1. Manuals
  2. Brands
  3. Option Audio Manuals
  4. Wireless Router
  5. GlobeSurfer 3G
  6. Reference manual

Option Audio GlobeSurfer 3G Reference Manual

802.11b/g wireless router and internet gateway
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
GlobeSurfer 3G
version 3.15.4 R2H

Reference Manual

Advertisement

Table of Contents
loading

Related Manuals for Option Audio GlobeSurfer 3G

Summary of Contents for Option Audio GlobeSurfer 3G

  • Page 1: Reference Manual

    GlobeSurfer 3G version 3.15.4 R2H Reference Manual...
  • Page 2 All brands and registered brands are property of their respective owners. Services may be changed, added, or deleted. For the newest firmware version of your Globesurfer 3G, visit www.option.com Questions and answers regarding the GlobeSurfer 3G can be found on our Support website: http://support.option.com/support/faq.php...

  • Page 3: Table Of Contents

    Windows 2000/98/Me ....Step 3 - GlobeSurfer 3G Quick Setup ....
  • Page 4 Configuring Your Wireless Network ... . 4.3.1.1 Configuring your GlobeSurfer 3G Wireless Con- nection ..... . .
  • Page 5 VPN IPsec ....... 4.7.1 IPsec Network-to-Host Scenario Connection ..4.7.1.1 Configuring IPsec on GlobeSurfer 3G ..4.7.1.2 Configuring IPsec on the Windows Host ..4.7.2 IPsec Network-to-Network Scenario Connection .
  • Page 6 6.16 Simple Network Management Protocol (SNMP) ..6.16.1 Configuring GlobeSurfer 3G’s SNMP Agent ..6.17 Diagnostics .......

  • Page 7: List Of Acronyms

    List of Acronyms Third Generation (mobile network) Application-Level Gateway Application Programming Interface Access Point Name Certificate Authority DHCP Dynamic Host Configuration Protocol Demilitarized Zone Domain Name System Digital Subscriber Line File Transfer Protocol HTTP HyperText Transport Protocol Integrated Access Device ICMP Internet Control Message Protocol IGMP...
  • Page 8 Universal Resource Locator Virtual Private Network Wide Area Network Wireless Encryption Protocol WLAN Wireless Local Area Network Wireless Protected Access...

  • Page 9: Introduction To Globesurfer 3G

    Internet access for homes and small offices over the 3G UMTS net- work. By connecting laptops and stationary computers with either WLAN or Ethernet to the GlobeSurfer 3G you will get Internet access with a speed similar to a fixed DSL connection. And while sharing the wireless Internet connection you will also be able to share the resources of the local computers connected to the GlobeSurfer 3G.

  • Page 10: About This Manual

    1.1 About This Manual This manual describes configuration and operation of the GlobeSurfer 3G. It is intended as a complement to the GlobeSurfer 3G User Guide to provide ref- erence information for the advanced user of the GlobeSurfer 3G. It is assumed that the hardware installation of the GlobeSurfer 3G has been done when the Reference Manual is read.

  • Page 11: Basic Setup

    Figure 1.2: Hardware Configuration 1.2 Basic Setup Connecting your computer or local network to the GlobeSurfer 3G is a simple procedure, varying slightly depending on your operating system. The setup is designed to seamlessly integrate GlobeSurfer 3G with your computer or local network.

  • Page 12: Wan Connection

    Quick Setup of the GlobeSurfer 3G (see section 1.5. The first time you login to the GlobeSurfer 3G you will have to enter a PIN code. The PIN code is received from your ISP, but normally provided separately from the SIM card for security reasons.

  • Page 13: Windows Xp

    Figure 1.3: IP and DNS Configuration 1.4.1 Windows XP 1. Access Network Connections from the Control Panel. 2. Right-click on the Ethernet connection icon, and select Properties. 3. Under the General tab, select the Internet Protocol (TCP/IP) component, and click the Properties button. 4.

  • Page 14: Step 3 - Globesurfer 3G Quick Setup

    For security reasons it is strongly recommended that you change the default user name and specify a password. However, make sure you remember your new user name and password, since this is the only way you will be able to login to the GlobeSurfer 3G from now...

  • Page 15: Umts Setup

    4. Quick setup helps you to quickly set the most important settings of your GlobeSurfer 3G. The Quick setup page is launched automatically when you log on to GlobeSurfer 3G for the first time (see figure 1.6). Alterna- tively, click the Quick setup icon on the left sidebar. The following sections describe the various configuration parameters of Quick setup.

  • Page 16: Wireless Setup

    Enter a name that you want to use as an identifier of your specific local wireless network (maximum 32 characters). • SSID broadcast: When this checkbox is set to Enabled the GlobeSurfer 3G will broadcast the SSID on your wireless network. This will allow unau- thorized devices from detecting your SSID and attempting to connect to your network.

  • Page 17: Firewall Setup

    1.5.3 Firewall Setup The GlobeSurfer 3G firewall has three pre-defined levels of security. As default the typical security is set, which blocks all traffic that has been initiated by an external (Internet) source, and allows all traffic that has been initiated from your local network.

  • Page 18: Adding Computers To Your Network

    Any computers with a 802.11b/g wireless adapter will be able to connect to the WLAN created with the GlobeSurfer 3G. To connect additional computers without a wireless adapter to your GlobeSurfer 3G, connect a hub or switch to the LAN port, and then connect the computers to the hub or switch. Make sure to configure all computers to automatically obtain a network address as...

  • Page 19: Globesurfer 3G Management Console

    To access the management console: 1. Launch a Web-browser on a PC in the LAN or WLAN. 2. Type the IP address of the GlobeSurfer 3G or a name as provided by the supplier in the address bar (Internet Explorer) or location bar (Netscape Navigator).

