.1 Configuration Event management is the application that allows administrator to setup the pre‐defined events, handlers, or response behavior with individual profiles. Enabling Event Management Go to Applications > Event Management > Configuration Tab Configuration Item Value setting Description The box is unchecked by Check the Enable box to activate the Event Management function. Event default Managemen t SMS Account Definition Setup your SMS Account. It supports up to a maximum of 5 accounts. You can click the Edit button for each ID to edit the account. SMS Account Definition Item Value setting Description 1. Mobile telephone Specify the phone number that will issuing the SMS as the account Phone numbers format identifier. Number 2. A Must filled setting A Must filled setting Specify the application type. It could be Managing Events, Notifying Events, ...
Page 335
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. factory default setting but a retrieve of what was saved in the memory. Email Service Definition Setup your Email Service Account. It supports up to a maximum of 5 accounts. You can click the Edit button for each ID to edit the account. Email Service Definition Item Value setting Description ‐‐‐ Option ‐‐‐ Apply Email Server profile from External Server settings. Email Server 1. Internet E‐mail address Specify the Destination Email Addresses. Email format Addresses 2. A Must filled setting The box is unchecked by Click Enable box to activate this account. Enable default. NA Click the Save button to save the configuration Save NA Click the Undo button to restore what you just configured back to the Undo previous setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. 335 ...
Page 336
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Digital Input (DI) Profile Rules (DI/DO Support Required) Setup your Digital Input (DI) Profile rules. It supports up to a maximum of 10 profiles. When Add button is applied, the Digital Input (DI) Profile Configuration screen will appear. Digital Input (DI) Profile Configuration Item Value setting Description DI Profile 1. String format Specify the DI Profile Name. 2. A Must filled setting Name ID1 by default Specify the DI Source. It could be ID1. DI Source Low by default Specify the Normal Level. It could be Low or High. Normal Level Signal 1. Numberic String format Specify the Signal Active Time. It could be from 1 to 10 seconds. 2. A Must filled setting Active Time The box is unchecked by Click Enable box to activate this profile setting. Profile default. NA Click the Save button to save the configuration Save NA Click the Undo button to restore what you just configured back to the Undo ...
Page 337
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Digital Output (DO) Profile Rules (DI/DO Support Required) Setup your Digital Output (DO) Profile rules. It supports up to a maximum of 10 profiles. When Add button is applied, the Digital Output (DO) Profile Configuration screen will appear. Digital Output (DO) Profile Configuration Item Value setting Description 1. String format Specify the DO Profile Name. DO Profile 2. A Must filled setting Name DO Source ID1 by default Specify the DO Source. It could be ID1. Low by default Specify the Normal Level. It could be Low or High. Normal Level Total Signal 1. Numberic String format Specify the Total Signal Period. It could be from 10 to 10000 milliseconds. 2. A Must filled setting Period Repeat & The box is unchecked by Check the Enable box to activate the repeated Digital Output, and specify default. the Repeat times. The Repeat Counter could be from 0 to 9999. Counter 1. Numberic String format Specify the Duty Cycle for the Digital Output. It could be from 1 to 100 %. Duty Cycle 2. A Must filled setting ...
Page 338
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Modbus Definition Setup your Modbus Definition Profile. It supports up to a maximum of 10 profiles. You can click the Edit button for each ID to edit the profile. Modbus Definition Item Value setting Description 1. String format Specify the Modbus Name. Modbus 2. A Must filled setting Name The box is unchecked by Specify the application type. It could be Managing Events, Notifying Events, Application default. or both. Read Holding Registers by Specify the Read Function for Managing Events. Read default Function Write Single Registers by Specify the Write Function for Notifying Events. Write default Function Serial by default Specify the Modbus Mode. It could be Serial or TCP. Modbus Mode 1. NA for Serial on Modbus Specify the IP for TCP on Modbus Mode. IPv4 Format. IP Mode. 2. A Must filled setting for ...
