Download Print this page

Amit IOG761AM-0T001 User Manual

Amit IOG761AM-0T001 User Manual

Iot cellular gateway

Table Of Contents

page of 475

/ 475
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual

IoT Cellular Gateway

IOG761AM‐0T001

IOG761AM‐0P001

User Manual

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the IOG761AM-0T001 and is the answer not in the manual?

Questions and answers

Summary of Contents for Amit IOG761AM-0T001

Page 1 IoT Cellular Gateway IOG761AM‐0T001 IOG761AM‐0P001 User Manual ...
Page 2: Table Of Contents
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Chapter 1 Introduction ........................... 6 1.1 Introduction ............................ 6 1.2 Contents List ............................ 7 1.2.1 Package Contents ........................ 7 1.3 Hardware Configuration ......................... 8 1.4 LED Indication .......................... 10 1.5 Installation Requirement ...................... 11 1.5.1 WARNING ........................... 11 1.5.2 SYSTEM REQUIREMENTS .................... 11 1.6 Hardware Installation ........................ 12 1.6.1 Mount the Unit ........................ 12 1.6.2 Insert the SIM Card ...................... 12 1.6.3 Connecting Power ...................... 13 1.6.4 Connecting DI/DO Devices .................... 14 1.6.5 Connecting Serial Devices .................... 15 1.6.6 Connecting to the Network or a Host ................ 15 1.6.7 Setup by Configuring WEB UI .................. 15 Chapter 2 Getting Started ........................... 17 ...
Page 3 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.1.1 Physical Interface ....................... 56 3.1.3 Internet Setup ........................ 68 3.1.5 Load Balance ........................ 78 3.3 LAN & VLAN ........................... 88 3.3.1 Ethernet LAN ........................ 88 3.3.3 VLAN ............................. 88 3.5 WiFi .............................. 1 03 3.5.1 Wi‐Fi Configuration ...................... 1 08 3.5.3 Wireless Client List ...................... 1 31 3.5.7 Advanced Configuration .................... 1 32 3.7 IPv6 .............................. 1 34 3.7.1 IPv6 Configuration ...................... 1 38 3.9 ...
Page 4 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.1.5 URL Blocking ........................ 2 08 5.1.9 Web Content Filters ...................... 2 14 5.1.b MAC Control ........................ 2 19 5.1.d Application Filters ...................... 2 24 5.1.f IPS ............................ 2 28 5.1.h Options .......................... 2 33 5.3 QoS & BWM .......................... 2 38 5.3.1 Configuration ........................ 2 38 5.3.3 Rule‐based QoS ........................ 2 41 5.5 ...
Page 5 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.d.3 Virtual COM ........................ 3 74 5.d.5 Modbus .......................... 3 85 5.d.9 Data Logging ........................ 3 99 Chapter 7 Applications .......................... 4 07 7.1 Mobile Application ........................ 4 07 7.1.1 SMS ............................. 4 07 7.1.3 USSD ........................... 4 11 7.1.5 Network Scan ........................ 4 15 7.1.7 SMS Management ...................... 4 17 7.1.b SIM PIN .......................... 4 26 7.1.h Plain Text System Config. ..................... 4 35 ...
Page 6: Chapter 1 Introduction
By VPN tunneling technology, remote sites easily become a part of Intranet, and all data are transmitted in a secure (256-bit AES encryption) link. To meet a variety of M2M application requirements, AMIT Modbus Cellular Gateway products are based on modular design.
Page 7: Contents List
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 1.2 Contents List 1.2.1 Package Contents #Standard Package Items Description Contents Quantity IOG761AM‐0T001 1 1pcs IoT Cellular Gateway Cellular Antenna 2pcs WiFi Antenna 2pcs Power Adapter (DC 12V/2A) 1pcs RJ45 Cable 1pcs Console Cable 1pcs 1pcs (Manual) Mounting Bracket 2pcs 9 DIN‐Rail Bracket 1pcs ...
Page 8: Hardware Configuration
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 1.3 Hardware Configuration  Front View LED USB Port RS‐232/485 Reset Indicators Port Button Auto MDI/MDIX RJ45 Ports 3G/LTE(Aux) 3G/LTE(Main) Console 4x FE LAN to connect local devices Antenna Antenna Port ※Reset Button The RESET button provides user with a quick and easy way to resort the default setting. Press the RESET button continuously for 6 seconds, and then release it. The device will restore to factory default settings. ...
Page 9 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Bottom View SIM B SIM A Slot Slot  Left View 2.4G WiFi 2.4G WiFi Antenna Antenna Power Terminal Block ...
Page 10: Led Indication
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 1.4 LED Indication LED Color LED Icon Indication Description Power Source 1 Green Steady ON: Device is powered on by power source 1 Power Source 2 Green Steady ON: Device is powered on by power source 2 ) Steady ON: Wireless radio is enabled WLAN (WiFi) Green Flash: Data packets are transferred OFF: Wireless radio is disabled SIM A Green Steady ON: SIM card A is used SIM B Green Steady ON: SIM card B is used Steady ON: Ethernet connection of LAN is established LAN 1 ~ LAN 4 ...
Page 11: Installation Requirement
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 1.5 Installation Requirement 1.5.1 WARNING Do not use the product in high humidity or high  temperatures. Only use the power adapter that comes with the  package. Using a different voltage rating power adaptor is dangerous and may damage the product. Attention ...
Page 12: Hardware Installation
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 1.6 Hardware Installation This chapter describes how to install and configure the hardware 1.6.1 Mount the Unit The IOG761 series can be placed on a desktop, mounted on the wall, or mounted on a DIN‐rail. It has designed with “ears” for attaching to the wall or the inside of a cabinet. The wall‐mount kits and DIN‐ rail bracket are not screwed on the product when out of factory. Please screw the wall‐mount kits and DIN‐rail bracket on the product first. 1.6.2 Insert the SIM Card WARNNING: BEFORE INSERTING OR CHANGING THE SIM CARD, PLEASE MAKE SURE THAT POWER OF THE DEVICE IS SWITCHED OFF. The SIM card slots are located at the bottom side of IOG761‐0T001 housing in order to protect the SIM card. You need to unscrew and remove the outer SIM card cover before installing or removing the SIM card. Please follow the instructions to insert a SIM card. After SIM card is well placed, screw back the outer SIM card cover. Step 1: Step 2: Step 3: Follow red arrow to Lift up SIM holder, Put back SIM holder, and unlock SIM socket and insert SIM card follow red arrow to lock SIM socket ...
Page 13: Connecting Power
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 1.6.3 Connecting Power The IOG761‐0T001 can be powered by connecting a power source to the terminal block . It supports dual 9 to 48VDC power inputs. Following picture is the power terminal block pin assignments. Please check carefully and connect to the right power requirements and polarity. There are a DC converter and a DC12V/2A power adapter in the package for you to easily connect DC power adapter to this terminal block. WARNNING: This commercial‐grade power adapter is mainly for ease of powering up the purchased device while initial configuration. It’s not for operating at wide temperature range environment. PLEASE PREPARE OR PURCHASE OTHER INDUSTRIAL‐GRADE POWER SUPPLY FOR POWERING UP THE DEVICE. 3 The maximum power consumption of IOG761‐0T001 is 15.5W. 13 ...
Page 14: Connecting Di/Do Devices
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 1.6.4 Connecting DI/DO Devices There are a DI and a DO ports together with power terminal block. Please refer to following specification to connect DI and DO devices. Mode Specification Trigger Voltage (high) Logic level 1: 5V~30V Digital Input Normal Voltage (low) Logic level 0: 0V~2.0V Voltage Depends on external device (Relay Mode) maximum voltage is 30V Digital Output Maximum Current 1A Example of Connection Diagram 14 ...
Page 15: Connecting Serial Devices
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 1.6.5 Connecting Serial Devices The IOG761 provides one standard serial port DB‐9 male connector. Connect the serial device to the unit DB‐9 male port with the right pin assignments of RS‐232/485 are shown as below. Pin1 Pin2 Pin3 Pin4 Pin5 Pin6 Pin7 Pin8 Pin9 RS‐232 DCD RXD TXD DTR GND DSR RTS CTS RI ...
Page 16 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Type in the IP Address (http://192.168.123.254) 5 When you see the login page, type the password ‘admin’ and then click ‘login’ button. After logging in, select your language from the "Language" list. The user manual uses "English" for the illustration of all functions in the device. 4 The default LAN IP address of this gateway is 192.168.123.254. If you change it, you need to type the new IP address 5 It’s strongly recommending you to change this login password from default value ...
Page 17: Chapter 2 Getting Started
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Chapter 2 Getting Started 2.1 Wizard Network Setup Wizard Wired Router Network Setup Wizard will guide you through a basic configuration procedure step by step. Step‐2 is to change your login password. Go to Wizard > Network Setup Wizard > Step‐2 Item Value setting Description Old Password 1. String format: any text If you want to change password, Enter the current password in this item. New Password 1. String format: any text Enter the new password. New Password The box is unchecked by Enter the new password to re‐confirm. Confirmation default Exit NA Click the Exit button to cancel Setup Wizard. Back NA Click the Back button to go to the previous step. Next NA Click the Next button to go to the next step. ...
Page 18 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Step‐3 is to change the time zone. Go to Wizard > Network Setup Wizard > Step‐3 Item Value setting Description Time zone list 1. A Must filled setting Select the time zone for the system clock. Detect Again NA Click the Detect Again button to detect the time zone from network. Exit NA Click the Exit button to cancel Setup Wizard. Back NA Click the Back button to go to the previous step. Next NA Click the Next button to go to the next step. Item Value setting Description 1. String format: any text 2. A Must filled setting Rule Name 3. By default Always is selected. 4. The box is unchecked by default. 5. NA 18 ...
Page 19 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Step 4. Internet Connection (WAN Interface Setting) In this step of the Wizard you will be specifying how your router connects to the Internet by selecting the appropriate Physical Interface and WAN Type. For detail settings, refer to the following pages for your required settings. Go to Wizard > Network Setup Wizard > Step 4. WAN interface Step 4. WAN interface Setting Item Value setting Description Here you specify the Physical Interface that connects your router to the Internet. Physical Interface A Must filled setting The type of available Interfaces will depend on the router model. They are normally the Ethernet port and the 3G/4G wireless interface. WAN Type A Must filled setting Choose the WAN type for the selected Physical Interface above. Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next sub‐steps 19 ...
Page 20 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: Ethernet WAN Type: Dynamic IP Address Dynamic IP Settings Item Value setting Description Host Name An optional setting Enter the host name provided by your Service Provider. Enter the MAC address that you have registered with your service provider. Or Click ISP Registered MAC An Optional setting the Clone button to clone your PC’s MAC to this field. Address Usually this is the PC’s MAC address assigned to allow you to connect to Internet. Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step 20 ...
Page 21 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: Ethernet WAN Type: Static IP Address Static IP Settings Item Value setting Description WAN IP Address A Must filled setting Enter the WAN IP address given by your Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider Primary DNS A Must filled setting Enter the primary WAN DNS IP address given by your Service Provider Secondary DNS Optional setting Enter the secondary WAN DNS IP address given by your Service Provider Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step 21 ...
Page 22 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: Ethernet WAN Type: PPP over Ethernet PPPoE Settings Item Value setting Description PPPoE Account A Must filled setting Enter the PPPoE User Name provided by your Service Provider. PPPoE Password A Must filled setting Enter the PPPoE password provided by your Service Provider. Primary DNS A Must filled setting Enter the IP address of Primary DNS server. Secondary DNS Optional setting Enter the IP address of Secondary DNS server. Service Name Optional setting Enter the service name if your ISP requires it Assigned IP Address Optional setting Enter the IP address assigned by your Service Provider. Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step 22 ...
Page 23 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: Ethernet WAN Type: PPTP PPTP Settings Item Value setting Description Select either Static or Dynamic IP address for PPTP Internet connection. When Static IP Address is selected, you will need to enter the WAN IP Address, WAN Subnet Mask, and WAN Gateway. WAN IP Address (A Must filled setting): Enter the WAN IP address given by your Service Provider. IP Mode A Must filled setting WAN Subnet Mask (A Must filled setting): Enter the WAN subnet mask given by your Service Provider. WAN Gateway (A Must filled setting): Enter the WAN gateway IP address given by your Service Provider. When Dynamic IP is selected, there are no above settings required. Server IP A Must filled setting Enter the PPTP server name or IP Address. Address/name PPTP Account A Must filled setting Enter the PPTP username provided by your Service Provider. PPTP Password A Must filled setting Enter the PPTP connection password provided by your Service Provider. Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step ...
Page 24 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: Ethernet WAN Type: L2TP L2TP Settings Item Value setting Description Select either Static or Dynamic IP address for L2TP Internet connection. When Static IP Address is selected, you will need to enter the WAN IP Address, WAN Subnet Mask, and WAN Gateway. WAN IP Address (A Must filled setting): Enter the WAN IP address given by your Service Provider. IP Mode A Must filled setting WAN Subnet Mask (A Must filled setting): Enter the WAN subnet mask given by your Service Provider. WAN Gateway (A Must filled setting): Enter the WAN gateway IP address given by your Service Provider. When Dynamic IP is selected, there are no above settings required. Server IP A Must filled setting Enter the L2TP server name or IP Address. Address/name PPTP Account A Must filled setting Enter the L2TP username provided by your Service Provider. PPTP Password A Must filled setting Enter the L2TP connection password provided by your Service Provider. Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step ...
Page 25 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Physical Interface: ADSL WAN Type: Ethernet Over ATM with NAT Ethernet over ATM with NAT for ADSL Setting Item Value setting Description Select either Static or Dynamic IP address for Ethernet over ATM Internet connection. When Static IP Address is selected, you will need to enter the WAN IP Address, WAN Subnet Mask, WAN Gateway, Primary DNS and Secondary DNS (optional) manually. WAN IP Address (A Must filled setting): Enter the WAN IP address given by your Service Provider. WAN Subnet Mask (A Must filled setting): Enter the WAN subnet mask given by your Service Provider. WAN Gateway (A Must filled setting): Enter the WAN gateway IP address given by your Service Provider. IP Mode A Must filled setting Primary DNS (A Must filled setting): Enter the primary WAN DNS IP address given by your Service Provider. Secondary DNS (An optional setting): Enter the secondary WAN DNS IP address given by your Service Provider. When Dynamic IP is selected: Host Name (An optional setting): Enter the host name provided by your Service Provider. ISP Registered MAC Address (An optional setting): Enter the MAC address that you have registered with your service provider. Or Click the Clone button to clone your PC’s MAC to this field. Usually this is the PC’s MAC address assigned to allow you to connect to Internet. Select the encryption mode provided by your Service Provider. Data Encapsulation A Must filled setting LLC: refers to Logical Link Control VCMux: Virtual Circuit Multiplexing 25 ...
Page 26 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 1. A Must filled Enter the VPI provided by your Service Provider. VPI Number setting VPI Number refers to Virtual Path Identifier Number. 2. Default is 0 1. A Must filled Enter the VCI provided by your Service Provider. VCI Number setting VCI Number refers to Virtual Circuit Identifier Number. 2. Default is 33 Define the Schedule Type provided by your Service Provider. There are four types can be selected: UBR: UBR generally is used for applications that are very tolerant of delay 1.A Must filled and cell loss. Schedule Type setting CBR: CBR is typically used for circuit emulation. 2. Default is UBR VBR: VBR is used in that relates to telecommunications computing used in sound or video encoding. bitrate GFR: refers to Guaranteed Frame Rate GFR Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step ...
Page 27 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. In Ethernet LAN Interface (Step‐5), configure the LAN IP Address and Subnet Mask of the device. The Ethernet LAN Interface Item Value setting Description LAN IP Address A Must filled setting Assign an IP Address for LAN, this IP address is a gateway IP. By default Select a Subnet Mask for the default LAN, and it will be assigned to DHCP server to Subnet Mask 255.255.255.0/24 is distribute IP address for client. selected. Back N/A Click Back button to go to previous step Next N/A Click Next button to go to next step 27 ...
Page 28: Vpn Setup Wizard
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. VPN Setup Wizard VPN Wizard will step by step guide you through to complete VPN tunnel setup. Step‐1: Setup Steps In Step‐1, the VPN Setup Step is a screen that displays the summary of steps for VPN setup. Click Next button to begin VPN setup. Step‐2: Select VPN Type From VPN Type dropdown box choose a VPN method to deploy. Click the Next button to go to the next step. 28 ...
Page 29 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Step‐3: Sub‐steps When IPSec is selected, go to (Step‐3) IPSec in the following page. When PPTP is selected, go to (Step‐3) PPTP in the following page. When L2TP is selected, go to (Step‐3) L2TP in the following page. When GRE is selected, go to (Step‐3) GRE in the following page. (Step‐3) IPSec When IPSec is selected in Step‐2 for VPN Type, IPSec configuration window will appear. When complete the IPSec configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. 29 ...
Page 30 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. (Step‐3) PPTP When PPTP is selected in Step‐2 for VPN Type and either PPTP client or server is selected the client or server configuration window will appear. PPTP Client When PPTP Client is selected in Step‐2 for VPN Type, PPTP configuration window will appear. When complete the PPTP Client configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. 30 ...
Page 31 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. PPTP Server When PPTP Server is selected in Step‐2 for VPN Type, PPTP configuration window will appear. When complete the PPTP Server configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. (Step‐3) L2TP When L2TP is selected in Step‐2 for VPN Type and either L2TP client or server is selected the client or server configuration window will appear. L2TP Client When L2TP Client is selected in Step‐2 for VPN Type, L2TP configuration window will appear. 31 ...
Page 32 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. When complete the L2TP Client configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. L2TP Server When L2TP Server is selected in Step‐2 for VPN Type, L2TP configuration window will appear. When complete the L2TP Server configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. 32 ...
Page 33 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. (Step‐3) GRE When GRE is selected in Step‐2 for VPN Type, GRE configuration window will appear. When complete the GRE configuration, click Next button, a setup summary will display. Confirm the setting then click the Apply button to complete the setting. 33 ...
Page 34: Status
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 2.3 Status 2.3.3 Network Status The Network Status window shows the current status for different network type, including network configuration, connecting information, modem status and traffic statistics. From the menu on the left, select Status > Network Status WAN interface IPv4 Network Status WAN interface IPv4 Network Status screen shows status information for IPv4 network. WAN interface IPv4 Network Status Item Value setting Description ID N/A It displays corresponding WAN interface WAN IDs. It displays the type of WAN physical interface. Interface N/A Depending on the model purchased, it can be Ethernet, 3G/4G, USB 3G/4G. ...
Page 35 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. DHCP server. Note: Renew button is available when DHCP WAN Type is used and WAN connection is disconnected. Release button allows user to force the device to clear its IP address setting to disconnect from DHCP server. Note: Release button is available when DHCP WAN Type is used and WAN connection is connected. Connect button allows user to manually connect the device to the Internet. Note: Connect button is available when Connection Control in WAN Type setting is set to Connect Manually (Refer to Edit button in Basic Network > WAN > Internet Setup) and WAN connection status is disconnected. Disconnect button allows user to manually disconnect the device from the Internet. Note: Connect button is available when Connection Control in WAN Type setting is set to Connect Manually (Refer to Edit button in Basic Network > WAN > Internet Setup) and WAN connection status is connected. WAN interface IPv6 Network Status WAN interface IPv6 Network Status screen shows status information for IPv6 network. WAN interface IPv6 Network Status Item Value setting Description ID N/A It displays corresponding WAN interface WAN IDs. It displays the type of WAN physical interface. Interface N/A Depending on the model purchased, it can be Ethernet, 3G/4G, USB 3G/4G. It displays the method which public IP address is obtained from your ISP. WAN type WAN Type N/A ...
Page 36 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. LAN Interface Network Status LAN Interface Network Status screen shows IPv4 and IPv6 information of LAN network. LAN Interface Network Status Item Value setting Description It displays the current IPv4 IP Address of the gateway IPv4 Address N/A This is also the IP Address user use to access Router’s Web‐based Utility. IPv4 Subnet Mask N/A It displays the current mask of the subnet. IPv6 Link‐local It displays the current LAN IPv6 Link‐Local address. N/A Address This is also the IPv6 IP Address user use to access Router’s Web‐based Utility. It displays the current IPv6 global IP address assigned by your ISP for your Internet IPv6 Global Address N/A connection. This area provides functional buttons. Edit IPv4 Button when press, web‐based utility will take you to the Ethernet LAN Action N/A configuration page. (Basic Network > LAN & VLAN > Ethernet LAN tab). Edit IPv6 Button when press, web‐based utility will take you to the IPv6 configuration page. (Basic Network > IPv6 > Configuration.) Interface Traffic Statistics Interface Traffic Statistics screen displays the Interface’s total transmitted packets. ...
Page 37 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. LAN Interface Network Status LAN Interface Network Status screen shows IPv4 and IPv6 information of LAN network. LAN Interface Network Status Item Value setting Description It displays the current IPv4 IP Address of the gateway IPv4 Address N/A This is also the IP Address user use to access Router’s Web‐based Utility. IPv4 Subnet Mask N/A It displays the current mask of the subnet. IPv6 Link‐local It displays the current LAN IPv6 Link‐Local address. N/A Address This is also the IPv6 IP Address user use to access Router’s Web‐based Utility. It displays the current IPv6 global IP address assigned by your ISP for your Internet IPv6 Global Address N/A connection. This area provides functional buttons. Edit IPv4 Button when press, web‐based utility will take you to the Ethernet LAN Action N/A configuration page. (Basic Network > LAN & VLAN > Ethernet LAN tab). Edit IPv6 Button when press, web‐based utility will take you to the IPv6 configuration page. (Basic Network > IPv6 > Configuration.) 37 ...
Page 38 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3G/4G Modem Status The Network Status window shows the current status for different network type, including network configuration, connecting information, modem status and traffic statistics. From the menu on the left, select Status > Network Status 3G/4G Modem Status screen shows status information for 3G/4G WAN network. 3G/4G Modem Status Item Value setting Description It displays the type of WAN physical interface. Physical Depending on the model purchased, it can be 3G/4G and USB 3G/4G. N/A Interface Note: Some device model may support two 3G/4G modules. Their physical interface name will be 3G/4G 1 and 3G/4G 2. Card N/A It displays the vendor’s 3G/4G modem model name. Information ...
Page 39 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Show Modem Information (Detail Button) Modem Information (after Detail button) Item Value setting Description It displays the type of WAN physical interface. It can be 3G1 or 3G2. Note: 3G2 is only for Interface N/A devices that support dual modules. Module Name N/A It displays the vendor’s 3G/4G modem model name. IMEI/MEID N/A It displays the device IMEI code of the module. HW Version N/A It displays the hardware version of the 3G/4G module. FW Version N/A It displays the firmware version of the 3G/4G module. 39 ...
Page 40 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Show SIM Status SIM Status (after Detail button) Item Value setting Description It displays the operating SIM card. The display can be SIM‐A or SIM‐B. Note: In some SIM N/A AMIT’s products, the device supports one SIM slot and only SIM‐A is available. It displays the stutus of whether the SIM is requied to be unlocked and absent of SIM card. The display can be Ready, SIM card not inserted, incorrect PIN code, PIN is required, Blocked. Ready* the PIN code is entered correctly and the SIM is unlocked. SIM card not insert* the SIM card is not detected. Check if SIM card is inserted properly. PIN Code N/A Status PIN code incorrect* the PIN code entered is incorrect. PIN is required* the PIN code is required to unlock the SIM card. Blocked* the SIM card is locked and need PUK code to unlock. It is probably due to the device had exceeded the allowed number of times to unlock. Refer to PIN Code Remaining Times This displays the remaining time of the counter that you are allowed to try to unlock SIM card with the PIN code*. Once the number of unlocking tries has been exhused the PIN Code counter will display zero then the SIM card is locked. You are not allowed to unlock with Remaining N/A the PIN code and would need to enter the PUK code to unlock instead. Times Note: You will need to enquire the telecom carrier for the PUK code to unlock or further technical services. This displays the remaining time of the counter that you are allowed to try to unlock SIM ...
Page 41 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Show Service Information Service Information (after Detail button) Item Value setting Description Operator N/A It displays the name of the carrier. It displays the cell messaging information. This is only available in GSM network and that Cell Broadcast N/A your carrier provides this information. It displays the MCC (Mobile Country Code) information that obtains from the current MCC N/A registered network. It displays the MNC (Mobile Network Code) information that obtains from the current MNC N/A registered network. It displays the LAC (Location Area Code) information in hexadecimal format, only available LAC N/A in GSM/UMTS networks. It displays the TAC (Tracking Area Code) information in hexadecimal format, only available TAC N/A in LTE network. Cell ID N/A It displays the Cell ID (CID) information in hexadecimal format. It displays the service type of the network that currently registered. It can be GSM, Service Type N/A WCDMA or LTE. ...
Page 42: Wifi Status
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 2.3.5 WiFi Status The WiFi Status window shows overall statistic of Wi‐Fi virtual Access Point entries. From the menu on the left, select Status > WiFi Status WiFi Virtual AP List The WiFi Virtual AP List shows all of the virtual AP information. The Edit button allows for quick configuration changes. WiFi Virtual AP List Item Value setting Description Op. Band N/A It displays the Wi‐Fi Operation Band (2.4G or 5G) of VAP. ID N/A ...
Page 43 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. WiFi Traffic Statistic The WiFi Traffic Statistic shows all the received and transmitted packets on WiFi network. WiFi Traffic Statistic Item Value setting Description Op. Band N/A It displays the Wi‐Fi Operation Band (2.4G or 5G) of VAP. ID N/A It displays the ID of VAP. Received Packets N/A It displays the number of packet received. Transmitted Packet N/A It displays the number of packet transmitted. Action N/A Press Reset button to clear individual VAP stats. Refresh Button N/A Press Refresh button to update the entire VAP Traffic Statistic instantly. WiFi IDS Status Ensure WIDS function is enabled Go to Basic Network > WiFi > Advanced Configuration tab Note that the WIDS of 2.4G or 5G should be configured separately. WiFi IDS Status ...
Page 44: Client List
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 2.3.7 Client List The Client List shows you the LAN Interface, IP address, Host Name, MAC Address, and Remaining Lease Time of each device that is connected to this router. Go to Status > LAN Client List LAN Client List Item Value setting Description LAN Interface N/A Client record of LAN Interface. String Format. Client record of IP Address Type and the IP Address. Type is String Format and the IP Address N/A IP Address is IPv4 Format. Host Name N/A Client record of Host Name. String Format. MAC Address N/A Client record of MAC Address. MAC Address Format. Remaining Lease N/A Client record of Remaining Lease Time. Time Format. Time 44 ...
Page 45: Firewall Status
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 2.3.9 Firewall Status The Firewall Status Viewer provides user a quick view of the firewall status and current firewall settings. The Firewall Status Viewer also keeps the log history of the dropped packets by the firewall rule policies. It also includes the administrator remote login settings specified in the Firewall Options. Before Status Viewer can log history ensure to enable Log Alert box for each of the Filter specified under Advanced Network > Firewall ...
Page 46 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. URL Blocking Status URL Blocking Status Item Value setting Description Activated N/A This is the URL Blocking Rule name. Blocking Rule Blocked URL N/A This is the logged packet information. IP N/A The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format. Time N/A ("Month" "Day" "Hours":"Minues":"Seconds") Note: Ensure URL Blocking Log Alert is enabled. Refer to Advanced Network > Firewall > URL Blocking tab. Check Log Alert and save the setting. Web Content Filter Status Web Content Filter Status Item Value setting ...
Page 47 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. MAC Control Status MAC Control Status Item Value setting Description Activated N/A This is the MAC Control Rule name. Control Rule Blocked MAC N/A This is the MAC address of the logged packet. Addresses IP N/A The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format. Time N/A ("Month" "Day" "Hours":"Minues":"Seconds") Note: Ensure MAC Control Log Alert is enabled. Refer to Advanced Network > Firewall > MAC Control tab. Check Log Alert and save the setting. Plication Filters Status Application Filters Status ...
Page 48 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. IPS Firewall Status IPS Firewall Status Item Value setting Description Detected N/A This is the intrusion type of the packets being blocked. Intrusion IP N/A The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format. ("Month" Time N/A "Day" "Hours":"Minues":"Seconds") Note: Ensure IPS Log Alert is enabled. Refer to Advanced Network > Firewall > IPS tab.Check Log Alert and save the setting. Firewall Options Status Firewall Options Status Item Value setting Description Enable or Disable setting status of Stealth Mode on Firewall Options. Stealth Mode N/A String Format: Disable or Enable Enable or Disable setting status of SPI on Firewall Options. SPI ...
Page 49: Vpn Status
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 2.3.b VPN Status The VPN Status widow shows the overall VPN tunnel status. From the menu on the left, select Status > VPN Status IPSec Status IPSec Status shows the configuration for establishing IPSec tunnel and current connection status. IPSec Status Item Value setting Description Tunnel Name N/A It displays the tunnel name you have entered to identify. Tunnel Scenario N/A It displays the Tunnel Scenario specified. Local Subnets N/A It displays the Local Subnets specified. Remote Subnets N/A It displays the Remote Subnets specified. It displays the Status of the VPN connection. The status displays are Connected, Status N/A Disconnected, Wait for traffic, and Connecting. Click on Edit Button to change IPSec setting, web‐based utility will take you to Edit Button N/A the IPSec configuration page. (Advanced Network > VPN > IPSec tab) 49 ...
Page 50 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. PPTP Server/Client Status PPTP Server/Client Status shows the configuration for establishing PPTP tunnel and current connection status. PPTP Server Status Item Value setting Description User Name N/A It displays the login name of the user used for the connection. It displays the public IP address (the WAN IP address) of the connected PPTP Remote IP N/A client. Remote Virtual IP N/A It displays the IP address assigned to the connected PPTP client. Remote Call ID N/A It displays the PPTP client Call ID. It displays the Status of each of the PPTP client connection. The status displays Status N/A Connected, Disconnect, and Connecting. Click on Edit Button to change PPTP server setting, web‐based utility will take Edit Button N/A you to the PPTP server configuration page. (Advanced Network > VPN > PPTP tab) PPTP Client Status Item Value setting Description Client Name ...
Page 51 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. L2TP Server/Client Status LT2TP Status shows the configuration for establishing LT2TP tunnel and current connection status. L2TP Server Status Item Value setting Description User Name N/A It displays the login name of the user used for the connection. It displays the public IP address (the WAN IP address) of the connected L2TP Remote IP N/A client. Remote Virtual IP N/A It displays the IP address assigned to the connected L2TP client. Remote Call ID N/A It displays the L2TP client Call ID. It displays the Status of each of the L2TP client connection. The status displays Status N/A Connected, Disconnect, Connecting Click on Edit Button to change L2TP server setting, web‐based utility will take Edit Button N/A you to the L2TP server configuration page. (Advanced Network > VPN > L2TP tab) L2TP Client Status Item Value setting Description Client Name ...
Page 52: Openvpn Status
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 2.3.c OpenVPN Status According to OpenVPN configuration, the OpenVPN Status shows the status and statistics for the OpenVPN connection from the client side or server side. View OpenVPN Client Status Go to Status > VPN Status > OpenVPN Status> OpenVPN Client Status OpenVPN Client Status Item Value setting Description OpenVPN Client N/A It displays the Client name you have entered for identification. Name Interface N/A It displays the WAN interface specified for the OpenVPN client connection. Remote It displays the peer OpenVPN Server’s Public IP address (the WAN IP IP/FQDN address) or FQDN. ...
Page 53: System Mgmt. Status
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 2.3.d System Mgmt. Status The System Management Status window shows the status for managing remote network devices. The type of management available in your device is depended on the device model purchased. The commonly used ones are the SNMP, TR‐069, and UPnP. From the menu on the left, select Status > System Mgmt. Status SNMP Linking Status SNMP Link Status screen shows the status of current active SNMP connections. SNMP Link Status Item Value setting Description It displays the user name for authentication. This is only available for SNMP version User Name N/A 3. IP Address ...
Page 54 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. SNMP Trap Information Show the status of current received SNMP traps. SNMP Trap Information Item Value setting Description Trap Level N/A It displays the trap level. Time N/A It displays the timestamp of trap event. Trap Event N/A It displays the IP address of the trap sender and event type. TR‐069 Status The TR‐069 Status window shows the current connection status with the TR‐068 server. TR‐069 Status Item Value setting Description It displays the current connection status with the TR‐068 server. The connection Link Status N/A status is either On when the device is connected with the TR‐068 server or Off when disconnected. ...
Page 55: Chapter 3 Basic Network
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Chapter 3 Basic Network 3.1 WAN The gateway provides one or more WAN interfaces to let all client hosts in Intranet of the gateway access the Internet via ISP. But ISPs in the world apply various connection protocols to let gateways or user's devices dial in ISPs and then link to the Internet via different kinds of transmit media. So, the WAN Connection lets you specify the WAN Physical Interface, WAN Internet Setup and WAN Load Balance for Intranet to access Internet. For each WAN interface, you must specify its physical interface first and then its Internet setup to connect to ISP. If the gateway has multiple WAN ...
Page 56: Physical Interface
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.1.1 Physical Interface The first step to configure one WAN interface is to specify which kind of connection media to be used for the WAN connection, as shown in "Physical Interface" page. In "Physical Interface" page, there are two configuration windows, "Physical Interface List" and "Interface Configuration". "Physical Interface List" window shows all the available physical interfaces. After clicking on the "Edit" button for the interface in "Physical Interface List" window the "Interface Configuration" window will appear to let you configure a WAN interface. Physical Interface List The Physical Interface List shows all WAN interfaces of the gateway device, including their name, what kinds of physical interface, their operation mode and line speed. There is one "Edit" button for each WAN interface, which can let you configure the interface. Please see "Interface Configuration" section beneath. Following are some "Physical Interface List" window examples for different gateway ...
Page 57 Interface Name The logic name of WAN interfaces is identified by “WAN‐1”, “WAN‐2”, …, and so on.  Physical Interface This device is equipped with some kinds of WAN Interfaces to support different WAN types of connections. You can configure one by one to get proper internet connection setup. Refer to AMIT Product List in Appendix A for number of interfaces, the type of physical interface and suggested logic WAN name in the device, 57 ...
Page 58 The content in above diagram is an example for Ethernet WAN interface.  Physical Interface AMIT gateway supports Ethernet, 3G/4G, USB 3G/4G and ADSL physical interfaces. The kinds of physical interface in the device depend on the specification of gateway product purchased. Following are some physical interface configuration examples and their illustration diagram. Please be noted that USB 3G/4G can be used only as a failover interface. The primary connection is WAN‐1 and its operation mode must be "Always on". So, the physical interface of WAN‐1 will not be "USB 3G/4G". ...
Page 59 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [Physical Interface]‐[Interface Configuration (WAN‐n)], n=1, 2, ... Configuration Path Physical Interface Ethernet 3G/4G USB 3G/4G ADSL Always on Always on Failover Always on Operation Mode 100Mbps / 50Mbps / 5Mbps / 21Mbps 2Mbps / 22Mbps Line Speed 100Mbps 150Mbps WAN Physical Interface Ethernet WAN Gateway DSLAM Firewall xDSL Modem 3G/4G WAN Cellular Network Gateway USB 3G/4G WAN Cellular Network Gateway ADSL WAN Gateway...
Page 60 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. USB 3G/4G WAN: The gateway has one USB port that can support 3G/4G USB modem for a WAN connection. Please plug 3G/LTE USB dongle and follow UI setting to setup. ADSL WAN: The gateway has one ADSL modem built‐in that can be configured to be a WAN connection, please plug in RJ11 cable (normally the landline phone cable) in DSL port and follow UI setting to setup.  Operation Mode There are three option items “Always on”, “Failover”, and “Disable” for the operation mode setting. ...
Page 61: Internet Setup
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [Physical Interface]‐[Interface Configuration (WAN‐n)], n=1, 2 Configuration Path Interface Name WAN‐1 WAN‐2 ADSL USB 3G/4G Physical Interface Always on Failover WAN‐1 □Seamless Operation Mode Line Speed 2Mbps / 22Mbps 5Mbps / 21Mbps [Internet Setup]‐[Internet Connection Configuration (WAN‐n)], n=1, 2 Configuration Path WAN‐1 WAN‐2 Interface Name Ethernet over ATM with NAT 3G/4G WAN Type [Internet Setup]‐[Ethernet over ATM with NAT WAN Type Configuration] Configuration Path WAN‐1 Interface Name Auto‐reconnect (Always on) Connection Control LLC Data Encryption VPI Number 0 33 VCI Number UBR Schedule Type ...
Page 62 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. system starts the failback process. S 5: When failback process starts, system terminates the current WAN connection via Failover WAN interface. S 6: System changes the data routing path back to the primary WAN interface as same state as at the beginning of system normal operation. Gateway ① Disconnected DSLAM WAN‐1: ADSL ② Failover Failover WAN‐2: 3G/4G ③ Start Connecting Cellular Network Gateway ④ Connection Back DSLAM WAN‐1: ADSL Failback ⑥...
Page 63 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. transfer mission instantly by only changing routing path to failover interface. The dialing‐up time of failover connection is saved since it has been connected beforehand. For some mission‐critical applications, this gateway supports “Seamless Failover” to shorten switch time during WAN interface failover process. So, the initial status of two WAN connections for Seamless Failover is shown in following diagram. Gateway DSLAM Connected and Data Transferring WAN‐1: ADSL WAN‐2: 3G/4G Initial Status Connected but just Keep Alive Cellular Network Next, Failover and Failback processes are shown in following diagram. Their steps are: S 1: When system discovers the primary WAN connection is failed. S 2: ...
Page 64 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Gateway ① Disconnected DSLAM WAN‐1: ADSL ② Failover Failover WAN‐2: 3G/4G ③ Change Routing via WAN-2 Cellular Network Gateway DSLAM ④ Connection Back WAN‐1: ADSL Failback ⑥ Failback: Change WAN‐2: 3G/4G Routing back via WAN-1 ⑤ Leave it Keep Alive Cellular Network ...
Page 65 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [Physical Interface]‐[Interface Configuration (WAN‐1)] Configuration Path Interface Name WAN‐1 3G/4G Physical Interface Always on Operation Mode Line Speed 50Mbps / 150Mbps [Internet Setup]‐[Internet Connection Configuration (WAN‐1)] Configuration Path WAN‐1 Interface Name 3G/4G WAN Type [Internet Setup]‐[3G/4G WAN Type Configuration] Configuration Path WAN‐1 Interface Name SIM‐A First Preferred SIM Card So, the initial status of two WAN connections using different SIM card is shown in the following diagram. Cellular Network #1 Connected and Gateway Data Transferring SIM‐A Initial Status SIM‐B (SIM-A First) Not Connected Cellular Network #2 ...
Page 66: Load Balance
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. the SIM‐n connection failed, system starts the failover process again and goes back to S2 step. Cellular Network #1 ① When Disconnected Gateway SIM‐A ② Failover Failover SIM‐B ③ Start Connecting Cellular Network #2 Cellular Network #1 Gateway ⑥ Start Connecting SIM‐A Failover ⑤...
Page 67: Ethernet Wan
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. for these two WAN interfaces, and their scenarios are shown in the following diagram. [Physical Interface]‐[Interface Configuration (WAN‐n)], n=1, 2 Configuration Path Interface Name WAN‐1 WAN‐2 Ethernet ADSL Physical Interface Always on Always on Operation Mode 100Mbps / 100Mbps 2Mbps / 22Mbps Line Speed □Enable ■Enable 12 VLAN Tagging Ethernet WAN Gateway w/o Tag DSLAM xDSL Modem Specific Service ADSL WAN Gateway DSLAM w/ Tag 12 Specific Service P.s. 3G/4G or USB 3G/4G can’t carry any VLAN tag in communication packets 67 ...
Page 68 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.1.3 Internet Setup After specifying the physical interface for each WAN connection, administrator must configure their connection profiles one after one to meet the dial in process of ISPs, so that all client hosts in the Intranet of the gateway can access the Internet. In "Internet Setup" page, there are some configuration windows: "Internet Connection List", "Internet Connection Configuration", "WAN Type Configuration" and related configuration windows for each WAN type. For the Internet setup of each WAN interface, you must specify its WAN type of physical interface first and then its related parameter configuration for that WAN type. ...
Page 69 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Internet Connection List The Internet Connection List shows the WAN connection profiles of all WAN interfaces in the gateway device, including interface name, the kinds of physical interface, their operation mode and WAN connection type. There is one "Edit" button for each WAN interface to let you configure its Internet ...
Page 70 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Physical Interface This device is equipped with some kinds of WAN Interfaces. Please refer to [Basic Network]‐ [WAN]‐[Physical Interface] section (3.1.1).  Operation Mode It is "Always on", "Failover" or "Disable". Please refer to [Basic Network]‐ [WAN]‐[Physical Interface] section (3.1.1).  WAN Type The supported WAN types for each WAN interface depend on the kind of interface. Following are all kinds of physical interfaces and their supported WAN types.  Ethernet interface: A fixed line ISP that provides xDSL or cable modem for you to setup the WAN connection.  Static IP Address WAN type: Select this option if ISP provides a fixed IP address to you. You will need to enter in the IP address, subnet mask, and gateway address, provided to you by your ISP.  Dynamic IP Address WAN type: You may choose this WAN type if you connects a cable modem or a fiber (VDSL modem) for Internet connection. The assigned IP address for the WAN interface by a DHCP server may be different every time. ...