  • Page 20: Left Sidebar

    GlobeSurfer 3G settings. 2.2 Left Sidebar The GlobeSurfer 3G management console screens have been grouped into sev- eral subject areas and may be accessed by clicking on the appropriate icon in the left sidebar.

  • Page 21: Umts Connection Status

    System monitoring: View network status, traffic statistics and the system log (see Chapter 7) Logout: Log out from GlobeSurfer 3G 2.3 UMTS Connection Status The Connection status screen shows the status of the UMTS connection and pro- vides a button to manually connect and disconnect. To connect automatically as required, for example when an Internet address is entered in the browser, select the radio button Automatically.

  • Page 22: Getting Help

    View help information about each specific man- agement console screen. 2.5 Managing Tables Tables are used throughout the GlobeSurfer 3G management console. They handle user-defined entries relating to elements such as network connections, local servers, restrictions and configurable parameters. The principles outlined in this section apply to all tables in the management console.

  • Page 23: Sms Manager

    PC screen and keyboard. Access the SMS Manager by clicking SMS in the left sidebar. The display of the GlobeSurfer 3G shows an envelope symbol when a new SMS message is received. 3.1 Reading an SMS 1.

  • Page 24: Creating An Sms

    Figure 3.2: Reading an SMS 3. When you have read the SMS you can click any of the buttons underneath • Reply to the sender. You will then be moved to the SMS create screen with the received text displayed and the phone number of the sender already filled in (see Section 3.2).

  • Page 25: Sent Folder

    Figure 3.3: Creating an SMS 3.2.1 Sent folder The SMS is put in the Sent folder whether it was successfully sent or not. 3.3 Archiving an SMS The SMS archive is a storage area for SMS messages that you want to save. The total maximum number of SMS messages in the Sent, Outbox, Archive and Templates folders is 100.

  • Page 26: Sms Settings

    • To create a new template: 1. Select the SMS Create tab to create a new message to use as a tem- plate (see Section 3.2). 2. Click the Save as template button when ready. • To use an existing template: 1.

  • Page 27: Network Connections

    Network Connections The Network connections screen enables you to configure the various parameters of each LAN, WAN and VPN connection. The following sections describe the network connection screens to configure: • WAN - Connecting via UMTS to the Internet – UMTS connection (see Section 4.1). •...
  • Page 28 1. Click the Network connections icon on the sidebar. (see figure 4.1). Figure 4.1: Network connections – Advanced 2. Click your connection entry in the network connections table to view the connection properties. 3. Click New connection to start a wizard to create a new connection type.

  • Page 29: Wan Umts Connection

    4.1 WAN UMTS Connection The UMTS connection connects the GlobeSurfer 3G to the Internet and other networks through the 3G/UMTS mobile telecommunications standard. The WAN UMTS properties screen displays a summary of the connection properties. Figure 4.2: WAN UMTS Properties Clicking on the Settings button at the bottom-right of the connection’s Proper-...

  • Page 30: General Network Connection Parameters

    • Connect automatically: To automatically set up a UMTS connection when data is about to be sent or received, select Automatically. If Manually is selected, you must press the Connect button on the GlobeSurfer 3G to connect each time a connection is required.

  • Page 31: Ppp Authentication

    – Automatic, GPRS preferred: The GlobeSurfer 3G connects using GPRS. If GPRS fails, UMTS is used instead. – UMTS only: The GlobeSurfer 3G connects using UMTS only. – GPRS only: The GlobeSurfer 3G connects using GPRS only. 4.1.3 PPP Authentication...

  • Page 32: Internet Protocol Settings

    IP address automatically. You should change this con- figuration in case your service provider requires it. The server that assigns the GlobeSurfer 3G with an IP address, also as- signs a subnet mask. You can override the dynamically assigned subnet mask by selecting the Override subnet mask and specifying your own mask instead.

  • Page 33: Routing

    To learn more about this feature, refer to Section 6.2. 4.1.6 Routing You can choose to setup your GlobeSurfer 3G to use static or dynamic routing. Dynamic routing automatically adjusts how packets travel on the network, whereas static routing specifies a fixed routing path to neighboring destina- tions.

  • Page 34: Additional Network Connection Settings

    Device metric The device metric is a value used by the GlobeSurfer 3G to de- termine whether one route is superior to another, considering parameters such as bandwidth, delay, and more. Default route Select this check box to define this device as the default route.

  • Page 35: Lan Ethernet Connection

    It is recommended not to change the default values in this screen un- less you are familiar with the networking concepts they represent. Since your GlobeSurfer 3G is configured to operate with the default values, no parameter modification is necessary. You can configure the following general connection settings: Schedule You can configure scheduler rules in order to define time segments...

  • Page 36: Internet Protocol

    IP address automatically. You should only change this config- uration in case your service provider requires it. The server that assigns the GlobeSurfer 3G with an IP address, also as- signs a subnet mask. You can override the dynamically assigned subnet mask by selecting the Override subnet mask and specifying your own mask instead.

  • Page 37: Dns Server

    4.2.4 DHCP The DHCP section allows you to configure the Dynamic Host Configuration Protocol (DHCP) server parameters of the GlobeSurfer 3G. The DHCP auto- matically assigns IP addresses to network PCs. If you enable this feature, make sure that you also configure every network PC as DHCP Client.
  • Page 38 • DHCP server Start IP address Specify the IP address from which the gateway starts issuing addresses. Since the gateway’s default IP address is 192.168.1.1, the Start IP address must be 192.168.1.2 or greater. End IP address Specify the end of the IP address range that can be used to automatically issue IP addresses.