Page 339
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 2. A Must filled setting 1. Numberic String format Specify the Register number of the modbus device. It could be from 0 to Register 2. A Must filled setting 65535. Logic Logic Comparator ‘>’ by Specify the Logic Comparator for Managing Events. default. Comparator 1. Numberic String format Specify the Value. It could be from 0 to 65535. Value 2. A Must filled setting The box is unchecked by Click Enable box to activate this profile setting. Profile default. NA Click the Save button to save the configuration Save NA Click the Undo button to restore what you just configured back to the Undo previous setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. 339 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 7.d.3 Managing Events Managing Events allows administrator to define the relationship (rule) among event trigger, handlers and response. Enabling Managing Events Go to Applications > Event Management > Managing Events Tab Configuration Item Value setting Description Managing The box is unchecked by Check the Enable box to activate the Managing Events function. default Events Create/Edit Managing Events Rules Setup your Managing Event rules. It supports up to a maximum of 128 rules. When Add button is applied, the Managing Event Configuration screen will appear. Managing Event Configuration Item ...
Page 341
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. All box is unchecked by Specify the related Handlers for the managing event. Handlers default. Select Power Checkbox and select the handlers you want to specify Power Handlers; Select WAN Checkbox and select the handlers you want to specify WAN Handlers ; Select LAN&VLAN Checkbox and select the handlers you want to specify LAN&VLAN Handlers; Select WiFi Checkbox and select the handlers you want to specify WiFi Handlers; Select NAT Checkbox and select the handlers you want to specify NAT Handlers; Select Firewall Checkbox and select the handlers you want to specify Firewall Handlers; Select System Management Checkbox and select the handlers you want to specify System Management Handlers; Select System Related Checkbox and select the handlers you want to specify System Related Handlers; Select DO Checkbox and select the profile from Digital Output (DO) Profile List to specify DO Handlers. None by default Specify the Response to be taken for the managing event. Response Select None to specify no response; Select DO and select profile from Digital Output (DO) Profile List to specify the DO Response; Select SMS to specify the SMS Response; Select SNMP Trap to specify the SNMP Trap Response; Select Modbus and select profile from Modbus Definition to specify the Modbus Response. Managing The box is unchecked by Click Enable box to activate this Managing Event setting. default. Event NA ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 7.d.5 Notifying Events Notifying Events Setting allows administrator to define the relationship (rule) between event trigger and handlers. Enabling Notifying Events Go to Applications > Event Management > Notifying Events Tab Configuration Item Value setting Description Notifying The box is unchecked by Check the Enable box to activate the Notifying Events function. default Events Create/Edit Notifying Events Rules Setup your Notifying Event rules. It supports up to a maximum of 128 rules. When Add button is applied, the Notifying Event Configuration screen will appear. Notifying Event Configuration Item ...
Page 343
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Event. All box is unchecked by Specify the Handlers to take reaction when the event is triggered. Handlers default. Select DO Checkbox and select the profile from Digital Output (DO) Profile List to specify DO Handlers; Select SMS to specify the SMS Handler; Select Web Log and select/unselect the Enable Checkbox to specify the Web Log Handler; Select SNMP Trap to specify the SNMP Trap Handler; Select Email and select the profile from Email Definition to specify the Email Handler; Select Modbus and select profile from Modbus Definition to specify the Modbus Handler. The box is unchecked by Click Enable box to activate this Notifying Event setting. Notifying default. Events NA Click the Save button to save the configuration Save NA Click the Undo button to restore what you just configured back to the Undo previous setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. 343 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Chapter 9 System 9.1 System Related 9.1.1 System Related System Related allows the network administrator to manage system, settings such as web‐based utility access password change, advanced system & network tools, system firmware upgrades, Email alert and system log. Go to System > System Related tab Change Password Change password screen allows network administrator to change the web‐based utility login password to access gateway. Go to System > System Related > Change Password tab ...