Page 71 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. (DSL) technology, a data communications technology that enables faster data transmission over copper telephone lines than a conventional voiceband modem can provide. Use a RJ11 cable to connect the ADSL port of gateway device to the DSLAM at ISP, and connect further to a conventional Internet Protocol network.  Ethernet over ATM with NAT WAN type: The option is intended to be used in implementations which use ATM networks to carry multiprotocol traffic among hosts, routers and bridges which are ATM end systems. ...
Page 72 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Static IP Address WAN Type: Settings include WAN IP Address, WAN Subnet Mask, WAN Gateway, Primary DNS, Secondary DNS, MTU, NAT, Network Monitoring, IGMP and WAN IP Alias.  Dynamic IP Address WAN Type: Settings include Host Name, ISP registered MAC Address, Connection Control, Maximum Idle Time, MTU, NAT, Network Monitoring, IGMP and WAN IP Alias.  PPPoE WAN Type: Settings include IPv6 Dual Stack, PPPoE Account & Password, Primary DNS / Secondary DNS, Connection Control, Maximum Idle Time, Service Name / Assigned IP Address, MTU, NAT, Network Monitoring, IGMP and WAN IP Alias. ...
Page 73 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Network Monitoring The gateway supports failover function and the function must depend on the correct decision when a connection is down. Some parameters are used in the decision process.  DNS Query / ICMP Checking: either one is used to check alive for a WAN connection.  Loading Checking: The response time of replied keep‐alive packets may increase when WAN bandwidth is fully occupied. To avoid keep‐alive feature work abnormally, enable this option will stop sending keep‐alive packets when there are continuous incoming and outgoing data packets passing through WAN connection.  Check Interval: Indicate how often to send keep‐alive packet.  Check Timeout: Set allowance of time period to receive response of keep‐alive packet. If this gateway doesn’t receive response within this time period, this gateway will acknowledge this keep alive is failed.  Latency Threshold: Set acceptance of response time. This gateway will record this keep‐alive check is failed if the response time of replied packet is longer than this setting.  Fail Threshold: Times of failed checking. This WAN connection will be recognized as broken if the times of continuous failed keep‐alive checking equals to this value.  Target1/Target2: Set host that is used for keep alive checking. It can be DNS1, DNS2, default ...
Page 74 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Start N: the count of fails N = 0 “Loading Check” enable? Sleep for “Check Interval” Enough Sleep for traffic “Check Interval” existed? “DNS Query” “ICMP Checking” Checking Method FQDN Query ICMP Check (Target1, Target2) (Target1, Target2) Reply time Success? > “Latency Threshold” No, or “Check Timeout” occurs N = N+1 N < “Fail Threshold” Connection is Broken Try to reconnect  Connection Control There are three ways for connection control, “Auto‐reconnect (Always on)”, “Dial‐on‐demand” and “Manually”. ...
Page 75 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Manually: This gateway won’t start to establish WAN connection until you press “Connect” button on web UI. After normal data transferring between LAN and WAN sides, this gateway will disconnect WAN connection if idle time reaches value of Maximum Idle Time. Please be noted, if the WAN interface serves as the primary one for another WAN interface in Failover role, the Connection Control parameter will not be available to you to configure as the system must set it to “Auto‐reconnect (Always on)”.  Auto‐reconnect / Dial‐on‐demand / Manually Scenario: As an example, WAN‐1, WAN‐2 and WAN‐3 are all Ethernet interfaces with "Always on" operation mode. Their WAN Type is set to "Dynamic IP" but with different Connection Control approaches. WAN‐1 ...
Page 76 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Its steps are: Pre‐state: After system booting up, system tries to let the WAN connection be alive. S 1: When system discovers the WAN connection is failed. S 2: System starts to re‐connect the WAN connection till connect successfully as same as Pre‐ state. In the "Dial‐on‐demand" scenario, system will not make the WAN connection until gateway receives an Internet accessing request from Intranet. And then the connection will keep alive only when there still is data transfer. If there is no data transfer for a period that is longer than the Maximum ...
Page 77 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. ② Start Connecting Gateway Manually DSLAM xDSL Modem ③ Disconnect when ① Connect Button idle timeout Primary DNS, Secondary DNS, DHCP Servers Intranet Its steps are: Pre‐state: After system booting up, the WAN connection is disconnected. S 1: When administrator click on the "Connect" button on the "Network Status" configuration window. S 2: System starts to make the WAN connection till connect successfully. Keep the connection alive only when there still is data transfer to the Internet. ...
Page 78 Intranet to the Internet, the gateway device needs the WAN load balance function to enlarge the total WAN bandwidth of gateway. AMIT "Load Balance" function for multiple WANs gateway designs five optional strategies: By Smart Weight, By Priority, By User Policy, By Sequence and ...
Page 79 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. loads (in bytes) on all WAN interfaces. Administrator may take it as a fast approach to maximize the bandwidth utilization of multiple WAN interfaces in gateway. That is, system will take the line speed settings of all WAN interfaces specified in "Physical Interface" configuration page, as the default ratio between WAN interfaces for data transfer. Based on the ratio of packet bytes via these WAN interfaces in past period (maybe 5 minutes), system decides how many sessions will be transferred via each WAN interface for current period of traffic loadings as shown in the following illustration diagram. ① Gateway DSLAM WAN‐1: ADSL ② WAN‐2: 3G/4G Cellular Network Intranet Following 5 tables list the parameter configuration for the above example diagram of load balance function. The ratio m:n in this example is 22:11. [Physical Interface]‐[Interface Configuration (WAN‐n)] , n=1,2 Configuration Path WAN‐1 WAN‐2 Interface Name ...
Page 80 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [Internet Setup]‐[Internet Connection Configuration (WAN‐n)], n=1, 2 Configuration Path Interface Name WAN‐1 WAN‐2 Ethernet over ATM with NAT 3G/4G WAN Type [Internet Setup]‐[Ethernet over ATM with NAT WAN Type Configuration] Configuration Path WAN‐1 Interface Name Auto‐reconnect (Always on) Connection Control LLC Data Encryption 0 VPI Number 33 VCI Number UBR Schedule Type [Internet Setup]‐[3G/4G WAN Type Configuration] Configuration Path WAN‐2 Interface Name Auto‐detection Dial‐up Profile Auto‐reconnect (Always on) Connection Control [Load Balance]‐[Configuration] Configuration Path ■ Enable Load Balance By Smart Weight Load Balance Strategy ...
Page 81 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Definition" table is used for the scenario and is shown as below. "Edit" button can be used to change the Priority in percents. Following is another example diagram to illustrate the scenario. At the beginning, gateway has two WAN interfaces and their download line speed are 22Mbps (m Mbps) for WAN‐1 interface and 11Mbps (n Mbps) for WAN‐2. That comes from administrator subscribes ADSL ISP for a 22 Mbps WAN connection and 3G/4G ISP for another 11 Mbps WAN connection. Administrator fills these both values in the line speed field for both WAN interfaces. Please refer to section [Basic Network]‐[WAN]‐ [Physical ...
Page 82 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [Physical Interface]‐[Interface Configuration (WAN‐n)] , n=1,2 Configuration Path WAN‐1 WAN‐2 Interface Name ADSL 3G/4G Physical Interface Always on Always on Operation Mode 2Mbps / 22Mbps 1Mbps / 11Mbps Line Speed [Internet Setup]‐[Internet Connection Configuration (WAN‐n)], n=1, 2 Configuration Path WAN‐1 WAN‐2 Interface Name WAN Type Ethernet over ATM with NAT 3G/4G [Internet Setup]‐[Ethernet over ATM with NAT WAN Type Configuration] Configuration Path Interface Name WAN‐1 Auto‐reconnect (Always on) Connection Control LLC Data Encryption VPI Number 0 33 VCI Number UBR Schedule Type ...
Page 83 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. By User Policy Load Balance Strategy Finally, when you choose "By User Policy" load balance strategy, there are two more configuration windows: "User Policy List" and "User Policy Configuration". "User Policy List" shows all your defined user policy entries, and the "User Policy Configuration" window will let you configure one user policy for routing dedicated packet flow via one WAN interface. They are shown in following diagrams. Above example shows that administrator hopes the packet flow whose destination is "www.google.com" will be transferred via WAN‐1 interface, and another packet flow whose destination is "www.yahoo.com" will be transferred via WAN‐2 interface. For other un‐specified packet flows will be routed by default via different WAN interfaces by "Smart Weight" load balance strategy. ① Google: ‐> WAN‐1 Yahoo: ‐> WAN‐2 Gateway DSLAM WAN‐1: ADSL ②...
Page 84 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. To meet the load balance requirement as in the above example diagram, administrator need configure the device based on following configuration table contents. [Physical Interface]‐[Interface Configuration (WAN‐n)] , n=1,2 Configuration Path Same as the one in "By Priority" load balance strategy [Internet Setup]‐[Internet Connection Configuration (WAN‐n)], n=1, 2 Configuration Path Same as the one in "By Priority" load balance strategy [Internet Setup]‐[Ethernet over ATM with NAT WAN Type Configuration] Configuration Path Same as the one in "By Priority" load balance strategy [Internet Setup]‐[3G/4G WAN Type Configuration] Configuration Path Same as the one in "By Priority" load balance strategy [Load Balance]‐[Configuration] Configuration Path ■ Enable Load Balance By User Policy Load Balance Strategy ...
Page 85 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Load Balance Setting The Load Balance is used to manage balance bandwidth usage of multiple WAN connections. Go to Basic Network > WAN > Load Balance When By Smart Weight is selected, user just needs to click Save button. Load Balance Item Value setting Description Unchecked by Load Balance Check the Enable box to activate Load Balance function. default There are three strategy selections. By Smart Weight: System will automatically adjust traffic loading based on traffic weight of each WAN. Load Balance A Must filled setting By Priority: System will adjust the loading based on user defined bandwidth Strategy for each WAN. By User Policy: System will route traffics through available WAN interface based on user defined rules. Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings When By Priority is selected, user needs to adjust the percentage of WAN loading. System will give a value according to the bandwidth of each WAN at first time and keep the value after clicking Save button. ...
Page 86 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. When By User Policy is selected, the load balance can be configured for user’s preference. By User Policy Item Value setting Description When click Add button, it will open the rule setting page. Add N/A Detail is shown below. When click Delete button, it will delete the selected rule. Delete N/A Note that rule is selected by checking the box near Select Text Edit N/A When click Edit button, user can edit the selected rule at setting page. Create User Policy Click Add to add rules Create User Policy Item Value setting Description There are four options can be selected : Select Any for traffic from any source Subnet : Traffic from the setting subnet will follow the rule. Input format is : Source IP Address A Must filled setting xxx.xxx.xxx.xxx/xx e.g. 192.168.123.0/24 IP Range : Traffic from the setting IP range will follow the rule. Single IP : Traffic from specific IP will follow the rule. There are five options can be selected : Any : All traffic will follow the rule ...
Page 87 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. All : All traffic will follow the rule Port Range : Traffic to the setting port range will follow the rule. Single port : Traffic to specific port will follow the rule. Well‐known Applications : User can select the service port of well‐known application defined in menu. There are three options can be selected : Both : Traffic with TCP or UDP protocol will follow the rule. Protocol A Must filled setting TCP : Traffic to the setting port range will follow the rule. UDP : Traffic to specific port will follow the rule. User can select the interface that traffic should go. WAN Interface A Must filled setting Note that the WAN interface dropdown list will only show the available WAN interfaces. If Enable is checked, Policy Optional setting It means that the rule will be activated. Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings 87 ...
Page 88: Ethernet Lan
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.3 LAN & VLAN This section provides a brief description of LAN and VLAN. It also explains how to create and modify virtual LANs which are more commonly known as VLANs. 3.3.1 Ethernet LAN The Local Area Network (LAN) can be used to share data or files among computers attached to a network. Following diagram illustrates the network that wired and interconnects computers. 3.3.3 VLAN The VLAN is a logical network under a certain switch or router device to group lots of client hosts with a specific VLAN ID. This device supports both Port‐based VLAN and Tag‐based VLAN. In Port‐ based VLAN, all client hosts belong to the same group by transferring data via some physical ports that are tagged with same VLAN ID in the device. The ports of a VLAN form an independent traffic domain in which the traffic generated by the nodes remains within the VLAN. However, in Tag‐ based VLAN, all packets with same VLAN ID will be treated as the same group of them and own same access property and QoS property. It is especially useful when individuals of a VLAN group ...
Page 89: Wifi 1
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. There are some common VLAN scenarios for the device as follows: Port‐Based VLAN Tagging for Differentiated Services Port‐based VLAN function can group Ethernet ports, Port‐1 ~ Port‐4, and WiFi Virtual Access Points, VAP‐1 ~ VAP‐8, together for differentiated services like Internet surfing, multimedia enjoyment, VoIP talking, and so on. Two operation modes, NAT and Bridge, can be applied to each VLAN group. One DHCP server can be allocated for a NAT VLAN group to let group host member get its IP address. Thus, each host can surf Internet via the NAT mechanism of business access gateway. In bridge mode, Intranet packet flow is delivered out WAN trunk port with VLAN tag to ...
Page 90 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Above is the general case for 3 Ethernet LAN ports in the gateway. But if the device just has one Ethernet LAN port, there will be only one VLAN group for the device. Under such situation, it still supports both the NAT and Bridge mode for the Port‐based VLAN configuration. Tag‐based VLAN Tagging for Location‐free Departments Tag‐based VLAN function can group Ethernet ports, Port‐1 ~ Port‐4, and WiFi Virtual Access Points, VAP‐1 ~ VAP‐8, together with different VLAN tags for deploying department subnets in Intranet. All packet flows can carry with different VLAN tags even at the same physical Ethernet port for Intranet. These flows can be directed to different destination because they have differentiated tags. The approach is very useful to group some hosts at different geographic location to be in the same department. 90 ...
Page 91 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Tag‐based VLAN is also called a VLAN Trunk. The VLAN Trunk collects all packet flows with different VLAN IDs from Router device and delivers them in the Intranet. VLAN membership in a tagged VLAN is determined by VLAN ID information within the packet frames that are received on a port. Administrator can further use a VLAN switch to separate the VLAN trunk to different groups based on VLAN ID. Following is an example. In a SMB company, administrator schemes out 3 segments, Lab, Meeting Rooms, and Office. In a ...
Page 92 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. VLAN Group Access Control Administrator can specify the Internet access permission for all VLAN groups. He can also configure which VLAN groups are allowed to communicate with each other. VLAN Group Internet Access Administrator can specify members of one VLAN group to be able to access Internet or not. Following is an example that VLAN groups of VID is 2 and 3 can access Internet but the one with VID is 1 cannot. That is, visitors in meeting room and staffs in office network can access Internet. But ...
Page 93 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Inter VLAN Group Routing: In Port‐based tagging, administrator can specify member hosts of one VLAN group to be able to communicate with the ones of another VLAN group or not. This is a communication pair, and one VLAN group can join many communication pairs. But communication pair doesn’t have the transitive property. That is, A can communicate with B, and B can communicate with C, it doesn’t imply that A can communicate with C. An example is shown at following diagram. VLAN groups of VID is 1 and 2 can access each other but the ones between VID 1 and VID 3 and between VID 2 and VID 3 can’t. 93 ...
Page 94 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. LAN & VLAN Setting The Ethernet LAN allows user to setup the LAN IP address for device. Setting LAN IP address and subnet mask will affect the IP that LAN devices can get. Go to Basic Network > LAN & VLAN > Ethernet LAN 94 ...
Page 95 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Ethernet LAN Item Value setting Description LAN IP can let user to access device from LAN. LAN IP Address A Must filled setting Changing LAN IP means to change the DHCP server IP pool on device. Subnet Mask is used to define the range of IP pool and it will affect the IP address Subnet Mask A Must filled setting that LAN devices can get. Save N/A Click the Save button to save the configuration. Click the Undo button to restore what you just configured back to the previous Undo N/A setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. The VLAN function allows you to divide local network into different virtual LAN. There are Port‐ based and Tag‐based VLAN types. Select one that applies. For Port‐based VLAN Type Go to Basic Network > LAN & VLAN > VLAN Tab In VLAN type select Port‐based. VLAN Configuration Item Value setting Description Port‐based is Select Port‐based allow you to add rule for each LAN port, and you can do VLAN Type ...
Page 96 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. When Add button is applied Port‐based VLAN Configuration screen will appear, which is including 3 sections: Port‐based VLAN Configuration, DHCP Server Configuration and IP Fixed Mapping Rule List and Inter Vlan Group Routing (enter through a button) Port‐based VLAN Configuration 96 ...
Page 97 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Port‐based VLAN Configuration Item Value setting Description 1. A Must filled Define the Name of this rule. It has a default text and can not be modified. Name setting 2. String format: already have default texts The box is Click Enable box to activate this rule. Enable unchecked by default. A Must filled setting Define the VLAN ID number, range is 1~4094. VLAN ID By default Disable is The rule is activated according to VLAN ID and Port Members configuration VLAN Tagging selected. when Enable is selected. The rule is activated according Port Members configuration when Disable is selected. By default NAT is Select NAT mode or Bridge mode for the rule. NAT / Bridge selected. These box is Select which LAN port and VAP that you want to add to the rule. Port Members ...
Page 98 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. DHCP Server Configuration Item Value setting Description DHCP Server /Relay By default Server is Define the DHCP Server type. selected. There are three types you can select: Server, Relay, and Disable. If selecting Server or Disable, just go to DHCP Server Name field to start setting Server information. If selecting Relay type, only have to fill the DHCP Server IP Address field. Go to DHCP Server IP Address DHCP Server Name A Must filled setting Define name of the DHCP Server. IP Pool A Must filled setting Define the IP Pool range. There are Starting Address and Ending Address fields, if a client requests an IP address from this DHCP Server, it will assign an IP address in the range of IP pool. Lease Time A Must filled setting Define a period of time for an IP Address that the DHCP Server leases to a new device. By default, the lease time is 86400 seconds. When your lease expires, you must stop using the IP address. Domain Name It’s optional field, please follow rules of CHCP Server page. Go to Basic Network > Client / Server / Proxy > DHCP Server Primary DNS It’s optional field, please follow rules of CHCP Server page. Go to Basic Network > Client / Server / Proxy > DHCP Server ...
Page 99 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. IP Fixed Mapping Rule List Additionally, you can add rule in the IP Fixed Mapping Rule List, and the rule list in only for Server/Disable type of DHCP Server /Relay field. This table is the same with Basic Network > Client / Server / Proxy > DHCP Server > Fixed Mapping Tab When Add button is applied Mapping Rule Configuration table will appear. Mapping Rule Configuration Item Value setting Description A Must filled setting Define the MAC Address target that the DHCP Server wants to filter. MAC Address A Must filled setting ...
Page 100 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Inter VLAN Group Routing Click on VLAN Group Routing button the VLAN Group Internet Access Definition and Inter VLAN Group Routing screen will appear. The screen in the figure shows the default setting. Each member in different VLAN IDs can’t access each other. Click on Edit to modify the setting. ...
Page 101 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. unchecked by device supports 4 rules for Inter VLAN Group Routing. Group Routing default. If ID_1 and ID_2 are checked, it means members in VLAN ID_1 and VLAN ID_2 are defined as a group member. Members of VLAN ID_1 can access members of VLAN ID_2, so as VLAN ID_2 to VLAN ID_1. (VLAN ID 1 is available always, it is the default VLAN ID of LAN rule) (VLAN ID 2 is available only when VLAN ID 2 is enabled) The same applies to other VLAN IDs. (i.e. VLAN ID 3). NA Click the Save button to save the configuration Save For Tag‐based VLAN Type The Tag‐based VLAN allows you to custom each LAN port according to VLAN ID. There is a default rule shows the configuration of all LAN ports and All VAPs. Also, If your device has a DMZ port, you will see DMZ configuration, too. The router supports up to a maximum of 128 tad‐based VLAN rule sets. Go to Basic Network > LAN & VLAN > VLAN Tab In VLAN type select Tag‐based 101 ...
Page 102 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Tag‐based VLAN Rules When Add button is applied Tag‐based VLAN Configuration screen will appear. Tag‐based VLAN Item Value setting Description A Must filled setting Define the VLAN ID number, range is 6~4094. VALN ID The box is checked Define the VLAN ID member can access Internet or not. Internet Access by default. The box is Define which LAN port is part of the VLAN ID. Port unchecked by default. The box is Define which VAP is part of the VLAN ID. VAP unchecked by Notice that a VAP is only belong to a VLAN ID. default. Disappear VAP if the router doesn’t support Wireless function. By default DHCP 1 is Assign a DHCP Server to these members of this VLAN ID. The field list DHCP Server selected. available DHCP server and None items for select. To create or edit DHCP server for VLAN, refer to Basic Network > ...
Page 103 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.5 WiFi The gateway may provide WiFi interface for mobile devices or BYOD devices to connect for Internet accessing and whether the gateway has WiFi function will depend on product category. The WiFi system in the gateway complies with 802.11ac/11n/11g/11b standard in 2.4GHz single band or 2.4G/5GHz concurrent dual bands of operation. There are 8 virtual Access Points (VAPs) supported for each WiFi operation band, and the gateway may support some operation modes among "AP Router", "WDS Only", "WDS Hybrid", "Universal Repeater", "AP Only", "Client" modes. Advanced functions, like multiple SSID, WPS, WMM, WEC, automatic channel selection, adjustable output power and WLAN partition. WiFi roaming, IAPP and PMK Caching, is also supported in the gateway. WiFi security includes ...
Page 104 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  WDS Only Mode & WDS Hybrid Mode WDS (Wireless Distributed System) Only mode drives a wireless gateway to be a WiFi repeater for its wired Intranet. But WDS Hybrid mode drives it act as an access point for its WiFi Intranet and a WiFi repeater for its wired and WiFi Intranets at the same time. Users can thus use the features to build up a large wireless network in a large space like airports, hotels and schools …etc. While acting as a wireless bridge, multiple wireless gateways running at "WDS Only" or "WDS Hybrid" mode link together so that they can communicate with each other through wireless interface (with WDS). Thus all client hosts in their wired Intranets or WiFi Intranets can also communicate each other in the scenario. Following diagram illustrates that there are two remote wireless gateways running at "WDS Only" operation mode. They both use channel 3 to link to the local Wireless Gateway 1 through WDS approach, but the local gateway is running at "WDS Hybrid" mode and has an Internet connection. And ...
Page 105 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. servers for IP assigning and executes NAT function for Internet accessing.  Universal Repeater Mode An Access Point uses the WiFi interface to associate and link to a Wireless Gateway, so that the WiFi networks nearby the access point can link to the wireless gateway through the WiFi connection by using same SSID in whole path. The Access Point is running at "Universal Repeater" mode. Following diagram illustrates that there are two remote access points running at "Universal Repeater" operation mode, they are the Access Point 2 and the Access Point 3. They both serve as the access point for their respective "WiFi Network" behind them, but also serve as the WiFi client and try to link to the Wireless Gateway 1, the WiFi server, by using WiFi system. However, the Wireless Gateway is running at "AP Router" mode and has an Internet connection. So, the remote WiFi networks ...
Page 106 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. them all together. It also provides DHCP servers for IP assigning and executes NAT function for Internet accessing.  AP Only Mode An Access Point uses an uplink Ethernet interface to link to an external Gateway, and uses the WiFi interface to serve as an access point for the "WiFi Network" behind it. It also accept the association and linking requests from remote access points so that the WiFi networks nearby these remote access points can link to the local access point through the WiFi connection by using same SSID in whole path. The local access point is running at "AP Only" mode. Following diagram illustrates that there are two remote access points running at "Universal Repeater" operation mode, they are the Access Point 2 and the Access Point 3. They both serve as the ...
Page 107 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. the external Gateway that has at least one DHCP server working. Besides, the external Gateway also execute the NAT or routing mechanism for Internet accessing from all client hosts behind the access points. That is, the access point at "Universal Repeater" mode provides WiFi bridge to the local access point ...
Page 108: Wi‐Fi Configuration 1
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.5.1 Wi‐Fi Configuration Wi‐Fi Configuration Setting The Wi‐Fi configuration allows user to configure 2.4G or 5G Wi‐Fi setting, such as SSID or pre‐shared key. Basic Configuration Go to Basic Network > WiFi > Configuration Tab Basic Configuration Item Value setting Description Operation Band A Must filled setting Specified the following configuration will take effect on 2.4G or 5G band Wi‐Fi. WPS N/A Press 2.4G or 5G button will lead user to Wi‐Fi Protected Setup page. Refer to the next sub‐section Wi‐Fi Protected Setup for more details. 108 ...
Page 109 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Wi‐Fi Protected Setup When WPS Setup button is clicked a screen similar to this will appear Wi‐Fi Protected Setup Item Value setting Description The box is checked WPS Check the Enable box to activate WPS function. by default This shows the configuration status of AP. Press Set/Release button to change the configuration status. UNCONFIGURED UNCONFIGURED is Configuration Status It means the AP settings will configured by WPS. The status will set to default status CONFIGURED after WPS. CONFIGURED It means the AP settings cannot be configured by WPS. Select WPS configuration mode from Registrar or Enrollee. When Registrar is selected It means the AP will play a role of Registrar in WPS process. Allowed STA PIN Code Enter the PIN code which client given. Press Save button to save the current configuration. WPS Trigger Start WPS action. Configuration Mode A Must filled setting (Make sure Save configuration before Triggering WPS.) Press Save button to save the current configuration. When Enrollee is selected It means the AP will play a role of Enrollee in WPS process. AP PIN Code & New Generate ...
Page 110 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. PROCESSFAIL : WPS process failed. Press the Undo button to restore configuration to previous setting before saving. Undo N/A Note that some settings would not take effect from Undo button, such as New Generate or Set/Release. Back N/A Press the Back button to return to the Wi‐Fi Configuration page. Configuring Wi‐Fi Settings Go to Basic Network > WiFi > Configuration Tab Configuring Wi‐Fi Settings Item Value setting Description Check the Enable box to activate Wi‐Fi function. The box is checked by Selectable 2.4G/5G WiFi Module default If selectable 2.4G/5G is supported, then 2.4G enable box and 5G enable box are mutual exclusive. Specify the Wi‐Fi operation mode accroding to the different network topology. WiFi Operation Go to the following table for AP Router Mode, AP Only Mode, WDS Only Mode, Mode WDS Hybrid Mode, Universal Repeater Mode, and WISP Mode settings The following three tables contains the specific configuration descriptions for AP Only Mode, AP Router Mode, WDS Only Mode, and WDS Hybrid Mode, Universal Repeater Mode and WISD Mode settings ...
Page 111 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. AP Only Mode The device connects all the wireless stations to wired network. AP Only Mode Item Value setting Description The box is unchecked by Green AP Check the Enable box to activate Green AP function. default The box is unchecked by It means that stations which on the different VAPs cannot communicate with VAP Isolation default each other. Multiple AP Names (VAP) It means multiple SSID feature and the device support maximum virtual MSSIDs are 8. Select one of VAP to configure its setting. 1. A Must filled setting Multiple AP Enable 2. VAP1 and VAP8 are Names Check the enable box to activate selected VAP. activated by default. Max. STA Limit the maximum number of client station. Check this box and entering limitation. The box is unchecked (unlimited) by default. By default Always on is Select one of the schedule settings to enable/disable Wi‐Fi service. Time Schedule selected. Go to System > Scheduling for further setting. The SSID used for broadcasting or associating with root AP. ...
Page 112 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. When 802.1x is enabled, it means the client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key Encryption Encrypt the information while communicating. There are two encryptions when the Open authentication is selected. None It means that the device is open system without encrypting. WEP There are 4 WEP keys can be set then select one of it as current key. And the key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. When Shared is selected The pre‐shared key should be set for authenticating. Encryption There is only WEP encryption can be used in Shared authentication. There are 4 WEP keys can be set then select one of it as current key. And the key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. When Auto is selected The device will select Open or Shared by requesting of client automatically. The check box named 802.1x shows up next to the dropdown list. 802.1x (The box is unchecked by default) When 802.1x is enabled, it means the client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key Encryption Encrypt the information while communicating. There are two encryptions when the Auto authentication is selected. ...
Page 113 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. They are implementation of IEEE 802.11i. WPA only had implemented part of IEEE 802.11i, but owns the better compatibility. WPA2 had fully implemented 802.11i standard, and owns the highest security. RADIUS Server The client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key Encryption Encrypt the information while communicating. TKIP TKIP was proposed instead of WEP without upgrading hardware. AES The newest encryption system in Wi‐Fi, it also designed for the fast 802.11n high bitrates schemes. It’s recommends to use AES encryption instead of any others for security. TKIP / AES TKIP / AES mixed mode. It means that the client stations can associate with this device via TKIP or AES. When WPA / WPA2 is selected It owns the same setting as WPA or WPA2. The client stations can associate with this device via WPA or WPA2. When WPA‐PSK or WPA2‐PSK is selected It owns the same encryption system as WPA or WPA2. The authentication uses pre‐shared key instead of RADIUS server. Encryption Encrypt the information while communicating. TKIP TKIP was proposed instead of WEP without upgrading hardware. AES The newest encryption system in Wi‐Fi, it also designed for the fast 802.11n high bitrates schemes. It’s recommends to use AES encryption instead of any others for security. TKIP / AES TKIP / AES mixed mode. It means that the client stations can Preshared Key The length of key is from 8 to 63 characters. When WPA‐PSK / WPA2‐PSK is selected ...
Page 114 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. AP Router Mode The device supports not only stations connection but also the router function. The WAN port and the NAT function are enabled. AP Router Mode Item Value setting Description The box is unchecked by Green AP Check the Enable box to activate Green AP function. default The box is unchecked by It means that stations which on the different VAPs cannot communicate with VAP Isolation default each other. Multiple AP Names (VAP) It means multiple SSID feature and the device support maximum virtual MSSIDs are 8. Select one of VAP to configure its setting. 1. A Must filled setting Enable Multiple AP Names 2. VAP1 and VAP8 are Check the enable box to activate selected VAP. activated by default. Max. STA Limit the maximum number of client station. Check this box and entering limitation. The box is unchecked (unlimited) by default. By default Always on is Select one of the schedule settings to enable/disable Wi‐Fi service. Time Schedule selected. Go to System > Scheduling for further setting. The SSID used for broadcasting or associating with root AP. ...
Page 115 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 10 or 26 HEX digits The check box named 802.1x shows up next to the dropdown list. 5 or 13 ASCII characters 802.1x (The box is unchecked by default) When 802.1x is enabled, it means the client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key Encryption Encrypt the information while communicating. There are two encryptions when the Open authentication is selected. None It means that the device is open system without encrypting. WEP There are 4 WEP keys can be set then select one of it as current key. And the key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. When Shared is selected The pre‐shared key should be set for authenticating. Encryption There is only WEP encryption can be used in Shared authentication. There are 4 WEP keys can be set then select one of it as current key. And the key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. When Auto is selected The device will select Open or Shared by requesting of client automatically. The check box named 802.1x shows up next to the dropdown list. 802.1x (The box is unchecked by default) When 802.1x is enabled, it means the client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key ...
Page 116 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. When WPA or WPA2 is selected They are implementation of IEEE 802.11i. WPA only had implemented part of IEEE 802.11i, but owns the better compatibility. WPA2 had fully implemented 802.11i standard, and owns the highest security. RADIUS Server The client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key Encryption Encrypt the information while communicating. TKIP TKIP was proposed instead of WEP without upgrading hardware. AES The newest encryption system in Wi‐Fi, it also designed for the fast 802.11n high bitrates schemes. It’s recommends to use AES encryption instead of any others for security. TKIP / AES TKIP / AES mixed mode. It means that the client stations can associate with this device via TKIP or AES. When WPA / WPA2 is selected It owns the same setting as WPA or WPA2. The client stations can associate with this device via WPA or WPA2. When WPA‐PSK or WPA2‐PSK is selected It owns the same encryption system as WPA or WPA2. The authentication uses pre‐shared key instead of RADIUS server. Encryption Encrypt the information while communicating. TKIP TKIP was proposed instead of WEP without upgrading hardware. AES The newest encryption system in Wi‐Fi, it also designed for the fast 802.11n high bitrates schemes. It’s recommends to use AES encryption instead of any others for security. TKIP / AES TKIP / AES mixed mode. It means that the client stations can Preshared Key The length of key is from 8 to 63 characters. ...
Page 117 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. WDS Only Mode The device bridges only LAN clients of each Wi‐Fi devices which the device associates with. It also means the client stations cannot connect to this device while WDS Only Mode is selected. WDS Only Mode Item Value setting Description The box is Green AP unchecked by Check the Enable box to activate Green AP function. default The radio channel number. Each channel is corresponding to different radio band. The permissible channels depend on the Regulatory Domain. There are two options selectable when Auto is selected: By AP Numbers By default Auto is Channel The channel will set according to AP numbers (The less, the better). selected. By Less Interference The channel will set according to interference. (The lower, the better). The channel should be set as same as the Root AP set when WDS Only Mode is selected. For security, there are several authentication methods supported. Client stations should provide the key when associate with this device. When Open is selected The check box named 802.1x shows up next to the dropdown list. 802.1x (The box is unchecked by default) When 802.1x is enabled, it means the client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) 1. A Must filled RADIUS Server Port (The default value is 1812) setting ...
Page 118 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 4 WEP keys can be set then select one of it as current key. And the key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. When Auto is selected The device will select Open or Shared by requesting of client automatically. The check box named 802.1x shows up next to the dropdown list. 802.1x (The box is unchecked by default) When 802.1x is enabled, it means the client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key Encryption Encrypt the information while communicating. There are two encryptions when the Auto authentication is selected. None It means that the device is open system without encrypting. WEP There are 4 WEP keys can be set then select one of it as current key. And the key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. When WPA or WPA2 is selected They are implementation of IEEE 802.11i. WPA only had implemented part of IEEE 802.11i, but owns the better compatibility. WPA2 had fully implemented 802.11i standard, and owns the highest security. RADIUS Server The client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key Encryption Encrypt the information while communicating. TKIP TKIP was proposed instead of WEP without upgrading hardware. AES ...
Page 119 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. It owns the same setting as WPA or WPA2. The client stations can associate with this device via WPA or WPA2. When WPA‐PSK or WPA2‐PSK is selected It owns the same encryption system as WPA or WPA2. The authentication uses pre‐shared key instead of RADIUS server. Encryption Encrypt the information while communicating. TKIP TKIP was proposed instead of WEP without upgrading hardware. AES The newest encryption system in Wi‐Fi, it also designed for the fast 802.11n high bitrates schemes. It’s recommends to use AES encryption instead of any others for security. TKIP / AES TKIP / AES mixed mode. It means that the client stations can Preshared Key The length of key is from 8 to 63 characters. When WPA‐PSK / WPA2‐PSK is selected It owns the same setting as WPA‐PSK or WPA2‐PSK. The client stations can associate with this device via WPA‐PSK or WPA2‐PSK. Scan Remote AP’s MAC N/A Press the Scan button to scan the spatial AP information, and then select one List of result to auto fill the following Remote MAC table. Remote AP MAC 1~4 A Must filled setting Fill up the MAC table by manually or Scan button, the device will bridge the remote AP when associate successful Save N/A Press Save button to save the current configuration. Undo N/A Press the Undo button to restore configuration to previous setting before saving. Apply N/A ...
Page 120 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. WDS Hybrid Mode The device bridges all the LAN and WLAN clients of each Wi‐Fi devices which the device associates with. WDS Hybrid Mode Item Value setting Description When enable this mode, the device can auto‐learning WDS pees without The box is checked by Lazy Mode Enable entering other AP’s MAC address. But there is at least one AP has to fill remote default AP MAC address. The box is unchecked by Green AP Check the Enable box to activate Green AP function. default The box is unchecked by It means that stations which on the different VAPs cannot communicate with VAP Isolation default each other. Multiple AP Names (VAP) It means multiple SSID feature and the device support maximum virtual MSSIDs are 8. Select one of VAP to configure its setting. 1. A Must filled setting Enable Multiple AP Names 2. VAP1 and VAP8 are Check the enable box to activate selected VAP. activated by default. Max. STA Limit the maximum number of client station. Check this box and entering limitation. The box is unchecked (unlimited) by default. By default Always on is ...
Page 121 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 2. Encryption Key Size stations should provide the key when associate with this device. for WEP encryption: When Open is selected 10 or 26 HEX digits The check box named 802.1x shows up next to the dropdown list. 5 or 13 ASCII characters 802.1x (The box is unchecked by default) When 802.1x is enabled, it means the client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key Encryption Encrypt the information while communicating. There are two encryptions when the Open authentication is selected. None It means that the device is open system without encrypting. WEP There are 4 WEP keys can be set then select one of it as current key. And the key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. When Shared is selected The pre‐shared key should be set for authenticating. Encryption There is only WEP encryption can be used in Shared authentication. There are 4 WEP keys can be set then select one of it as current key. And the key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. When Auto is selected The device will select Open or Shared by requesting of client automatically. The check box named 802.1x shows up next to the dropdown list. 802.1x (The box is unchecked by default) When 802.1x is enabled, it means the client stations will be authenticated by ...
Page 122 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. When WPA or WPA2 is selected They are implementation of IEEE 802.11i. WPA only had implemented part of IEEE 802.11i, but owns the better compatibility. WPA2 had fully implemented 802.11i standard, and owns the highest security. RADIUS Server The client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key Encryption Encrypt the information while communicating. TKIP TKIP was proposed instead of WEP without upgrading hardware. AES The newest encryption system in Wi‐Fi, it also designed for the fast 802.11n high bitrates schemes. It’s recommends to use AES encryption instead of any others for security. TKIP / AES TKIP / AES mixed mode. It means that the client stations can associate with this device via TKIP or AES. When WPA / WPA2 is selected It owns the same setting as WPA or WPA2. The client stations can associate with this device via WPA or WPA2. When WPA‐PSK or WPA2‐PSK is selected It owns the same encryption system as WPA or WPA2. The authentication uses pre‐shared key instead of RADIUS server. Encryption Encrypt the information while communicating. TKIP TKIP was proposed instead of WEP without upgrading hardware. AES The newest encryption system in Wi‐Fi, it also designed for the fast 802.11n high bitrates schemes. It’s recommends to use AES encryption instead of any others for security. TKIP / AES ...
Page 123 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. of result to auto fill the following Remote MAC table. Remote AP MAC Fill up the MAC table by manually or Scan button, the device will bridge the A Must filled setting 1~4 remote AP when associate successful Save N/A Press Save button to save the current configuration. Press the Undo button to restore configuration to previous setting before Undo N/A saving. Press Apply button to apply the saved configuration. The button only shows Apply N/A when any changing saved. Scan N/A Press Scan button to scan the spatial Wi‐Fi signal. 123 ...