  • Page 39: Routing

    fixed routing path to neighboring destina- tions. Routing Select Advanced or Basic routing. Device Metric The device metric is a value used by the GlobeSurfer 3G to de- termine whether one route is superior to another, considering parameters such as bandwidth, delay, and more.

  • Page 40: Additional Network Connection Settings

    Figure 4.22: Advanced Routing Properties To learn more about this feature, refer to Section 6.7. 4.2.6 Additional Network Connection Settings The bottom part of the configuration screen displays the following options: Internet connection firewall Select this check box to enable the GlobeSurfer 3G firewall on the connection.

  • Page 41: Lan Wireless Connection

    4.3.1 Configuring Your Wireless Network As soon as GlobeSurfer 3G is active, your wireless network is available. This section will familiarize you with GlobeSurfer 3G’s wireless configuration, and demonstrate how to connect a wireless PC to the network.

  • Page 42: Configuring Your Wireless Windows Xp Client

    Figure 4.26: Configure LAN Wireless 4. In the SSID field, change the broadcasted name of your wireless network from the default to a more unique name. Click OK, then click OK again on the properties screen to save your changes. A comprehensive description of all the wireless connection settings in the con- figuration screen is available in section 4.3.3.
  • Page 43 Figure 4.27: Network Connections 2. Double-click the wireless connection icon. The Wireless Network Connec- tion screen will appear, displaying all available wireless networks in your vicinity. If your gateway is connected and active, you will see GlobeSurfer 3G’s wireless connection (see figure 4.28). Note that the connection’s sta- tus is Not connected and defined as ”Unsecured wireless network”.
  • Page 44 Figure 4.28: Available Wireless Connections 3. Select the wireless network name (SSID) that you configured in the Con- figure LAN Wireless screen (see figure 4.35) as your wireless network. Se- lect the Enable IEEE 802.1x authentication for this network check box to en- able authenticated communication between the PC and the GlobeSurfer 3G.
  • Page 45 5. Select the Data Encryption (WEP) check box to encrypt the Wireless data transmitted between GlobeSurfer 3G and your Wireless device. 6. Select the Authentication tab to configure wireless authentication proto- cols (see figure 4.30). When selecting an EAP Type authentication method, make sure that your GlobeSurfer 3G is configured accordingly.
  • Page 46 Figure 4.30: Wireless Connection Authentication 7. Click the connection once to mark it and then click the Connect button at the bottom of the screen. After the connection is established, its status will change to Connected: Figure 4.31: Connected Wireless Network An icon will appear in the notification area, announcing the successful initiation of the wireless connection (see figure 4.42).

  • Page 47: Securing Your Wireless Network

    8. Test the connection by disabling all other connections in the Network Connections window (see figure 4.38) and browsing the Internet. You can now use GlobeSurfer 3G’s wireless network from the configured PC. However, so can any other user with a wireless PC, which happens to be in your network’s radio range.
  • Page 48 Figure 4.34: LAN Wireless Properties 3. Click the Settings button to display the various wireless connection set- tings. The Configure LAN Wireless screen will appear (see figure 4.35). Figure 4.35: Configure LAN Wireless 4. Enable the Wireless security feature by checking its Enabled check box.

  • Page 49: Connecting A Wireless Windows Xp Client To The Secured Wireless Network

    The screen will refresh, displaying the wireless security options (see fig- ure 4.50). 5. Verify that the Stations security type is set to Accept WPA stations. 6. Verify that the Authentication method selected is Pre-Shared key. 7. Enter a phrase of at least 8 characters in the Pre-Shared key text field. Verify that ASCII is selected in the associated combo box Figure 4.36: LAN Wireless Security Parameters 8.
  • Page 50 Figure 4.38: Network Connections 2. Double-click the wireless connection icon. The Wireless Network Connec- tion screen will appear, displaying GlobeSurfer 3G’s wireless connection (see figure 4.39). Note that the connection is defined as ”Security-enabled wireless network (WPA)”.
  • Page 51 Figure 4.39: Available Wireless Connections 3. Click the connection once to mark it and then click the Connect button at the bottom of the screen. The following login window will appear, ask- ing for a Network Key, which is the pre-shared key you have configured above.
  • Page 52 An icon will appear in the notification area, announcing the successful initiation of the wireless connection (see figure 4.42). Figure 4.42: Wireless Connection Information 5. Test the connection by disabling all other connections in the Network Connections window (see figure 4.38) and browsing the Internet. Should the login window above not appear and the connection attempt fail, please configure Window’s connection manually: 1.
  • Page 53 Figure 4.44: Wireless Network Connection Properties 3. Click your connection to highlight it and then click the Properties button. Your connection’s properties window will appear (see figure 4.45).
  • Page 54 Figure 4.45 Connection Properties Configuration • In the Network Authentication combo box, select ”WPA-PSK”. • In the Data Encryption combo box, select ”TKIP”. • Enter your pre-shared key in both the Network key and the Confirm network key fields. 4. Click OK on both windows to save the settings. 5.

  • Page 55: Advanced Wireless Connection Settings

    It is recommended not to change the default values in this screen un- less you are familiar with the networking concepts they represent. Since your GlobeSurfer 3G is configured to operate with the default values, no parameter modification is necessary. You can configure the following general connection settings: Schedule You can configure scheduler rules in order to define time segments...

  • Page 56: Mac Filtering Settings

    GlobeSurfer 3G. MAC filtering mode Deny specifies that all computers except those in the list of MAC addresses are granted access to GlobeSurfer 3G. Select Disable if you want to disable MAC fil- tering. MAC filtering settings Click the New MAC address link to define MAC ad- dresses to filter.