Page 345
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. System Information System Information screen gives network administrator a quick look up on the type of WAN connection is currently being used. The display also shows the current System time. It is particularly useful when firmware has been upgraded and system configuration file has been ...
Page 346
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. System Status System Status screen contains various event log tools facilitating network administrator to perform local event logging and remote reporting. Go to System > System Related > System Status tab 346 ...
Page 347
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. View & Email Log History View button is provided for network administrator to view log history on the gateway. Email Now button enables administrator to send instant Emails for analysis. View & Email Log History Item Value setting Description View button N/A Click on the View button to view Log History in Web Log List Window. Email Now N/A Click on the Email Now button to send Log History via email instantly. button Save N/A Click Save button to save the settings. Refresh N/A Click the Refresh button to refresh the page. ...
Page 348
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Web Log List Button Description Item Value setting Description Previous N/A Click the Previous button to move to the previous page. Next N/A Click the Next button to move to the next page. First N/A Click the First button to jump to the first page. Last N/A Click the Last button to jump to the last page. Download N/A Click the Download button to download log to your PC in tar file format. Clear N/A Click the Clear button to clear all log. Back N/A Click Back button to return to the previous page. Web Log Type Category Web Log Type Category screen allows network administrator to select the type of event to log and be displayed in the Web Log List Window as described in the previous section. Click on the View button to view Log History in the Web Log List window. Web Log Type Category Setting Window Item...
Page 349
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Email Alert Setting Window Item Value Setting Description Check Enable box to enable sending event log messages to destined Email account Enable Default unchecked defined in the E‐mail Addresses blank space. Select one email server from the Server dropdown box to send email. If none has Server N/A been available, press Add Object button to create an outgoing Email server. Enter the recipient’s Email account. Separate Email accounts with comma ‘,’ or String : email format E‐mail address semicolon ‘ ;’ Enter the Email account in the format of ‘myemail@domain.com’ Subject String : any text Enter an Email subject that is easy for you to identify on the Email client. Select the type of event to log and be sent to the destined Email account. Log type category Default unchecked Available events are System, Attacks, Data Usage, Drop, Login message, and Debug. Email Alert Button Description Item Value setting Description Click on the Add Object button, a popup window will appear. Add an outgoing Add Object N/A Email server. You may also add an outgoing Email server from External Servers Button under System (System > External Server > External Server tab). ...
Page 350
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Syslogd Syslogd screen allows network administrator to select the type of event to log and be sent to the destined Syslog server. Syslogd Setting Window Item Value Description Setting Default Enable Check Enable box to enable sending event logs to syslog server unchecked Select from Select one syslog server from the Server dropdown box to sent event log to. If none has Server menu been available, press Add Object button to create a syslog server. ...
Page 351
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Log to Storage Log to Storage screen allows network administrator to select the type of event to log and be stored at an internal or an external storage. Log to Storage Setting Window Item Value Setting Description Enable Default unchecked Check to enable sending log to storage Internal is selected by Select Device Select internal or external storage default Log file name Default unchecked Set file name to save logs in storage Split file Enable Default unchecked Check to enable split file whenever log file reaching size set in the following filed Split file Size Default 200 KB Set file size to split log file Log type category Default unchecked Check which type of logs to send: System, Attacks, Drop, Login message, Debug Log to Storage Button Description Item Value setting Description Download log ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.3 Scheduling Scheduling provides ability of adding/deleting time schedule rules, which can be applied to other functionality. Go to System > Scheduling > Schedule Settings Button description Item Value setting Description Add N/A Click the Add button to configure time schedule rule Delete N/A Click the Delete button to delete selected rule(s) Save N/A Click the Save button to save changes Refresh N/A Click the Refresh button to refresh current page 352 ...