Page 124 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Universal Repeater Universal Repeater is a technology used to extend wireless coverage. All the stations within the coverage of this device can be bridged to the Root AP. Universal Repeater Mode Item Value setting Description The box is unchecked by Green AP Check the Enable box to activate Green AP function. default The box is unchecked by It means that stations which on the different VAPs cannot communicate with VAP Isolation default each other. Multiple AP Names (VAP) The VAP is fixed to in this mode. Enable 1. A Must filled setting Check the enable box to activate VAP1. Multiple AP Names 2. VAP1 is activated by Max. STA default. Limit the maximum number of client station. Check this box and entering limitation. The box is unchecked (unlimited) by default. The SSID used for broadcasting or associating with root AP. The SSID used for broadcasting The SSID used for identifying from another AP, and client stations will associate with AP according to SSID. String format : Any text Broadcast It means the SSID will be broadcasted, and the stations can associate with this ...
Page 125 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 10 or 26 HEX digits The check box named 802.1x shows up next to the dropdown list. 5 or 13 ASCII characters 802.1x (The box is unchecked by default) When 802.1x is enabled, it means the client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key Encryption Encrypt the information while communicating. There are two encryptions when the Open authentication is selected. None It means that the device is open system without encrypting. WEP There are 4 WEP keys can be set then select one of it as current key. And the key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. When Shared is selected The pre‐shared key should be set for authenticating. Encryption There is only WEP encryption can be used in Shared authentication. There are 4 WEP keys can be set then select one of it as current key. And the key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. When Auto is selected The device will select Open or Shared by requesting of client automatically. The check box named 802.1x shows up next to the dropdown list. 802.1x (The box is unchecked by default) When 802.1x is enabled, it means the client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key ...
Page 126 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. When WPA or WPA2 is selected They are implementation of IEEE 802.11i. WPA only had implemented part of IEEE 802.11i, but owns the better compatibility. WPA2 had fully implemented 802.11i standard, and owns the highest security. RADIUS Server The client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key Encryption Encrypt the information while communicating. TKIP TKIP was proposed instead of WEP without upgrading hardware. AES The newest encryption system in Wi‐Fi, it also designed for the fast 802.11n high bitrates schemes. It’s recommends to use AES encryption instead of any others for security. TKIP / AES TKIP / AES mixed mode. It means that the client stations can associate with this device via TKIP or AES. When WPA / WPA2 is selected It owns the same setting as WPA or WPA2. The client stations can associate with this device via WPA or WPA2. When WPA‐PSK or WPA2‐PSK is selected It owns the same encryption system as WPA or WPA2. The authentication uses pre‐shared key instead of RADIUS server. Encryption Encrypt the information while communicating. TKIP TKIP was proposed instead of WEP without upgrading hardware. AES The newest encryption system in Wi‐Fi, it also designed for the fast 802.11n high bitrates schemes. It’s recommends to use AES encryption instead of any others for security. TKIP / AES TKIP / AES mixed mode. It means that the client stations can Preshared Key The length of key is from 8 to 63 characters. ...
Page 127 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. when any changing saved. Scan N/A Press Scan button to scan the spatial Wi‐Fi signal. 127 ...
Page 128 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. WISP Mode WISP Mode acts as Universal Repeater, but the device considers Root‐AP Wireless‐WAN. The WAN port and the NAT function are enabled. WISP Mode Item Value setting Description The box is unchecked by Green AP Check the Enable box to activate Green AP function. default The box is unchecked by It means that stations which on the different VAPs cannot communicate with VAP Isolation default each other. Multiple AP Names (VAP) The VAP is fixed to in WISP Mode. Enable 1. A Must filled setting Check the enable box to activate VAP1. Multiple AP Names 2. VAP1 is activated by Max. STA default. Limit the maximum number of client station. Check this box and entering limitation. The box is unchecked (unlimited) by default. The SSID used for broadcasting or associating with root AP. The SSID used for broadcasting The SSID used for identifying from another AP, and client stations will associate with AP according to SSID. 1. String format : Any Broadcast text Network ID (SSID) It means the SSID will be broadcasted, and the stations can associate with this 2. The box is checked by ...
Page 129 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key Encryption Encrypt the information while communicating. There are two encryptions when the Open authentication is selected. None It means that the device is open system without encrypting. WEP There are 4 WEP keys can be set then select one of it as current key. And the key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. When Shared is selected The pre‐shared key should be set for authenticating. Encryption There is only WEP encryption can be used in Shared authentication. There are 4 WEP keys can be set then select one of it as current key. And the key type can set to HEX or ASCII. If HEX is selected, the key should consist of (0 to 9) and (A to F). If ASCII is selected, the key should consist of ASCII table. When Auto is selected The device will select Open or Shared by requesting of client automatically. The check box named 802.1x shows up next to the dropdown list. 802.1x (The box is unchecked by default) When 802.1x is enabled, it means the client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key Encryption Encrypt the information while communicating. There are two encryptions when the Auto authentication is selected. None It means that the device is open system without encrypting. WEP ...
Page 130 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. WPA2 had fully implemented 802.11i standard, and owns the highest security. RADIUS Server The client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key Encryption Encrypt the information while communicating. TKIP TKIP was proposed instead of WEP without upgrading hardware. AES The newest encryption system in Wi‐Fi, it also designed for the fast 802.11n high bitrates schemes. It’s recommends to use AES encryption instead of any others for security. TKIP / AES TKIP / AES mixed mode. It means that the client stations can associate with this device via TKIP or AES. When WPA / WPA2 is selected It owns the same setting as WPA or WPA2. The client stations can associate with this device via WPA or WPA2. When WPA‐PSK or WPA2‐PSK is selected It owns the same encryption system as WPA or WPA2. The authentication uses pre‐shared key instead of RADIUS server. Encryption Encrypt the information while communicating. TKIP TKIP was proposed instead of WEP without upgrading hardware. AES The newest encryption system in Wi‐Fi, it also designed for the fast 802.11n high bitrates schemes. It’s recommends to use AES encryption instead of any others for security. TKIP / AES TKIP / AES mixed mode. It means that the client stations can Preshared Key The length of key is from 8 to 63 characters. When WPA‐PSK / WPA2‐PSK is selected It owns the same setting as WPA‐PSK or WPA2‐PSK. The client stations can associate with this device via WPA‐PSK or WPA2‐PSK. ...
Page 131 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.5.3 Wireless Client List The Wireless Client List is going to show the information of clients which are associating with this device. Target WiFi Go to Basic Network > WiFi > Wireless Client List Target WiFi Item Value setting Description Operation Band A Must filled setting Specified the operation band on which clients are connected to. Depending on the device model select 2.4G or 5G frequency band. Multiple AP Names A Must filled setting Specified which VAP’s client stations will show in following Client List. Client List Client List Item Value setting Description IP Address It shows the Client’s IP address and the deriving method. Configuration & N/A Dynamic means the IP address will derive from DHCP server. Address Static means the IP address will self‐set by clients. ...
Page 132: Advanced Configuration 1
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.5.7 Advanced Configuration The Advanced Configuration allows users to configure advanced parameter setting of Wi‐Fi. Target WiFi Go to Basic Network > WiFi > Advanced Configuration Target WiFi Item Value setting Description Operation Band A Must filled setting Specified the following Advanced Configuration will take effect on 2.4G or 5G band Wi‐Fi.  Selectable 2.4G/5G If the device support the Selectable 2.4G/5G function, the operation band will only show one band which is the current Wi‐Fi working band. Advanced Configuration ...
Page 133 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Advanced Configuration Item Value setting Description The default setting is It limits the available channel band of this device. Regulatory Domain according to where The available channel list is different from each country. the product sale to It shows the time interval between each beacon packet broadcasted. Beacon Interval 100 The beacon packet contains SSID, Channel ID and Security setting. A DTIM (Delivery Traffic Indication Message) is a countdown informing clients of the next window for listening to broadcast message. When the DTIM Interval 3 device has buffered broadcast message for associated client, it sends the next DTIM with a DTIM value. RTS (Request to send) Threshold means when the packet size is over the setting value, then active RTS technique. RTS Threshold 2347 RTS/CTS is a collision avoidance technique. It means RTS never activated when the threshold is set to 2347. Wireless frames can be divided into smaller units (fragments) to improve Fragmentation 2346 performance in the presence of RF interference at the limits of RF coverage. The box is checked WMM (Wi‐Fi Multimedia) can help control latency and jitter when WMM by default transmitting multimedia content over a wireless connection. ...
Page 134: Ipv6 1
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.7 IPv6 The growth of the Internet has created a need for more addresses than are possible with IPv4. IPv6 (Internet Protocol version 6) is a version of the Internet Protocol (IP) intended to succeed IPv4, which is the protocol currently used to direct almost all Internet traffic. IPv6 also implements additional features not present in IPv4. It simplifies aspects of address assignment (stateless address auto‐configuration), network renumbering and router announcements when changing Internet connectivity providers. This gateway supports various types of IPv6 connection (Static IPv6 / DHCPv6 / PPPoEv6 / 6to4 / 6in4). Please contact your ISP the type of IPv6 is supported before you proceed with IPv6 setup. Static IPv6 Static IPv6 does the same function as static IPv4. The static IPv6 provides manual setting of IPv6 address, IPv6 default gateway address, and IPv6 DNS. In above diagram depicts the IPv6 IP addressing, type in the information provided by your ISP to setup the IPv6 network. DHCPv6 DHCP in IPv6 does the same function as DHCP in IPv4. The DHCP server sends IP address, DNS server addresses and other possible data to the DHCP client to configure automatically. The server also ...
Page 135 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. In above diagram depicts DHCP IPv6 IP addressing, the DHCPv6 server on the ISP side assigns IPv6 address, IPv6 default gateway address, and IPv6 DNS to client host’s automatically. PPPoEv6 PPPoEv6 in IPv6 does the same function as PPPoE in IPv4. The PPPoEv6 server provides configuration parameters based on PPPoEv6 client request. When PPPoEv6 server gets client request and successfully authenticates it, the server sends IP address, DNS server addresses and other required parameters to automatically configure the client. The diagram above depicts the IPv6 addressing through PPPoE, PPPoEv6 server (DSLAM) on the ISP 135 ...
Page 136 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. side provides IPv6 configuration upon receiving PPPoEv6 client request. When PPPoEv6 server gets client request and successfully authenticates it, the server sends IP address, DNS server addresses and other required parameters to automatically configure the client. 6to4 6to4 is one mechanism to establish automatic IPv6 in IPv4 tunnels and to enable complete IPv6 sites communication. The only thing a 6to4 user needs is a global IPv4 address. 6to4 may be used by an individual host, or by a local IPv6 network. When used by a host, it must have a global IPv4 address connected, and the host is responsible for encapsulation of outgoing IPv6 packets and decapsulation of incoming 6to4 packets. If the host is configured to forward packets for other clients, often a local network, it is then a router. ...
Page 137 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. In above diagram, the 6in4 usually needs to register to a 6in4 tunnel service, known as Tunnel Broker, in order to use. It also need end point global IPv4 address as 114.39.16.49 to complete 6in4 setting. 137 ...
Page 138: Ipv6 Configuration 1
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.7.1 IPv6 Configuration The IPv6 Configuration setting allows user to set the IPv6 connection type to access the IPv6 network. Ensure IPv6 is enabled and saved Go to Basic Network > IPv6 > Configuration Tab Select IPv6 WAN Connection Type IPv6 Configuration Item Value setting Description Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity. 1. Only can be selected when IPv6 Select Static IPv6 when your ISP provides you with a set IPv6 addresses. WAN Connection ...
Page 139 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Static IPv6 WAN Type Configuration Static IPv6 WAN Type Configuration Item Value setting Description IPv6 Address A Must filled setting Enter the WAN IPv6 Address for the router. Subnet Prefix A Must filled setting Enter the WAN Subnet Prefix Length for the router. Length Default Gateway A Must filled setting Enter the WAN Default Gateway IPv6 address. Primary DNS An optional setting Enter the WAN primary DNS Server. Secondary DNS An optional setting Enter the WAN secondary DNS Server. The box is MLD Snooping unchecked by Enable/Disable the MLD Snooping function default LAN Configuration ...
Page 140 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. DHCPv6 WAN Type Configuration DHCPv6 WAN Type Configuration Item Value setting Description The option [From Select the [Specific DNS] option to active Primary DNS and Secondary DNS. DNS Server] is selected by Then fill the DNS information. default Can not modified by Primary DNS Enter the WAN primary DNS Server. default Can not modified by Secondary DNS Enter the WAN secondary DNS Server. default The box is MLD unchecked by Enable/Disable the MLD Snooping function default LAN Configuration LAN Configuration ...
Page 141 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. PPPoEv6 WAN Type Configuration PPPoEv6 WAN Type Configuration Item Value setting Description Enter the Account for setting up PPPoEv6 connection. If you want more Account A Must filled setting information, please contact your ISP. Enter the Password for setting up PPPoEv6 connection. If you want more Password A Must filled setting information, please contact your ISP. A Must filled Enter the Service Name for setting up PPPoEv6 connection. If you want Service Name setting/Option more information, please contact your ISP. Connection Control Fixed value The value is Auto‐reconnect(Always on). Enter the MTU for setting up PPPoEv6 connection. If you want more MTU A Must filled setting information, please contact your ISP. The box is MLD Snooping unchecked by Enable/Disable the MLD Snooping function default LAN Configuration ...
Page 142 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 6to4 WAN Type Configuration 6to4 WAN Type Configuration Item Value setting Description 6to4 Address Value auto‐created IPv6 address for access the IPv6 network. Primary DNS An optional setting Enter the WAN primary DNS Server. Secondary DNS An optional setting Enter the WAN secondary DNS Server. The box is MLD unchecked by Enable/Disable the MLD Snooping function default LAN Configuration LAN Configuration Item Value setting Description Global Address An optional setting Enter the LAN IPv6 Address for the router. ...
Page 143 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 6in4 WAN Type Configuration Please go to find IPv6 tunnel brokers to establish 6in4 tunnel. (can find List of IPv6 tunnel brokers that support 6in4 service from wiki) Then filled the Local IPv4 address of router into Client IPv4 Address field in IPv6 tunnel broker setting page. 6in4 WAN Type Configuration Item Value setting Description Remote IPv4 A Must filled setting Filled Server IPv4 Address gotten from tunnelbroker in this field. Address Local IPv4 Address Value auto‐created IPv4 address of this router. Local IPv6 Address A Must filled setting Filled Client IPv6 Address gotten from tunnelbroker in this field. Primary DNS An optional setting Enter the WAN primary DNS Server. Secondary DNS An optional setting Enter the WAN secondary DNS Server. The box is MLD unchecked by Enable/Disable the MLD Snooping function default LAN Configuration ...
Page 144 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Address Auto‐configuration (summary) Address Auto‐configuration Item Value setting Description The box is Auto‐configuration unchecked by Check to enable the Autoconfiguration feature. default Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity. Select Stateless to manage the Local Area Network to be SLAAC + RDNSS Router Advertisement Lifetime (A Must filled setting): Enter the Router 1. Only can be Advertisement Lifetime (in seconds). 200 is setted by default. selected when Auto‐ Select Stateful to manage the Local Area Network to be Stateful (DHCPv6). Auto‐configuration configuration IPv6 Address Range(Start) (A Must filled setting) : Enter the start IPv6 Address for Type enabled the DHCPv6 range for your local computers. 0100 is setted by default. 2. Stateless is IPv6 Address Range(End) (A Must filled setting): Enter the end IPv6 Address for the selected by default DHCPv6 range for your local computers. 0200 is setted by default. IPv6 Address Lifetime (A Must filled setting) : Enter the DHCPv6 lifetime for your local computers. 36000 is setted by default. 144 ...
Page 145: Nat / Bridge 1
Network address translation (NAT) is a methodology of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. The technique was originally used for ease of rerouting traffic in IP networks without renumbering every host. It has become a popular and essential tool in conserving global address space allocations in face of IPv4 address exhaustion. AMIT products embed and activate the NAT function by default except the Access Point series of products. You also can disable it in [Basic Network]‐[WAN]‐[Internet Setup]‐[WAN Type Configuration]. Following features are included in the NAT function: NAT Loopback, Virtual Server, Virtual Computer, Special AP, ALG and DMZ Host. 3.9.1 NAT Configuration ...
Page 146 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. NAT Loopback This feature allows you to access the WAN global IP address from your inside NAT local network. It is useful when you run a server inside your network. For example, if you set a mail server at LAN side, your local devices can access this mail server through gateway’s global IP address when enable NAT loopback feature. On either side are you in accessing the email server, at the LAN side or at the WAN side, you don’t need to change the IP address of the mail server, as shown in scenario ① of following diagram. 146 ...
Page 147: Virtual Server & Virtual Computer 1
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Without the need of reconfigure their PC each time, the employee from inside or outside the office can access enterprise servers. So network administrator must activate the "NAT Loopback" feature to do that. Scenario Description Local user can access mail server by FQDN or global IP when NAT loop back is enable. Global user can access mail server only when mail server is set as virtual server of the gateway. Parameter Setup Example Following 2 tables list the parameter configuration as an example for above diagram of gateway with "NAT Loopback" feature activated. Use default value for those parameters that are not mentioned in these tables. Configuration Path [Configuration]‐[NAT Loopback] ■ Enable NAT Loopback [Virtual Server & Virtual Computer]‐[Virtual Server List] Configuration Path ID 25 (SMTP) 110 (POP3) Public Port ...
Page 148 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. The NAT Loopback allows user to access the WAN IP address from inside your local network. Enable NAT Loopback Go to Basic Network > NAT / Bridging > Configuration tab Configuration Item Value setting Description The box is checked by NAT Loopback Check the Enable box to activate this NAT function default Save N/A Click the Save button to save the settings. Undo N/A Click Undo to cancel the settings 148 ...
Page 149 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.9.3 Virtual Server & Virtual Computer Virtual server is another name for port forwarding used by some routers. In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway (external network), by remapping the destination IP address and port number of the communication to an internal host. Port forwarding allows remote computers (a computers on the Internet) to connect to a specific computer or service within a private local‐area network (LAN). So you can deploy some servers in your Intranet with the firewall protection by your gateway. This device’s NAT firewall filters out unrecognized packets to protect your Intranet, so all hosts behind this device gateway are invisible to the outside world. If you wish, you can make some of them accessible by enabling the Virtual Server Mapping. ...
Page 150 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Virtual Server List "Virtual Server" feature allows you to define some servers with the global IP address or FQDN of the gateway as if they are servers existed in the Internet. But in fact, these servers are located in the Intranet and are physically behind the gateway. The gateway serves the service requests by port forwarding the requests to the LAN servers and transfers the replies from LAN servers to the requester on the WAN side. For example, if you set an E‐mail server on the LAN side with IP address 10.0.75.101, a remote user can access the gateway for E‐mail service if you defined a virtual E‐mail server for the gateway by using the real E‐mail server on the LAN side, as shown in scenario ② in following diagram. Scenario Application Timing Set up some application servers in the Intranet of deployed network for services and are protected by the gateway firewall. In a way that the gateway appears to be the physical server to the remote users, while the real server is, in reality, operating and providing service at the LAN side behind the gateway. Scenario Description The gateway serves as an E‐mail server for remote users E‐mail services from the gateway. The gateway executes port forwarding transferring the E‐mail service requests to the LAN servers 150 ...
Page 151 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. and sends the replies from LAN servers to the requester. The E‐mail server at LAN side is the server for E‐mail service. Parameter Setup Example Following table list the parameter configuration as an example for scenario ② in above diagram. Please be noted that the E‐mail service includes SMTP and POP3 service ports. Use default value for those parameters that are not mentioned in the table. [Virtual Server & Virtual Computer]‐[Virtual Server List] Configuration Path ID 25 (SMTP) 110 (POP3) Public Port 10.0.75.101 10.0.75.101 Server IP 25 (SMTP) 110 (POP3) Private Port ■ Enable ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for ...
Page 152 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing To setup some hosts in the Intranet of deployed networking to be visible to outside world but also be protected by the NAT gateway firewall, use the "Virtual Computer" feature in the gateway to implement the application scenario. Scenario Description A LAN host is assigned with a global IP address to be visible to outside world. The host has an embedded FTP file server and is protected by the gateway firewall. The gateway acts as the media between the LAN host and outside world to allow remote access. Parameter Setup Example Following table list the parameter configuration as an example for scenario ③ in above diagram. Use default value for those parameters that are not mentioned in the table. 152 ...
Page 153 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [Virtual Server & Virtual Computer]‐[Virtual Computer List] Configuration Path ID 118.18.81.44 Global IP 10.0.75.102 Local IP ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a NAT router. A LAN host with private IP address 10.0.75.102 has an embedded FTP file server in it. The host is expected to be visible to the outside world with global IP address 118.18.81.44, but also be protected by the gateway firewall. ...
Page 154 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Virtual Server The router allows you to custom your Virtual Server rules. The router supports up to a maximum of 20 rule‐based Virtual Server sets. When Add button is applied Virtual Server Rule Configuration screen will appear. Virtual Server Rule Configuration Item Value setting Description Define the selected interface to be the packet‐entering interface of the router. If the packets to be filtered are coming from WAN‐x then select WAN‐x for this 1. A Must filled setting 2. field. WAN Interface Default is ALL. Select ALL for packets coming into the router from any interfaces. It can be selected WAN‐x box when WAN‐x enabled. This field is to specify the IP address of the interface selected in the WAN Interface Server IP A Must filled setting setting above. When “ICMPv4” is selected It means the option “Protocol” of packet filter rule is ICMPv4. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Enable box to enable this rule. When “TCP” is selected Protocol It means the option “Protocol” of packet filter rule is TCP. A Must filled setting Public Port selected a predefined port from Well‐known Service, and Private Port is the same with Public Port number. Public Port is selected Single Port and specify a port number, and Private Port can ...
Page 155 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. setting under System) Then check Enable box to enable this rule. When “UDP” is selected It means the option “Protocol” of packet filter rule is UDP. Public Port selected a predefined port from Well‐known Service, and Private Port is the same with Public Port number. Public Port is selected Single Port and specify a port number, and Private Port can be set a Single Port number. Public Port is selected Port Range and specify a port range, and Private Port can be selected Single Port or Port Range. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Enable box to enable this rule. When “TCP & UDP” is selected It means the option “Protocol” of packet filter rule is TCP and UDP. Public Port selected a predefined port from Well‐known Service, and Private Port is the same with Public Port number. Public Port is selected Single Port and specify a port number, and Private Port can be set a Single Port number. Public Port is selected Port Range and specify a port range, and Private Port can be selected Single Port or Port Range. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Enable box to enable this rule. When “GRE” is selected It means the option “Protocol” of packet filter rule is GRE. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Enable box to enable this rule. When “ESP” is selected It means the option “Protocol” of packet filter rule is ESP. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Enable box to enable this rule. Click the Save button to save the settings. When “SCTP” is selected It means the option “Protocol” of packet filter rule is SCTP. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling ...
Page 156 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Then check Enable box to enable this rule. Save N/A Click the Save button to save the settings. Undo N/A Click Undo to cancel the settings. When the Back button is clicked the screen will return to the Packet Filters Back N/A Configuration page. Create/Edit Virtual Computer The router allows you to custom your Virtual Computer rules. The router supports up to a maximum of 20 rule‐based Virtual Computer sets. When Add button is applied Virtual Computer Rule Configuration screen will appear. Virtual Computer Rule Configuration Item Value setting Description Global IP A Must filled setting This field is to specify the IP address of the WAN IP. Local IP A Must filled setting This field is to specify the IP address of the LAN IP. Enable N/A Then check Enable box to enable this rule. Save ...
Page 157: Special Ap & Alg 1
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.9.5 Special AP & ALG As a pure NAT gateway, it doesn't allow an active connection request from outside world. All this kind of requests will be ignored by the NAT gateway. But at the client hosts in the Intranet, users may use applications that need more service ports to be allowed for passing through the NAT gateway. The "Special AP" feature in the gateway can solve this problem. That is, some applications require multiple connections, like Internet games, Video conferencing, Internet telephony, etc. Because of the firewall function, these applications cannot work with a pure NAT ...
Page 158 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. modify an existed one. When "Add" or "Edit" button is applied the "Special AP Rule Configuration" window will appear to let you define a application rule. The parameters include the trigger port, the allowed incoming ports, the integrated time schedule rule, and the rule activation. Special AP List This feature allows you to request the gateway open a pre‐defined set range service ports for incoming packets to pass through once the trigger port is toggled in the gateway by the Intranet packets. As shown in following diagram, one defined special application rule is that the trigger port is ...
Page 159 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. with one special application rule to be defined. Use default value for those parameters that are not mentioned in the table. [Special AP & ALG]‐[Special AP List] Configuration Path ID 554 (Quick Time 4) Trigger Port Incoming Ports 6970‐6999 ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a NAT router. Define a special application rule with the trigger port 554 (Quick Time 4) and incoming ports 6970‐ 6999, and activate the rule. So, the ...
Page 160 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When a SIP phone is behind a NAT gateway, and it is expected to make a call to or receive a call from the Internet. The "SIP ALG" feature must be activated in the NAT gateway. Scenario Description The "SIP ALG" feature in the NAT Gateway is enabled to monitor, open up ports and make the address and port translation for the voice communication of the SIP phone behind the gateway. A SIP phone behind a NAT gateway can call another SIP phone with the help of the SIP server in the Internet. Parameter Setup Example Following table lists the parameter configuration for the NAT gateway in above diagram. Configuration Path [Special AP & ALG]‐[Configuration] SIP ALG ■ Enable ALG Scenario Operation Procedure In above diagram, the NAT Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for ...
Page 161 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. make the address and port translation for the voice communication. First, the calling starts from the SIP Phone #1 to the SIP server. Then the SIP server invites the SIP Phone #2 and finally, the SIP Phone #1 talks to the SIP Phone #2, as shown in above diagram. Special AP & ALG Setting The Special AP setting allows some applications require multiple connections. The ALG setting allows user to Support some SIP ALG, like STUN. Enable Special AP and Virtual Computer Go to Basic Network > NAT/ Bridging > Special AP & ALG tab Special AP & ALG tab Item Value setting Description The box is checked by Special AP Check the Enable box to activate this NAT function default The box is checked by ALG Enable Check the Enable box to activate this NAT function default Save N/A Click the Save button to save the setting Undo N/A Click Undo to cancel the settings Create/Edit Special AP The router allows you to custom your Special AP rules. The router supports up to a maximum of 8 rule‐ based Special AP sets. ...
Page 162 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Special AP List Item Value setting Description Define the selected interface to be the packet‐entering interface of the router. If the packets to be filtered are coming from WAN‐x then select WAN‐x for this 1. A Must filled setting 2. field. WAN Interface Default is ALL. Select ALL for packets coming into the router from any interfaces. It can be selected WAN‐x box when WAN‐x enabled. When Popular Applications is selected “User‐defined” Port is set a port number, and Incoming Ports can be set a port number or a port range. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. When Popular Applications is selected “Battle.net” Port and Incoming Ports will be defined automatically. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. When Popular Applications is selected “Dialpad” Port and Incoming Ports will be defined automatically. Trigger Port A Must filled setting Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. When Popular Applications is selected “ICU II” Port is the same with Incoming Ports. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. When Popular Applications is selected “MSN Gaming Zone” ...
Page 163 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Port is the same with Incoming Ports. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. When Popular Applications is selected “Quick Time 4” Port is the same with Incoming Ports. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Then check Rule box to enable this rule. Save N/A Click Save to save the settings. 163 ...
Page 164: Dmz & Pass Through 1
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.9.7 DMZ & Pass Through DMZ (De Militarized Zone) Host is a host that is exposed to the Internet cyberspace but still within the protection of firewall by gateway device. So, the function allows a computer to execute 2‐way communication for Internet games, Video conferencing, Internet telephony and other special applications. In some cases when a specific application is blocked by NAT mechanism, you can indicate that LAN computer as a DMZ host to solve this problem. In "DMZ" page, there is only one configuration window for "DMZ" feature. The window lets you activate the DMZ function and specify the IP address in the Intranet to be DMZ host so that the host under DMZ function can run applications freely that would, otherwise, blocked by NAT mechanism of the gateway with DMZ feature disabled. That is, the incoming packets issued by an active application in ...
Page 165 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the administrator of the gateway wants to set up some service daemons in a host that is in the Intranet to allow remote users request for services from the host actively, even the host is behind a NAT gateway. But remote users think the gateway provides those services, so users use the global IP of the gateway to request their services. Apply the DMZ feature in the NAT gateway to meet the application scenario. In addition, please also be noted that the client host is still protected by the gateway firewall. Scenario Description The DMZ host is behind a NAT gateway and receives all normal and active packets from the Internet. Remote user can access the DMZ host by using the IP address of the gateway, and the gateway will skip the NAT checking on the DMZ host. DMZ host is still protected by the gateway firewall. Parameter Setup Example Following table lists the parameter configuration as an example for the gateway in above diagram with DMZ enabling. Use default value for those parameters that are not mentioned in the table. [DMZ]‐[Configuration] Configuration Path IP Address of DMZ Host: 10.0.75.100 ■ Enable DMZ ...
Page 166 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Assume there is an X server installed in the DMZ host. Then, the remote user can request services from the X server in the DMZ host by skipping the NAT checking by the gateway. DMZ & Pass Through Setting The DMZ setting allows that Host is a host that is exposed to the Internet cyberspace but still with the protection of firewall by gateway device. Enable DMZ and Pass Through Enable Go to Basic Network > NAT / Bridging > DMZ tab Configuration Item Value setting Description DMZ 1. A Must filled setting 2. Check the Enable box to activate this NAT function Default is ALL. Define the selected interface to be the packet‐entering interface of the router. If the packets to be filtered are coming from WAN‐x then select WAN‐x for this field. Select ALL for packets coming into the router from any interfaces. It can be selected WAN‐x box when WAN‐x enabled. This field of DMZ Host is to specify the IP address of Host LAN IP. Pass Through The box is checked by Check the Enable box to activate this NAT function Enable IPSec, PPTP, L2TP Save N/A Click the Save button to save the settings. Undo N/A Click Undo to cancel the settings ...
Page 167: Sdmz 1
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.9.9 SDMZ SDMZ can share WAN IP with specified client and make all packets which are sent to WAN IP be transferred to the specified client. If remote admin has been enabled, user can access router’s UI from WAN. Go to Basic Network >NAT / Bridging > SDMZ Configuration Item Value setting Description Enable On/Off setting When Enable is checked It means that SDMZ function is enabled, and it will start to match the enabled rules. Add NA Click the Add button to add a new rule for SDMZ. Delete NA Click the Delete button to delete the selected rules. Save NA Click the Save button to save the configuration. Add Rules When click the Add button, configuration page will appear. It supports up to a maximum of 16 rule sets. 167 ...
Page 168 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. SDMZ List Item Setting Value setting Description WAN A Must filled setting Select a WAN that wants to share the IP. MAC A Must filled setting Define the device’s MAC that wants to get the WAN IP. Enable On/Off setting When Enable is checked, It means that this rule take effect. Note that one rule of a WAN can be enabled at the same time. Save NA Click the Save button to save the configuration Undo NA Click the Undo button to restore what you just configured back to the previous setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. Back NA When the Back button is clicked the screen will return to the Packet Filters Configuration page. 168 ...
Page 169: B Routing 1
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.b Routing If you have more than one router and subnet, you will need to enable routing function to allow packets to find proper routing path and allow different subnets to communicate with each other. Routing is the process of selecting best paths in a network. It is performed for many kinds of networks, like electronic data networks (such as the Internet), by using packet switching technology. The routing process usually directs forwarding on the basis of routing tables which maintain a record of the routes to various network destinations. Thus, constructing routing tables, which are held in the router's memory, is very important for efficient routing. Most routing algorithms use only one network path at a time. The routing tables record your pre‐defined routing paths for some specific destination subnets. It is static routing. However, if the contents of routing tables record the obtained routing paths from neighbor routers by using some protocols, such as RIP, OSPF and BGP. It is dynamic routing. These both routing approaches will be illustrated one after one. 3.b.1 Static Routing "Static Routing" function lets you define the routing paths for some dedicated hosts/servers or subnets ...
Page 170 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. routing rule. The parameters include the destination IP address and subnet mask of dedicated host/server or subnet, the IP address of peer gateway, the metric and the rule activation. Configuration Just check the "Enable" box to activate the "Static Routing" feature. Static Routing Rule List The Static Routing Rule List shows the setup parameters of all static routing rule enteries. There also be one "Add" button at the "Static Routing Rule List" caption, that can let you add one new static routing rule. While the "Edit" button at the end of each static routing rule can let you modify the rule. Static Routing Rule Configuration To configure one static routing rule, you must specify related parameters including the destination IP address and subnet mask of dedicated host/server or subnet, the IP address of peer gateway, the metric and the rule activation. Following diagram is an example. Static Routing Scenario ...
Page 171 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Dedicated packet flows from the Intranet will be routed to their destination via the pre‐defined peer gateway and corresponding gateway interface that are defined in the system routing table by manual. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "Static Routing" enabling. Use default value for those parameters that are not mentioned in the tables. [Static Routing]‐[Configuration] Configuration Path ■ Enable Static Routing [Static Routing]‐[Static Routing Rule List] Configuration Path ID 173.194.72.94 188.125.73.108 Destination IP 255.255.255.255 255.255.255.255 Subnet Mask 118.18.81.1 203.95.80.1 ...
Page 172 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Static Routing Setting The static routing setting allows user to create and customize static routing rules through the router based on their office setting. Go to Basic Network > Routing > Static Routing Tab Static Routing Tab Item Value setting Description Enable Static The box is unchecked by Check the Enable box to activate this function Routing function default Create/Edit Static Routing Rules The router allows you to custom your static routing rules. It supports up to a maximum of 64 rule sets. When Add button is applied Static Routing Rule Configuration screen will appear. ...
Page 173 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. by default 1. IPv4 Format Gateway IP The Gateway IP of this static routing rule. 2. A Must filled setting Interface Auto is set by default The Interface of this static routing rule. 1. Numberic String Format Metric The Metric of this static routing rule. 2. A Must filled setting Enabling the The box is unchecked by Click Enable box to activate this rule. rule default. Save NA Click the Save button to save the configuration Click the Undo button to restore what you just configured back to the previous Undo NA setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. When the Back button is clicked the screen will return to the Static Routing Back NA Configuration page. 173 ...
Page 174: B.3 Dynamic Routing 1
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.b.3 Dynamic Routing Dynamic Routing, also called adaptive routing, describes the capability of a system, through which routes are characterized by their destination, to alter the path that the route takes through the system in response to a change in network conditions. The adaptation is intended to allow as many routes as possible to remain valid (that is, have destinations that can be reached) in response to the change. This ...
Page 175 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. These three dynamic routing protocols are described as follows. RIP Scenario The Routing Information Protocol (RIP) is one of the oldest distance‐vector routing protocols, which employs the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from the source to a destination. The maximum number of hops allowed for RIP is 15. This hop limit, however, also limits the size of networks that 175 ...
Page 176 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. RIP can support. A hop count of 16 is considered an infinite distance, in other words the route is considered unreachable. RIP implements the split horizon, route poisoning and holddown mechanisms to prevent incorrect routing information from being propagated. RIP Configuration In the "RIP Configuration" window, you can just choose the version of RIP protocol to activate the dynamic routing feature, or disable it. OSPF Scenario Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing algorithm and falls into the group of interior routing protocols, operating within a single autonomous system (AS). OSPF is perhaps the most widely used interior gateway protocol (IGP) in large enterprise networks. IS‐IS, another link‐state dynamic routing protocol, is more common in large service provider networks. The most widely used exterior gateway protocol is the Border Gateway Protocol (BGP), the principal routing protocol between autonomous systems ...
Page 177 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. area definition can let you modify it. OSPF Area Configuration To configure one OSPF area, you must specify related parameters including the area subnet, the area ID and area activation by an "Enable" box. Following diagram is an example for the scenario. Scenario Application Timing When the administrator of the gateway wants to deploy one OSPF gateway in a large enterprise and expects the gateway to learn its routing table by using OSPF protocol from the enterprise backbone. The OSPF gateway will forward its routing information to other routers that are under the gateway and not linked to the enterprise backbone. Scenario Description The OSPF gateway gathers routing information from the backbone gateways in area 0 by using OSPF dynamic routing protocol. ...
Page 178 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. diagram. Use default value for those parameters that are not mentioned in the tables. [Dynamic Routing]‐[OSPF Configuration] Configuration Path ■ Enable OSPF 10.0.0.0/16 Backbone Subnet [Dynamic Routing]‐[OSPF Area List] Configuration Path ID 10.0.75.0/24 10.0.76.0/24 Area Subnet 10.0.75.254 10.0.76.254 Area ID ■ Enable ■ Enable Area Scenario Operation Procedure In above diagram, the OSPF Gateway is one gateway of the enterprise backbone (area code is 0.0.0.0 and area ...
Page 179 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. at the end of each BGP neighbor definition can let you modify it. BGP Neighbor Configuration To configure one BGP neighbor, you must specify related parameters including the neighbor IP, the neighbor ID and neighbor activation by an "Enable" box. Following diagram is an example for the scenario. Scenario Application Timing Most Internet service providers (ISPs) must use BGP to establish routing between one another (especially if they are multihomed). Very large private IP networks use BGP internally. An example would be the joining of a number of large OSPF (Open Shortest Path First) networks where OSPF by itself would not scale to size. Another reason to use BGP is multihoming a network for better redundancy, either to multiple access points of a single ISP or to multiple ISPs. ...