  • Page 57: Wireless Security

    GlobeSurfer 3G and Wireless-G products. Beacon interval A beacon is a packet broadcast by GlobeSurfer 3G to syn- chronize the wireless network. The beacon interval value indicates how often the beacon is sent. DTIM interval The Delivery Traffic Indication Message (DTIM) is a count- down value that informs wireless clients of the next opportunity to re- ceive multicast and broadcast messages.

  • Page 58: Internet Protocol

    IP address automatically. You should only change this config- uration in case your service provider requires it. The server that assigns the GlobeSurfer 3G with an IP address, also as- signs a subnet mask. You can override the dynamically assigned subnet mask by selecting the Override subnet mask and specifying your own mask instead.

  • Page 59: Additional Network Connection Settings

    Figure 4.52: Internet Protocol Settings – Static IP 4.3.3.7 Additional Network Connection Settings The bottom part of the configuration screen displays the following options: Internet connection firewall Select this check box to enable the GlobeSurfer 3G firewall on the connection. To learn more about configuring security settings, please refer to Chapter 5.

  • Page 60: Lan Bridge Connection

    It is recommended not to change the default values in this screen un- less you are familiar with the networking concepts they represent. Since your GlobeSurfer 3G is configured to operate with the default values, no parameter modification is necessary. You can configure the following general connection...

  • Page 61: Internet Protocol

    IP address automatically. You should only change this config- uration in case your service provider requires it. The server that assigns the GlobeSurfer 3G with an IP address, also as- signs a subnet mask. You can override the dynamically assigned subnet mask by selecting the Override subnet mask and specifying your own mask instead.

  • Page 62: Bridge Settings

    You should use this to ensure that there are no loops in your network con- figuration, and apply these settings in case your network consists of multiple switches, or other bridges apart from those created by the GlobeSurfer 3G. Figure 4.58: LAN Bridge Settings 4.4.4 DNS Server...

  • Page 63: Dhcp

    4.4.5 DHCP The DHCP section allows you to configure the Dynamic Host Configuration Protocol (DHCP) server parameters of the GlobeSurfer 3G. The DHCP auto- matically assigns IP addresses to network PCs. If you enable this feature, make sure that you also configure every network PC as DHCP Client.
  • Page 64 Figure 4.62: IP Address Distribution - DHCP Server • DHCP relay Your gateway can act as a DHCP relay, if you require receiving a dynami- cally assigned IP address from a DHCP server other than your gateway’s DHCP server. 1. After selecting DHCP relay from the drop down menu, a New IP address link will appear.

  • Page 65: Routing

    fixed routing path to neighboring destina- tions. Routing Select Advanced or Basic routing. Device metric The device metric is a value used by the GlobeSurfer 3G to de- termine whether one route is superior to another, considering parameters such as bandwidth, delay, and more.
  • Page 66 Internet connection firewall Select this check box to enable the GlobeSurfer 3G firewall on the connection. To learn more about configuring security settings, please refer to Chapter 5. Figure 4.67: Additional Network Connection Parameters...

  • Page 67: Vpn Pptp

    4.5 VPN PPTP Point-to-Point Tunneling Protocol (PPTP) is a protocol developed by Microsoft targeted at creating VPN connections over the Internet. This enables remote users to access the gateway via any ISP that supports PPTP on its servers. PPTP encapsulates network traffic, encrypts content using Microsoft’s Point-to-Point Encryption (MPPE) protocol that is based on RC4, and routes using the generic routing encapsulation (GRE) protocol.
  • Page 68 Figure 4.69: New Connection Alternatives 3. Select the Point-to-Point Tunneling Protocol (PPTP) radio button and click Next. The Point-to-Point Tunneling Protocol (PPTP) configuration screen will appear (see figure 4.70). Enter the following parameters, supplied by your VPN server. Hostname or IP address of destination Hostname or IP address of the VPN host server.

  • Page 69: Creating A Pptp Server Connection

    Click Finish to create your VPN PPTP client connection. Figure 4.71: PPTP Client Connection Summary 4.5.2 Creating a PPTP Server Connection To create a PPTP server connection, perform the following steps: 1. Click Network connections on the sidebar – the Network connections screen will appear (see figure 4.72).
  • Page 70 6.39). Figure 4.74: User table You can add, edit and delete users allowed to access the GlobeSurfer 3G and your local network by managing the user table as described in Section 2.5. To add a new user click New user in the table and specify the following parameters: •...
  • Page 71 Figure 4.75: Managing Users Please note, that changing any of the user parameters will prompt the con- nection associated with the user to terminate. For changes to take effect you should activate the connection manually after modifying user parameters. You can use email notification to receive indications of system events for a predefined severity classification.

  • Page 72: Configuring A Pptp Connection

    Internet transmission. The setting Manual, allows you to enter the largest packet size that will be transmitted. To have the GlobeSurfer 3G select the best MTU for your Internet connection, select Automatic. Figure 4.78: General PPTP Settings...

  • Page 73: Ppp Settings

    4.5.3.2 PPP Settings Point-to-Point Protocol (PPP) is the most popular method for transporting pack- ets between the user and the Internet service provider. PPP supports authen- tication protocols such as PAP and CHAP, as well as other compression and encryption protocols. PPTP Server Host name or IP address should be configured according to your ISP information.

  • Page 74: Ppp Encryption

    can easily determine the remote access client’s password. PAP offers no protection against replay attacks, remote client impersonation, or remote server impersonation. Support Challenge Handshake Authentication (CHAP) The Challenge Hand- shake Authentication Protocol (CHAP) is a challenge-response authenti- cation protocol that uses MD5 to hash the response to a challenge. CHAP protects against replay attacks by using an arbitrary challenge string per authentication attempt.