Page 353
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Time Schedule Configuration Item Value Setting Description Rule Name String: any text Set rule name Rule Policy Default Inactivate Inactivate/activate the function been applied to in the time period below Time Period Definition Item Value Setting Description Week Day Select from menu Select everyday or one of weekday Start Time Time format (hh :mm) Start time in selected weekday End Time Time format (hh :mm) End time in selected weekday Button description Item Value setting Description Save NA Click the Save button to save changes Undo NA Click the Undo button to revert changes ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.9 External Servers The External Servers setting allows user to add external server. Create external server Go to System > External Servers > External Servers When Add button is applied, External Server Configuration screen will appear. External Server Configuration Item Value setting Description 1. String format can be Sever Name any text Enter a server name. Enter a name that is easy for you to understand.. 2. A Must filled setting Server IP/FQDN A Must filled setting This field is to specify the external server IP. Server Port A Must filled setting This field is to specify the external server port. Specify server to the Server Type. Email Server (A Must filled setting) When Email Server is selected, it means the option External Servers is set email server. Server Port will be set 25 by default. User Name (String format: any text) Server Type A Must filled setting Password (String format: any text) Then check Enable box to add this server. Syslog Server (A Must filled setting) When Syslog Server is selected, it means the option External Servers is set Syslog Server. Server Port will be set 514 by default. ...
Page 355
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. RADIUS Server (A Must filled setting) When RADIUS Server is selected, it means the option External Servers is set RADIUS Server. Server Port will be set 1812 by default. Accounting Port (A Must filled setting) Primary : Shared Key (String format: any text) Authentication Protocol (By default CHAP is selected) Session Timeout (By default 1) The values must be between 1 and 60. Idle Timeout: (By default 1) The values must be between 1 and 26. Secondary : Shared Key (String format: any text) Authentication Protocol (By default CHAP is selected) Session Timeout (By default 1) The values must be between 1 and 60. Idle Timeout: (By default 1) The values must be between 1 and 26. Then check Enable box to add this server. Active Directory Server (A Must filled setting) When Active Directory Server is selected, it means the option External Servers is set Active Directory Server. Server Port will be set 389 by default. Domain (String format: any text) Then check Enable box to add this server. LDAP Server (A Must filled setting) When LDAP Server is selected, it means the option External Servers is set LDAP Server. Server Port will be set 389 by default. Base DN (String format: any text) Identity (String format: any text) Password (String format: any text) Then check Enable box to add this server. UAM Server (A Must filled setting) When UAM Server is selected, it means the option External Servers is set UAM Server. Server Port will be set 80 by default. Login URL (String format: any text) Shared Secret (String format: any text) N/AS/Gateway ID (String format: any text) Location ID (String format: any text) ...
Page 356
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. Location Name (String format: any text) Then check Enable box to add this server. TACACS+ Server (A Must filled setting) When TACACS+ Server is selected, it means the option External Servers is set TACACS+ Server. Server Port will be set 49 by default. Shared Key (String format: any text) Session Timeout (String format: any number) The values must be between 1 and 60. Then check Enable box to add this server. SCEP Server (A Must filled setting) When SCEP Server is selected, it means the option External Servers is set SCEP Server. Server Port will be set 80 by default. Path (String format: any text, By default cgi‐bin is filled) Application (String format: any text, By default pkiclient.exe is filled) Then check Enable box to add this server. The box is checked by Server When click Enable, it will enable this External Server. default Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings Refresh N/A Click the Refresh button to refresh the external server list. 356 ...
M2M Cellular Gateway Index skipping is used to reserve slots for new function insertion, when required. 9.b MMI This is the gateway’s web‐based utility access which allows administrator to access the gateway for management. The gateway’s web‐based utility automatically logs out the administrator when the idle time has elapsed. The setting allows administrator to enable automatic logout and set the logout idle time. When the Time‐out is disabled the system will not logout the administrator automatically. Go to System > MMI > Web UI tab Web UI Item Value Setting Description Administrator when maximum idle time elapsed. Default checked Enable auto logout Time‐out Enable Administrator maximum user idle time 300s is set by default ...