Page 180 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Parameter Setup Example Following tables list the parameter configuration as an example for the BGP gateway in above diagram. Use default value for those parameters that are not mentioned in the tables. [Dynamic Routing]‐[BGP Configuration] Configuration Path ■ Enable BGP 100 Self ID [Dynamic Routing]‐[BGP Neighbor List] Configuration Path 1 4 ID 10.101.0.1 10.102.0.1 10.103.0.1 10.104.0.1 Neighbor IP 101 104 ...
Page 181 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Dynamic Routing Setting The dynamic routing setting allows user to customize RIP, OSPF, and BGP protocol through the router based on their office setting. Go to Basic Network > Routing > Dynamic Routing Tab Item Value setting Description Enable Dynamic The box is unchecked by Check the Enable box to activate this function Routing function default The RIP configuration setting allows user to customize RIP protocol through the router based on . their office setting ...
Page 182 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. OSPF Configuration Item Value setting Description Enable OSPF Disable is set by default Click Enable box to activate the OSPF protocol. 1. IPv4 Format Router ID The Router ID of this router on OSPF protocol 2. A Must filled setting The Authentication method of this router on OSPF protocol. Select None will disable Authentication on OSPF protocol. Select Text will enable Text Authentication with entered the Key in this field on Authentication None is set by default OSPF protocol. Select MD5 will enable MD5 Authentication with entered the ID and Key in these fields on OSPF protocol. 1. Classless Inter Domain Routing (CIDR) Subnet Backbone Mask Notation. (Ex: The Backbone Subnet of this router on OSPF protocol. Subnet 192.168.1.0/24) 2. A Must filled setting Create/Edit OSPF Area Rules The router allows you to custom your OSPF Area List rules. It supports up to a maximum of 32 rule sets. When Add button is applied OSPF Area Rule Configuration screen will appear. Item Value setting ...
Page 183 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. default. Save N/A Click the Save button to save the configuration 183 ...
Page 184 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. The BGP configuration setting allows user to customize BGP protocol through the router based on their office setting Item Value setting Description Enable BGP The box is unchecked by Check the Enable box to activate the BGP protocol. function default ASN 1. Numberic String The ASN Number of this router on BGP protocol. Format 2. A Must filled setting Router ID 1. IPv4 Format The Router ID of this router on BGP protocol. 2. A Must filled setting Create/Edit BGP Network Rules The router allows you to custom your BGP Network rules. It supports up to a maximum of 32 rule sets. When Add button is applied BGP Network Rule Configuration screen will appear. Item Value setting Description 1. IPv4 Format The Network Subnet of this router on BGP Network List. It composes of entered Network Subnet 2. A Must filled setting ...
Page 185 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit BGP Neighbor Rules The router allows you to custom your BGP Neighbor rules. It supports up to a maximum of 32 rule sets. When Add button is applied BGP Neighbor Rule Configuration screen will appear. Item Value setting Description 1. IPv4 Format Neighbor IP The Neighbor IP of this router on BGP Neighbor List. 2. A Must filled setting 1. Numberic String Format Remote ASN The Remote ASN of this router on BGP Neighbor List. 2. A Must filled setting The box is unchecked by Neighbor Enable Click Enable box to activate this rule. default. Save N/A Click the Save button to save the configuration 185 ...
Page 186: B.5 Routing Information 1
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.b.5 Routing Information The routing information allows user to view the routing table and policy routing information based on their office setting. Policy Routing Information is available when the Load Balanced is . enabled and the Load Balance Strategy is By User Policy Go to Basic Network > Routing > Routing Information Tab Item ...
Page 187: D Client & Server & Proxy 1
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.d Client & Server & Proxy This section presents application clients, servers or proxies running in the gateway system. There are mainly Dynamic DNS client and DHCP server in the current gateway device. 3.d.1 DNS & DDNS How does user access your server if your WAN IP address changes all the time? One way is to register a new domain name, and maintain your own DNS server. Another simpler way is to apply a domain name to a third‐party DDNS service provider. The service can be free or charged. If you want to ...
Page 188 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. (or key) for authenticating to the service provider successfully. This device supports most popular third‐ party DDNS service provider, including DynDNS.org(Dynamic), DynDNS.org(Custom), No‐IP.com, TZO.com, and DHS.org. Before you enable Dynamic DNS, you need to register an account with one of these Dynamic DNS servers that we list in Provider field. Once the IP address of a WAN interface in the gateway has changed, the dynamic DNS agent in the gateway will inform the DDNS server with the new IP address. The server automatically re‐maps your domain name with the changed IP address. So, other hosts in the Internet world will be able to link to your gateway by using your domain name regardless of the changing global IP adress. Dynamic DNS Scenario Scenario Application Timing When the IP address of the Gateway is often changed by ISP, and other hosts in the Internet want to link to the gateway device by using its corresponding domain name. The gateway must provide the dynamic DNS function to carry out the requirement. Scenario Description Apply one account to the DDNS provider for DDNS service before DDNS function in the gateway can work. The gateway asks the DDNS server to re‐map the domain name and WAN's IP address of the gateway once the IP address has been changed. ...
Page 189 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [Dynamic DNS]‐[Dynamic DNS] Configuration Path ■ Enable DDNS No‐IP.com Provider JP‐NB Host Name Username / E‐mail Chinghuihsieh ddnspassword Password / Key Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and gets a dynamic IP 118.18.81.33 for WAN‐1 interface. It serves as a NAT router. Configure the required parameters for DDNS function by referring to above setup example. When the gateway has booted up and has gotten a dynamic IP address for the WAN interface, the DDNS agent in the gateway tries to request the DDNS server with the mapping between the domain name and the obtained WAN IP address of the gateway. ...
Page 190 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. DNS & DDNS Setting The DNS & DDNS setting allows user to create/modify pre‐defined domain name list and setup Dynamic DNS feature. Go to Basic Network > Client / Server / Proxy > Dynamic DNS Tab Create/Edit Pre‐defined Domain Name List The router allows you to custom your pre‐defined domain name list. It supports up to a maximum of 128 sets. When Add button is applied Pre‐defined Domain Name Configuration screen will appear. Pre‐defined Domain Name Configuration Item Value setting Description 1. String format can be Domain Name any text Enter a domain name that mapping the IP Address. ...
Page 191 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Setup Dynamic DNS The router allows you to custom your Dynamic DNS settings. DDNS (Dynamic DNS) Configuration Item Value setting Description Enable DDNS The box is unchecked by Check the Enable box to activate this function function default WAN Interface WAN 1 is set by default Selected the WAN Interface IP Address of the router. DynDNS.org (Dynamic) is Provider Your DDNS provider of Dynamic DNS. set by default 1. String format can be Host Name any text Your registered host name of Dynamic DNS. 2. A Must filled setting 1. String format can be User Name / E‐ any text Your User name or E‐mail addresss of Dynamic DNS. Mail 2. A Must filled setting 1. String format can be Password / Key any text Your Password or Key of Dynamic DNS. 2. A Must filled setting Save ...
Page 192: D.3 Dhcp Server 1
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.d.3 DHCP Server  DHCP Server The gateway supports up to 4 DHCP servers to fulfill the DHCP requests from different VLAN groups (please refer to VLAN section for getting more usage details). And there is one default setting for whose LAN IP Address is the same one of gateway LAN interface, with its default Subnet Mask setting as “255.255.255.0”, and its default IP Pool ranges is from “.100” to “.200” as ...
Page 193 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  DHCP Clients List To show the DHCP clients list with some details/information like the LAN Interface, IP Address, Host Name, MAC Address and the Remaining Lease Time.  Fixed Mapping User can assign fixed IP address to map the specific client MAC address by select them then copy, when targets were already existed in the DHCP Client List, or to add some other Mapping Rules by manually in advance, once the target's MAC address was not ready to connect. ...
Page 194 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. DHCP Server Setting The DHCP Server setting allows user to create and customize DHCP Server policies to assign IP . Addresses to the devices on the local area network (LAN) Go to Basic Network > Client / Server / Proxy > DHCP Server Tab Create/Edit DHCP Server Policy The router allows you to custom your DHCP Server Policy. It supports up to a maximum of 4 policy sets. When Add button is applied DHCP Server Configuration screen will appear. 194 ...
Page 195 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. DHCP Server Configuration Item Value setting Description 1. String format can be DHCP Server any text Enter a DHCP Server name. Enter a name that is easy for you to understand. Name 2. A Must filled setting LAN IP 1. IPv4 format. The LAN IP Address of this DHCP Server. Address 2. A Must filled setting 255.0.0.0 (/8) is set by Subnet Mask The Subnet Mask of this DHCP Server. default 1. IPv4 format. The IP Pool of this DHCP Server. It composed of Starting Address entered in this IP Pool 2. A Must filled setting field and Ending Address entered in this field. 1. Numberic string format. Lease Time The Lease Time of this DHCP Server. 2. A Must filled setting String format can be any Domain Name The Domain Name of this DHCP Server. text Primary DNS IPv4 format The Primary DNS of this DHCP Server. Secondary IPv4 format The Secondary DNS of this DHCP Server. ...
Page 196 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Mapping Rule List on DHCP Serve The router allows you to custom your Mapping Rule List on DHCP Server. It supports up to a maximum of 64 rule sets. When Fix Mapping button is applied, the Mapping Rule List screen will appear. When Add button is applied Mapping Rule Configuration screen will appear. Mapping Rule Configuration Item Value setting Description 1. MAC Address string MAC Address format The MAC Address of this mapping rule. 2. A Must filled setting 1. IPv4 format. IP Address The IP Address of this mapping rule. 2. A Must filled setting Enabling the The box is unchecked by Click Enable box to activate this rule. Rule default. Save N/A Click the Save button to save the configuration Click the Undo button to restore what you just configured back to the previous Undo N/A setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. When the Back button is clicked the screen will return to the DHCP Server Back N/A ...
Page 197: D.5 Dhcp Server Options 1
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 3.d.5 DHCP Server Options The DHCP Server Options setting allows user to set DHCP OPTIONS 66 72 114. DHCP Server will add these options in its sending out DHCPOFFER DHCPACK packages. Option Meaning 66 TFTP server name [RFC 2132] [RFC 2132] 72 Default World Wide Web Server 114 URL [RFC 3679] Go to Basic Network > Client / Server / Proxy > DHCP Server Options Tab Enable/Disable DHCP Server Options Create/Edit DHCP Server Options The router supports up to a maximum of 99 option settings. When Add/Edit button is applied DHCP Server Option Configuration screen will appear. 197 ...
Page 198 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. DHCP Server Option Configuration Item Value setting Description 1. String format can be Option Name any text Enter a DHCP Server Option name. Enter a name that is easy for you to understand. 2. A Must filled setting DHCP Server Dropdown list of all Choose the DHCP server this option should apply to. Select available DHCP servers. Dropdown list 66 ‐ tftp Option Select Choose the specific option you want to set. 72 – www 114 ‐ url Each different options has different value types. Single IP Address 66 Single FQDN Dropdown list of DHCP Type server option value’s type 72 ...
Page 199 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Save/Undo DHCP Server Options Click Save to restart DHCP server, forcing settings to take effect immediately. 199 ...
Page 200: Chapter5 Advanced Network 2
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Chapter5 Advanced Network 5.1 Firewall The firewall functions include Packet Filters, URL Blocking, Web Content Filters, MAC Control, Application Filters, IPS and some firewall options. 5.1.1 Firewall Configuration Firewall Configuration Enable Firewall check box will activate all firewall functions. The firewall configuration allows user to enable or disable all functions including Packet Filters, URL Blocking, Web Content Filters, MAC Control, Application Filters, IPS, and Firewall Options. ...
Page 201: Packet Filters 2
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.1.3 Packet Filters "Packet Filters" function can let you define some filtering rules for incoming and outgoing packets. So the gateway can control what packets are allowed or blocked to pass through it. A packet filter rule should indicate from and to which interface the packet enters and leaves the gateway, the source and destination IP addresses, and destination service port type and port number. Lastly, the time schedule to which the rule will be active. In "Packet Filters" page, there are three configuration windows for packet filtering function. They are the "Configuration" window, "Packet Filter Rule List" window, and "Packet Filter Rule Configuration" window. The "Configuration" window can let you activate the packet filtering function and specify to black listing or to white listing Inbound or Outbound packets defined in the "Packet Filter Rule List" entry. In addition, log alerting can be enabled through an “Enable” checkbox to log events. Second, ...
Page 202 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Packet Filter Rule List The "Packet Filter Rule List" shows the setup parameters of all packet filtering rules. There also be one "Add" button at the "Packet Filter Rule List" caption, that can let you add and create one new packet filtering rule. The "Edit" button at the end of each packet filtering rule can let you modify the rule. Refer to the following sub‐sections for more reference. Packet Filter Rule Configuration When you want to add a new packet filtering rule or edit one already existed, the "Packet Filter Rule Configuration" window shows up for you to configure. The parameters in a rule include the rule name, the from and to which interface the packet enters and leaves, the source and destination IP addresses, the destination service port type and port number, the integrated time ...
Page 203 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. carry out to meet the requirement. It is contrasting to above diagram. Scenario Description To only allow dedicated packets that match to one packet filtering rule to flow through the gateway and block other packets that are not defined in the “Packet Filter Rule List” entry. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "Packet Filters" enabling. Use default value for those parameters that are not mentioned in the tables. [Packet Filters]‐[Configuration] Configuration Path ■ Enable Packet Filters Deny all to pass except those match the following rules. Black List / White List [Packet Filters]‐[Packet Filter Rule List] Configuration Path ID Access 80 Access 443 Rule Name ...
Page 204 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Packet Filter Setting The packet filter setting allows user to create and customize packet filter policies to allow or reject specific inbound/outbound packets through the router based on their office setting. Enabling Packet Filter Go to Advanced Network > Firewall > Packet Filters Tab Enabling Packet Filters Item Name Value setting Description Enable Packet The box is unchecked by Check the Enable box to activate Packet Filter function Filter function default When Deny those match the following rules is selected, as the name suggest, Black List / Deny those match the White List packets specified in the rules will be blocked –black listed. In contrast, with Allow following rules is set by (Filter Method those match the following rules, you can specifically white list the packets to pass default Selection) and the rest will be blocked. The box is unchecked by Log Alert Check the Enable box to activate Event Log. default Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings ...
Page 205 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Filter Rules The router allows you to customize your packet filtering rules. It supports up to a maximum of 20 filter rule sets. When Add button is applied Filter Rule Configuration screen will appear. Create/Edit Filter Rules Item Name Value setting Description 1. String format can be Rule Name any text Enter a packet filter rule name. Enter a name that is easy for you to remember. 2. A Must filled setting Define the selected interface to be the packet‐entering interface of the router. If the packets to be filtered are coming from LAN to WAN then select LAN for this field. Or VLAN‐1 to WAN then select VLAN‐1 for this field. Other examples are From Interface A Must filled setting VLAN‐1 to VLAN‐2. VLAN‐1 to WAN. Select Any to filter packets coming into the router from any interfaces. Please note that two identical interfaces are not accepted by the router. i.e. VLAN‐ 1 to VLAN‐1. Define the selected interface to be the packet‐leaving interface of the router. If the packets to be filtered are entering from LAN to WAN then select WAN for this To Interface A Must filled setting field. Or VLAN‐1 to WAN then select WAN for this field. Other examples are VLAN‐ 1 to VLAN‐2. VLAN‐1 to WAN. Select Any to filter packets leaving the router from any interfaces. 205 ...
Page 206 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Please note that two identical interfaces are not accepted by the router. i.e. VLAN‐ 1 to VLAN‐1. This field is to specify the Source IP address. Select Any to filter packets coming from any IP addresses. Select Specific IP Address to filter packets coming from an IP address. Select IP Range to filter packets coming from a specified range of IP address. Source IP A Must filled setting Select IP Address‐based Group to filter packets coming from a pre‐defined group. Note: group must be pre‐defined before this option become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. This field is to specify the Destination IP address. Select Any to filter packets that are entering to any IP addresses. Select Specific IP Address to filter packets entering to an IP address entered in this field. Select IP Range to filter packets entering to a specified range of IP address entered Destination IP A Must filled setting in this field. Select IP Address‐based Group to filter packets entering to a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. This field is to specify the Source MAC address. Select Any to filter packets coming from any MAC addresses. Select Specific MAC Address to filter packets coming from a MAC address. Source MAC A Must filled setting Select MAC Address‐based Group to filter packets coming from a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. For Protocol, select Any to filter any protocol packets Then for Source Port, select a predefined port dropdown box when Well‐known Service is selected, otherwise select User‐defined Service and specify a port range. Then for Destination Port, select a predefined port dropdown box when Well‐...
Page 207 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. known Service is selected, otherwise select User‐defined Service and specify a port range. For Protocol, select GRE to filter GRE packets For Protocol, select ESP to filter ESP packets For Protocol, select SCTP to filter SCTP packets For Protocol, select User‐defined to filter packets with specified port number. Then enter a pot number in Protocol Number box. Apply Time Schedule to this rule, otherwise leave it as Always. Time Schedule A Must filled setting If the dropdown list is empty ensure Time Schedule is pre‐configured. Refer to System > Scheduling > Scheduling Setting tab The box is unchecked by Enabling the rule Click Enable box to activate this rule then save the settings. default. Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings When the Back button is clicked the screen will return to the Packet Filters Back N/A Configuration page. 207 ...
Page 208: Url Blocking 2
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.1.5 URL Blocking "URL Blocking" function can let you define blocking or allowing rules for incoming and outgoing Web request packets. With defined rules, gateway can control the Web requests containing the complete URL, partial domain name or pre‐defined keywords. For example, one can filter out or allow only the Web requests based on domain input suffixes like .com or .org or keywords like “bct” or “mpe”. An URL blocking rule should indicate the URL, partial domain name or included keywords in the Web requests from and to the gateway and what destination service port. In addition, the integrated time schedule can be applied to activate rules based on date and time. Gateway logs and displays illegal web accessing, in the web‐based utility, that matches rules in the defined URL blocking rule entry in the black‐list or in the exclusion of the white‐list. In "URL Blocking" page, there are three configuration windows. They are the "Configuration" window, "URL Blocking Rule List" window, and "URL Blocking Rule Configuration" window. ...
Page 209 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. When you choose "Allow all to pass except those match the following rules" for the "URL Blocking Rule List", you are setting the defined URL blocking rules to belong to the black list. The packets, listed in the rule list, will be blocked if one pattern in the requests matches to one rule. Other Web requests can pass through the gateway. In contrast, when you choose "Deny all to pass except ...
Page 210 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the administrator of the gateway wants to block the Web requests with some dedicated patterns, he can use the "URL Blocking" function to carry out to block specific Web requests by defining the black list as shown in above diagram. Certainly, when the administrator wants to allow only the Web requests with some dedicated patterns to go through the gateway, he can use the "URL Blocking" function by defining the white list to carry out to meet the requirement. It is contrasting to above diagram. Scenario Description Web requests with dedicated patterns in the black list will be blocked by the gateway. Other ones can pass through the gateway. ...
Page 211 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. . office setting Go to Advanced Network > Firewall > URL Blocking Tab Item Value setting Description Enable URL The box is unchecked by Blocking Check the Enable box to activate this filter function default function When Deny those match the following rules is selected, as the name suggest, Black List / Deny those match the White List (Filter packets specified in the rules will be blocked –black listed. In contrast, with Allow following rules is set by Method those match the following rules, you can specifically white list the packets to pass default Selection) and the rest will be blocked. The box is unchecked by Log Alert Check the Enable box to activate to activate Event Log. default Invalid Access The box is unchecked by Check the Enable box to activate this function. When the user attempts to open a Web Redirection default blocked http URL by the web browser, it will redirect to a warning page. ...
Page 212 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Item Value setting Description 1. String format can be Rule Name any text Enter a url blocking rule name. Enter a name that is easy for you to understand. 2. A Must filled setting This field is to specify the Source IP address. Select Any to filter packets coming from any IP addresses. Select Specific IP Address to filter packets coming from an IP address entered in this field. Select IP Range to filter packets coming from a specified range of IP address Source IP A Must filled setting entered in this field. Select IP Address‐based Group to filter packets coming from a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. This field is to specify the Source MAC address. Select Any to filter packets coming from any MAC addresses. Select Specific MAC Address to filter packets coming from a MAC address entered in this field. Source MAC A Must filled setting Select MAC Address‐based Group to filter packets coming from a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. Specify URL, Domain Name, or Keyword list to filtering rule. It supports up to a maximum of 10 Keywords in a rule by using the delimiter “;”. URL / Domain ...
Page 213 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. If the dropdown list is empty ensure Time Schedule is pre‐configured. Refer to System > Scheduling setting. Enabling the The box is unchecked by Click Enable box to activate this rule. rule default. Save N/A Click the Save button to save the configuration Click the Undo button to restore what you just configured back to the previous Undo N/A setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. When the Back button is clicked the screen will return to the URL Blocking Back N/A Configuration page. 213 ...
Page 214: Web Content Filters 2
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.1.9 Web Content Filters "Web Content Filters" function can block HTML requests with some specific extension file names, like ".exe", ".bat" (applications), "mpeg” (video), and so on. It also blocks HTML requests with some script types, like Java Applet, Java Scripts, cookies and Active X. In "Web Content Filters" page, there are three configuration windows for the filtering function. They are the "Configuration" window, "Web Content Filter List" window, and "Web Content Filter Configuration" window. ...
Page 215 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. The "Web Content Filter List" shows the setup parameters of all filtering rules. There also be one "Add" button at the “Web Content Filter List" caption, that can let you add and create one new Web content filtering rule. The "Edit" button at the end of each filtering rule can let you modify the rule. Refer to the following sub‐sections for more reference. Web Content Filter Configuration When you want to add a new Web content filtering rule or edit one existed rule, the "Web Content Filter Configuration" window will appear when you click on the Add or Edit button to configure. ...
Page 216 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Use default value for those parameters that are not mentioned in the tables. [Web Content Filters]‐[Configuration] Configuration Path ■ Enable Web Content Filter ■ Cookie ■ Java ■ ActiveX Popular File Extension List ■ Enable Log Alert [Web Content Filters]‐[Web Content Filter List] Configuration Path ID execution files Rule Name .exe; .com User‐defined File Extension List ■ Enable Rule Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. ...
Page 217 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. “.jar”, “.jsp”, “ .java”, “.jse”, “.jcm”, “.jtk” , or ”.jad”. Check the ActiveX box to activate this filter function, as the name suggests, this pattern matching rule define as the packet with the keyword “.ocx”, “.cab”, “.ole”, “.olb”, “.com”, “.vbs”, “.vrm”, or “.viv”. If one of the matching rules is found, the packets with http header will be dropped. The box is unchecked by Log Alert Check the Enable box to activate to activate Event Log. default Create/Edit Filter Rules The router supports up to a maximum of 20 filter rule sets. Ensure that the Web Content Filers is enabled before we can create filter rules. When Add button is applied Filter Rule Configuration screen will appear. Web Content Filter Configuration Item Value setting Description 1. String format can be Enter a web content filter rule name. Enter a name that is easy for you to Rule Name any text understand. 2. A Must filled setting This field is to specify the Source IP address. Select Any to filter packets coming from any IP addresses. Select Specific IP Address to filter packets coming from an IP address entered in this field. Source IP A Must filled setting Select IP Range to filter packets coming from a specified range of IP address entered in this field. Select IP Address‐based Group to filter packets coming from a pre‐defined group ...
Page 218 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. This field is to specify the Source MAC address. Select Any to filter packets coming from any MAC addresses. Select Specific MAC Address to filter packets coming from a MAC address entered in this field. Source MAC A Must filled setting Select MAC Address‐based Group to filter packets coming from a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. User‐defined Specify file extension list to filtering rule. It supports up to a maximum of 10 file File Extension A Must filled setting extension names in a rule by using the delimiter “;”. List (Use ; to If the matching rule is found, the packets with http header will be dropped. Concatenate) Apply Time Schedule to this rule, otherwise leave it as Always. Time Schedule A Must filled setting If the dropdown list is empty ensure Time Schedule is pre‐configured. Refer to System > Scheduling setting. Enabling the The box is unchecked by Click Enable box to activate this rule. rule default. Save N/A Click the Save button to save the configuration Click the Undo button to restore what you just configured back to the previous Undo N/A setting. Please note that the restored setting may not be the factory default setting ...
Page 219: B Mac Control 2
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.1.b MAC Control "MAC Control" function allows you to assign the accessibility to the gateway for different users based on device’s MAC address, including wired hosts or WiFi stations. In "MAC Control" page, there are three configuration windows for MAC control function. They are the "Configuration" window, "MAC Control Rule List" window, and "MAC Control Rule Configuration" window. The "Configuration" window can let you activate the MAC Control function and specify to black listing or to white listing the devices in the "MAC Control Rule List" entry. Furthermore, log alerting can be enabled through an "Enable" checkbox to log events. Another "Known MAC from ...
Page 220 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. when you choose "Deny all to pass except those match the following rules" for the "MAC Control Rule List", you are setting the defined MAC control rules to belong to the white list. The client hosts, listed in the rule, in the Intranet will be allowed for the connection to the gateway if their MAC addresses match to one rule. Other client hosts can't connect to the gateway. MAC Control Rule List The "MAC Control Rule List" shows the setup parameters of all MAC control rules. There also be one "Add" button at the “MAC Control Rule List" caption, that can let you add and create one new MAC control rule. The "Edit" button at the end of each MAC control rule can let you modify the rule. ...
Page 221 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the administrator of the gateway wants to reject some client hosts with specific MAC addresses in the Intranet to connect to the gateway, he can use the "MAC Control" function to carry out to reject by defining the black list as shown in above diagram. Certainly, when the administrator wants to allow only the client hosts with dedicated MAC addresses to connect to the ...
Page 222 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. MAC Control Setting The MAC control setting allows user to create and customize MAC address policies to allow or reject packets with specific source MAC address. Before you proceed ensure that the Firewall is enabled and saved. Go to Advanced Network > Firewall > Configuration tab. Enabling MAC Control Go to Advanced Network > Firewall > MAC Control Tab Enabling MAC Control Item Value setting Description Enable MAC The box is unchecked by Check the Enable box to activate the MAC filter function Control function default When Deny MAC Address Below is selected, as the name suggest, packets Black List / White List (Filter Deny MAC Address ...
Page 223 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit MAC Control Rules The router supports up to a maximum of 20 filter rule sets. Ensure that the MAC Control is enabled before we can create control rules. When Add button is applied Filter Rule Configuration screen will appear. Create/Edit MAC Control Rules Item Value setting Description 1. String format can be Rule Name any text Enter a MAC Control rule name. Enter a name that is easy for you to remember. 2. A Must fill setting 1. MAC Address string MAC Address (Ues: to Format Specify the Source MAC Address to filter rule. Compose) 2. A Must fill setting Apply Time Schedule to this rule, otherwise leave it as Always. Time Schedule A Must fill setting If the dropdown list is empty ensure Time Schedule is pre‐configured. Refer to System > Scheduling > Scheduling Setting tab Enabling the The box is unchecked by Click Enable box to activate this rule, then save the settings. rule default. Save ...
Page 224: D Application Filters 2
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.1.d Application Filters Application Filter function can categorize Internet Protocol packets based on their application layer data and allow or deny their passing of gateway. It supports the application filters for various Internet chat software, P2P download, Proxy, and A/V streaming. You can select the applications to be blocked after the function is enabled, and may also specify schedule rule to apply. 224 ...
Page 225 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the administrator of the gateway wants to block some P2P or Stream applications, he can use the "Application Filters" function to activate by checking the "Enable" box. Scenario Description Applications, by checking the "Enable" box, will be rejected or limited connection sessions to access the Internet. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "Application Filters" enabling. Use default value for those parameters that are not mentioned in the tables. [Application Filters]‐[Configuration] Configuration Path ■ Enable Application Filter ■ Enable Log Alert [Application Filters]‐[Application Filter List] Configuration Path Rule 1 Rule Name ...
Page 226 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Application Filters Item Setting Value setting Description Enable The box is unchecked by Application Check the Enable box to activate this filter function default Filters function The box is unchecked by Log Alert Check the Enable box to activate Event Log. default Create/Edit Filter Rules The router supports up to a maximum of 20 filter rule sets. Ensure that the Application Filers is enabled before we can create filter rules. When Add button is applied Filter Rule Configuration screen will appear. 226 ...
Page 227 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Application Filter Rule Configuration Item Value setting Description 1. String format can be Enter a Application filter rule name. Enter a name that is easy for you to Rule Name any text understand. 2. A Must filled setting This field is to specify the Source IP address. Select Any to filter packets coming from any IP addresses. Select Specific IP Address to filter packets coming from an IP address entered in this field. Select IP Range to filter packets coming from a specified range of IP address Source IP A Must filled setting entered in this field. Select IP Address‐based Group to filter packets coming from a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. This field is to specify the Source MAC address. Select Any to filter packets coming from any MAC addresses. Select Specific MAC Address to filter packets coming from a MAC address entered in this field. Source MAC A Must filled setting Select MAC Address‐based Group to filter packets coming from a pre‐defined group selected. Note: group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also appear in the Host grouping setting screen. All boxes are unchecked Chat Software ...
Page 228: F Ips 2
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.1.f IPS Intrusion Prevention Systems are network security appliances that monitor network and/or system activities for malicious activity. The main functions of IPS are to identify malicious activity, log information about this activity, attempt to block/stop it and report it. You can enable the IPS function and check the listed intrusion activities when needed. There are some intrusion prevention items need a further Threshold parameter to work properly for intrusion detection. You can enable the log ...
Page 229 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. IPS Scenario Scenario Application Timing The administrator provides some application servers in the Intranet of deployed networking and has to open specific ports to make services for employees oversea or Internet users. There are some risks to always open service ports in the internet for admin users. In order to avoid such attacked risks, please enable IPS functions. ...
Page 230 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Scenario Operation Procedure In above diagram, the gateway detects incoming packets which TCP ports are 25, 80,110,443 and 8080 then forward to transfer the E‐mail service requests to the LAN servers and send the replies from LAN servers back to the requester. System will block lots of packets in seconds. IPS Setting The Intrusion Prevention System (IPS) setting allows user to customize intrusion prevention rules to prevent malicious packets. Enabling IPS Firewall Go to Advanced Network > Firewall > IPS Tab Enabling IPS Firewall Item Value setting Description Enable IPS The box is unchecked by Check the Enable box to activate IPS function function default The box is unchecked by Log Alert Check the Enable box to activate to activate Event Log. default Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings 230 ...
Page 231 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Setup Intrusion Prevention Rules The router allows you to select intrusion prevention rules you may want to enable. Ensure that the IPS is enabled before we can enable defenses. Setup Intrusion Prevention Rules Item Name Value setting Description SYN Flood 1. A Must filled setting Click Enable box to activate this intrusion prevention rule and enter Defense 2. The box is unchecked by default. the traffic threshold in this field. UDP Flood 3. traffic threshold is set to 300 by Click Enable box to activate this intrusion prevention rule and enter Defense default the traffic threshold in this field. 4. The value range can be from 10 to ICMP Flood Click Enable box to activate this intrusion prevention rule and enter Defense 10000. the traffic threshold in this field. 1. A Must filled setting 2. The box is unchecked by default. Port Scan 3. traffic threshold is set to 200 by Click Enable box to activate this intrusion prevention rule and enter Defection default the traffic threshold in this field. ...
Page 232 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Block Ping of Death Block IP Spoof Block TCP Flag Scan Block Smurf Block Traceroute Block Fraggle Attack 1. A Must filled setting 2. The box is unchecked by default. ARP Spoofing 3. traffic threshold is set to 300 by Click Enable box to activate this intrusion prevention rule and enter Defence default the traffic threshold in this field. 4. The value range can be from 10 to 10000. Save NA Click Save to save the settings Undo NA Click Undo to cancel the settings 232 ...
Page 233: H Options 2
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.1.h Options There are some useful functions in this page. “Stealth Mode” lets gateway not to respond to port scans from the WAN so that makes it less susceptible to discovery and attacks on the Internet. ”SPI” enables gateway to record the packet information like IP address, port address, ACK, SEQ number and so on while they pass through the router. And the gateway checks every incoming packet to detect if this packet is valid. “Discard Ping from WAN” makes any host on the WAN side can`t ping this product. It means this device won`t reply any ICMP packet from Internet. “Remote Administrator Hosts” enables only the LAN users to browse the web‐based utility to perform administration task locally. This feature also enables you to perform administration task ...
Page 234 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. SPI Scenario Scenario Application Timing Users in Network‐A initiate to access cloud server through Gateway which records connected sessions. Sometimes, unknown users will simulate the Packet but use different Src IP to masquerade. Scenario Description In order to prevent security leak when local users surf the internet. Parameter Setup Example Following tables list the parameter configuration as an example for the gateway in above diagram with "SPI" enabling. [Options]‐[Firewall Options] Configuration Path ...
Page 235 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Discard Ping from WAN and Remote Administrator Hosts Scenario Scenario Application Timing “Discard Ping from WAN” makes any host on the WAN side can`t ping this gateway reply any ICMP packet from Internet while with “Remote Administrator Hosts” allowing to browse the web‐based utility to perform administration task remotely. Scenario Description In order to prevent security leak when local users surf the internet. Following tables list the parameter configuration as an example for the gateway in above diagram. [Options]‐[Firewall Options] Configuration Path ■ Enable Discard Ping from WAN ■ Enable HTTPS , ANY : 8080 Remote Administrator Hosts Please disable “SPI” Function. Scenario Operation Procedure In above diagram, the Gateway is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The gateway has the IP address of 10.0.75.2 for LAN interface and 118.18.81.200 for ...
Page 236 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Firewall Setting The firewall options setting allows network administrator to modify the behavior of the Firewall and to enable Remote Router Access Control. Enabling Firewall Options Go to Advanced Network > Firewall > Options Tab Enabling Firewall Options Item Value setting Description Enable Stealth The box is unchecked by Check the Enable box to activate Stealth Mode function mode function default Enable SPI The box is checked by Check the Enable box to activate SPI function function default Discard Ping The box is unchecked by Check the Enable box to activate Discarding Ping function from WAN default Remote Router Access Control The router allows network administrator to manage router remotely. The network administrator can assign specific IP address and service port to allow accessing the router. 236 ...
Page 237 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Remote Administrator Host Definition Item Value setting Description Protocol HTTP is set by default Select HTTP or HTTPS method for router access. This field is to specify the remote host to assign access right for remote access. Select Any IP to allow any remote hosts IP A Must filled setting Select Specific IP to allow the remote host coming from a specific subnet. An IP address entered in this field and a selected Subnet Mask to compose the subnet. 1. 80 for HTTP by default Service Port 2. 443 for HTTPS by This field is to specify a Service Port to HTTP or HTTPS connection. default Enabling the The box is unchecked by Click Enable box to activate this rule. rule default. Save N/A Click Enable box to activate this rule then save the settings. Undo N/A Click Undo to cancel the settings 237 ...
Page 238: Qos & Bwm 2
AMIT Security Gateway provides a Rule‐based QoS to carry out the requirements. 5.3.1 Configuration AMIT gateways adopt rule‐based approach to define the QoS & BWM function. Before the function works as expected, some system resources must be allocated correctly in "Configuration" page as below. In "Configuration" page, there are some configuration windows for QoS & BWM function. They ...
Page 239 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. are the "System Resource Configuration" window and "WAN Interface Resource" window. The number of supported WAN interfaces in the gateway will have same number of "WAN Interface Resource" windows available. Specify a WAN interface in the "System Resource Configuration" window with which the bandwidth will be managed, and then configure the Bandwidth resource for that WAN interface in the corresponding "WAN Interface Resource" window. The system resource ...
Page 240 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. System Resource Configuration Item Value setting Description Total Priority Define the total priority that is related to configure of each rule‐based QoS if select A Must filled setting Queues of All WANs Priority Queues of Resource. It is also related to default banwidth of WANs. Select WAN‐1 and then the following will show setting function that you can configure. (WAN‐1 is available only when WAN‐1 interface is enabled) The same applies to other WAN interfaces (i.e. WAN‐2). By default WAN‐1 is WAN Interface selected. Bandwidth of Upstream Specify total upload bandwidth of WAN‐n. Bandwidth of Downstream Specify total download bandwidth of WAN‐n. Total Connection Sessions Specify total connection sessions of WAN‐n Save N/A Click the Save button to save the settings. 240 ...
Page 241: Rule‐Based Qos 2
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.3.3 Rule‐based QoS This gateway provides lots of flexible rules for you to set QoS policies. Basically, you need to know three parts of information before you create your own policies. First, “who” needs to be managed? Second, “what” kind of service needs to be managed? The last part is “how” you prioritize. Once you have this information, you can continue to learn functions in this section in more detail. In "Rule‐based QoS" page, there are three configuration windows for QoS & BWM function. They are the "Configuration" window, "QoS Rule List" window, and "QoS Rule Configuration" window. The "Configuration" window can let you activate the Rule‐based QoS function. In addition, you can also enable the "Flexible Bandwidth Management" (FBM) feature for better utilization of system ...