  • Page 75: Dns Server

    IP address automatically. You should change this con- figuration in case your service provider requires it. The server that assigns the GlobeSurfer 3G with an IP address, also as- signs a subnet mask. You can override the dynamically assigned subnet mask by selecting the Override subnet mask and specifying your own mask instead.

  • Page 76: Routing

    fixed routing path to neighboring destina- tions. Routing Select Advanced or Basic routing. Device metric The device metric is a value used by the GlobeSurfer 3G to de- termine whether one route is superior to another, considering parameters such as bandwidth, delay, and more.

  • Page 77: Internet Connection Firewall

    UMTS WAN and the Wireless LAN, but not on the Ethernet LAN. To enable the firewall on this network connection, select the Enabled check box. Figure 4.87: Enable Firewall Connection To learn more about the security features of the GlobeSurfer 3G, please refer to Chapter 5.

  • Page 78: Vpn L2Tp

    4.6 VPN L2TP Layer 2 Tunneling Protocol (L2TP) is an extension to the PPP protocol, en- abling your GlobeSurfer 3G to create VPN connections. Derived from Mi- crosoft’s Point-to-Point Tunneling Protocol (PPTP) and Cisco’s Layer 2 For- warding (L2F) technology, L2TP encapsulates PPP frames into IP packets either at the remote user’s PC or at an ISP that has an L2TP remote access concentra-...
  • Page 79 Figure 4.89: New Connection Alternatives 3. Select the Layer Two Tunneling Protocol (L2TP) radio button and click Next. The Layer Two Tunneling Protocol (L2TP) configuration screen will appear (see fig- ure 4.90). Enter the following parameters, supplied by your VPN server. Hostname or IP address of destination Hostname or IP address of the VPN host server.

  • Page 80: Configuring An L2Tp Connection

    MTU MTU is the Maximum Transmission Unit. It specifies the largest packet size permitted for Internet transmission. The setting Manual, allows you to enter the largest packet size that will be transmitted. To have the GlobeSurfer 3G select the best MTU for your Internet connection, select Automatic.

  • Page 81: Ppp Settings

    Figure 4.92: L2TP General Settings 4.6.2.2 PPP Settings Point-to-Point Protocol (PPP) is the most popular method for transporting pack- ets between the user and the Internet service provider. PPP supports authen- tication protocols such as PAP and CHAP, as well as other compression and encryption protocols.

  • Page 82: Ppp Authentication

    4.6.2.3 PPP Authentication Point-to-Point Protocol (PPP) currently supports four authentication protocols: Password Authentication Protocol (PAP), Challenge Handshake Authentica- tion Protocol (CHAP), and Microsoft CHAP version 1 and 2. Please note that encryption is performed only if Microsoft CHAP, Microsoft CHAP version 2, or both are selected.

  • Page 83: Ppp Compression

    Figure 4.95: PPP Encryption Require encryption Select this check box to ensure that the PPP connection is encrypted. Support encryption (40 Bit Keys) Select this check box if your peer supports 40 bit encryption keys. Support maximum strength encryption (128 Bit Keys) Select this check box if your peer supports 128 bit encryption keys.

  • Page 84: Dns Server

    IP address automatically. You should change this con- figuration in case your service provider requires it. The server that assigns the GlobeSurfer 3G with an IP address, also as- signs a subnet mask. You can override the dynamically assigned subnet mask by selecting the Override subnet mask and specifying your own mask instead.

  • Page 85: Routing

    fixed routing path to neighboring destina- tions. Routing Select Advanced or Basic routing. Device metric The device metric is a value used by the GlobeSurfer 3G to de- termine whether one route is superior to another, considering parameters such as bandwidth, delay, and more.

  • Page 86: Internet Connection Firewall

    UMTS WAN and the Wireless LAN, but not on the Ethernet LAN. To enable the firewall on this network connection, select the Enabled check box. Figure 4.102: Enable Firewall Connection To learn more about the security features of the GlobeSurfer 3G, please refer to Chapter 5.

  • Page 87: Vpn Ipsec

    4.7 VPN IPsec 4.7.1 IPsec Network-to-Host Scenario Connection In order to create an IPsec connection between GlobeSurfer 3G and a Windows host, you need to configure both the gateway and the host. This section de- scribes both GlobeSurfer 3G’s configuration and a Windows XP client configu- ration.
  • Page 88 Figure 4.104: New Connection 3. Select the Internet Protocol Security (IPsec) radio button and click Next. The Internet Protocol Security (IPsec) topology screen will appear (see fig- ure 4.105). Figure 4.105: IPsec Topology Select the Network-to-Host radio button to create a secure connection between your LAN and a remote host.
  • Page 89 Figure 4.106: IPsec Remote Address Type Select the Remote gateway address radio button to allow an IPsec connection from a specific address. Alternatively, select the Any remote gateway radio button to allow a connection from any address holding the shared secret. Click Next, the IPsec connection properties screen will appear (see figure 4.107).

  • Page 90: Configuring Ipsec On The Windows Host

    The following IP addresses are needed for the host configuration: • Windows IP address - referred to as ”windows ip”. • GlobeSurfer 3G WAN IP address - referred to as ”openrg wan ip”. • GlobeSurfer 3G LAN subnet address - referred to as ”openrg lan subnet”.
  • Page 91 Figure 4.111: IP Security Policy Wizard (c) Click Next and type a name for your policy, for example ”GlobeSurfer 3G Connection” (see figure 4.112). Click Next. Figure 4.112: IP Security Policy Name (d) Deselect the Activate the default response rule check box (see figure 4.113) and click Next.
  • Page 92 (e) Make sure that the Edit Properties check box is checked (see figure 4.114) and click the Finish button. Figure 4.114: Completing the IP Security Policy Wizard (f) On the GlobeSurfer 3G Connection Properties window that will appear (see figure 4.115), click OK.
  • Page 93 Figure 4.115: GlobeSurfer 3G Connection Properties 2. Building Filter List 1 - Windows XP to GlobeSurfer 3G: (a) In the Local Security Settings window, right-click the new GlobeSurfer 3G Connection policy, created in the previous step, and select Prop- erties. The Properties window will appear (see figure 4.115).
  • Page 94 Figure 4.116: New Rule Properties (c) Under the IP Filter List tab, click the Add button. The IP Filter List window will appear (see figure 4.117).
  • Page 95 Figure 4.117: IP Filter List (d) Enter the name ”Windows XP to GlobeSurfer 3G” for the filter list, deselect the Use Add Wizard check box, and click the Add button. The Filter Properties window will appear (see figure 4.118).
  • Page 96 (a) Under the IP Filter List tab of the New Rule Properties window, click the Add button. The IP Filter List window will appear (see figure 4.117). (b) Enter the name ”GlobeSurfer 3G to Windows XP” for the filter list, deselect the Use Add Wizard check box, and click the Add button. The...
  • Page 97 (f) Click OK. Click OK again in the IP Filter List window to save the settings. 4. Configuring Individual Rule of Tunnel 1 (Windows XP to GlobeSurfer 3G): (a) Under the IP Filter List tab of the New Rule Properties window, select the Windows XP to GlobeSurfer 3G radio button (see figure 4.120).
  • Page 98 Figure 4.120: IP Filter List (b) Click the Filter Action tab (see figure 4.121). Figure 4.121: Filter Action (c) Select the Require Security radio button, and click the Edit button. The Require Security Properties window will appear (see figure 4.122).
  • Page 99 Accept unsecured communication, but always respond using IPsec check box. Select the Session key Perfect Forward Secrecy (PFS) (the PFS op- tion must be enabled on GlobeSurfer 3G), and click the OK button. (e) Under the Authentication Methods tab, click the Edit button. The Edit Authentication Method Properties window will appear (see fig-...
  • Page 100 Figure 4.123: Edit Authentication Method Properties (f) Select the Use this string (preshared key) radio button, and enter a string that will be used as the key (for example, 1234). Click the OK button. (g) Under the Tunnel Setting tab, select the The tunnel endpoint is speci- fied by this IP Address radio button, and enter ”openrg wan ip”...
  • Page 101 (h) Under the Connection Type tab, verify that All network connections is selected. (i) Click Apply and then click OK to save this rule. 5. Configuring Individual Rule of Tunnel 2 (GlobeSurfer 3G to Windows XP): (a) Under the IP Filter List tab of the New Rule Properties window, select the GlobeSurfer 3G to Windows XP radio button (see figure 4.125).
  • Page 102 Accept unsecured communication, but always respond using IPsec check box. Select the Session key Perfect Forward Secrecy (PFS) (the PFS op- tion must be enabled on GlobeSurfer 3G), and click the OK button. (e) Under the Authentication Methods tab, click the Edit button. The Edit Authentication Method Properties window will appear(see fig-...

  • Page 103: Ipsec Network-To-Network Scenario Connection

    6. To assign the new IPsec policy: In the Local Security Settings window, right-click the GlobeSurfer 3G Con- nection policy, and select Assign. A small green arrow will appear on the policy’s folder icon and its status under the Policy Assigned column will change to Yes (see figure 4.128).
  • Page 104 Figure 4.130: Network Connections 3. Click the LAN Bridge link, the LAN Bridge properties screen will appear. Figure 4.131: LAN Bridge Properties 4. Click the Settings button, the Configure LAN Bridge screen will appear. Configure the following parameters (see figure 4.132). Internet protocol Select Use the following IP address.

  • Page 105: Network-To-Network With Pre-Shared Secrets

    Figure 4.132: LAN Bridge Settings 5. Click OK. 4.7.2.2 Network-to-Network with Pre-shared Secrets A typical network-to-network VPN uses a pre-shared secret for authentication. Gateway A connects its internal LAN 10.5.6.0/24 to the Internet. Gateway A’s LAN interface has the address 10.5.6.1, and its WAN (Internet) interface has the address 14.15.16.17.
  • Page 106 1. Click the Network connections icon on the sidebar, the Network connections screen will appear (see figure 4.130). 2. Click the New connection link, the New connection screen will appear (see figure 4.133). Figure 4.133: New Connection 3. Select the Internet Protocol Security (IPsec) radio button and click Next. The Internet Protocol Security (IPsec) topology screen will appear (see fig- ure 4.134).
  • Page 107 address type screen will appear (see figure 4.135). Figure 4.135: Remote Address Type 5. Select the Remote gateway address radio button to allow an IPsec connec- tion from a specific address. 6. Select the Remote subnet radio button to allow an IPsec connection from a specific remote subnet.
  • Page 108 9. Click Next, the Connection summary screen will appear (see figure 4.137). Figure 4.137: Connection Summary 10. Click Finish. The Network connections screen will now list the newly cre- ated IPsec connection (see figure 4.138). Figure 4.138: Network Connections 11. Click the Edit action icon for VPN IPsec, the VPN IPsec properties screen will appear (see figure 4.139).
  • Page 109 13. Deselect the Compress check box. 14. Under Hash algorithm, deselect the Allow peers to use MD5 check box. 15. Under Group description attribute, deselect the DH Group 5 (1536 bit) check box. 16. Under Encryption algorithm, deselect the Allow AH Protocol (no encryption) check box.