Page 242 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. QoS Rule List The "QoS Rule List" shows the parameter settings of all QoS rule entry. There also be one "Add" button at the "QoS Rule List" caption, that can let you add and create one new QoS rule. The "Edit" button at the end of each QoS rule can let you modify the rule. Please see following sub‐section. Refer to the following sub‐sections for more reference. QoS Rule Configuration When you want to add a new QoS rule or edit one already existed, the "QoS Rule Configuration" window shows up for you to configure. The parameters in a rule include the applied WAN interfaces, the dedicated host group based on MAC address or IP address, the dedicated kind of service packets, the system resource to be distributed, the corresponding control function for your ...
Page 243 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. In diagram above, a QoS rule is organized by the premise part and the conclusion part. In the premise part, you must specify the WAN interface, host group, service type in the packets, packet flow direction to be watched and the sharing method of group control or individual control. However, in the conclusion part, you must make sure which kind of system resource to distribute and the control function based on the chosen system resource for the rule. The Rule‐based QoS has following features. Flexible QoS Rule Definition ...
Page 244 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. "DSCP" Type of QoS Rule Example Scenario Application Timing When the administrator of the gateway wants to convert the code point value, "IP Precedence 4(CS4)", in the packets from some client hosts (IP 10.0.75.196~199) to the code value, "AF Class2(High Drop)", he can use the "Rule‐based QoS" function to carry out this rule by defining an QoS rule as shown in above diagram. Scenario Description Convert the code point value from "IP Precedence 4(CS4)" to "AF Class2(High Drop)" for incoming ...
Page 245 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Scenario Operation Procedure This rule means IP packets from all WAN interfaces to LAN IP address 10.0.75.196 ~ 10.0.75.199 which have DiffServ code points with “IP Precedence 4(CS4)” value will be modified by “DSCP Marking” control function with “AF Class 2(High Drop)” value at any time. "Connection Sessions" Type of QoS Rule Example Scenario Application Timing When ...
Page 246 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [Rule‐based QoS]‐[QoS Rule Configuration] Configuration Path Interface WAN‐1 IP 10.0.75.16 Subnet Mask: 255.255.255.240 (/28) Group Service Resource Connection Sessions Set Session Limitation 20000 Control Function Outbound QoS Direction Group Control Sharing Method (0) Always Time Schedule ■ Enable Rule Scenario Operation Procedure This rule defines that all client hosts, whose IP address is in the range of 10.0.75.16~31, can access the Internet via "WAN‐1" interface under the limitation of the maximum 20000 connection sessions totally at any time The Rule Based QoS allows user to configure QoS and bandwidth to set the limitation of total bandwidth of each WAN connection. ...
Page 247 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit QoS Rules The QoS & BWM allows you to custom your rule‐based QoS rules. The router supports up to a maximum of 128 rule‐based QoS rule sets. When Add button is applied QoS Rule Configuration screen will appear. QoS Rule Configuration Item Value setting Description Define the selected interface to be the packet‐entering/packet‐leaving interface of the router. Select All WANs to filter the packets entering to or leaving from any WAN Interface A Must filled setting interface. Select WAN‐1 to filter the packets entering to or leaving from WAN‐1. (WAN‐1 is available only when WAN‐1 interface is enabled) The same applies to other WAN interfaces (i.e. WAN‐2). This field is to specify the Group of the interface selected in the Interface setting above. Select Src. MAC Address to prioritize packets based on MAC. Configure Service in the next line then go to Resource_1. Select IP to prioritize packets based on IP address and Subnet Mask. Configure Service in the next line, then go to Resource_2. Group A Must filled setting Select Host Name to prioritize packets based on a group of a preconfigured group of host from the dropdown list. If the dropdown list empty ensure if any group is pre‐configured (Note_1) and ensure that QoS is enabled in the group (Note_2). Configure Service in the next line, then go to Resource_3. Note_1: Group must be pre‐defined before this selection become available. Refer to System > Grouping > Host grouping. You may also access to create a group by the Add Rule shortcut button. Setting done through the Add Rule button will also ...
Page 248 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Note_2: Ensure that QoS in the Multiple Bound Services field is checked. Refer to System > Grouping > Host grouping then click Edit button of one of the host group created. Select All to filter packets entering to or leaving from any service. Select DSCP to filter packets entering to or leaving from a DSCP packet type. Select TOS to filter packets entering to or leaving from a TOS packet type. Select User‐defined Service to filter packets entering to or leaving from a user‐ Service A Must filled setting defined port or port range, and the protocol could be TCP/UDP/Both protocol for these ports. Select Well‐known Service to filter packets entering to or leaving from a well‐ known service list. Specify resource to the QoS rule. When Bandwidth is selected It means the option Resource of rule‐based QoS Rule is bandwidth. In Control Function when Set MINR & MAXR is selected It means the option Control Function of rule‐based QoS Rule is set MINR & MAXR. You can assign min rate, max rate and rate unit for this rule. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. Time Schedule (A Must filled setting) Resource_1 (for Group Src. MAC Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling A Must filled setting Address settings setting under System) only) Enabling the rule Click Enable box to activate this rule. ...
Page 249 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. Time Schedule (A Must filled setting) Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings When Priority Queues is selected It means the option Resource of rule‐based QoS Rule is priority queues. In Control Function when Set Priority is selected It means the option Control Function of rule‐based QoS Rule is set priority. You must fill the priority queue number in the textbox. Each priority have its own bandwidth. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. Time Schedule (A Must filled setting) Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings When DiffServ Code Points is selected It means the option Resource of rule‐based QoS Rule is DiffServ Code Points. In Control Function when DSCP Marking is selected It means the option Control Function of rule‐based QoS Rule is DSCP marking. You must select one from the list. DSCP Marking will mark with Code Point in Packet. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. ...
Page 250 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings Specify resource to the QoS rule. Select Bandwidth is selected It means the option Resource of rule‐based QoS Rule is bandwidth. In Control Function when Set MINR & MAXR is selected It means the option Control Function of rule‐based QoS Rule is set MINR & MAXR. You can assign min rate, max rate and rate unit for this rule. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. Sharing Method (A Must filled setting) When Individual Control is selected, It means the option Sharing Method of rule‐based QoS Rule is Individual Control. When Group Control is selected, It means the option Sharing Method of rule‐based QoS Rule is Group Control. Time Schedule (A Must filled setting) Resource_2 (for Group IP A Must filled setting Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling settings only) setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings When Connection Sessions is selected It means the option Resource of rule‐based QoS Rule is connection sessions. In Control Function when Set Session Limitation is selected It means the option Control Function of rule‐based QoS Rule is set session limitation. You must fill the session number in the textbox. ...
Page 251 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. When Group Control is selected, It means the option Sharing Method of rule‐based QoS Rule is Group Control. Time Schedule (A Must filled setting) Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings When Priority Queues is selected It means the option Resource of rule‐based QoS Rule is priority queues. In Control Function when Set Priority is selected It means the option Control Function of rule‐based QoS Rule is set priority. You must fill the priority queue number in the textbox. Each priority have its own bandwidth. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. Time Schedule (A Must filled setting) Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings When DiffServ Code Points is selected It means the option Resource of rule‐based QoS Rule is DiffServ Code Points. In Control Function when DSCP Marking is selected It means the option Control Function of rule‐based QoS Rule is DSCP marking. You must select one from the list. DSCP Marking will mark with Code Point in Packet. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. ...
Page 252 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings Specify resource to the QoS rule. When Bandwidth is selected It means the option Resource of rule‐based QoS Rule is bandwidth. In Control Function when Set MINR & MAXR is selected It means the option Control Function of rule‐based QoS Rule is set MINR & MAXR. You can assign min rate, max rate and rate unit for this rule. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. Sharing Method (A Must filled setting) When Individual Control is selected, It means the option Sharing Method of rule‐based QoS Rule is Individual Control. When Group Control is selected, It means the option Sharing Method of rule‐based QoS Rule is Group Control. Resource_3 Time Schedule (A Must filled setting) (for Group Host A Must filled setting Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling Name settings only) setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings When Connection Sessions is selected It means the option Resource of rule‐based QoS Rule is connection sessions. In Control Function when Set Session Limitation is selected It means the option Control Function of rule‐based QoS Rule is set session limitation. You must fill the session number in the textbox. ...
Page 253 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings When Priority Queues is selected It means the option Resource of rule‐based QoS Rule is priority queues. In Control Function when Set Priority is selected It means the option Control Function of rule‐based QoS Rule is set priority. You must fill the priority queue number in the textbox. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected It means the option QoS Direction of rule‐based QoS Rule is both. Time Schedule (A Must filled setting) Apply Time Schedule to this rule, otherwise leave it as Always. (refer to Scheduling setting under System) Enabling the rule Click Enable box to activate this rule. Click the Save button to save the settings When DiffServ Code Points is selected It means the option Resource of rule‐based QoS Rule is DiffServ Code Points. In Control Function when DSCP Marking is selected It means the option Control Function of rule‐based QoS Rule is DSCP marking. You must select one from the list. DSCP Marking will mark with Code Point in Packet. QoS Direction (A Must filled setting) When Outbound is selected It means the option QoS Direction of rule‐based QoS Rule is outbound. Outbound means the Group option is a source group. When Inbound is selected It means the option QoS Direction of rule‐based QoS Rule is inbound. Inbound means the Group option is a destination group. When Both is selected ...
Page 254: Vpn 2
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.5 VPN A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefitting from the functionality, security and management policies of the private network. This is done by establishing a virtual point‐to‐point connection through the use of dedicated connections, encryption, or a combination of the two. The tunnel ...
Page 255 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. VPN Configuration Item Value setting Description The box is VPN unchecked by Check the Enable box to enable all VPN functions default Save N/A Click the Save button to save the settings 255 ...
Page 256: Ipsec 2
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.5.3 IPSec Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPSec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. ...
Page 257 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Configuration The "Configuration" window is to enable the IPSec VPN function. In addition, if you want to activate the network neighborhood communication to work between both Intranets of local and remote peers in the IPSec VPN tunnel, you can check the "NetBIOS over IPSec" box. Moreover, if your security gateway is under a NAT router and you want to create an IPSec VPN tunnel between your security ...
Page 258 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Site to Site Tunnel Scenario  Scenario Application Timing The security gateway can be located at branch office or mobile office. When the client hosts behind the security gateway want to make a secure communication with the ones behind another security gateway in headquarters or another branch office, both security gateways need to establish a VPN tunnel first. Both Intranets of security gateways have their own subnet and the "Site to Site" tunnel scenario is used. "Site" means a subnet of client hosts.  Scenario Description  Both Initiator and Responder of IPSec tunnel must have a “Static IP” or a “FQDN” for "Site to Site" scenario.  Any peer gateway can be worked as an Initiator or a Responder of the IPSec VPN tunnel.  Two phases (IKE and IPSec) to negotiate for establishing an IPSec VPN tunnel with pre‐shared key and optional X‐Auth account / password. ...
Page 259 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec ■ Enable NAT Traversal [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel s2s‐101 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.76.0 Local Subnet 255.255.255.0 Local Netmask 192.168.1.0 Remote Subnet 255.255.255.0 Remote Netmask 118.18.81.33 Remote Gateway Configuration Path [IPSec]‐[Authentication] IKE+Pre‐shared Key 12345678 Key Management User Name Network‐A Local ID ...
Page 260 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec ■ Enable NAT Traversal [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel s2s‐201 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode [IPSec]‐[Local & Remote Configuration] Configuration Path 192.168.1.0 Local Subnet 255.255.255.0 Local Netmask 10.0.76.0 Remote Subnet 255.255.255.0 Remote Netmask 203.95.80.22 Remote Gateway Configuration Path [IPSec]‐[Authentication] IKE+Pre‐shared Key 12345678 Key Management User Name Network‐B Local ID ...
Page 261 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Dynamic VPN Tunnel Scenario Business Security Gateway can ignore IP information of Remote sites or clients when using Dynamic VPN, so it is suitable for users to build VPN tunnels with Business Security Gateway from a remote mobile site. Remote peer is a site will be indicated in the negotiation packets, including what remote subnet is. It must be noted that the remote peer has to initiate the tunnel establishing process first in this application scenario.  Scenario Application Timing If the gateway in Control Center wants to access remote sites with public IP even if private IP Address in cellular Network, the Dynamic VPN connection can be setup up to meet the requirement. When the security gateway of Control Center need to check the IP address of a remote device during establishing a secure VPN tunnel for data communication, Application servers will fail since they have not fixed IP address or Private IP Address. So, to activate the "Dynamic VPN" function on Control Center gateway is a fast approach for the secure data communication between remote site and the Control Centers gateway. You can follow the deployment steps as below. ...
Page 262 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Dynamic VPN is suitable for the Initiator being a mobile site or a mobile device with a dynamic IP or Private IP, only the Responder has a “Static IP” or a “FQDN”.  Two phases (IKE and IPSec) to negotiate for establishing an IPSec VPN tunnel with pre‐shared key and optional X‐Auth account / password.  Parameter Setup Example For Network‐A at HQ  Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network‐A.  Use default value for those parameters that are not mentioned in these 5 tables. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec ■ Enable NAT Traversal [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable...
Page 263 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  In addition, Negotiation Mode and X‐Auth in "IKE Phase" configuration window should be also matched on both peers.  And there is at least one proposal entity in IKE Proposal Definition and at least one proposal entity in IPSec Proposal Definition are same for both peers. Use the default ones in the setup example and they are not shown in followings. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec ■ Enable NAT Traversal [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel dvpn‐201 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode ...
Page 264 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Finally, the application servers in the Intranet of Network‐A in Control Center can access devices in the Intranet of Network‐B with a secured link.  Host to Site VPN Tunnel Scenario As We know, Multi‐WAN VPN Gateway can ignore IP information of Remote sites or clients when using Dynamic VPN, so it is suitable for managers to build VPN tunnels with a remote site to manage or Configure via VPN Tunnel. Remote peer ,perhaps , a site as IPSec host for management and be indicated in the negotiation packets. It must be noted that the remote peer has to initiate the tunnel establishing process first in this application scenario.  Scenario Application Timing If the gateway in Control Center wants to manage remote sites or serial‐based access devices with public IP even if private IP Address in cellular Network, the Dynamic VPN and ...
Page 265 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. between remote site and the Control Centers gateway. You can follow the deployment steps as below.  Scenario Description  Dynamic VPN is suitable for the Initiator being a mobile site or a mobile device with a dynamic IP or Private IP, only the Responder has a “Static IP” or a “FQDN”.  Two phases (IKE and IPSec) to negotiate for establishing an IPSec VPN tunnel with pre‐shared key and optional X‐Auth account / password.  Parameter Setup Example For Network‐A at HQ  Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network‐A.  Use default value for those parameters that are not mentioned in these 5 tables. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec ...
Page 266 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Use default value for those parameters that are not mentioned in these 5 tables.  Please also note that the authentication parameters of both peers must match each other to complete the authentication process successfully, and it is just for an example here.  In addition, Negotiation Mode and X‐Auth in "IKE Phase" configuration window should be also matched on both peers.  And there is at least one proposal entity in IKE Proposal Definition and at least one proposal entity in IPSec Proposal Definition are same for both peers. Use the default ones in the setup example and they are not shown in followings. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec ■ Enable NAT Traversal [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel dvpn‐201 Tunnel Name WAN 1 Interface ...
Page 267 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. So both Intranets of 192.168.1.0/24 and 10.0.76.0/24 can securely communicate each other.  Finally, the application servers in the Intranet of Network‐A in Control Center can access devices in the Intranet of Network‐B with a secured link.  Site to Host and Host to Site VPN Tunnel Scenario When Bosh Sites Control Center and Remote have global IP Address,it is suitable for managers to build VPN tunnels with a remote site to just manage or Configure via VPN Tunnel.  Scenario Application Timing If Both gateways are global IP Address and Admin user in Control Center wants to manage ...
Page 268 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Parameter Setup Example For Network‐A at HQ  Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network‐A.  Use default value for those parameters that are not mentioned in these 5 tables. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec ■ Enable NAT Traversal [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel dvpn‐101 Tunnel Name WAN 1 Interface Site to Host Tunnel Scenario Operation Mode Always on [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.76.0 Local Subnet 255.255.255.0 Local Netmask Remote Subnet 118.18.81.33 255.255.255.255 Remote Netmask ...
Page 269 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. also matched on both peers.  And there is at least one proposal entity in IKE Proposal Definition and at least one proposal entity in IPSec Proposal Definition are same for both peers. Use the default ones in the setup example and they are not shown in followings. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec ■ Enable NAT Traversal [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel dvpn‐201 Tunnel Name Interface WAN 1 Host to Site Tunnel Scenario Always on Operation Mode [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.76.0 Remote Subnet 255.255.255.0 Remote Netmask 203.95.80.22 or www.abc.com Remote Gateway [IPSec]‐[Authentication] Configuration Path Key Management IKE+Pre‐shared Key 12345678 User Name Network‐B Local ID ...
Page 270 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  IPSec Tunnel Failover Remote Security Gateway can ignore IP information of clients when using Dynamic VPN, so it is suitable for users to build VPN tunnels with Business Security Gateway from a remote mobile site with private IP. We can combine IPSec tunnel failover to make sure that secure connection is always‐on. Remote peer is a site will be indicated in the negotiation packets, including what remote subnet is. It must be noted that the remote peer has to initiate the tunnel establishing process first in this application scenario. ...
Page 271 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec ■ Enable NAT Traversal [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable ■ Enable Tunnel dvpn‐101 dvpn‐101 Tunnel Name WAN 1 WAN 2 Interface Dynamic VPN Dynamic VPN Tunnel Scenario Always on Always on Operation Mode [IPSec]‐[Local & Remote Configuration] Configuration Path 10.0.76.0 10.0.76.0 Local Subnet 255.255.255.0 255.255.255.0 Local Netmask [IPSec]‐[Authentication] Configuration Path IKE+Pre‐shared Key 12345678 IKE+Pre‐shared Key 12345678 Key Management ...
Page 272 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel dvpn‐201 s2s‐Failover Tunnel Name WAN 1 WAN 1 Interface Site to Site Site to Site Tunnel Scenario Always on Failover Operation Mode dvpn‐201 Tunnel List   Ping IP 203.95.80.22 , Interval 30 Ping IP 202.92.80.23 , Interval 30 Keep alive sec ...
Page 273 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. not the VPN tunnel. If you want all packets to be transferred from the Network‐B at branch office via this VPN tunnel, including the enterprise resource accessing and the Internet accessing, you can refer to following scenario example. When Full Tunnel function of remote Business Security Gateway is enabled, all data traffic from remote clients behind remote Business Security Gateway will go over the VPN tunnel. That is, if a user is operating at a PC that is in the Intranet of remote Business Security Gateway, all application packets and private data packets from the PC will be transmitted securely in the VPN tunnel to access the resources behind HQ Business Security Gateway, including surfing the Internet. As a result, every time the user surfs the web for shopping or searching data on Internet, checking personal emails, or accessing HQ servers, all are done on a secured connection through HQ Business Security Gateway. ...
Page 274 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. will go through the established VPN tunnel between both sites, including the HQ resource accessing and regular Internet accessing.  Scenario Description  Both Initiator and Responder of IPSec tunnel must have a “Static IP” or a “FQDN” for "Site to Site" scenario.  Any peer gateway can be worked as an Initiator or a Responder of the IPSec VPN tunnel.  Two phases (IKE and IPSec) to negotiate for establishing an IPSec VPN tunnel with pre‐shared key and optional X‐Auth account / password.  “Full Tunnel” feature to be enabled drives all packet flows from local site will be transferred via the established VPN tunnel.  Parameter Setup Example For Network‐A at HQ  Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network‐A.  Use default value for those parameters that are not mentioned in these 5 tables. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec ■ Enable NAT Traversal [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel s2s‐101 Tunnel Name WAN 1 Interface ...
Page 275 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[IKE Phase] Configuration Path Aggressive Mode Negotiation Mode None X‐Auth For Network‐B at Branch Office  Following 5 tables list the parameter configuration for above example diagram of IPSec VPN tunnel in Network‐B.  Use default value for those parameters that are not mentioned in these 5 tables. Please be noted that the special parameter configuration in red color.  Please also note that the authentication parameters of both peers must match each other to complete the authentication process successfully, and it is just for an example here.  In addition, Negotiation Mode and X‐Auth in "IKE Phase" configuration window should be also matched in both peers.  And there is at least one proposal entity in IKE Proposal Definition and at least one proposal entity in IPSec Proposal Definition are same for both peers. Use the default ones in the setup example and they are not shown in followings. [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec ...
Page 276 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[IKE Phase] Configuration Path Aggressive Mode Negotiation Mode None X‐Auth  Scenario Operation Procedure  In above diagram, Network‐A is in the headquarters, and the subnet of its Intranet is 10.0.76.0/24. The security gateway for Network‐A has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN interface. ...
Page 277 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.5.5 PPTP The Point‐to‐Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. The PPTP specification does not describe encryption or authentication features and relies on the Point‐to‐Point Protocol being tunneled to implement security functionality. However, the most common ...
Page 278 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. time. Define and choose either one role for your router in the "Configuration" window and configure all required parameters beneath the "Configuration" window. Then configure parameters on another gateway to takes another role. Above diagram is the server role configuration and following diagram shows the client role configuration. When you want to configure "PPTP Server" role for the security gateway, there are 4 more configuration windows: "PPTP Server Configuration", "PPTP Server Status", "User Account List" and "User Account Configuration". However, when you want to configure "PPTP Client" role for the security gateway, there are 3 more configuration windows: "PPTP Client Configuration", "PPTP Client List & Status" and "Configuration for A PPTP Client". ...
Page 279 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. encryption and its key length for the authentication process. PPTP Server Status "PPTP Server Status" window shows the dialing in status to the PPTP VPN server, including the used user name, remote IP address, the obtained virtual IP address and call ID of all PPTP clients. User Account List "User Account List" lists your defined user accounts that can be accepted by the PPTP server. User Account Configuration "User Account Configuration" window can let you specify the required parameters for a PPTP client account, such as user name, password and account activation. Add one new user account by using the "Add" button and edit an existed one by using the "Edit" button. Once it is created, the user ...
Page 280 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Above diagram illustrates the security gateway at headquarters playing the PPTP VPN server role. The PPTP tunnel is established by starting from PPTP client, the Security Gateway 2 in Network‐B or the mobile device, like notebook. All client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established PPTP tunnel. Usually, these hosts at PPTP client peer access the Internet directly via the WAN interface of Security Gateway 2. Only the packets whose destination is in the dedicated subnet to Network‐A will be transferred via the PPTP tunnel. ...
Page 281 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. security gateway for Network‐B has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a PPTP client. PPTP server provides two user accounts, User‐1 and User‐2, for PPTP clients dialing in. Establish a PPTP VPN tunnel by starting from the PPTP client site. So both Intranets of 10.0.75.0/24 and 10.0.76.0/24 can securely communicate each other. Finally, the client hosts in the Intranet of Network‐B at mobile office can access the server or database resources in the Intranet of Network‐A at HQ in a secured link. ...
Page 282 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing Above diagram illustrates the Security Gateway 2 or the mobile device playing the PPTP VPN client role. The PPTP tunnel is established by the PPTP client making the tunnel connection request initiation and the Security Gateway 1 in Network‐A of headquarters serves as the PPTP VPN server responding to the request. Once the tunnel has been established, all client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established PPTP tunnel. Usually, these hosts at PPTP client peer access the Internet directly via the WAN interface of Security Gateway 2. Only the packets whose destination is in the dedicated subnet to Network‐A will be transferred via the PPTP tunnel. But if PPTP client ...
Page 283 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. The Client may be a mobile user or mobile site, and requesting the PPTP tunnel connection with its account / password. PPTP protocol is used for establishing a PPTP VPN tunnel. The PPTP Client’s “Default Gateway/Remote Subnet” setting determines how the Internet traffic from PPTP client site is handled. Parameter Setup Example For Network‐B at Mobile Office Following 3 tables list the parameter configuration for above example diagram of PPTP VPN client in Network‐B. Use default value for those parameters that are not mentioned in these tables. [PPTP]‐[Configuration] Configuration Path ■ Enable PPTP Client Client/Server [PPTP]‐[PPTP Client Configuration] Configuration Path ■ Enable PPTP Client [PPTP]‐[ Configuration for A PPTP Client] Configuration Path PPTP #1 PPTP Client Name WAN 1 Interface 203.95.80.22 Remote IP/FQDN User‐1 User Name 1234 Password ...
Page 284 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. established PPTP VPN tunnel, and the Security Gateway 1 can control the accessing as same as the HQ resource accessing. PPTP Setting The PPTP setting allows user to create and configure PPTP tunnels. Before you proceed ensure that the VPN is enabled and saved. To enable VPN, go to Advanced Network > VPN > Configuration tab. Enabling PPTP Go to Advanced Network > VPN > PPTP tab Enable PPTP Window Item Value setting Description Unchecked by PPTP Click the Enable box to activate PPTP function. default Specify the role of PPTP. Select Server or Client role your gateway will take. Below Client/Server A Must fill setting are the configuration windows for PPTP Server and for Client. Save N/A Click Save button to save the settings PPTP Server The gateway supports up to a maximum of 10 PPTP user accounts. When Server in the Client/Server field is selected, the PPTP server configuration window will appear. ...
Page 285 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. PPTP Server Configuration Window Item Value setting Description Unchecked by PPTP Server Check the Enable box to enable PPTP server role of the gateway. default 1. A Must fill setting Specify the PPTP server Virtual IP address. The virtual IP address will serve as the Server Virtual IP 2. Default is virtual DHCP server for the PPTP clients. Clients will be assigned a virtual IP address 192.168.10.1 from it after the PPTP tunnel has been established. IP Pool Starting 1. A Must fill setting This is the PPTP server’s Virtual IP DHCP server. User can specify the first IP address Address 2. Default is 10 for the subnet from which the PPTP client’s IP address will be assigned. IP Pool Ending 1. A Must fill setting This is the PPTP server’s Virtual IP DHCP server. User can specify the last IP address Address 2. Default is 100 for the subnet from which the PPTP client’s IP address will be assigned. 1. A Must fill setting Select single or multiple Authentication Protocols for the PPTP server with which to Authentication 2. Unchecked by authenticate PPTP clients. Available authentication protocols are PAP/CHAP/MS‐ Protocol default CHAP/MS‐CHAPv2. Specify whether to support MPPE Protocol. Click the Enable box to enable MPPE ...
Page 286 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. User Account List Window Item Value setting Description This is the PPTP authentication user account entry. You can create and add accounts for remote clients to establish PPTP VPN connection to the gateway device. Max.of 10 user Click Add button to add user account. Enter User name and password. Then check User Account List accounts the enable box to enable the user. Click Save button to save new user account. The selected user account can permanently be deleted by clicking the Delete button. PPTP Client When select Client in Client/Server, a series PPTP Client Configuration will appear. PPTP Client Setting Window Item Value setting Description Unchecked by PPTP Client Check the Enable box to enable PPTP client role of the gateway. default Save N/A Click Save button to save the settings. Undo N/A Click Undo button to cancel the settings. ...
Page 287 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit PPTP Client The gateway supports up to a maximum of 32 simultaneous PPTP tunnels. When Add/Edit button is applied a series PPTP Client Configuration will appear. PPTP Client Configuration Window Item Value setting Description Tunnel Name A Must fill setting Enter a tunnel name. Enter a name that is easy for you to identify. 1. A Must fill setting Select WAN interface on which PPTP tunneling is to be established. Interface 2. WAN1 is selected by default 1. A Must fill setting There are three available operation modes. Always On, Failover, Load Balance. 2. Alwasy on is Failover/ Always Define whether the PPTP client is a failover tunnel function or an selected by default always on tunnel. Note: If this PPTP is a failover tunneling, you will need to select a primary IPSec tunnel from which to failover to. Operation Mode Load Balance Define whether the PPTP tunnel connection will take part in load balance function of the gateway. You will not need to select which WAN interface as the system will automatically utilize the available WAN interfaces to balance traffic loads. For more details on WAN Load Balance, refer to Load Balance Usage in this manual. On gateway’s web‐based utility, go to Basic Network > WAN > Load Balance tab. 1. A Must fill setting. Enter the public IP address or the FQDN of the PPTP server. 2. Format can be a Remote IP/FQDN ipv4 address or ...
Page 288 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. the PPTP server then select Default Gateway, otherwise, specified a subnet and its netmask –the remote subnet, if the default gateway is not used to connect to the PPTP server. The Remote Subnet format must be IP address/netmask (e.g. 10.0.0.2/24). 1. A Must fill setting Specify one ore multiple Authentication Protocol for this PPTP tunnel. Authentication 2. Unchecked by Available authentication methods are PAP/CHAP/MS‐CHAP/MS‐CHAPv2 Protocol default 1. Unchecked by Specify whether PPTP server supports MPPE Protocol. Click the Enable box to default enable MPPE. MPPE Encryption 2. an optional setting Note: when MPPE Encryption is enabled, the Authentication Protocol PAP/CHAP options will not be available. 1. Unchecked by Check the Enable box to enable NAT function for this PPTP tunnel. NAT before default Tunneling 2. an optional setting Auto is set by default Specify the LCP Echo Type for this PPTP tunnel. Auto, User‐defined, Disable. Auto the system sets the Interval and Max. Failure Time. LCP Echo Type User‐defined enter the Interval and Max. Failure Time. Disable disable the LCP Echo. Unchecked by Check the Enable box to enable this PPTP tunnel. Tunnel default Save ...
Page 289: L2Tp 2
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.5.7 L2TP Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy. This Gateway can behave as a L2TP server and a L2TP client both at the same time. Deploy a security gateway for local office and establish a virtual private network with the remote gateway of another office by using L2TP tunneling. So, all client hosts behind local security gateway can make data communication with others behind remote gateway. Or when you are a mobile user with your notebook or carrying along a security gateway and you want to access the servers and database in company headquarters (HQ). Moreover, the security gateway in HQ supports the L2TP VPN server function. So you can dial in the HQ gateway and access ...
Page 290 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. beneath the "Configuration" window. Then configure parameters on another gateway to take another role. Above diagram is the server role configuration and following diagram shows the client role configuration. When you want to configure "L2TP Server" role for the security gateway, there are 4 more configuration windows: "L2TP Server Configuration", "L2TP Server Status", "User Account List" and "User Account Configuration". However, when you want to configure "L2TP Client" role for the security ...
Page 291 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. L2TP Server Status "L2TP Server Status" window shows the dialing in status to the L2TP VPN server, including the used user name, remote IP address, the obtained virtual IP address and call ID of all L2TP clients. User Account List "User Account List" lists your defined user accounts that can be accepted by the L2TP server. User Account Configuration "User Account Configuration" window can let you specify the required parameters for a L2TP client account, such as user name, password and account activation. Add one new user account by using the "Add" button and edit an existed one by using the "Edit" button. ...
Page 292 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. The L2TP tunnel is established by starting from L2TP client, the Security Gateway 2 in Network‐B or the mobile device, like notebook. All client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established L2TP tunnel. Usually, these hosts at L2TP client peer access the Internet directly via the WAN interface of Security Gateway 2. Only the packets whose destination is in the dedicated subnet to Network‐A will be transferred via the L2TP tunnel. Scenario Description L2TP Tunneling is a Client and Server based tunneling technology. The L2TP Server must have a Static IP or a FQDN, and maintain a Client list (account / password); The Client may be a mobile user or mobile site, and requesting the L2TP tunnel connection with its account / password. L2TP protocol is used for establishing an L2TP VPN tunnel. Parameter Setup Example For Network‐A at HQ Following 3 tables list the parameter configuration for above example diagram of L2TP VPN server in Network‐A. Use default value for those parameters that are not mentioned in these tables. [L2TP]‐[Configuration] Configuration Path ■ Enable L2TP Server Client/Server ...
Page 293 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. security gateway for Network‐B has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN interface. It serves as a L2TP client. L2TP server provides two user accounts, User‐1 and User‐2, for L2TP clients dialing in. Establish a L2TP VPN tunnel by starting from the L2TP client site. So both Intranets of 10.0.75.0/24 and 10.0.76.0/24 can securely communicate each other. Finally, the client hosts in the Intranet of Network‐B at mobile office can access the server or database resources in the Intranet of Network‐A at HQ in a secured link. L2TP VPN Client Scenario When you want the security gateway to play a L2TP client role, check the "Enable" box and choose "Client" option in the "L2TP Configuration" window. And make its related configuration in following sections. ...
Page 294 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. flowing of any packets from the L2TP client peer. Certainly, those packets come through the L2TP VPN tunnel. Scenario Application Timing Above diagram illustrates the Security Gateway 2 or the mobile device playing the L2TP VPN client role. The L2TP tunnel is established by the L2TP client making the tunnel connection request initiation and the Security Gateway 1 in Network‐A of headquarters serves as the L2TP VPN server responding to the request. Once the tunnel has been established, all client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established L2TP tunnel. Usually, these hosts at L2TP client peer access the ...
Page 295 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. L2TP Tunneling is a Client and Server based tunneling technology. The L2TP Server must have a Static IP or a FQDN, and maintain a Client list (account / password). The Client may be a mobile user or mobile site, and requesting the L2TP tunnel connection with its account / password. L2TP protocol is used for establishing a L2TP VPN tunnel. The L2TP Client’s “Default Gateway/Remote Subnet” setting determines how the Internet traffic from L2TP client site is handled. The L2TP over IPSec is usually used for BYOD devices to establish a secure VPN tunnel between mobile employees and company office. Parameter Setup Example For Network‐B at Mobile Office Following 3 tables list the parameter configuration for above example diagram of L2TP VPN client in Network‐B. Use default value for those parameters that are not mentioned in these tables. [L2TP]‐[Configuration] Configuration Path ■ Enable L2TP Client/Server Client [L2TP]‐[L2TP Client Configuration] Configuration Path ■ Enable L2TP Client [L2TP]‐[ Configuration for A L2TP Client] Configuration Path L2TP #1 L2TP Client Name WAN 1 Interface ...
Page 296 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. VPN tunnel. So both Intranets of 10.0.75.0/24 and 10.0.76.0/24 can securely communicate each other. Finally, the client hosts in the Intranet of Network‐B at mobile office can access the server or database resources in the Intranet of Network‐A at HQ in a secured link. However, if the "Default Gateway/Remote Subnet" parameter in the Security Gateway 2 is configured to "Default Gateway", the Internet accessing of L2TP Client peer also go through the established L2TP VPN tunnel, and the Security Gateway 1 can control the accessing as same as the HQ resource accessing. ...
Page 297 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. L2TP Server Configuration Item Value setting Description The box is When click the Enable box L2TP unchecked by It will activate L2TP functions. default Specify the role of L2TP. Selected Server Client/Server A Must filled setting ‐>Set as a L2TP server and jump to server configuration page Selected Client ‐>Set as a L2TP client and jump to client configuration page The box is When click the Enable box L2TP Server unchecked by It will active L2TP server default The box is When click the Enable box. L2TP over IPSec unchecked by It will enable L2TP over IPSec and need to fill in the Pre‐shared Key. default Specify the L2TP server Virtual IP Server Virtual IP A Must filled setting It will set as this L2TP server local virtual IP IP Pool Starting Specify the L2TP server starting IP of virtual IP pool A Must filled setting Address It will set as the starting IP which assign to L2TP client ...
Page 298 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. User Account List Item Value setting Description Specify the User Account which allow client to authenticate. Click Add button to add user account. Click Delete button to delete user account. Click Enable button to enable user account. User Account List N/A Specify Username ‐>Fill in the username. Specify Password ‐>Fill in the password Click save button to save user account. When select Client in Client/Server, a series L2TP Client Configuration will appear. L2TP Client Configuration Item Setting Value setting Description L2TP Client The box is When click the Enable box unchecked by It will activate L2TP Client. default Save N/A Click the Save button to save the configuration. Undo N/A Click the Undo button to recovery the configuration. ...
Page 299 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. When Add/Edit button is applied a series of configuration screen will appear. L2TP Client Configuration Item Setting Value setting Description When fill in the name Tunnel Name A Must filled setting It will be used to identify it in the tunnel list Define the selected interface to be the used for this L2TP tunnel Select WAN‐1 for this IPSec tunnel using. Interface A Must filled setting (WAN‐1 is available only when WAN‐1 interface is enabled) The same applies to other WAN interfaces (i.e. WAN‐2). The box is When click the Enable box. L2TP over IPSec unchecked by It will enable L2TP over IPSec and need to fill in the Pre‐shared Key. default Remote LNS Specify the Remote LNS IP/FQDN for this L2TP tunnel. A Must filled setting IP/FQDN Fill in the IP address or FQDN. Specify the Remote LNS Port for this L2TP tunnel. Remote LNS Port A Must filled setting Fill in the value for LNS port. Specify the Username for this L2TP tunnel to authenticate when connect to server. Username A Must filled setting Fill in the string as username. Password A Must filled setting ...
Page 300 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. ‐>The protocol will be enable which box is click. When click the Enable box The box is ‐>It will enable MPPE for this L2TP tunnel. MPPE Encryption unchecked by Note_1: If Enable box is be click, Authentication Protocol PAP/CHAP will be not default available. The box is When click the Enable box NAT before unchecked by ‐>It will enable NAT for this L2TP tunnel. Tunneling default Specify the LCP Echo Type for this L2TP tunnel. Select Auto ‐>Auto setting the Interval and Max. Failure Time. LCP Echo Type A Must filled setting Selected User‐defined ‐>Fill in the Interval and Max. Failure Time for LCP. Selected Disable ‐>Disable LCP Echo and it will be not availabe. Service Port A Must filled setting Specify the Service Port for this L2TP tunnel to use. The box is When click Enable Tunnel unchecked by It will enable this L2TP tunnel default Save N/A Click the Save button to save the configuration. ...