  • Page 110: Security

    Internet and simultaneously be protected from the security threats of the Internet. The firewall, the cornerstone of the GlobeSurfer 3G security services, has been exclusively tailored to the needs of the residential/office user and has been pre-configured to provide optimum security (see figure 5.1).
  • Page 111 Port forwarding. • The DMZ host tab allows you to configure a LAN host to receive all traf- fic arriving at your GlobeSurfer 3G, which does not belong to a known session (see section 5.4). • The Port triggering tab allows you to define port triggering entries, to dy- namically open the firewall for some protocols or ports.

  • Page 112: General Security Level Settings

    The firewall regulates the flow of data between the local network and the In- ternet. Both incoming and outgoing data are inspected and then either ac- cepted (allowed to pass through GlobeSurfer 3G) or rejected (barred from pass- ing through GlobeSurfer 3G) according to a flexible and configurable set of rules.
  • Page 113 You may choose from among three pre-defined security levels for GlobeSurfer 3G: Minimum, Typical (the default setting), and Maximum. The table below summarizes the behavior of GlobeSurfer 3G for each of the three security lev- els. Security...
  • Page 114 2. Check the Block IP fragments box in order to protect your local network from a common type of hacker attack that could make use of fragmented data packets to sabotage your local network. Note that VPN over IPsec and some UDP-based services make legitimate use of IP fragments. You will need to allow IP fragments to pass into the local network in order to make use of these select services.

  • Page 115: Access Control

    5.2 Access Control You may want to block specific computers within the local network (or even the whole network) from accessing certain services on the Internet. For example, you may want to prohibit one computer from surfing the Web, another com- puter from transferring files using FTP, and the whole network from receiving incoming e-mail.
  • Page 116 Note: Figure represents only the top portion of the actual screen, which lists many more services. The above screen displays the list of predefined services that you can choose to block, including many popular game servers and many lesser-known services. For example, if you want to make sure that your employees won’t put your business at risk from illegally traded copyright files, you may want to block several popular P2P and file sharing applications.
  • Page 117 in the Access control table. • To modify an entry in the Access control table: 1. Click the Edit button for the service. The Edit Service screen will appear. 2. Select the network group to which you would like to apply the rule, and the schedule during which the rule will take effect.

  • Page 118: Local Servers (Port Forwarding)

    The Local servers tab shows the most commonly used applications that require special handling by GlobeSurfer 3G—all you have to do is identify which of them you want to use and the local IP address of the computer that will be using the service.
  • Page 119 An ALG is needed to handle these packets and ensure that they reach their intended destinations. GlobeSurfer 3G is equipped with a robust list of ALG modules in order to enable maximum functionality in the local network.
  • Page 120 Figure 5.7: Add Local Servers • To edit an entry in the Local servers table so that a service can be provided by a different local computer: 1. Click the Edit button for the service. The Edit Service screen will appear.

  • Page 121: Dmz Host

    An incoming request for access to a service in the local network, such as a Web- server, is fielded by GlobeSurfer 3G. GlobeSurfer 3G will forward this request to the DMZ host (if one is designated) unless the service is being provided by another PC in the local network (assigned in Local servers), in which case that PC will receive the request instead.

  • Page 122: Port Triggering

    firewall settings: • The firewall blocks inbound traffic by default. • The server replies to GlobeSurfer 3G’s IP, and the connection is not sent back to your host, since it is not part of a session.
  • Page 123 Figure 5.11: New User-Defined Service 3. Specify the following port triggering entries in the New server ports and New opened ports respectively (see figure 5.12): Figure 5.12: Define Service Server Ports – Server Ports: UDP ANY-2222 – Opened Ports: UDP ANY-3333 4.
  • Page 124 the port triggering screen. Please note that disabling these rules may result in impaired gateway functionality.

  • Page 125: Remote Administration

    5.6 Remote Administration In its default state, GlobeSurfer 3G blocks all external users from connecting to or communicating with your network. Therefore the system is safe from hackers who may try to intrude on the network and damage it. However, you may wish to enable certain services that grant remote users administrative privileges in your network.
  • Page 126 The self generated cer- tificate is safe, and provides you with a secure SSL connection. It is also possible to assign a user-defined certificate to GlobeSurfer 3G. To learn about certificates, see Section 6.9.

  • Page 127: Ip-Hostname Filtering

    5.7 IP-Hostname Filtering You may configure GlobeSurfer 3G to block specific Internet web sites so that they can not be accessed from computers in the local network. Moreover, re- strictions can be applied to a comprehensive, automatically updated, table of sites to which access is not recommended.
  • Page 128 • To ensure that all current IP addresses corresponding to web sites in the table are blocked: 1. Click the Resolve now button. GlobeSurfer 3G will check each of the web site addresses in the table and ensure that all IP addresses at which this web site can be found are included in the IP addresses column.
  • Page 129 • To remove a restriction: click the Remove button. The restriction will be removed from the restrictions list.

  • Page 130: Advanced Filtering

    5.8 Advanced Filtering Advanced filtering is designed to allow comprehensive control over the fire- wall’s behavior. You can define specific input and output rules, control the order of logically similar sets of rules and make a distinction between rules that apply to WAN and LAN devices. To access the Advanced Filtering screen, select the Advanced Filtering tab.