Page 301: Gre 3
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.5.9 GRE Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that encapsulate a wide variety of network layer protocols inside virtual point‐to‐point links over an Internet Protocol internetwork. Deploy a security gateway for local office and establish a virtual private network with the remote gateway of another office by using GRE tunneling. So, all client hosts behind local security gateway can make data communication with others behind remote gateway. The most popular scenario is the security gateway is located at a branch office. Employees in the branch office want to use their client ...
Page 302 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. GRE Tunnel List "GRE Tunnel List" window shows all your defined GRE tunnel profiles and parameters include Tunnel Name, Interface, Operation Mode, IP address of local peer, IP address of remote peer, Key, TTL, if keep alive or not, tunnel as the Default Gateway or specifying the remote subnet to flow through the tunnel, and tunnel activation. GRE Rule Configuration "GRE Rule Configuration" window can let you specify all parameters for a GRE VPN tunnel. Take a GRE tunnel between the gateway in headquarters and the one in branch office as an example fo following description. ...
Page 303 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. configuration rule. GRE Tunneling protocol is used for establishing an GRE VPN tunnel. Parameter Setup Example For Network‐A at HQ Following 2 tables list the parameter configuration for above example diagram of GRE VPN server in Network‐A. Use default value for those parameters that are not mentioned in these tables. [GRE]‐[Configuration] Configuration Path ■ Enable GRE [GRE]‐[GRE Rule Configuration] Configuration Path GRE HQ Tunnel Name WAN 1 Interface Always on Operation Mode 203.95.80.22 Tunnel IP 118.18.81.33 Remote IP 1234 Key TTL Remote Subnet 10.0.75.0/24 Default Gateway/Remote Subnet ■ Enable Tunnel Scenario Operation Procedure In above diagram, Network‐A is in the headquarters, and the subnet of its Intranet is 10.0.76.0/24. ...
Page 304 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. GRE Tunnel at Branch Office Scenario Application Timing Above diagram illustrates the security gateway in headquarters playing the GRE client role. In fact, the GRE tunnel establishment can be started from either site. The GRE tunnel is established by starting from GRE client, the Security Gateway 2 in Network‐B. All client hosts behind the Security Gateway 2 or the mobile device can access the resources in the Intranet of Network‐A at headquarters via this established GRE tunnel. Usually, these hosts at GRE client peer access the ...
Page 305 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Parameter Setup Example For Network‐B at Branch Office Following 2 tables list the parameter configuration for above example diagram of GRE VPN server in Network‐B. Use default value for those parameters that are not mentioned in these tables. [GRE]‐[Configuration] Configuration Path ■ Enable GRE [GRE]‐[GRE Rule Configuration] Configuration Path GRE BO Tunnel Name WAN 1 Interface Always on Operation Mode 118.18.81.33 Tunnel IP 203.95.80.22 Remote IP 1234 Key TTL Default Gateway Default Gateway/Remote Subnet ■ Enable Tunnel Scenario Operation Procedure In above diagram, Network‐A is in the headquarters, and the subnet of its Intranet is 10.0.76.0/24. The security gateway for Network‐A has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN interface. It serves as a GRE server. ...
Page 306 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. GRE Setting The GRE setting allows user to create and configure GRE tunnels. Before you proceed ensure that the VPN is enabled and saved. To enable VPN, go to Advanced Network > VPN > Configuration tab. . Enabling GRE Go to Advanced Network > VPN > GRE tab Enable GRE Window Item Value setting Description Unchecked by GRE Click the Enable box to enable GRE function. default 1. 32 is set by default Max. Concurrent 2. Max. of 32 It specifies the maximum number of simultaneous GRE tunnel connections. GRE Tunnels connections Save N/A Click Save button to save the settings Undo N/A Click Undo button to cancel the settings Create/Edit GRE tunnel The router supports up to a maximum of 32 simultaneous GRE tunnel connections. Ensure that the GRE enable box is checked to enable before we can setup GRE. When Add/Edit button is applied a series of configuration screen will appear. 306 ...
Page 307 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. GRE Rule Configuration Window Item Value setting Description Tunnel Name A Must fill setting Enter a tunnel name. Enter a name that is easy for you to identify. 1. A Must fill setting Select WAN interface on which GRE tunnel is to be established. Interface 2. WAN 1 is selected by default There are three available operation modes. Always On, Failover, Load Balance. Failover/ Always Define whether the GRE tunnel is a failover tunnel function or an Always on tunnel. Note: If this GRE is a failover tunneling, you will need to select a primary GRE tunnel from which to failover to. 1. A Must fill setting Load Balance Define whether the GRE tunnel connection will take part in load Operation Mode 2. Alway on is balance function of the gateway. You will not need to select with WAN interface as selected by default the system will automatically utilize the available WAN interfaces to balance traffic loads. For more details on WAN Load Balance, refer to Load Balance Usage in this manual. On gateway’s web‐based utility, go to Basic Network > WAN > Load Balance tab. Note: Failover and Load Balance functions are not available for Dynamic VPN specified in Tunnel Scenario. Tunnel IP A Must fill setting Enter the Tunnel IP address. Enter the Remote IP address of remote GRE tunnel gateway. Normally this is the Remote IP A Must fill setting public IP address of the remote GRE gateway. 1. A Must fill setting ...
Page 308 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Note: GRE Encapsulation Mode will not be available when DMVPN is not enabled. Unchecked by Tunnel Check Enable box to enable this GRE tunnel. default Save N/A Click Save button to save the settings. Undo N/A Click Undo button to cancel the settings. Back N/A Click Back button to return to the previous page. 308 ...
Page 309: D Openvpn 3
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.5.d OpenVPN OpenVPN is a application that implements virtual private network (VPN) techniques for creating secure TUN or TAP connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. OpenVPN allows peers to authenticate each other using a Static key or certificates.When used in a multi‐client‐server configuration, it allows the server to release an authentication certificate for every client, using signature and Certificate authority. It uses the OpenSSL encryption library extensively, as well as the SSLv3/TLSv1 protocol, and contains many security and control features. Deploy a security gateway for local office and establish a virtual private network with the Cellular gateway of remote site by using OpenVPN. So, Admin users or Application Servers behind local security gateway can make data communication with others behind remote gateway. Or when you are a mobile user with your notebook and want to access the servers and database in Control Center. Besides, the security gateway in Control Center supports the OpenVPN server function. So you can dial in the Main gateway and access the Control Center resources by establishing an OpenVPN. It is a virtual private network between your device and Control Center gateway for your resource accessing. 309 ...
Page 310 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 310 ...
Page 311 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. In "OpenVPN" frame, there is the "Configuration" window to enable the OpenVPN function. Besides, the security gateway can play either "OpenVPN Server" role or "OpenVPN Client" role or they both. You can define the both roles one after one. Choose one role in the "Configuration" window and configure all required parameters for it beneath the "Configuration" window. After that, choose another role and make its configuration. Above diagram is for server role and following diagram is for client role. 311 ...
Page 312 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. You want to configure "OpenVPN Server or Client" role for the security gateway as follows: Configuration The "Configuration" window is to enable the OpenVPN by checking the Enable box. Besides, choose "Server" or "Client" at the "Client/Server" field of the "Configuration" window, so that you can define the gateway as the OpenVPN server for remote clients to establish VPN tunnels to it. Or you can create multiple OpenVPN clients for the gateway to establish VPN tunnels to remote gateways. The security gateway serves as the OpenVPN client and server at the same time.  OpenVPN TAP Server Scenario When you want the security gateway to play a OpenVPN server role, check the "Enable" box and ...
Page 313 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. In bridge mode, the VPN Host is given an IP address on the same subnet than the LAN where reside the OpenVPN server, giving the OpenVPN client direct access to other LAN resources.If you want to give remote access to the entire remote LAN to multiple clients, you need to setup OpenVPN in “TAP” bridge mode. OpenVPN TAP Server Configuration "OpenVPN Server Configuration" window can let you enable the OpenVPN server function, define the pool of virtual IP addresses that will assign to remote OpenVPN clients dialing in the security gateway, and the authentication protocol. You also can specify if the OpenVPN server needs the MPPE encryption and its key length or not for the authentication process. OpenVPN TAP Server Advanced Configuration There are some advanced settings to show this frame by checking the "Enable" box of Advanced Configuration. 313 ...
Page 314 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Scenario Application Timing Above diagram illustrates Multi‐WAN VPN gateway at Control Center playing the OpenVPN server role. The OpenVPN tunnel is established by starting from OpenVPN client, Cellular Gateway in Network‐B. Serial‐based access device with Cellular Gateway can be accessed from Network‐A at Control Center via this established OpenVPN tunnel.  Scenario Description  OpenVPN Tunneling is a Client and Server based tunneling technology.  The OpenVPN Server must have a Static IP or a FQDN, and maintain a Client list ; The Client may be a mobile user or Remote site, and requesting the OpenVPN tunnel connection. ...
Page 315 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. OpenVPN server in Network‐A.  Use default value for those parameters that are not mentioned in these tables. Configuration Path [OpenVPN]‐[Configuration] ■ Enable OpenVPN Server Configuration Server/Client [OpenVPN]‐[OpenVPN Server Configuration] Configuration Path ■ Enable OpenVPN Server Protocol Port 2016 TAP Tunnel Device Authorization Mode CA Cert: RootCA, Server Cert: local 10.0.76.200 IP Pool Starting Address 10.0.76.220 IP Pool Ending Address 10.0.76.253 Gateway 255.255.255.0/24 Netmask Blowfish Encryption Cipher Hash Algorithm SHA‐1 Adaptive LZO Compression ...
Page 316 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  OpenVPN TAP Client Scenario When you want the security gateway to play a OpenVPN client role, check the "Enable" box and choose "Client" option in the "OpenVPN Configuration" window. And make its related configuration in following sessions. OpenVPN Client Configuration "OpenVPN Client Configuration" window can let you enable the OpenVPN client function by checking the "Enable" box. OpenVPN TAP Client List "OpenVPN Client List" window shows your defined OpenVPN clients and their tunnel status. Only some important information for all tunnels are shown in the list as following diagram. Configuration for OpenVPN TAP Client "Configuration for A OpenVPN Client" window let you specify the required parameters for a OpenVPN ...
Page 317 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Scenario Application Timing Above diagram illustrates the Cellular Gateway or the mobile device playing the OpenVPN VPN client role. The OpenVPN tunnel is established by starting from it, and the Security Multi‐WAN VPN Gateway in Network‐A of Control Center serves as the OpenVPN VPN server. Once the tunnel has been established, Cellular Gateway or Serial‐based access devices can be accessed the resources in the Intranet of Network‐A at Control Center via this established OpenVPN tunnel.  Scenario Description  OpenVPN Tunneling is a Client and Server based tunneling technology.  The OpenVPN Server must have a Static IP or a FQDN, and maintain a Client list; The Client may be a mobile user or mobile site, and requesting the OpenVPN tunnel connection.  OpenVPN protocol is used for establishing an OpenVPN tunnel. 317 ...
Page 318 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Parameter Setup Example For Network‐B at Mobile Office  Following 3 tables list the parameter configuration for above example diagram of OpenVPN VPN client in Network‐B.  Use default value for those parameters that are not mentioned in these tables. [OpenVPN]‐[Configuration] Configuration Path ■ Enable OpenVPN Server/Client Client Configuration [OpenVPN]‐[OpenVPN Client Configuration] Configuration Path Client1 OpenVPN Client Name Interface WAN1 Protocol 2016 Port TAP Tunnel Device 203.95.80.22 or www.abc.com Remote IP/FQDN 10.0.76.0/24 Subnet Mask Authorization Mode CA Cert: RootCA, Client Cert: local, Client key: localkey Blowfish Encryption Cipher NAT Disable SHA‐1 Hash Algorithm ...
Page 319 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  OpenVPN TUN Server Scenario When you want the security gateway to play a OpenVPN server role, check the "Enable" box and choose "Server" option in the "OpenVPN Configuration" window. And make its related configuration in following sessions. Also refer to the above server role diagram. The term "tun" mode also refer to routing mode and operate with layer 3 packets.In routing mode, the VPN client is given an IP address on a different subnet than the local LAN where the OpenVPN server is sitting.This virtual subnet is created for connecting to any remote VPN computers.In routing mode, the OpenVPN server creates a "tun" interface with its own IP address pool which is different from the local LAN. Remote Hosts that dial‐in will get an IP address inside the Virtual network and will ...
Page 320 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Scenario Application Timing Above diagram illustrates Multi‐WAN VPN gateway at Control Center playing the OpenVPN server role. The OpenVPN tunnel is established by starting from OpenVPN client, Cellular Gateway in Network‐B. Serial‐based access device with Cellular Gateway can be accessed from Network‐A at Control Center via this established OpenVPN tunnel.  Scenario Description  OpenVPN Tunneling is a Client and Server based tunneling technology.  The OpenVPN Server must have a Static IP or a FQDN, and maintain a Client list ; The Client may be a mobile user or Remote site, and requesting the OpenVPN tunnel connection. ...
Page 321 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. OpenVPN server in Network‐A.  Use default value for those parameters that are not mentioned in these tables. Configuration Path [OpenVPN]‐[Configuration] ■ Enable OpenVPN Server Configuration Server/Client [OpenVPN]‐[OpenVPN Server Configuration] Configuration Path ■ Enable OpenVPN Server Protocol Port 2016 Tunnel Device Authorization Mode CA Cert: RootCA, Server Cert: Local 10.8.0.0 (The IP format is 10.y.0.0 ,the range of y is 1~254) Server Virtual IP 255.255.255.0/24 (only support class C) Netmask Blowfish Encryption Cipher SHA‐1 Hash Algorithm Adaptive LZO Compression  Scenario Operation Procedure  In above diagram, Network‐A is in the Control Center, and the subnet of its Intranet is 10.0.76.0/24. ...
Page 322 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  OpenVPN TUN Client Scenario When you want the security gateway to play a OpenVPN client role, check the "Enable" box and choose "Client" option in the "OpenVPN Configuration" window. And make its related configuration in following sessions. OpenVPN Client Configuration "OpenVPN Client Configuration" window can let you enable the OpenVPN client function by checking the "Enable" box. OpenVPN TAP Client List "OpenVPN Client List" window shows your defined OpenVPN clients and their tunnel status. Only some important information for all tunnels are shown in the list as following diagram. Configuration for OpenVPN TUN Client "Configuration for A OpenVPN Client" window let you specify the required parameters for a OpenVPN ...
Page 323 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Scenario Application Timing Above diagram illustrates the Cellular Gateway or the mobile device playing the OpenVPN VPN client role. The OpenVPN tunnel is established by starting from it, and the Security Multi‐WAN VPN Gateway in Network‐A of Control Center serves as the OpenVPN VPN server. Once the tunnel has been established, Cellular Gateway and Serial‐based access devices can be accessed the resources in the Intranet of Network‐A at Control Center via this established OpenVPN tunnel.  Scenario Description  OpenVPN Tunneling is a Client and Server based tunneling technology.  The OpenVPN Server must have a Static IP or a FQDN, and maintain a Client list; The Client may be a mobile user or mobile site, and requesting the OpenVPN tunnel connection.  OpenVPN protocol is used for establishing an OpenVPN tunnel.  Parameter Setup Example 323 ...
Page 324: Redundancy 3
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. For Network‐B at Mobile Office  Following 3 tables list the parameter configuration for above example diagram of OpenVPN VPN client in Network‐B.  Use default value for those parameters that are not mentioned in these tables. [OpenVPN]‐[Configuration] Configuration Path ■ Enable OpenVPN Client Configuration Server/Client [OpenVPN]‐[OpenVPN Client Configuration] Configuration Path Client1 OpenVPN Client Name WAN1 Interface Protocol Port 2016 TUN Tunnel Device 203.95.80.22 or www.abc.com Remote IP/FQDN 10.0.76.0/24 Remote Subnet Authorization Mode CA Cert: RootCA, Client Cert: local, Client key: localkey Blowfish Encryption Cipher SHA‐1 Hash Algorithm Adaptive LZO Compression ...
Page 325: Vrrp 3
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. the backup one of the master gateway and it will take over the data transmitting job once it finds the master gateway failed. AMIT security gateway can serve as the redundant gateway of core router in the enterprise by using the Virtual Router Redundancy Protocol (VRRP). 5.7.1 VRRP The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol providing device redundancy. It allows a backup router or switch to automatically take over if the primary (master) router or switch fails. This increases the availability and reliability of routing paths via ...
Page 326 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When the enterprise gateway needs a reliable connection to the Internet, administrator can setup a group of VRRP redundant gateways as the enterprise entry gateway. Each member gateway connects to different ISP for a redundant connection to the Internet. So, the enterprise gateway is reliable even the master connection is failed. Scenario Description When the master gateway is disabled of its Internet connection, the backup gateway whose priority is the highest among the ones with alive Internet connection will take over the data communication duty and serves as the master. ...
Page 327 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [Ethernet LAN]‐[Configuration] ([Basic Network]‐[LAN&VLAN]) Configuration Path LAN IP Address 10.0.75.1 255.255.255.0 (/24) Subnet Mask Configuration Path [VRRP]‐[Configuration] ■ Enable VRRP Virtual Server ID Priority of Virtual Server 10.0.75.200 Virtual Server IP Address  Backup Gateway [Ethernet LAN]‐[Configuration] ([Basic Network]‐[LAN&VLAN]) Configuration Path LAN IP Address 10.0.75.2 255.255.255.0 (/24) Subnet Mask Configuration Path [VRRP]‐[Configuration] ■ Enable VRRP Virtual Server ID Priority of Virtual Server 10.0.75.200 Virtual Server IP Address Scenario Operation Procedure In above diagram, the Master Gateway and the Backup Gateway are the redundant gateway group of Network‐A and the subnet of its Intranet is 10.0.75.0/24. The master gateway has the IP address of 10.0.75.1 for LAN interface, 203.95.80.22 for WAN‐1 interface. However, the backup gateway has ...
Page 328 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. VRRP Setting T he Virtual Router Redundancy Protocol (VRRP) setting allows user to assign available Internet Protocol (IP) routers to participating hosts automatically. Go to Advanced Network > Redundancy > VRRP Tab VRRP Item Value setting Description Enable VRRP The box is unchecked by Check the Enable box to activate this VRRP function function default 1. Numberic String Virtual Server ID Format Define the Virtual Server ID on VRRP of the router. The value range is from 1 to 255. 2. A Must filled setting 1. Numberic String Priority of Define the Priority of Virtual Server on VRRP of the router. The value range is from Format ...
Page 329: System Management 3
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.9 System Management System management refers to enterprise‐wide administration of distributed systems including (and commonly in practice) computer systems. Centralized management has a time and effort trade‐off that is related to the size of the company, the expertise of the IT staff, and the amount of technology being used. This device supports many system management protocols, such as TR‐069, SNMP, Telnet with CLI and UPnP. You can setup those configurations in the "System Management" section. 5.9.1 TR‐069 TR‐069 (Technical Report 069) is a Broadband Forum technical specification entitled CPE WAN Management ...
Page 330 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. server and the gateways until the next inquiry cycle. But if the ACS server has new jobs that are expected to do by the gateways urgently, it will ask these gateways by using connection request related information for immediate connection for inquiring jobs and executing. Scenario Application Timing When the enterprise data center wants to use an ACS server to manage remote gateways geographically distributed elsewhere in the world, the gateways in all branch offices must have an embedded TR‐069 agent to communicate with the ACS server. So that the ACS server can configure, FW upgrade and monitor these gateways and their corresponding Intranets. ...
Page 331 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [TR‐069]‐[Configuration] Configuration Path ■ Enable TR‐069 ACS URL http://qaamit.acslite.com/cpe.php ACSUserName ACS User Name ACSPassword ACS Password 8099 ConnectionRequest Port ConnReqUserName ConnectionRequest User Name ConnReqPassword ConnectionRequest Password ■ Enable Interval 900 Inform Scenario Operation Procedure In above diagram, the ACS server can manage multiple gateways in the Internet. The "Gateway 1" is one of them and has 118.18.81.33 IP address for its WAN‐1 interface. When all remote gateways have booted up, they will try to connect to the ACS server. Once the connections are established successfully, the ACS server can configure, upgrade with latest FW and monitor these gateways. ...
Page 332 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. TR‐069 Item Value setting Description The box is unchecked TR‐069 Enable Check the Enable box for activate TR‐069 by default When you finish set basic network wan 1~wan n, you can choose wan 1~wan n Auto is selected by Interface When you finish set advance network > vpn > Ipsec/pptp/l2tp/GRE, you can default. choose Ipsec/pptp/l2tp/GRE tunnel, the interface just like ACS URL A Must filled setting You can ask ACS manager provide ACS URL and manually set You can ask ACS manager provide ACS username and manu ACS Username A Must filled setting ally set ACS Password A Must filled setting You can ask ACS manager provide ACS password and manually set ConnectionRequest A Must filled setting You can ask ACS manager provide ACS ConnectionRequest Port and manually set Port ConnectionRequest You can ask ACS manager provide ACS ConnectionRequest Username and A Must filled setting Username manually set ConnectionRequest You can ask ACS manager provide ACS ConnectionRequest Password and A Must filled setting Password ...
Page 333: Snmp 3
(such as type and description of the variable), are described by Management Information Bases (MIBs). The device supports several public MIBs and one private MIB for the SNMP agent. The supported MIBs are as follow: Supported MIBs MIB‐II (RFC 1213, Include IPv6) IF‐MIB, IP‐MIB, TCP‐MIB, UDP‐MIB SMIv1 and SMIv2 SNMPv2‐TM and SNMPv2‐MIB AMIB (AMIT Private MIB) In "SNMP" page, there are two configuration windows for SNMP function, including the "Configuration" window and the "User Privacy Definition" window. The "Configuration" window can let you configure the embedded SNMP agent in the gateway to run SNMP function. In addition, the "User Privacy Definition" window is for SNMPv3 only and provides 5 records of user privacy definition for user authentication and data hashing and encryption. 333 ...
Page 334 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. SNMP Configuration Check the "Enable" box to activate the SNMP function for the gateway. Drive the function to work by specifying the access interfaces of SNMP protocol, the supported protocol versions, the read/write communities, the trap event receivers and the allowed IP address from outside to access the gateway by using SNMP protocol. User Privacy Definition However, if SNMPv3 is not listed in the supporting of the "Configuration" window, the "User Privacy ...
Page 335 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. SNMP Management Scenario Scenario Application Timing There are two application scenarios of SNMP Network Management Systems (NMS). Local NMS is in the Intranet and manage all devices that support SNMP protocol in the Intranet. Another one is the Remote NMS to manage some devices whose WAN interfaces are connected together by using a switch or a router with UDP forwarding. If you want to manage some devices and they all have supported SNMP protocol, use either one application scenario, especially the management of devices in the Intranet. In managing devices in the Internet, the TR‐069 is the better solution. Please refer to last sub‐section. Scenario Description The NMS server can monitor and configure the managed devices by using SNMP protocol, and those devices are located at where UDP packets can reach from NMS. ...
Page 336 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Parameter Setup Example Following tables list the parameter configuration as an example for the Gateway 1 in above diagram with "SNMP" enabling at LAN and WAN interfaces. Use default value for those parameters that are not mentioned in the tables. [SNMP]‐[Configuration] Configuration Path ■ LAN ■ WAN SNMP Enable ■ v1 ■ v2c ■ v3 Supported Versions ReadCommunity / WriteCommunity Get / Set Community 118.18.81.11 Trap Event Receiver 1 118.18.81.11 WAN Access IP Address [SNMP]‐[User Privacy Definition] Configuration Path ...
Page 337 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. SNMP Setting The SNMP allows user to configure SNMP relevant setting which includes interface, version, access control and trap receiver Ensure Configuration are enabled and saved Go to Advanced Network > System Management > SNMP SNMP Item Value setting Description Select the interface for the SNMP and enable SNMP functions. When Check the LAN box. 1.The LAN box is SNMP Enable It will activate SNMP functions and you can access SNMP by LAN checked by default When Check the WAN box. It will activate SNMP functions and you can access SNMP by WAN Select the version for the SNMP When Check the v1 box. 1.The v1 box is It means you can access SNMP by version 1. checked by default ...
Page 338 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Multiple Community The SNMP allows you to custom your access control for version 1 and version 2 user. The router supports up to a maximum of 10 community sets. When Add button is applied Multiple Community Rule Configuration screen will appear. Multiple Community Rule Configuration Item Value setting Description 1. Read Only is selected by default Specify this version 1 or version v2c user’s community that will be allowed Read 2. A Must filled Only (GET and GETNEXT) or Read‐Write (GET, GETNEXT and SET) access Community setting respectively. 3. String format: any The maximum length of the community is 32. text 1.The box is checked Enable Click Enable to enable this version 1 or version v2c user. by default Click the Save button to save the configuration. But it does not apply to SNMP Save N/A functions. When you return to the SNMP main page. It will show “Click on save button to apply your changes” remind user to click main page Save button. Undo N/A Click Undo to cancel the settings. Back ...
Page 339 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit User Privacy The SNMP allows you to custom your access control for version 3 user. The router supports up to a maximum of 128 User Privacy sets. When Add button is applied User Privacy Rule Configuration screen will appear. User Privacy Rule Configuration Item Value setting Description User Name 1. A Must filled Specify the User Name for this version 3 user. setting The maximum length of the user name is 32. 2. String format: any text Password 1. String format: any When your Privacy Mode is authNoPriv or authPriv, you must specify the text Password for this version 3 user. The minimum length of the password is 8. The maximum length of the password is 64. Authentication 1. None is selected When your Privacy Mode is authNoPriv or authPriv, you must specify the by default Authentication types for this version 3 user. Selected the authentication types MD5/ SHA‐1 to use. Encryption 1. None is selected When your Privacy Mode is authPriv, you must specify the Encryption protocols by default ...
Page 340 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. You must specify the Authentication and Password. Selected the authPriv. You must specify the Authentication, Password, Encryption and Privacy Key. Privacy Key 1. String format: any When your Privacy Mode is authPriv, you must specify the Privacy Key for this text version 3 user. The minimum length of the privacy key is 8. The maximum length of the privacy key is 64. Authority 1. Read is selected Specify this version 3 user’s Authority that will be allowed Read Only (GET and by default GETNEXT) or Read‐Write (GET, GETNEXT and SET) access respectively. OID Filter Prefix 1. The default value The OID Filter Prefix restricts access for this version 3 user to the subtree rooted at is 1 the given OID. 2. A Must filled The range of the each OID number is 1‐2080768. setting 3. String format: any legal OID Enable 1.The box is checked Click Enable to enable this version 3 user. by default Save N/A Click the Save button to save the configuration. But it does not apply to SNMP functions. When you return to the SNMP main page. It will show “Click on save button to apply your changes” remind user to click main page Save button. Undo N/A Click Undo to cancel the settings Back ...
Page 341 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. which is the same v1. When you selected v3. The configuration screen will provide the version 3 must filled items Trap Event Receiver Rule Configuration Item Value setting Description 1. A Must filled setting Specify the trap Server IP. Server IP 2. String format: any The DUT will send trap to the server IP. Ipv4 address 1. String format: any port number Specify the trap Server Port. 2. The default SNMP Server Port You can fill in any port number. But you must ensure the port number is not to be trap port is 162 used. 3. A Must filled setting Select the version for the trap 1. v1 is selected by SNMP Version Selected the v1. default The configuration screen will provide the version 1 must filled items. 341 ...
Page 342 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Selected the v2c. The configuration screen will provide the version 2c must filled items. Selected the v3. The configuration screen will provide the version 3 must filled items. 1. A v1 and v2c Must filled setting Specify the Community Name for this version 1 or version v2c trap. Community Name 2. String format: any The maximum length of the community name is 32. text 1. A v3 Must filled setting Specify the User Name for this version 3 trap. User Name 2. String format: any The maximum length of the user name is 32. text 1. A v3 Must filled When your Privacy Mode is authNoPriv or authPriv, you must specify the setting Password for this version 3 trap. Password 2. String format: any The minimum length of the password is 8. text The maximum length of the password is 64. Specify the Privacy Mode for this version 3 trap. Selected the noAuthNoPriv. 1. A v3 Must filled You do not use any authentication types and encryption protocols. setting Privacy Mode Selected the authNoPriv. 2. noAuthNoPriv is You must specify the Authentication and Password. selected by default Selected the authPriv. ...
Page 343 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. If you use some particular private mib, you must fill the enterprise name, number and OID. Options Item Value setting Description 1. The default value is AMIT Specify the Enterprise Name for the particular private mib. Enterprise Name 2. A Must filled setting The maximum length of the enterprise name is 10. 3. String format: any text The default value is 12823 (AMIT Enterprise Specify the Enterprise Number for the particular private mib. Enterprise Number Number) The range of the enterprise number is 1‐2080768. 2. A Must filled setting 3. String format: any number 1. The default value is 1.3.6.1.4.1.12823.4.4.9 Specify the Enterprise OID for the particular private mib. (AMIT Enterprise OID) The range of the each OID number is 1‐2080768. Enterprise OID 2. A Must filled setting The maximum length of the enterprise OID is 31. 3. String format: any The seventh number must be identical with the enterprise number. legal OID Click the Save button to save the configuration and apply your changes to SNMP ...
Page 344: Telnet With Cli 3
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.9.5 Telnet with CLI A command‐line interface (CLI), also known as command‐line user interface, and console user interface are means of interacting with a computer program where the user (or client) issues commands to the program in the form of successive lines of text (command lines). The interface is usually implemented with a command line shell, which is a program that accepts commands as text input and converts commands to appropriate operating system functions. Programs with command‐line interfaces are generally easier to automate via scripting. The device supports both ...
Page 345 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Telnet & SSH Scenario  Scenario Application Timing When the administrator of the gateway wants to manage it from remote site in the Intranet or Internet, he may use "Telnet with CLI" function to do that by using "Telnet" or "SSH" utility.  Scenario Description  The Local Admin or the Remote Admin can manage the Gateway by using "Telnet" or "SSH" utility with privileged user name and password.  The data packets between the Local Admin and the Gateway or between the Remote Admin and the Gateway can be plain texts or encrypted texts. Suggest they are plain texts in the Intranet ...
Page 346 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [Telnet with CLI]‐[Configuration] Configuration Path LAN: ■ Enable WAN: ■ Enable Telnet with CLI Telnet: Service Port 23 ■ Enable Connection Type SSH: Service Port 22 ■ Enable  Scenario Operation Procedure  In above diagram, "Local Admin" or "Remote Admin" can manage the "Gateway" in the Intranet or Internet. The "Gateway" is the gateway of Network‐A and the subnet of its Intranet is 10.0.75.0/24. It has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 ...
Page 347 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Configuration Item Value setting Description Telnet with CLI 1. The LAN Enable box Check the Enable box to activate the Telnet with CLI function for connecting from WAN/LAN interfaces. is checked by default. 2. The WAN Enable box is unchecked by default. Connection Type 1. The Telnet Enable Check the Telnet Enable box to activate telnet service. Check the SSH Enable box to activate SSH service. You can set which number of Service Port you want to provide box is checked by for the corresponding service. default. By default Service Port is 23. 2. The SSH Enable box is unchecked by default. By default Service Port is 22. Save N/A Click Save to save the settings Undo N/A Click Undo to cancel the settings ...
Page 348: Upnp 3
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.9.7 UPnP UPnP Internet Gateway Device (IGD) Standardized Device Control Protocol is a NAT port mapping protocol and is supported by some NAT routers. It is a common communication protocol of automatically configuring port forwarding. Applications using peer‐to‐peer networks, multiplayer gaming, and remote assistance programs need a way to communicate through home and business gateways. Without IGD one has to manually configure the gateway to allow traffic through, a process which is error prone and time consuming. This device supports the UPnP Internet Gateway Device (IGD) feature, and by default, it is enabled. ...
Page 349 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing When one client host in the Intranet wants to run peer‐to‐peer applications, like multiplayer gaming, the NAT gateway needs the UPnP function to automatically setup or remove port mapping rules in the gateway. Scenario Description Usually, the active port service attempt to access the gateway from the Internet will be ignored by the gateway for security. Normal NAT mechanism has the connection tracking feature to direct the response packets from the Internet back to the source end of request packets in the Intranet. Once one application in the Intranet host needs an additional service port to be activated at the WAN interface of the gateway, it will ask the gateway to do that by using UPnP protocol. Then the ...
Page 350 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. UPnP Configuration Item Name Value Setting Description UPnP Default checked Check to enable UPnP functionality Save N/A Click the Save button to save changes Undo N/A Click the Undo button to revert changes 350 ...
Page 351: B Certificate 3
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.b Certificate In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. The certificate includes information about the key, information about its owner's identity, and the digital signature of an entity that has verified the certificate's contents are genuine. If the signature is valid, and the person examining the certificate trusts the signer, then they know they can use that key to communicate with its owner . ...
Page 352 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Root CA Certificate Configuration Item Value setting Description 1. String format can be Name any text Enter a Root CA Certificate name. It will be a certificate file name 2. A Must filled setting This field is to specify the key attribute of certificate. Key Type to set public‐key cryptosystems. It only supports RSA now. Key A Must filled setting Key Length to set s the size measured in bits of the key used in a cryptographic algorithm. Digest Algorithm to set identifier in the signature algorithm identifier of certificates This field is to specify the information of certificate. Country(C) is the two‐letter ISO code for the country where your organization is located. State(ST) is the state where your organization is located. Subject Name A Must filled setting Location(L) is the location where your organization is located. Organization(O) is the name of your organization. Organization Unit(OU) is the name of your organization unit. Common Name(CN) is the name of your organization. Email is the email of your organization. It has to be email address style. Validity Period A Must filled setting This field is to specify the validity period of certificate. SCEP Configuration Go to Advanced Network > Certificate > Configuration SCEP Configuration ...
Page 353: B.3 My Certificates 3
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.b.3 My Certificates My Certificates include Root CA and Local Certificate List. Root CA is the top‐most certificate of the tree, the private key of which is used to "sign" other certificates. Local Certificate List shows all generated certificates by the root CA for the gateway. And it also stores the generated Certificate Signing Requests (CSR) which will be signed by other external CAs. The signed certificates can be imported as the local ones of the gateway. In "My Certificates" page, there are four configuration windows for the "My Certificates" function. The "Root CA" window can let you generate or delete the certificate of root CA. "Root CA Configuration" window can let you fill required information necessary for generating the root CA. However, the "Local Certificate List" window shows the stored certificates or CSRs for representing the ...
Page 354 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Local Certificate List Click on the "Generate" button and fill the required information for one certificate of the gateway. There may be multiple certificates to be used for different applications to represent the gateway. You also can import certificates signed by other root CAs for the gateway. You may remove unused ones by checking the Select box of those certificates and clicking on the "Delete" button. Local Certificate Configuration The required information to be filled for the certificate or CSR includes the name, key and subject name. It is a certificate if the "Self‐signed" box is checked, otherwise, it is a CSR. Self‐signed Certificate Usage Scenario Scenario Application Timing When the enterprise gateway owns the root CA and VPN tunneling function, it can generate its own local certificates by being signed by itself or import any local certificates that are signed by other external CAs. Also import the trusted certificates for other CAs and Clients. In addition, since it has the root CA, it also can sign Certificate Signing Requests (CSR) to form corresponding certificates ...
Page 355 Parameter Setup Example For Network‐A at HQ Following tables list the parameter configuration as an example for the "My Certificates" function used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The configuration example must be combined with the ones in following two sections to complete the whole user scenario. Use default value for those parameters that are not mentioned in the tables. Configuration Path [My Certificates]‐[Root CA Certificate Configuration] HQRootCA Name Key Type: RSA Key Length: 1024‐bits Key Country(C): TW State(ST): Taiwan Location(L): Tainan Subject Name Organization(O): AMITHQ Organization Unit(OU): HQRD Common Name(CN): HQRootCA E‐mail: hqrootca@amit.com.tw [My Certificates]‐[Local Certificate Configuration] Configuration Path HQCRT Self‐signed: ■ Name Key Type: RSA Key Length: 1024‐bits Key Country(C): TW State(ST): Taiwan Location(L): Tainan Subject Name Organization(O): AMITHQ Organization Unit(OU): HQRD Common Name(CN): HQCRT E‐mail: hqcrt@amit.com.tw [IPSec]‐[Configuration] Configuration Path ■ Enable IPSec ...
Page 356 X‐Auth For Network‐B at Branch Office Following tables list the parameter configuration as an example for the "My Certificates" function used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The configuration example must be combined with the ones in following two sections to complete the whole user scenario. Use default value for those parameters that are not mentioned in the tables. [My Certificates]‐[Local Certificate Configuration] Configuration Path BranchCRT Self‐signed: □ Name Key Type: RSA Key Length: 1024‐bits Key Country(C): TW State(ST): Taiwan Location(L): Tainan Subject Name Organization(O): AMITBranch Organization Unit(OU): BranchRD Common Name(CN): BranchCRT E‐mail: branchcrt@amit.com.tw Configuration Path [IPSec]‐[Configuration] ■ Enable IPSec [IPSec]‐[Tunnel Configuration] Configuration Path ■ Enable Tunnel s2s‐102 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode ...
Page 357 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [IPSec]‐[Authentication] Configuration Path Key Management IKE+X.509 Local Certificate: BranchCRT Remote Certificate: HQCRT User Name Network‐B Local ID User Name Network‐A Remote ID [IPSec]‐[IKE Phase] Configuration Path Main Mode Negotiation Mode None X‐Auth Scenario Operation Procedure In above diagram, "Gateway 1" is the gateway of Network‐A in headquarters and the subnet of its Intranet is 10.0.76.0/24. It has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN‐1 interface. "Gateway 2" is the gateway of Network‐B in branch office and the subnet of its Intranet is 10.0.75.0/24. It has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN‐1 interface. They both serve as the NAT security gateways. Gateway 1 generates the root CA and a local certificate (HQCRT) that is signed by itself. Import the certificates of the root CA and HQCRT into the "Trusted CA Certificate List" and "Trusted Client Certificate List" of Gateway 2. ...
Page 358 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Local Certificate Configuration Item Value setting Description Name 1. String format can be Enter a certificate name. It will be a certificate file name any text If Self‐signed is checked, it will be signed by root CA. If Self‐signed is not 2. A Must filled setting checked, it will generate a certificate signing request (CSR). Key A Must filled setting This field is to specify the key attributes of certificate. Key Type to set public‐key cryptosystems. Currently, only RSA is supported. Key Length to set the length in bits of the key used in a cryptographic algorithm. It can be 512/768/1024/1536/2048. Digest Algorithm to set identifier in the signature algorithm identifier of certificates. It can be MD5/SHA‐1. Subject Name A Must filled setting This field is to specify the information of certificate. Country(C) is the two‐letter ISO code for the country where your organization is located. State(ST) is the state where your organization is located. Location(L) is the location where your organization is located. ...
Page 359 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. When Import button is applied, an Import screen will appear. You can import a certificate from an existed certificate file, or directly paste a PEM encoded string as the certificate. Import Item Value setting Description Import A Must filled setting Select a certificate file from user’s computer, and click the Apply button to import the specified certificate file to the gateway. PEM Encoded 1. String format can be This is an alternative approach to import a certificate. any text You can directly fill in (Copy and Paste) the PEM encoded certificate string, 2. A Must filled setting and click the Apply button to import the specified certificate to the gateway. Apply N/A Click the Apply button to import the certificate. Cancel N/A Click the Cancel button to discard the import operation and the screen will return to the My Certificates page. 359 ...
Page 360: B.5 Trusted Certificates 3
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.b.5 Trusted Certificates Trusted Certificates include Trusted CA Certificate List and Trusted Client Certificate List. The Trusted CA Certificate List places the certificates of external trusted CAs. However, the Trusted Client Certificate List places the others' certificates what you trust. In "Trusted Certificates" page, there are six configuration windows for the "Trusted Certificates" function. ...
Page 361 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. trusted CA certificate. Then it will be shown in the "Trusted CA Certificate List". Trusted CA Certificate Import from a PEM Copy the contents of one CA certificate in PEM format to this window and use "Apply" button to store it in the gateway to serve as one trusted CA certificate. It will appear in the "Trusted CA Certificate List". Trusted Client Certificate List Just click on the "Import" button and select one client certificate file of the management PC to upload as a trusted one. In addition, you can delete used ones by checking the Select box of those ...
Page 362 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Scenario Application Timing (same as the one described in "My Certificates" section) When the enterprise gateway owns the root CA and VPN tunneling function, it can generate its own local certificates by being signed by itself. Also imports the trusted certificates for other CAs and Clients. These certificates can be used for two remote peers to make sure their identity during establishing a VPN tunnel. Scenario Description (same as the one described in "My Certificates" section) Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. Import a trusted certificate (BranchCRT) –a BranchCSR certificate of Gateway 2 signed by root CA of Gateway 1. Gateway ...
Page 363 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [Trusted Certificates]‐[Trusted Client Certificate Import from a File] Configuration Path File HQCRT.crt Scenario Operation Procedure (same as the one described in "My Certificates" section) In above diagram, the "Gateway 1" is the gateway of Network‐A in headquarters and the subnet of its Intranet is 10.0.76.0/24. It has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN‐1 interface. The "Gateway 2" is the gateway of Network‐B in branch office and the subnet of its Intranet is 10.0.75.0/24. It has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN‐1 interface. They both serve as the NAT security gateways. ...
Page 364 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Trusted CA Certificates List Item Value setting Description Import from a A Must filled setting Select a CA certificate file from user’s computer, and click the Apply button File to import the specified CA certificate file to the gateway. Import from a 1. String format can be This is an alternative approach to import a CA certificate. PEM any text You can directly fill in (Copy and Paste) the PEM encoded CA certificate 2. A Must filled setting string, and click the Apply button to import the specified CA certificate to the gateway. Apply N/A Click the Apply button to import the certificate. Cancel N/A Click the Cancel button to discard the import operation and the screen will return to the Trusted Certificates page. Instead of importing a Trusted CA certificate with mentioned approaches, you can also get the CA certificate from the SECP server. If SCEP is enabled (Refer to Advanced Network > Certificate > Configuration), you can click Get CA button, a Get CA Configuration screen will appear. Get CA Configuration Item ...
Page 365 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Trusted Client Certificate List Go to Advanced Network > Certificate > Trusted Certificates When Import button is applied, a Trusted Client Certificate Import screen will appear. You can import a Trusted Client Certificate from an existed certificate file, or directly paste a PEM encoded string as the certificate. Trusted Client Certificate List Item Value setting Description Import from a A Must filled setting Select a certificate file from user’s computer, and click the Apply button to File import the specified certificate file to the gateway. Import from a 1. String format can be This is an alternative approach to import a certificate. PEM any text You can directly fill in (Copy and Paste) the PEM encoded certificate string, 2. A Must filled setting and click the Apply button to import the specified certificate to the gateway. Apply N/A Click the Apply button to import certificate. Cancel N/A Click the Cancel button to discard the import operation and the screen will return to the Trusted Certificates page. Trusted Client Key List Go to Advanced Network > Certificate > Trusted Certificates ...
Page 366 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Trusted Client Key List Item Value setting Description Import from a A Must filled setting Select a certificate key file from user’s computer, and click the Apply button File to import the specified key file to the gateway. Import from a 1. String format can be This is an alternative approach to import a certificate key. PEM any text You can directly fill in (Copy and Paste) the PEM encoded certificate key 2. A Must filled setting string, and click the Apply button to import the specified certificate key to the gateway. Apply N/A Click the Apply button to import the certificate key. Cancel N/A Click the Cancel button to discard the import operation and the screen will return to the Trusted Certificates page. 366 ...
Page 367: B.7 Issue Certificates 3
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.b.7 Issue Certificates When you have a Certificate Signing Request (CSR) that needs to be certificated by the root CA of the device, you can issue the request here and let Root CA sign it. There are two approaches to issue a certificate. One is from a CSR file importing from the managing PC and another is copy‐ paste the CSR codes in gateway’s web‐based utility, and then click on the "Sign" button. In "Issue Certificates" page, there are three configuration windows for the "Issue Certificates" function. The "Certificate Signing Request (CSR) Import from a File" window let you browse the directories and file list of the managing PC to choose a CSR file and import it as the certificate signing ...
Page 368 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Certificate Signing Request (CSR) Import from a File Only the gateway plays the root CA role can sign CSRs and certify certificates for others. In this window, you can browse the directory architecture and file system in the managing PC to choose one CSR file for uploading unsigned certificates to the gateway. Click on the "Sign" button to generate corresponding certificate based on the imported CSR. The "Signed Certificate View" window will display the resulted certificate contents, and you can download the certification to a file in the managing PC by clicking on the "Download" button. The default name of the saved certification file is "issued.crt". You need to change to a preferred file name. ...
Page 369 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Self‐signed Certificate Usage Scenario Scenario Application Timing (same as the one described in "My Certificates" section) When the enterprise gateway owns the root CA and VPN tunneling function, it can generate its own local certificates by being signed by itself. Also imports the trusted certificates for other CAs and Clients. These certificates can be used for two remote peers to make sure their identity during establishing a VPN tunnel. Scenario Description (same as the one described in "My Certificates" section) Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. Also imports a trusted certificate (BranchCRT) –a BranchCSR certificate of Gateway 2 signed by root CA of Gateway 1. Gateway 2 creates a CSR (BranchCSR) to let the root CA of the Gateway 1 sign it to be the BranchCRT certificate. Import the certificate into the Gateway 2 as a local certificate. In addition, ...
Page 370 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [Issue Certificates]‐[Signed Certificate View] Configuration Path Command Button Download (default name is "issued.crt") Scenario Operation Procedure (same as the one described in "My Certificates" section) In above diagram, the "Gateway 1" is the gateway of Network‐A in headquarters and the subnet of its Intranet is 10.0.76.0/24. It has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN‐1 interface. The "Gateway 2" is the gateway of Network‐B in branch office and the subnet of its Intranet is 10.0.75.0/24. It has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN‐1 interface. They both serve as the NAT security gateways. ...
Page 371 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Certificate Signing Request (CSR) Import from a File Item Value setting Description Certificate Signing It could select a certificate signing request file from user’s Request (CSR) Import A Must filled setting computer for importing to DUT. from a File Certificate Signing 1. String format can be any text It could input the certificate signing request pem encoded Request (CSR) Import 2. A Must filled setting to DUT. from a PEM When root CA is exist, click the Sign button to be signed by Sign N/A root CA 371 ...
Page 372: D Communication Bus 3
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.d Communication Bus The IOG product series provides the DB‐9 male port for various serial communication use through connecting the RS‐232 or RS‐485 serial device to an IP‐based Ethernet LAN. These communication protocols make user access serial devices anywhere over a local LAN or the Internet easily. They include "Virtual COM" and "Modbus". 5.d.1 Port Configuration Before using the function of Virtual COM or Modbus, you need to configure the DB‐9 male port first. In "Port Configuration" page, there is only one configuration window for the serial port settings. The "Configuration" window can let you specify serial port parameters including the operation mode being "Virtual COM", "Modbus" or disabled, the interface being "RS‐232" or "RS‐485", the baud rate, the data bit length, the stop bit length, the flow control being "RTS/CTS", "DTS/DSR" or "None", and the parity. The port configuration screen allows user to select and switch from one communication protocol to another for the serial port. The type of the supported protocols varies with gateway model purchased. They are Virtual COM, Modbus, and IEC60870‐5. User may pre‐configure all of them in each ...
Page 373 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Port Configuration Window Item Value setting Description Serial Port N/A It displays the serial pot ID of the serial port. It displays the current selected mode of operation for the serial interface. Operation Mode Disable is set by default Depending on the model purchased the available mode are Virtual COM, Modbus, and IEC 60870‐5. Interface RS‐232 is set by default Select RS‐232 or RS‐485 connection to map to IP‐based network. Select the appropriate baud rate for serial device communication Baud Rate 19200 is set by default RS‐232: 9600 / 19200 / 38400 / 57600 / 115200 RS‐485: 9600 / 19200 / 38400 / 57600 / 115200 / 230400 / 460800 Data Bits 8 is set by default Select 8 or 7 for data bits 1 is set by default Stop Bits Select 1 or 2 for stop bits Select None / RTS,CTS / DTS, DSR for Flow Control Flow Control None is set by default Parity None is set by default Select None / Even / Odd for Parity bit Edit buttons to select the mode of operation and modify the parameters ...
Page 374: D.3 Virtual Com 3
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.d.3 Virtual COM Create a virtual COM port on user’s PC/Host to provide access to serial device connected to the serial port on gateway. Therefore, users can access, control, and manage the connected serial device through Internet (fixed line, or cellular network) anywhere. This application is also known as Ethernet pass‐through communication. Virtual COM setting screen enables user to connect a Virtual COM port based device to the Internet. It allows user to access serial data remotely. There are TCP Client, TCP Server, UDP, and RFC2217 modes for remote accessing the connected serial device. ...
Page 375 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  When the connection control of virtual COM is "On‐demand", and once the IOG gateway receives data from the connected serial device, it will establish a TCP connection to transfer the received serial data to the remote host.  After the data has been transferred, the gateway automatically disconnects the established TCP session from the host computer by using the TCP alive check timeout or idle timeout settings.  Finally, the host computer can process the collected serial data and make further decisions. ...
Page 376 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Scenario Application Timing When the administrator expects the gateway to wait passively for the serial data requests from the host computer, and the host computer will establish a TCP connection to get data from the serial device, the operation mode for the "Virtual COM" function is required to be "TCP Server". In this mode, the gateway provides a unique "IP: Port" address on a TCP/IP network. It supports up to 4 simultaneous connections, so that multiple hosts can collect data from the same serial device at the same time.  Scenario Description ...
Page 377 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  UDP Mode  Scenario Application Timing If both the Internet Host Computer and the remote serial device are expected to initiate a data transfer when it require to do that, the operation mode for the "Virtual COM" function in the gateway is required to be "UDP". In this mode, the UDP data can be transferred between the gateway ...
Page 378 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [Virtual COM]‐[Legal IP Definition (UDP)] Configuration Path ID 1 140.116.82.98 Host 4001 Remote Port Serial Port Sport‐0 ■ Enable Definition  RFC‐2217 Mode (With RFC‐2217 driver installed)  Scenario Application Timing RFC‐2217 defines general COM port control options based on telnet protocol. A host computer with RFC‐2217 driver installed can monitor and manage the remote serial device attached to the gateway’s serial port, as though they were connected to the local serial port. When a virtual serial port on the local serial device is being created, it is required to specify the IP‐address of the host computers to establish connection with. ...
Page 379 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Use default value for those parameters that are not mentioned in the tables. [Virtual COM]‐[Virtual COM Serial Definition] Configuration Path RFC‐2217 Operation Mode 4001 Listen Port Specific IPs Trust Type [Virtual COM]‐[Trusted IP Definition (RFC‐2217)] Configuration Path 1 ID 140.116.82.98 Host Sport‐0 Serial Port ■ Enable Enable Virtual COM Setting Virtual COM setting screen enables user to connect a Virtual COM port based device to the Internet. It allows user to access serial data remotely. There are TCP Client, TCP Server, UDP, and RFC2217 modes for remote accessing the connected serial device. To use the Virtual COM function, you have to specify the operation mode for the multi‐function serial port first. Go to Advanced Network > Communication Bus > Port Configuration tab, select the Virtual COM as expected operation mode, and finish the related port configuration as well. After that, go to Advanced Network > Communication Bus > Virtual COM tab for detailed ...
Page 380 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Enable TCP Client Mode Window Item Value setting Description Operation Mode A Must filled setting Select TCP Client. Connection Control Always on is set by Choose Always on for a TCP full time connection. Otherwise, choose On‐ default Demand to initiate TCP connection only when required to transmit and disconnect at idle timeout. Connection Idle 1. 0 is set by default Enter the idle timeout in minutes. Timeout 2. Range 0 to 60 min. The idle timeout is used to disconnect the TCP connection when idle time elapsed . Idle timeout is only available when On‐Demand is selected in the Connection Control field. Alive Check Timeout 1. 0 is set by default Enter the time period of alive check timeout. The TCP connection will be 2. Range 0 to 60 min. terminated if it doesn’t receive response of alive‐check longer than this timeout setting Enable The box is unchecked Check the Enable box to activate the corresponding serial port in specified by default. operation mode. Save ...
Page 381 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Specify TCP Server Window Item Value setting Description To Host A Must filled setting Press Edit button to enter IP address or FQDN of the remote TCP server to transmit serial data. Remote Port 1.A Must filled setting Enter the TCP port number. This is the listen port of the remote TCP server. 2.Default value is 4001 Serial Port SPort‐0 is set by default Apply the TCP server connection for a selected serial port. Up to 4 TCP servers can be configured at the same time for each serial port. Enable The box is unchecked by Check the Enable box to enable the TCP server configuration. default Save N/A Click the Save button to save the configuration Enable TCP Server Mode Configure the gateway as the TCP (Transmission Control Protocol) Server. The TCP Server waits for connections to be initiated by a remote TCP client device to receive serial data. The setting allows user ...
Page 382 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Specify TCP Clients for TCP Server Access Specify TCP Clients Window Item Value setting Description Host A Must filled setting Enter the IP address range of allowed TCP clients. Serial Port The box is unchecked by Check the box to specify the rule for selected Serial Port. default Enable The box is unchecked by Check the Enable box to enable the rule. default Save N/A Click Save button to save the settings. Enable UDP Mode UDP (User Datagram Protocol) enables applications using UDP socket programs to communicate with the serial ports on the serial server. T he UDP mode provides connectionless communications, which enable you to multicast data from the serial device to multiple host computers, and vice versa, making this ...
Page 383 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Enable UDP Mode Window Item Value setting Description Operation Mode A Must filled setting Select UDP mode. Listen Port 4001 is set by default Indicate the listening port of UDP connection. Enable The box is unchecked Check the Enable box to activate the corresponding serial port in specified by default. operation mode. Save N/A Click Save button to save the settings. Specify Remote UDP Specify Remote UDP hosts Window Item Value setting Description Host A Must filled setting Press Edit button to enter IP address range of remote UDP hosts. Remote Port 4001 is set by default Indicate the UDP port of peer UDP hosts. Serial Port ...
Page 384 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Enable RFC‐2217 Mode Window Item Value setting Description Operation Mode A Must filled setting Select RFC‐2217 mode. Listen Port 4001 is set by default Indicate the listening port of RFC‐2217 connection. Trust Type Allow All is set by Choose Allow All to allow any clients to connect. Otherwise choose default Specific IP to limit certain clients. Connection Idle 0 is set by default Enter the idle timeout in minutes. Timeout The idle timeout is used to disconnect the connection when idle time elapsed . Alive Check Timeout 0 is set by default Input the time period of alive check timeout. The connection will be terminated if it doesn’t receive response of alive‐check longer than this timeout setting. Enable The box is unchecked Check the Enable box to activate the corresponding serial port in specified by default. operation mode. Save N/A ...
Page 385: D.5 Modbus 3
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 5.d.5 Modbus Modbus is one of the most popular automation protocols in the world, supporting traditional RS‐ 232/422/485 devices and recently developed Ethernet devices. Many industrial devices, such as PLCs, DCSs, HMIs, instruments, and meters, use Modbus as the communication standard. It is used to establish master‐slave/client‐server communication between intelligent devices. However, the Ethernet‐based Modbus protocol is so different from the original serial‐based protocols. In order to integrate Modbus networks, the IoT Gateway, including a serial port that support ...
Page 386 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. In "Modbus" page, there are five configuration windows for the Modbus function. The "Gateway Configuration" window can let you enable the Modbus Gateway role for the IoT Gateway by configuring some parameters, including the serial protocol, the timeout value of serial response, the enabling of 0Bh exception handling, the enabling of buffering for serial messages, the enabling of a minimum amount of time delay between one data receiving and one data sending and the retry times for serial timeout. The second configuration window is “Slave Configuration”. It can let you enable the Modbus Slave role for the IoT Gateway by configuring some parameters, including the Slave ID, the Ethernet or Serial type of interface and the serial protocol if Serial interface is chosen. The third window, “Modbus ...
Page 387 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. IoT Gateway as Modbus Gateway Scenario Scenario Application Timing When the administrator of IoT Gateway wants to configure the gateway to be a Modbus gateway for receiving requests from remote Modbus TCP Master, accessing the attached Modbus devices, and making responses to the master with device accessing results, then the scenario is adequate for the application. The Modbus TCP Master requests the information from or sending control commands to various Modbus devices that attached to the IoT Gateway, the Modbus gateway. And IoT Gateway executes corresponding processes and replies the Modbus TCP Master with the results. Scenario Description The IoT Gateway serves as the Modbus gateway to communicate with the Modbus TCP Master, ...
Page 388 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [Port Configuration]‐[Configuration] Configuration Path Operation Mode Modbus RS‐485 Interface Same as the one of connected Modbus devices Baud Rate (bps) Data Bits Same as the one of connected Modbus devices Same as the one of connected Modbus devices Stop Bits Same as the one of connected Modbus devices Flow Control Same as the one of connected Modbus devices Parity [Modbus]‐[Gateway Configuration] Configuration Path ■ Enable Gateway Same as the one of connected Modbus devices Serial Protocol 1000 Serial Response Timeout [Modbus]‐[Modbus TCP Configuration] Configuration Path Listen Port 300 sec TCP Connection Idle Time Maximum TCP Connections Specific IP Trusted IP Access [Modbus]‐[Trusted IP Definition] Configuration Path ...
Page 389 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. gateway via the general Internet accessing approach. The IoT Gateway collects the required information from or executing the required actions to the Modbus devices for the Modbus TCP Master. The IoT Gateway replies the Modbus TCP Master with the device information or execution results. IoT Gateway as Modbus TCP Slave Scenario Scenario Application Timing When the administrator of IoT Gateway wants to configure the gateway to be a Modbus TCP Slave for receiving requests from remote Modbus TCP Master, executing some actions and making responses, then the scenario is adequate for the application. The Modbus TCP Master requests the information of or sending control commands to the IoT Gateway, the Modbus TCP Slave. And IoT Gateway executes corresponding processes and replies the Modbus TCP Master. Scenario Description ...
Page 390 Modbus network traffic. The data from the serial port is encapsulated in a TCP/IP frame and transported over Ethernet. On the destination side of Ethernet the serial data are extracted from the TCP/IP frame. So all TCP/IP Modbus traffics that entered and passed through the AMIT Gateway are converted to Modbus RTU or ASCII packets (user selectable) and transmitted out the ...
Page 391 When AMIT Gateway operates in the Legacy Modbus Slave‐Device Mode, the AMIT gateway would act as a standalone Modbus slave role in a Modbus network. Gateway information can be requested by the existed SCADA network for Modbus device Management. AMIT Gateway supports simultaneous dual mode operation. Gateway can run Legacy Modbus Slave‐ Device Mode and either master or slave of Modbus‐attached Mode simultaneously. The following diagram is the AMIT Modbus Gateway configuration example of single mode and simultaneous dual mode. Single Mode: Single Mode: Single Mode: Generic Modbus Master‐attached Generic Modbus Slave‐ Generic Modbus Slave ...
Page 392 Go to Advanced Network > Communication Bus > Modbus tab In the following Mode of configurations are: 1. Enable Modbus‐attached Mode (Master‐attached or Slave‐attached) 2. Enable Legacy Modbus Slave‐Device Mode 3. Enable simultaneous dual mode operation (enable two of the modes) Modbus‐attached Mode (Single Mode) There are two selections for the Modbus‐attached Mode. Enable Master‐attached Mode if a Modbus Master Device is connected to the Serial Port of the AMIT gateway. Or enable Slave‐attached if a Modbus Slave Device is connected. Before select Master or Slave attached mode, enable Modbus first as follows. The functions enabled in the Gateway Configuration screen would apply to Slave‐attached Mode, Master‐attached Mode, and Legacy Modbus Slave‐Device Mode. Enable Modbus Enable Modbus Window Item Value setting ...
Page 393 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 2. Buffer up to 32 transmit to Slave based on Master’s IP address if requests are coming from remote requests Master, or based on remote Slave ID if requests are coming from serially attached Master, or based on Function Code. To prioritize Master request, refer to the Modbus Priority Definition section in the following section. 0Bh Exception Unchecked by Check the Enable box to enable gateway to send a 0Bh exception code message to default Modbus Master to indicate that the slave device does not respond before the timeout has been reached. Tx Delay Unchecked by Check the Enable box to activate to the minimum amount of time after receiving a default response before the next message can be sent out. When Tx is enabled the Gateway would insert a Tx delay between Master requests. The delay gives sufficient time for the slave devices to turn their transmitters off and their receivers back on. Save N/A Click the Save button to save the settings. Modbus Priority Definition Message Buffering must be enabled to prioritize Master request queue to transmit to Modbus Slave as mentioned in the above, 393 ...
Page 394 Modbus network. The command received on the Serial Port will be sent to the Modbus Slave over the Ethernet network. Enable Master‐attached Mode Note: When operates in Master‐attached mode, the AMIT gateway will run in a TCP Client mode to initiate a TCP connection. Press Edit Button to select Master mode and other configuration in the following setting. Modbus Serial Definition Window ...
Page 395 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Specify Remote Slave(s) Window Item Value setting Description Remote Slave IP A Must fill setting Enter the IP address of the remote Modbus slave. Remote Slave Port 1. A Must fill setting Enter the TCP port on which the TCP server of the remote Slave listens (to 2. Range 1 to 65535 the TCP client session request). Remote Slave ID 1. A Must fill setting Enter the Modbus ID range of the remote Modbus Slave(s) that will respond Range 2. Range 1 to 247 to the Master’s request. Local Serial Port Unchecked by default Select the Serial port from which the Master’s request will be sent to the remote slave. Note: The number of Serial Port supported depends on the gateway model purchased. If the check box is grayed out and not available, ensure that you have Master option selected in the Modbus Serial Definition sub‐screen and save the setting. Remote Slave Unchecked by default Check Enable box to enable this rule. Save N/A Click Save button to save the settings. Undo N/A Click Undo button to cancel the settings. ...
Page 396 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Modbus Slave‐attached Apply this setting if a Modbus Slave Device is connected to the Serial Port of the AMIT gateway and select the protocol, RTU or ASCII. In the Modbus Serial Definition screen, select slave option from the Serial Mode dropdown box, you are telling the AMIT gateway that the device connected to its serial port is a Modbus Slave device. This enables the serially connected Modbus Slave to respond by supplying the requested data to the Master or by taking the action requested in the request. Enable Slave‐attached Mode Note: When operates in Slave‐attached mode, the AMIT gateway will run in TCP server mode to wait for a TCP connection request. Press Edit Button to select Slave mode and other configuration in the following setting. Modbus Serial Definition Window Item Value setting Description Serial Port N/A ...
Page 397 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Setup TCP/IP Connection for Receiving Modbus Master Request The TCP Connection Configuration screen allows the Modbus device operator to set up the AMIT gateway of the attached Modbus Slave to listen for the server request (that is coming from the TCP Client’s connection request) on the specified TCP port. Before Modbus Slave can receive requests from the server, TCP session connection must be established first. Specify the gateway’s TCP server listening port number to receive TCP client’s (Modbus Server side) session connection request and other ...
Page 398 Local Modbus Network Management System is able to read AMIT gateway information and, hence, treating AMIT gateway as a Slave device within an existing SCADA Network. To allow Modbus management, you will need to assign one Modbus Slave ID to the AMIT gateway and specify which physical interface, Ethernet or Serial Port, of the gateway the information will be read from. The AMIT ...
Page 399: D.9 Data Logging 3
Interface default information will be read and communicated. Save N/A Click the Save button to save the settings. Simultaneous Dual Mode (Dual Mode) AMIT gateway supports serially attached Modbus devices and, at the same time, allows gateway information to be read by the Modbus Master in the existed Modbus Management Network. To allow dual Mode, simply go through the settings described in the Modbus‐attached Mode section and the Legacy Modbus Slave‐Device Mode section. 5.d.9 Data Logging Data Logging function is a very useful and also important feature for Modbus application environment, it makes the management jobs easily by checking the status and historical data during whole Data‐...
Page 400 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. backup files by specify the file size. IP: 172.16.99.160  Auto Data Logging in Proxy Mode  Under Data Logging Proxy Mode, user can add some pre‐defined rules via “Proxy Mode Rule Configuration” to do the Data‐Acquisition by IoT Gateway itself automatically, once the network connection between remote SCADA was lost unexpectedly, the Proxy Mode will be triggered and begin to do the data polling jobs by those pre‐defined rules running in background. ...
Page 401 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  Data Logging Files Download  All the data acquired from local modbus device can be downloaded through FTP and WEB UI, admin/user can download the resulting data over the internet/intranet by FTP service or from WEB‐UI for further analysis.  Only when the “FTP download” item was checked as “Enable”, then user can login and download the files via IoT Gateway’s FTP service. However, user can still download those files from IoT Gateway’s WEB UI by clicking the “Download log file” button without FTP service. 401 ...
Page 402 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Below is an example of the configuration steps for above scenario. First of all, click and check to enable the “Data Logging” function and ensure that storage media was ready to use on the IoT Gateway, e.g. to plug an USB Stick in USB port, or insert a microSD Card, then click and check to enable the “FTP download” option, let user can download files from IoT Gateway internal FTP server. Now we can start to add/create some “Data Logging” rules and “Proxy Mode” rules by clicking on their “Add” button. To add the “Proxy Mode” rules: 402 ...
Page 403 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. To add the “Data Logging” rule, don’t forget to choose the suitable rules for Proxy Mode enabling. Once the rules adding finished, we still can do further modification by clicking on the “Edit” button of those existing rules. Even more, if we don't need those rules anymore, we shall just click to select them and delete. 403 ...
Page 404 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Data Logging Setting Data Logging is commonly used in monitoring systems to collect and analyze the data. The data will record by modbus properties which need to collect informaiton. The proxy mode could monitor the modbus master devices and proxy its rules if the master device is disconnected. Ensure Data Logging is enabled and saved Go to Advanced Network > Communication Bus > Data Logging Configuration Item Value setting Description Data Logging The box is Check the Enable box to activate to data logging function. unchecked by default Export File Format CSV is set by default Choose the file format. FTP download The box is Check the Enable box to activate to FTP download function. It can use the unchecked by username which is logging and UI password to log in the ftp. default Save NA Click the Save button to save the configuration. Ensure Modbus is enabled and saved Go to Advanced Network > Communication Bus > Port Configuration ...
Page 405 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Data Logging Configuration Item Value setting Description Name A Must filled setting Assign name to save the data logging records by this file name and time. Communication Modbus is set by To record the protocol message. Protocol Type default Modbus Master IP Address is set by Enter the IP address to record and monitoring the modbus master. Monitoring default Slave Serial Port SPort‐0 is set by Choose one serial port to send the proxy rules if the proxy mode is default activated. Slave ID Range 1. A Must filled setting Enter the Slave ID Range to send the proxy rules if the proxy mode is 2. Range 1 to 247 activated. Proxy Mode The box is unchecked Check the Enable box to active the proxy mode functions. by default Proxy Mode Rules The box is unchecked Check the Proxy Mode Rules if the proxy mode rules were added. by default ...
Page 406 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Proxy Mode Rule List The router allows you to custom your proxy mode rule list. It supports up to a maximum of 20 list sets. When Add button is applied, Proxy Mode Rule Configuration screen will appear. Proxy Mode Rule List Item Value setting Description Name A Must filled setting Assign name to be selected by data logging list. Function Read Coils is set by The modbus protocol for read function. Name/Code default Start Address 1. A Must filled The modbus protocol for Start Address. Start Address plus Numbers must is setting smaller than 65536. 2. Range 0 to 65535 Numbers 1. A Must filled The modbus protocol for Numbers. Start Address plus Numbers must is setting smaller than 65536. 2. Range 1 to 125 Poll Time 1. A Must filled Enter the Poll Time in milliseconds. When proxy mode is activated, it will send ...
Page 407: Chapter 7 Applications 4
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Chapter 7 Applications 7.1 Mobile Application Whether there is the mobile application existed in your purchased gateway depends on its product category. In Mobile Application section, the device supports SMS Management, USSD Management, Network Scan and SMS‐based Remote Management. You can setup these four aspects of mobile applications by using embedded 3G/LTE module in the device. 7.1.1 SMS Short Message Service (SMS) is a text messaging service component of phone, Web, or mobile communication systems. It uses standardized communications protocols to allow fixed line or mobile ...
Page 408 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. In "SMS" page, there are four windows for the SMS function. The "Configuration" window can let you specify which 3G/4G module (physical interface) is used for the SMS function, and system will show which SIM card in the module is the current used one. In addition, the supported media to store SMS messages in the gateway now has only "SIM Card Only" option. The second window is the "Alter Rule List" and it shows all your defined altering rules for SMS messages, like auto‐forwarding messages to another mobile phone set, message forwarding by email and message forwarding by syslog. By using the third window, "Alter Rule Configuration", you can define an altering rule for SMS messages. At last, the "SMS Summary" window displays information such as the numbers of unread SMS messages, total received SMS messages and SMS messages in free space. Moreover, a "New SMS" button can let you compose and send a new SMS message. The "SMS Inbox" button can let you check all received SMS messages. The SMS function allow user to send SMS, read and delete SMS from SIM Card. Configuration setting Go to Application > Mobile Application > SMS Configuration Item Value setting Description Physical The box is 3G/4G‐1 by Choose the 3G/4G‐1 or 3G/4G‐2 to change setting of cellular module1 or cellular Interface default module2. The box is checked by This is the SMS switch. If the box checked that the SMS function enable, if the box SMS default unchecked that the SMS function disable. ...
Page 409 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. SMS Summary Show Unread SMS, Received SMS, Remaining SMS, and edit SMS context to send, read SMS from SIM card. SMS Summary Item Value setting Description If SIM card insert to router first time, unread SMS value is zero. When received the Unread SMS N/A new SMS but didn’t read, this value plus one. This value record the existing SMS numbers from SIM card, When received the new Received SMS N/A SMS, this value plus one. This value is SMS capacity minus received SMS, When received the new SMS, this Remaining SMS N/A value minus one. Click New SMS button, a New SMS screen appears. User can set the SMS setting New SMS N/A from this screen. Refer to New SMS in the next page. Click SMS Inbox button, a SMS Inbox List screen appears. User can read or delete SMS Inbox N/A SMS, reply SMS or forward SMS from this screen. Refer to SMS Inbox List in the next page. New SMS User can set the SMS setting from this screen. New SMS Item Value setting ...
Page 410 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. SMS Inbox List User can read or delete SMS, reply SMS or forward SMS from this screen. SMS Inbox List Item Value setting Description ID N/A The number or SMS. From Phone N/A What the phone number from SMS Number Timestamp N/A What time receive SMS SMS Text N/A Preview the SMS text. Preview User can check the box, then click Delete button to delete SMS. User click The box is unchecked by Action Reply/Forward button to reply/forward SMS. User click Detail button to read the default SMS detail, and Detail SMS Message screen appears. Refresh N/A Refresh the SMS Inbox List. Delete N/A Delete the SMS for all checked box from Action. Close N/A Close the Detail SMS Message screen. ...
Page 411: Ussd 4
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 7.1.3 USSD Unstructured Supplementary Service Data (USSD) is a protocol used by GSM cellular telephones to communicate with the service provider's computers. USSD can be used for WAP browsing, prepaid callback service, mobile‐money services, location‐based content services, menu‐based information 15 services, and as part of configuring the phone on the network. An USSD messageis up to 182 alphanumeric characters in length. Unlike Short Message Service (SMS) messages, USSD messages create a real‐time connection during an USSD session. The connection ...
Page 412 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. correct pre‐command, and then click on the "Send" button for the session. The responses from the USSD server will be displayed beneath the "USSD Command" line. When commands typed in the "USSD Command" field are sent, received responses will be displayed in the "USSD Response" blank space. User can communicate with the USSD server by sending USSD commands and getting USSD responses via the voice gateway. An USSD Session Scenario Scenario Application Timing When the administrator wants to uses the Voice Gateway to ask for some ISP's services through an ...
Page 413 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [USSD]‐[USSD Profile Configuration] Configuration Path Profile Name roaming setting *135# USSD Command Roaming function Comments [USSD]‐[USSD Request] Configuration Path roaming setting Profile Name *135# USSD Command USSD Response Scenario Operation Procedure In above diagram, the "Vo3G Gateway" is the initiator of an USSD session requesting for data roaming services in ChungHwa mobile operator. First, administrator selects one 3G/4G module as the physical interface of the USSD session. And then, ...
Page 414 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. When Add button is applied USSD Profile List Configuration screen will appear. USSD Profile List Item Value setting Description Profile Name N/A The Profile Name that user can key in. USSD Command N/A The USSD command that user can key in. Comments N/A The Comments is this profile comment. USSD Request When send the USSD command, the USSD Response screen will appear. When click the Clear button, the USSD Response will disappear. USSD Request Item Value setting Description USSD Profile N/A User can select the USSD Profile, then USSD Command will change by USSD Profile. USSD Command N/A USSD Command can be key in by User or change when User select USSD Profile. When send the USSD command, the USSD Response screen will appear, User can USSD Response N/A ...
Page 415: Network Scan 4
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 7.1.5 Network Scan "Network Scan" function can let administrator specify the device how to connect to the mobile system for data communication in each 3G/4G interface. For example, administrator can specify which generation of mobile system is used for connection, 2G, 3G or LTE. Moreover, he can define their connection sequence for the gateway device to connect to the mobile system automatically. Administrator also can scan the mobile systems in the air by manual, select the target operator system ...
Page 416 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Configuration Item Value setting Description Physical The box is 3G/4G‐1 by Choose the 3G/4G‐1 or 3G/4G‐2 to change setting of cellular module1 or cellular Interface default module2. SIM Status N/A Depend on currently SIM status. When Auto selected, the network will be register automatically. If the prefer option The box is Auto by Network Type selected, network will be register for your option first. If the only option selected, default network will be register for your option only. The box is Auto by When Auto selected, Band List all box checked, and user can’t select any option. Band Selection default User need to select the Manual option, then allow to change the Band List setting. All box is checked by The Band List’s options depend on module, and user need to select option at least Band List default one for all network type. When Auto selected, cellular module register automatically. If the Manually selected, Network Provider List will shown. when Manually is selected in the dropdown list for Scan Approach, a network provider list screen appears. Press Scan button to scan for the nearest base stations. Select preferred base stations then click Apply button to apply settings. Network Provider List: When user click Scan button, it will be find the provider list ...
Page 417: Sms Management 4
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 7.1.7 SMS Management "SMS‐based Remote Management" function can let administrator manage the gateway device remotely by using text SMS (Short Message Service) application in the mobile system. Users can send managing SMS messages to this gateway to perform necessary actions, such as to get WAN status, to connect / disconnect / reconnect WAN connection or to reboot the system. In addition, gateway can also send SMS notification messages automatically to users for alert events. Moreover, only the assigned person with connection key can link with the gateway via the SMS system. Administrator can further limit the assigned person by specifying phone numbers to allow communicate with the gateway via the SMS system. Only these phones can SMS control the gateway. Furthermore, the SMS messages can be removed after being processed by the system to clear up the memory to receive more other managing ...
Page 418 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. receive the managing events and if the gateway will issue alerting SMS messages upon events happened. In the "Managing Event List" and "Notified Event List" windows, there are managing events and notified events to be selected to enable gateway to execute corresponding actions and make responses once selected events happened. At last, the sixth window is "Access Control Configuration" window. Administrator can enable the access control here to specify only some defined phone numbers can communicate with the gateway via the SMS system. In the "Specific Phone Number Definition" window, for each phone number administrator can further specify the SMS messaging access control. ...
Page 419 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [Remote Management]‐[Configuration] Configuration Path ■ Enable SMS Remote Management 3G/4G‐1 Physical Interface Configuration Path [Remote Management]‐[Management Configuration] ■ Enable Delete Managed SMS after Processing ■ Enable Send Confirmed SMS 1234 Security Key [Remote Management]‐[Event Configuration] Configuration Path ■ Enable Managing Event List [Remote Management]‐[Managing Event List] Configuration Path ID Event Reboot Device ■ Enable Configuration Path [Remote Management]‐[Access Control Configuration] ■ Enable Access Control ...
Page 420 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. SMS Management Setting SMS management is the application that allows administrator to remotely managing the gateway via issuing some Managing Event SMS, or got the instant alerts from the remote gateway with notifying event SMS. Enabling SMS Management Go to Applications > Mobile Application > SMS Management Tab SMS Management Item Value setting Description SMS Remote The box is unchecked by Check the Enable box to activate SMS Remote Management function Management default Managing The box is unchecked by Check the Enable box to activate Managing Events function Events default ...
Page 421 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Management Configuration Definition SMS setting about managing events Management Configuration Item Value setting Description Delete Managed The box is unchecked Check the Enable box to delete the received managing event SMS after it has SMS after by default been processed. Processing Delete All N/A Press the Active button to delete all the received SMS. Received SMS Security Key The box is unchecked Click the Enable box to enable the security key for validating the received by default SMS. Once the function is enabled, you have to enter the security key behind the checkbox. The received managing events SMS must have the designated security key as an initial identifier, then corresponding handlers will become effective for further processing. Save NA Click the Save button to save the configuration ...
Page 422 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. SMS Account Definition Setup your SMS Account. It supports up to a maximum of 5 accounts. You can click the Edit button for each ID to edit the account. SMS Account Definition Item Value setting Description Phone 1. Mobile telephone Specify the phone number that will issuing the SMS as the account Number numbers format identifier. 2. A Must filled setting Application A Must filled setting Specify the application type. It could be Managing Events, Notifying Events, or both. Enable The box is unchecked by Click Enable box to activate this account. default. Save NA Click the Save button to save the configuration. 422 ...
Page 423 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Managing Events Rules Setup your Managing Event rules. It supports up to a maximum of 128 rules. When Add button is applied, the Managing Event Configuration screen will appear. Managing Event Configuration Item Value setting Description Event SMS (or SNMP Trap) by Specify the Event type (SMS, SNMP Trap, DI, or Modbus) and event code. default Select SMS and fill the message in the textbox to specify SMS Event; Select SNMP Trap and fill the message in the textbox to specify SNMP Trap Event; Select DI and select profile from Digital Input (DI) Profile List to specify DI Event; Select Modbus and select profile from Modbus Definition to specify Modbus Event. Handlers All box is unchecked by Specify the related Handlers for the managing event. default. Select Power Checkbox and select the handlers you want to specify Power Handlers; Select WAN Checkbox and select the handlers you want to specify WAN Handlers ; Select LAN&VLAN Checkbox and select the handlers you want to specify LAN&VLAN Handlers; Select WiFi Checkbox and select the handlers you want to specify WiFi Handlers; Select NAT Checkbox and select the handlers you want to specify NAT Handlers; Select Firewall Checkbox and select the handlers you want to specify ...
Page 424 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Response None by default Specify the Response to be taken for the managing event. Select None to specify no response; Select DO and select profile from Digital Output (DO) Profile List to specify the DO Response; Select SMS to specify the SMS Response; Select SNMP Trap to specify the SNMP Trap Response; Select Modbus and select profile from Modbus Definition to specify the Modbus Response. Managing The box is unchecked by Click Enable box to activate this Managing Event setting. Event default. Save NA Click the Save button to save the configuration 424 ...
Page 425 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Notifying Events Rules Setup your Notifying Event rules. It supports up to a maximum of 128 rules. When Add button is applied, the Notifying Event Configuration screen will appear. Notifying Event Configuration Item Value setting Description Event DI‐1 (or WAN) by default Specify the Event type and event condition. Select DI‐1 and select the event condition to specify DI‐1 Event; Select Power‐1 and select the event condition to specify Power‐1 Event; Select WAN and select the event condition to specify WAN Event; Select LAN&VLAN and select the event condition to specify LAN&VLAN Event; Select WiFi and select the event condition to specify WiFi Event; Select Client&Server&Proxy and select the event condition to specify Client&Server&Proxy Event; Select System Related and the event condition to specify System Related Event. Handlers All box is unchecked by Specify the Handlers to take reaction when the event is triggered. default. Select DO Checkbox and select the profile from Digital Output (DO) Profile List to specify DO Handlers; Select SMS to specify the SMS Handler; Select Web Log and select/unselect the Enable Checkbox to specify the Web Log Handler; Select SNMP Trap to specify the SNMP Trap Handler; Select Email and select the profile from Email Definition to specify the Email Handler; Select Modbus and select profile from Modbus Definition to specify the ...
Page 426: B Sim Pin 4
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 7.1.b SIM PIN Sometimes we will activate a password on mobile phones to prevent other people accessing our phones when phones get lost or stolen. Generally speaking, this password setting can be applied on end devices (e.g. mobile phone) or SIM card. The later one is what we are going to focus at this section. With most cases in the world, users need to insert a SIM card (a.k.a. UICC) into end devices to get on cellular network for voice service or data surfing. The SIM card is usually released by mobile operators or service providers. Each SIM card has a unique number (so‐called ICCID) for network owners or service providers to identify each subscriber. As SIM card plays an important role between ...
Page 427 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Step 1: Pres “Unlock” button to unlock a SIM card. Step 2: Enter the correct PIN code, and then press “OK”. Please note an important message “3 attempts remaining” on top of screen. The maximum times of failure trial are 3. If you enter incorrect PIN code for three times, this SIM card will be locked and you can’t try your ...
Page 428 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Configuration The Configuration window decides which SIM card is chosen for PIN code management.  Physical Interface It’s referred to physical cellular modem. The number of physical modems depends on the gateway model you purchased.  SIM Status It shows current status of selected SIM. The status could be Ready, Not Insert, or SIM PIN. Hereafter is the definition for each status. Ready ‐‐ SIM card is inserted and ready to use. It can be a SIM card without PIN protection or that SIM card is already unlocked by correct PIN code. Not Insert ‐‐ No SIM card is inserted in that SIM slot. SIM PIN ‐‐ SIM card is protected by PIN code, and it’s not unlocked by a correct PIN code yet. That SIM card is still at locked status. 428 ...
Page 429 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required.  SIM Selection Usually, the M2M‐IoT gateway supports dual SIM cards for each cellular modem. You choose which SIM card (SIM‐A or SIM‐B) you would like to configure. SIM Function With the SIM Function window, it allows you to enable or disable SIM lock (which means protected by PIN code), or change PIN code. You can also see the information of remaining times of failure trials as we mentioned earlier. If you run out of these failure trials, you need to get a PUK code to unlock SIM card. ...
Page 430 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. It means that SIM card is locked and needs additional PUK code to unlock. Usually it happens after too many trials of incorrect PIN code, and the remaining times in SIM Function table turns to 0. In this situation, you need to contact your service provider and request a PUK code for your SIM card. After unlocking a SIM card by PUK code successfully, the SIM lock function will be activated automatically.  PUK Status The status could be PUK Lock or PUK Unlock. As mentioned earlier, the SIM card will be locked by PUK code after too many trials of failure PIN code. In this case, the PUK Status will turns to PUK Lock. In a normal situation, it will display PUK Unlock.  Remaining Times Indicate the remaining times of failure trial for PUK code. This number will be subtracted by 1 whenever an incorrect PUK code is entered. PLEASE BE CAREFUL ABOUT THIS NUMBER, BECAUSE ...
Page 431 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. [Mobile Applications]‐[SIM PIN]‐[Configuration] Configuration Path Physical Interface 3G/4G‐1 Ready SIM Status SIM‐A SIM Selection SIM Function [Mobile Applications]‐[SIM PIN]‐[SIM Function] Configuration Path SIM Lock Enable, PIN Code: 0000 [Display Remaining Times] Remaining Times  Scenario of changing PIN code on SIM card An operation owner would like to change PIN code from default “0000” to “1234” on a SIM card. This SIM card was inserted in SIM‐A slot for 3G/4G‐1 WAN connection. Configuration: [Mobile Applications]‐[SIM PIN]‐[Configuration] Configuration Path 3G/4G‐1 Physical Interface SIM PIN SIM Status SIM‐A SIM Selection SIM Function [Mobile Applications]‐[SIM PIN]‐[SIM Function]‐[Change PIN Code] Configuration Path 0000 Current PIN Code 1234 New PIN Code 1234 Verified New PIN Code ...
Page 432 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Configuration: [Mobile Applications]‐[SIM PIN]‐[Configuration] Configuration Path Physical Interface 3G/4G‐1 SIM PIN SIM Status SIM‐A SIM Selection PUK Function [Mobile Applications]‐[SIM PIN]‐[PUK Function] Configuration Path PUK Lock PUK Status [Display Remaining Times] Remaining Times 12345678 PUK Code 5678 New PIN Code SIM PIN Setting Sim Pin is the application of that allows user to enable, disable or change sim card password. It can also unlock the PUK when password is locked. ...
Page 433 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. PUK function Application Unlock the PUK when sim card go into the PUK lock situation. PUK function Item Value setting Description PUK status PUK unlock When pin code remaining times is zero it would show PUK lock otherwise it / PUK lock show PUK unlock Remaining times Depend on sim card Represent the PUK number of times that you can try unlocking. PUK Code N/A Fill in the PUK code that unlock the sim card PUK status. New PIN Code N/A Fill in the New PIN Code that afresh configure the sim card. Save N/A Click the Save button to save the configuration SIM function Application Enable or Disable pin code(password) function even the change pin code function. SIM Function Item Value setting Description SIM lock Depend on sim card If Enable is ticked when you enter this window, it represents that pin code is Enable otherwise it represents Disable. ...
Page 434 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. When Change PIN Code button is clicked then applied screen will appear. Item Value setting Description Current PIN N/A It need you fill in the current pin code password then you can change the Code pin code. New PIN Code N/A Fill in the PIN Code you want to change. Verified New N /A Confirm the New PIN Code again. PIN Code Apply N/A Click the Apply button to save the configuration. Cancel N/A Click the Cancel button to close this screen then do nothing. 434 ...
Page 435: H Plain Text System Config. 4
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 7.1.h Plain Text System Config. Plain Text System Configuration is the application that allows administrator to setup the pre‐ defined configuration in plain text style and apply configuration on startup. Enabling Plain Text System Configuration Go to Applications > Plain Text System Configuration Configuration Item Value setting Description Configuration The box is unchecked by Check the Enable box to activate the Plain Text System Configuration default function. You can edit the plain text configuration settings in the configuration screen as above. Plain Text Configuration Item Value setting Description Clean ...
Page 436 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. set to configure, you can configure them with proprietary command set. Configuration content Key Value Description setting OPENVPN_ENABLED 1 : enable Enable or disable OpenVPN Client function. 0 : disable OPENVPN_DESCRIPTION A Must filled Specify the tunnel name for the OpenVPN Client connection. Setting OPENVPN_PROTO udp Define the Protocol for the OpenVPN Client.  tcp Select TCP or TCP /UDP ‐>The OpenVPN will use TCP protocol, and Port will be set as 443 automatically.  Select UDP ‐> The OpenVPN will use UDP protocol, and Port will be set as 1194 automatically. OPENVPN_PORT A Must filled Specify the Port for the OpenVPN Client to use. Setting OPENVPN_REMOTE_IPADDR IP or FQDN Specify the Remote IP/FQDN of the peer OpenVPN Server for this OpenVPN Client tunnel. ...
Page 437 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. commands, you can put them in a script file, and apply the script file with STARTUP command. For example, STARTUP=#!/bin/sh STARTUP=echo “startup done” > /tmp/demo Plain Text System Configuration with Telnet In addition to the web‐style plain text configuration as mentioned above, the gateway system also allow the configuration via Telnet CLI. Administrator can use the proprietary telnet command “txtConfig” and related action items to perform the plain system configuration. The command format is: txtConfig (action) [option] Action Option Description clone Output file Duplicate the configuration content from database and stored as a configuration file. (ex: txtConfig clone /tmp/config) The contents in the configuration file are the same as the plain text commands mentioned above. This action is exactly the same as performing the “Backup” plain text configuration. ...
Page 438: Captive Portal 4
RADIUS Server” option for user authentication. The user account database can be an embedded database, an external AD database or an external LDAP database. However, the UAM server is not necessary for this case and that the captive portal Web site is embedded in the device. 7.5.1 Configuration Administrator of gateway can enable the Captive Portal function and configure the device to be the internal captive portable or the external captive portal for the function. But please be noted that there is only selected AMIT gateway models support external captive portal function. 16 http://en.wikipedia.org/wiki/Captive_portal 438 ...
Page 439 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. In "Configuration" page, there is only one window for the Captive Portal function. The "Captive Portal Configuration" window can let you enable the function, specify which WAN interface for user authentication, which VLAN group of client hosts must pass the user authentication before Internet surfing and choose the internal captive portal or the external captive portal. ...
Page 440 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. gateway. The Captive Portal function in the gateway includes the internal one and the administrator of gateway can create user accounts for users in the [System]‐[User Management] for user authentication. Then the scenario is adequate to be adopted in the situation. Scenario Description Client hosts in the Guest group must pass the authentication process in the embedded UAM page of the Gateway before Internet surfing. Client hosts can access the Internet via the Gateway once they passed the user authentication. Parameter Setup Example Following tables list the parameter configuration as an example for "Internal Captive Portal" function, as shown in above diagram. Use default value for those parameters that are not mentioned in the tables. [DHCP Server]‐[DHCP Server Configuration] Configuration Path ...
Page 441 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. first one is VLAN‐1 and the IP address of the virtual LAN interface is 10.0.75.2. There is one DHCP server, DHCP‐1, acting for the VLAN‐1 group, and it is adequate for the Staff group of users. The Staff can surf the Internet normally without user authentication. But, the second VLAN group is VLAN‐2 and the IP address of the virtual LAN interface is 10.0.76.2. There is another DHCP server, DHCP‐2, acting for the VLAN‐2 group, and it is for the Guest group of users. The Guest can surf the Internet only when they can pass the authentication process in the embedded UAM web page. One client host under the Guest group wants to surf the Internet by using its browser. The gateway checks out that the Internet surfing request comes from the Guest group and the client host in the Guest group hasn't been authenticated by the gateway. So, the gateway redirects ...
Page 442 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 442 ...
Page 443 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Internal: Button description Item Value setting Description Click the Save button to save changes Save Click the Refresh button to refresh current page Refresh Captive Portal Configuration Item Value setting Description The box is When Check the Enable box Captive Portal It will activate Captive Portal functions. unchecked by default A Must filled This field is to specify the WAN interface of captive portal. WAN Interface Select WAN‐1 it means when WAN‐1 interface gets its IP, the captive portal is setting loading. Other WAN interface options can be added by enable WAN interface in Basic Network > WAN > Physical Interface. A Must filled This field is to specify the LAN subnet of captive portal. LAN Subnet When DHCP‐1 is selected, means if user connect to the physical port which the setting ...
Page 444 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. When Internal is selected, user just need to specify Authentication Server and login page can be edited in Customize login page. The Download Default CSS and Logo button can download the default CSS file Customize login and Logo of login page of internal authentication server. page The Download Current CSS and Logo button can download the current CSS file and Logo of login page of internal authentication server. User can edit the CSS file or Logo downloaded from above buttons and upload them by Upload CSS and Logo files button. Optional setting The MAC filled in this field can be accessed directly without direct to login page. MAC Whitelist (Separated by,) Optional setting The host IPs and domain names filled in this field can be accessed directly without Walled‐Garden direct to login page. Hosts (Separated by;) Optional setting The domain names filled in this field can be accessed directly without direct to Walled‐Garden login page. domains (Separated by;) A Must filled This field is to specify the authentication server. Authentication If Web Portal is internal, there are three servers you can choose. setting Server When Embedded DataBase is selected, the login IDs and passwords are created in System > User Management > User Profile tab When External LDAP is selected, the login IDs and passwords are from external LDAP server. When External AD is selected, the login IDs and passwords are from external AD ...
Page 445: D Event Management 4
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 7.d Event Management Event management is the application that allows administrator to setup the pre‐defined events, handlers, or response behavior with individual profiles. With properly configuring the event management function, administrator can easily and remotely obtain the status and information via the purchased gateway. Moreover, he can also handle and manage some important system related functions, even to the fieldbus devices and D/O devices which are already well connected to. ...
Page 446 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. take action to change the functionality or collect the required status for administration. Besides, the gateway has to reply to the event issuer with proper response that indicates the managing event is received and it is under processing. It could be a SMS event issued from the administrator to change the Wi‐Fi setting (ON or OFF), or to change the WAN connection (disconnect or re‐connect). To use the event management function, First of all, you have to enable the event management function ...
Page 447 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. The following is the summary list for the provided profiles, and events:  Profiles (Rules): SMS Accounts • Email Accounts • Digital Input (DI) and Digital Output (DO) profiles • • Modbus Read/Write profile  Managing Events: • Trigger Type: SMS, SNMP Trap, DI, and Modbus. • Handlers: WAN behavior, LAN/VLAN behavior, WIFI behavior, NAT behavior, Firewall behavior, System Management, System Related, D/O profile. Response: None, DO, SMS, SNMP Trap, and Modbus Profile. •  Notifying Events: Trigger Type: DI Profile, Power Status, WAN Status, LAN & VLAN Status, WiFi Status, •...
Page 448: D.1 Configuration 4
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 7.d.1 Configuration Event management is the application that allows administrator to setup the pre‐ defined events, handlers, or response behavior with individual profiles. Enabling Event Management Go to Applications > Event Management > Configuration Tab Event Management Item Value setting Description Event The box is unchecked by Check the Enable box to activate the Event Management function. Management default SMS Account Definition Setup your SMS Account. It supports up to a maximum of 5 accounts. You can click the Edit button for each ID to edit the account. SMS Account Definition Item Value setting Description Phone ...
Page 449 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Email Service Definition Setup your Email Service Account. It supports up to a maximum of 5 accounts. You can click the Edit button for each ID to edit the account. Email Service Definition Item Value setting Description Email Server ‐‐‐ Option ‐‐‐ Apply Email Server profile from External Server settings. Email 1. Internet E‐mail address Specify the Destination Email Addresses. Addresses format 2. A Must filled setting Enable The box is unchecked by Click Enable box to activate this account. default. Save NA Click the Save button to save the configuration Undo NA Click the Undo button to restore what you just configured back to the previous setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. 449 ...
Page 450 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Digital Input (DI) Profile Rules (DI/DO Support Required) Setup your Digital Input (DI) Profile rules. It supports up to a maximum of 10 profiles. When Add button is applied, the Digital Input (DI) Profile Configuration screen will appear. Digital Input (DI) Profile Rules Item Value setting Description DI Profile 1. String format Specify the DI Profile Name. Name 2. A Must filled setting DI Source ID1 by default Specify the DI Source. It could be ID1. Normal Level Low by default Specify the Normal Level. It could be Low or High. Signal Active 1. Numberic String format Specify the Signal Active Time. It could be from 1 to 10 seconds. Time 2. A Must filled setting Profile The box is unchecked by Click Enable box to activate this profile setting. default. Save NA Click the Save button to save the configuration Undo NA ...
Page 451 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Digital Output (DO) Profile Rules (DI/DO Support Required) Setup your Digital Output (DO) Profile rules. It supports up to a maximum of 10 profiles. When Add button is applied, the Digital Output (DO) Profile Configuration screen will appear. Digital Output (DO) Profile Rules Item Value setting Description DO Profile 1. String format Specify the DO Profile Name. Name 2. A Must filled setting DO Source ID1 by default Specify the DO Source. It could be ID1. Normal Level Low by default Specify the Normal Level. It could be Low or High. Total Signal 1. Numberic String format Specify the Total Signal Period. It could be from 10 to 10000 milliseconds. Period 2. A Must filled setting Repeat & The box is unchecked by Check the Enable box to activate the repeated Digital Output, and specify Counter default. the Repeat times. The Repeat Counter could be from 0 to 9999. Duty Cycle 1. Numberic String format Specify the Duty Cycle for the Digital Output. It could be from 1 to 100 %. 2. A Must filled setting ...
Page 452 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Modbus Definition Setup your Modbus Definition Profile. It supports up to a maximum of 10 profiles. You can click the Edit button for each ID to edit the profile. Modbus Definition Item Value setting Description Modbus Name 1. String format Specify the Modbus Name. 2. A Must filled setting Application The box is unchecked by Specify the application type. It could be Managing Events, Notifying Events, default. or both. Read Function Read Holding Registers by Specify the Read Function for Managing Events. default Write Function Write Single Registers by Specify the Write Function for Notifying Events. default Modbus Mode Serial by default Specify the Modbus Mode. It could be Serial or TCP. IP 1. NA for Serial on Modbus Specify the IP for TCP on Modbus Mode. IPv4 Format. Mode. 2. A Must filled setting for TCP on Modbus Mode. Port 1. NA for Serial on Modbus ...
Page 453: D.3 Managing Events 4
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Logic Logic Comparator ‘>’ by Specify the Logic Comparator for Managing Events. Comparator default. Value 1. Numberic String format Specify the Value. It could be from 0 to 65535. 2. A Must filled setting Profile The box is unchecked by Click Enable box to activate this profile setting. default. Save NA Click the Save button to save the configuration Undo NA Click the Undo button to restore what you just configured back to the previous setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. 7.d.3 Managing Events Managing Events allows administrator to define the relationship (rule) among event trigger, handlers and response. Enabling Managing Events Go to Applications > Event Management > Managing Events Tab Managing Events Item Value setting Description Managing The box is unchecked by Check the Enable box to activate the Managing Events function.
Page 454 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Managing Events Rules Setup your Managing Event rules. It supports up to a maximum of 128 rules. When Add button is applied, the Managing Event Configuration screen will appear. Managing Event Configuration Item Value setting Description Event SMS (or SNMP Trap) by Specify the Event type (SMS, SNMP Trap, DI, or Modbus) and event code. default Select SMS and fill the message in the textbox to specify SMS Event; Select SNMP Trap and fill the message in the textbox to specify SNMP Trap Event; Select DI and select profile from Digital Input (DI) Profile List to specify DI Event; Select Modbus and select profile from Modbus Definition to specify Modbus Event. Handlers All box is unchecked by Specify the related Handlers for the managing event. default. Select Power Checkbox and select the handlers you want to specify Power Handlers; Select WAN Checkbox and select the handlers you want to specify WAN Handlers ; Select LAN&VLAN Checkbox and select the handlers you want to specify LAN&VLAN Handlers; Select WiFi Checkbox and select the handlers you want to specify WiFi Handlers; Select NAT Checkbox and select the handlers you want to specify NAT Handlers; Select Firewall Checkbox and select the handlers you want to specify ...
Page 455: D.5 Notifying Events 4
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Response None by default Specify the Response to be taken for the managing event. Select None to specify no response; Select DO and select profile from Digital Output (DO) Profile List to specify the DO Response; Select SMS to specify the SMS Response; Select SNMP Trap to specify the SNMP Trap Response; Select Modbus and select profile from Modbus Definition to specify the Modbus Response. Managing The box is unchecked by Click Enable box to activate this Managing Event setting. Event default. Save NA Click the Save button to save the configuration Undo NA Click the Undo button to restore what you just configured back to the previous setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. 7.d.5 Notifying Events Notifying Events Setting allows administrator to define the relationship (rule) between event trigger and handlers. ...
Page 456 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Create/Edit Notifying Events Rules Setup your Notifying Event rules. It supports up to a maximum of 128 rules. When Add button is applied, the Notifying Event Configuration screen will appear. Notifying Event Configuration Item Value setting Description Event DI‐1 (or WAN) by default Specify the Event type and event condition. Select DI‐1 and select the event condition to specify DI‐1 Event; Select Power‐1 and select the event condition to specify Power‐1 Event; Select WAN and select the event condition to specify WAN Event; Select LAN&VLAN and select the event condition to specify LAN&VLAN Event; Select WiFi and select the event condition to specify WiFi Event; Select Client&Server&Proxy and select the event condition to specify Client&Server&Proxy Event; Select System Related and the event condition to specify System Related Event. Handlers All box is unchecked by Specify the Handlers to take reaction when the event is triggered. default. Select DO Checkbox and select the profile from Digital Output (DO) Profile List to specify DO Handlers; Select SMS to specify the SMS Handler; Select Web Log and select/unselect the Enable Checkbox to specify the Web Log Handler; Select SNMP Trap to specify the SNMP Trap Handler; Select Email and select the profile from Email Definition to specify the Email Handler; Select Modbus and select profile from Modbus Definition to specify the ...
Page 457: Chapter 9 System 4
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Chapter 9 System 9.1 System Related 9.1.1 System Related System Related allows the network administrator to manage system, settings such as web‐based utility access password change, advanced system & network tools, system firmware upgrades, Email alert and system log. Go to System > System Related tab Change Password Change password screen allows network administrator to change the web‐based utility login password to access gateway. Go to System > System Related > Change Password tab ...
Page 458 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. System Information System Information screen gives network administrator a quick look up on the type of WAN connection is currently being used. The display also shows the current System time. It is particularly useful when firmware has been upgraded and system configuration file has been loaded. ...
Page 459 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. View button is provided for network administrator to view log history on the gateway. Email Now button enables administrator to send instant Emails for analysis. View & Email Log History Item Value setting Description View button N/A Click on the View button to view Log History in Web Log List Window. Email Now N/A Click on the Email Now button to send Log History via email instantly. button Save N/A Click Save button to save the settings. Refresh N/A Click the Refresh button to refresh the page. ...
Page 460 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Web Log List Button Description Item Value setting Description Previous N/A Click the Previous button to move to the previous page. Next N/A Click the Next button to move to the next page. First N/A Click the First button to jump to the first page. Last N/A Click the Last button to jump to the last page. Download N/A Click the Download button to download log to your PC in tar file format. Clear N/A Click the Clear button to clear all log. Back N/A Click Back button to return to the previous page. Web Log Type Category Web Log Type Category screen allows network administrator to select the type of event to log and be displayed in the Web Log List Window as described in the previous section. Click on the View button to view Log History in the Web Log List window. Web Log Type Category Setting Window Item Value Setting ...
Page 461 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Email Alert Setting Window Item Value Setting Description Check Enable box to enable sending event log messages to destined Email account Enable Default unchecked defined in the E‐mail Addresses blank space. Select one email server from the Server dropdown box to send email. If none has Server N/A been available, press Add Object button to create an outgoing Email server. Enter the recipient’s Email account. Separate Email accounts with comma ‘,’ or String : email format E‐mail address semicolon ‘ ;’ Enter the Email account in the format of ‘myemail@domain.com’ Subject String : any text Enter an Email subject that is easy for you to identify on the Email client. Select the type of event to log and be sent to the destined Email account. Available Log type category Default unchecked events are System, Attacks, Data Usage, Drop, Login message, and Debug. Email Alert Button Description Item Value setting Description Click on the Add Object button, a popup window will appear. Add an outgoing Add Object N/A Email server. You may also add an outgoing Email server from External Servers Button under System (System > External Server > External Server tab). ...
Page 462 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Syslogd Syslogd screen allows network administrator to select the type of event to log and be sent to the destined Syslog server. Syslogd Setting Window Item Value Setting Description Default Enable Check Enable box to enable sending event logs to syslog server unchecked Select from Select one syslog server from the Server dropdown box to sent event log to. If none has Server menu been available, press Add Object button to create a syslog server. Log type ...
Page 463 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Log to Storage Log to Storage screen allows network administrator to select the type of event to log and be stored at an internal or an external storage. Log to Storage Setting Window Item Value Setting Description Enable Default unchecked Check to enable sending log to storage Internal is selected by Select Device Select internal or external storage default Log file name Default unchecked Set file name to save logs in storage Split file Enable Default unchecked Check to enable split file whenever log file reaching size set in the following filed Split file Size Default 200 KB Set file size to split log file Log type category Default unchecked Check which type of logs to send: System, Attacks, Drop, Login message, Debug Log to Storage Button Description Item Value setting Description Download log N/A Click the Download log file button to download log files so far ...
Page 464: Packet Analyzer 4
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 9.1.3 Packet Analyzer The Packet Analyzer can capture packets depend on user settings. User can specify interfaces to capture packets and filter by setting rule. Ensure USB storage is available or Packet Analyzer can not be enable. Go to System > System Related > Packet Analyzer Capture Fitters Item Value setting Description When Enable is checked It means that Packet Analyzer will start to capture packets after clicking Save. Packet Analyzer On/Off setting When Enable is not checked It means that Packet Analyzer will stop to capture packets after clicking Save. 1. Optional setting Define the output filename. If left blank the device automatically assigns 2. If no name is given, the file File Name a name in the format of < File Name >_<index>.pcap name by default is <Interface>_<Date>_<index>. 1.Optional setting When Enable is checked 2.The default value of File It means that if the current output file reaches the specific size, it will Split Files Size is 200 KB. open a new file to save packets. 3. NOTE that File Size can not User can change File Size and Unit when Enable is checked. ...
Page 465 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. can be selected here. Save N/A Click the Save button to save the configuration. Click the Undo button to restore what you just configured back to the Undo N/A previous setting. Please note that the restored setting may not be the factory default setting but a retrieve of what was saved in the memory. Capture Filters Capture Filters let user can setup rules to filter packets. That means Packet Analyzer will only capture packets which match rules. Capture Fitters Item Value setting Description When Enable is checked Filter Optional setting It means that Packet Analyzer will filter packets based on the rules. The rules below can be set when Enable is checked. Define the filter rule with Source MACs, which means the source MAC address of packets. Packets which match rules will be captured. Source MACs Optional setting Multiple input is accepted, but it must be seperated by ; e.g. AA:BB:CC:DD:EE:FF;11:22:33:44:55:66 NOTE that if there exists multiple rules, it will be merge with or conjuntion. That 465 ...
Page 466 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. means packets will be captured when match one of the rules. Define the filter rule with Source IPs, which means the source IP address of packets. Packets which match rules will be captured. Source IPs Optional setting Multiple input is accepted, but it must be seperated by ; e.g. 192.168.1.1;192.168.1.2 NOTE that if there exists multiple rules, it will be merge with or conjuntion. That means packets will be captured when match one of the rules. Define the filter rule with Source Ports, which means the source port of packets. Packets which match rules will be captured. Multiple input is accepted, but it must be seperated by ; Source Ports Optional setting e.g. 80;53 NOTE that if there exists multiple rules, it will be merge with or conjuntion. That means packets will be captured when match one of the rules. Define the filter rule with Destination MACs, which means the destination MAC address of packets. Packets which match rules will be captured. Destination MACs Optional setting Multiple input is accepted, but it must be seperated by ; e.g. AA:BB:CC:DD:EE:FF;11:22:33:44:55:66 NOTE that if there exists multiple rules, it will be merge with or conjuntion. That means packets will be captured when match one of the rules. Define the filter rule with Destination IPs, which means the destination IP address of packets. Packets which match rules will be captured. Destination IPs Optional setting Multiple input is accepted, but it must be seperated by ; e.g. 192.168.1.1;192.168.1.2 NOTE that if there exists multiple rules, it will be merge with or conjuntion. That means packets will be captured when match one of the rules. Define the filter rule with Destiantion Ports, which means the destination port of packets. ...
Page 467: Scheduling 4
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 9.3 Scheduling Scheduling provides ability of adding/deleting time schedule rules, which can be applied to other functionality. Go to System > Scheduling > Schedule Settings Button description Item Value setting Description Add N/A Click the Add button to configure time schedule rule Delete N/A Click the Delete button to delete selected rule(s) Save N/A Click the Save button to save changes Refresh N/A Click the Refresh button to refresh current page 467 ...
Page 468 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Time Schedule Configuration Item Value Setting Description Rule Name String: any text Set rule name Rule Policy Default Inactivate Inactivate/activate the function been applied to in the time period below Time Period Definition Item Value Setting Description Week Day Select from menu Select everyday or one of weekday Start Time Time format (hh :mm) Start time in selected weekday End Time Time format (hh :mm) End time in selected weekday Button description Item Value setting Description Save NA Click the Save button to save changes Undo NA Click the Undo button to revert changes ...
Page 469: Grouping 4
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 9.7 Grouping The Grouping allow user to make group for some services. Ensure Grouping are enabled and saved Go to System > Grouping > Configuration Tab Currently support three kinds of group: Host Grouping, File Extension Grouping and L7 Application Grouping. Host Grouping Go to System > Grouping > Host Grouping Tab When Add button is applied Host Group Configuration screen will appear. Host Group Configuration Item Value setting Description 1. String format can be any text Group Name Enter a group rule name. Enter a name that is easy for you to understand. 2. A Must filled setting Member List NA This field is shown members contained in group. The boxes are Binding the services that group can be applied. If user enable the Firewall, the Multiple Bound unchecked by produced group can be used in firewall service. Same as by enable Qos and Services ...
Page 470 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. When MAC Address‐based is selected, only MAC address can be added in Member to Join. When Host Name‐based is selected, only host name can be added in Member to Join. Add member to the group in this field. Member to Join N/A Key the member in the blank and press the Join button to add. Each time can be add only one member. The box is Group unchecked by Enable the group that can be used in bound service. default File Extension Grouping Go to System > Grouping > File Extension Grouping Tab When Add button is applied File Extension Group Configuration screen will appear. File Extension Group Configuration Item Value setting Description 1. String format can be any text Enter a group rule name. Enter a name that is easy for you to Group Name 2. A Must filled setting understand. File Extension N/A This field is shown members contained in group. Group List ...
Page 471 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Include .asf, .avi, .mov, .mpeg, .mpg, .mp4, .rm, .wmv, .3gp, .3gpp, .3gpp2 and .3g2. When Audio is selected, there are total eleven file extension names about audio can be added. Include .aac, .au, .mp3, .m4a, .m4p, .ogg, .ra, .ram, .vox, .wav and .wma. When Java is selected, there are total ten file extension names about java can be added. Include .class, .jad, .jar, .jav, .java, .jcm, .js, .jse, .jsp and .jtk. When Compression is selected, there are total ten file extension names about compression can be added. Include .ace, .ari, .bzip2, .bz2, .cab, .gz, .gzip, .rar, .sit and .zip. When Execution is selected, there are total eight file extension names about execution can be added. Include .bas, .bat, .com, .exe, .inf, .pif, .reg, .scr. Group The box is unchecked by default Enable the group that can be used in bound service. L7 Application Grouping Go to System > Grouping > L7 Application Grouping Tab When Add button is applied L7 Application Group Configuration screen will appear. L7 Application Group Configuration Item Value setting Description Group Name 1. String format can Enter a group rule name. Enter a name that is easy for you to understand. be any text 2. A Must filled setting L7 Application List ...
Page 472: External Servers 4
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Multiple Bound The boxes are Binding the services that group can be applied. If user enable the Firewall, the Services unchecked by default produced group can be used in firewall service. Define the member type of group. There are four member types can be selected. When Chat is selected, there are total four Chat application can be added. Include QQ, Skype, Facebook, Aliww. When P2P is selected, there are total seven P2P application can be added. Include BT, eDonkey, eMule, Shareaza, HTTP. Multiple Thread Download, L7 Application to Join A Must filled setting Thunder, Baofeng. When Proxy is selected, there are three proxy application can be added. Include HTTP Proxy, SOCKS 4 and 5 Proxy. When Streaming is selected, there are total five streaming application can be added. Include MMS, RTSP, PPLive, PPStream and Qvod. The box is unchecked Group Enable the group that can be used in bound service. by default 9.9 External Servers The External Servers setting allows user to add external server. Create external server Go to System > External Servers > External Servers When Add button is applied, External Server Configuration screen will appear. 472 ...
Page 473 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. External Server Configuration Item Value setting Description 1. String format can be Sever Name any text Enter a server name. Enter a name that is easy for you to understand.. 2. A Must filled setting Server IP/FQDN A Must filled setting This field is to specify the external server IP. Server Port A Must filled setting This field is to specify the external server port. Specify server to the Server Type. Email Server (A Must filled setting) When Email Server is selected, it means the option External Servers is set email server. Server Port will be set 25 by default. User Name (String format: any text) Password (String format: any text) Then check Enable box to add this server. Syslog Server (A Must filled setting) When Syslog Server is selected, it means the option External Servers is set Syslog Server. Server Port will be set 514 by default. Then check Enable box to add this server. RADIUS Server (A Must filled setting) When RADIUS Server is selected, it means the option External Servers is set RADIUS Server. Server Port will be set 1812 by default. Accounting Port (A Must filled setting) Server Type A Must filled setting Primary : Shared Key (String format: any text) Authentication Protocol (By default CHAP is selected) Session Timeout (By default 1) The values must be between 1 and 60. Idle Timeout: (By default 1) ...
Page 474 [鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. Active Directory Server (A Must filled setting) When Active Directory Server is selected, it means the option External Servers is set Active Directory Server. Server Port will be set 389 by default. Domain (String format: any text) Then check Enable box to add this server. LDAP Server (A Must filled setting) When LDAP Server is selected, it means the option External Servers is set LDAP Server. Server Port will be set 389 by default. Base DN (String format: any text) Identity (String format: any text) Password (String format: any text) Then check Enable box to add this server. UAM Server (A Must filled setting) When UAM Server is selected, it means the option External Servers is set UAM Server. Server Port will be set 80 by default. Login URL (String format: any text) Shared Secret (String format: any text) N/AS/Gateway ID (String format: any text) Location ID (String format: any text) Location Name (String format: any text) Then check Enable box to add this server. TACACS+ Server (A Must filled setting) When TACACS+ Server is selected, it means the option External Servers is set TACACS+ Server. Server Port will be set 49 by default. Shared Key (String format: any text) Session Timeout (String format: any number) The values must be between 1 and 60. Then check Enable box to add this server. SCEP Server (A Must filled setting) When SCEP Server is selected, it means the option External Servers is set SCEP Server. Server Port will be set 80 by default. Path (String format: any text, By default cgi‐bin is filled) Application (String format: any text, By default pkiclient.exe is filled) Then check Enable box to add this server. The box is checked by Server When click Enable, it will enable this External Server. default ...
Page 475: B Mmi 4
[鍵入文件標題] Index skipping is used to reserve slots for new function insertion, when required. 9.b MMI This is the gateway’s web‐based utility access which allows administrator to access the gateway for management. The gateway’s web‐based utility automatically logs out the administrator when the idle time has elapsed. The setting allows administrator to enable automatic logout and set the logout idle time. When the Time‐out is disabled the system will not logout the administrator automatically. Go to System > MMI > Web UI tab Web UI Item Value Setting Description Administrator Default checked Enable auto logout when maximum idle time elapsed. Time‐out Enable Administrator 300s is set by default Set ...

This manual is also suitable for:

Iog761am-0p001