  • Page 131: Adding An Advanced Filtering Rule

    • Initial rules. • All rules defined for the network device on which the packet is. • Rules to accept all the packets on a device in case the firewall check box Internet connection firewall in the connection settings screen is unchecked. •...
  • Page 132 Figure 5.19: Configure Advanced Filtering Rules 1. Matching To apply a firewall rule, a matching must be made between IP addresses or ranges and ports. Use the Source IP and Destination IP to define the coupling of source and destination traffic. Port matching will be defined when selecting services (see step 5).
  • Page 133 3. Logging Select this check-box to add entries relating to this rule to the security log (this is optional, not compulsory). 4. Scheduler Select or create a schedule for the rule. A schedule sets the time period during which the rules are active/inactive. For information on how to configure Scheduler Rules refer to 6.11.

  • Page 134: Security Log

    The security log displays a list of firewall-related events, including attempts to establish inbound and outbound connections, attempts to authenticate at an administrative interface (GlobeSurfer 3G management console or Telnet termi- nal), firewall configuration and system start-up. Figure 5.20: Security Log To view the Security Log, select the Security Log tab which appears on the Se- curity screen (see figure 5.20).
  • Page 135 18. Parental control - a packet has been blocked because of parental control. 19. NAT out failed - NAT failed for this packet. 20. DHCP request - GlobeSurfer 3G sent a DHCP request (depends on the distribution) 21. DHCP response - GlobeSurfer 3G received a DHCP response (depends on the distribution) 22.
  • Page 136 36. Outbound Auth1X - an outbound Auth1X packet has been accepted. 37. IP Version 6 - an IPv6 packet has been accepted. 38. GlobeSurfer 3G initiated traffic - all traffic that GlobeSurfer 3G initiates is recorded. 39. Maximum security enabled service - a packet that is accepted because it belongs to a permitted service in the maximum security level.
  • Page 137 54. Connection opened - usually debug message regarding connection. 55. Wildcard connection opened - usually debug message regarding connec- tion. 56. Wildcard connection hooked - usually debug message regarding connec- tion. 57. Connection closed - usually debug message regarding connection. 58.

  • Page 138: Security Log Settings

    5.9.1 Security Log Settings Figure 5.21: Security Log Settings To view or change the firewall log settings: 1. Click the Settings button that appears at the top of the Firewall Log screen. The Security Log Settings screen will appear (see figure 5.21). 2.
  • Page 139 • Connection states: Give extra information about every change in a connection opened by the firewall. Use this option to track con- nection handling by the firewall and Application Level Gateways (ALGs). • Select the Prevent log overrun checkbox in order to stop logging fire- wall activities when the memory allocated for the log fills up.

  • Page 140: User-Defined Services

    Sometimes, however, the need arises to add a new service. GlobeSurfer 3G provides the User-defined services table (see figure 5.22) for this purpose. This table can be accessed from the Add access control rule and Add local server screens.
  • Page 141 6. Click OK to save your changes and return to the previous screen. Note: You have now completed defining this service, and may go to the Add access control rule or Add local server screen to block or activate the service.

  • Page 142: Applying Corporate-Grade Security

    OpenRG> r g c o n f s e t fw/ p r o t e c t / a l l o w r g r e m o t e a d m i n i s t r a t i o n o n l y 1 OpenRG> r e c o n f 1 OpenRG> e x i t • Configure GlobeSurfer 3G to permit only HTTPS as means of remote ad- ministration: 1. Click Security on the sidebar.
  • Page 143 Figure 5.24: Enabling Secure Remote Administration 4. Click OK to save your changes. • Apply firewall protection on the LAN: 1. Click Network Connections on the sidebar. 2. Click the LAN Ethernet connection link. 3. Click the Settings button. 4. Enable the Internet Connection Firewall check box. Figure 5.25: Apply Firewall Protection 5.

  • Page 144: Advanced

    This section of the GlobeSurfer 3G management console is intended primarily for more advanced users. Some changes to settings within this section could adversely affect the operation of GlobeSurfer 3G and your local network, and should be made with caution.
  • Page 145 Universal Plug and Play: Configure Univer- sal Plug and Play (UPnP) parameters (see Sec- tion 6.15) Simple Network Management Protocol: Con- figure GlobeSurfer 3G’s SNMP agent (see Sec- tion 6.16) System settings: Modify administrator settings, including GlobeSurfer 3G’s hostname (see Sec- tion 6.1)
  • Page 146 Figure 6.1: Advanced Settings...

  • Page 147: System Settings

    Figure 6.2: System Settings 6.1.1 System Use this section to configure the following: 1. Specify the GlobeSurfer 3G host name. The host name is the URL address of the GlobeSurfer 3G. 2. Specify your network’s local domain. 6.1.2 GlobeSurfer 3G Management Console Settings Use this section to configure the following:...

  • Page 148: System Logging Settings

    Username and Password fields respectively. 6.1.7 HTTP interception By default the GlobeSurfer 3G is configured to intercept HTTP access to Inter- net web sites when no Internet connection is established. Interception means that you are directed to a page with information on how to connect the GlobeSurfer...

  • Page 149: Dns Server

    6.2 DNS Server Domain Name System (DNS) provides a service that translates domain names into IP addresses and vice versa. The DNS server of the GlobeSurfer 3G is an auto-learning DNS, which means that when a new computer is connected to the network the DNS server learns its name and automatically adds it to the DNS table.
  • Page 150 Figure 6.4: Add or Edit a DNS Entry • To add a new entry to the DNS table: 1. Click the New DNS entry link. The DNS entry screen will appear (see figure 6.4). 2. Enter the computer’s host name and IP address. 3.

  • Page 151: Dynamic Dns

    When applying for an account, you will need to specify a user name and pass- word. Please have them readily available when customizing GlobeSurfer 3G’s DDNS support. For more information regarding Dynamic DNS, please refer to http://www.dyndns.org.

  • Page 152: Network Map

    Represents the WAN UMTS connection. Click this icon to configure network parameters for the WAN UMTS connection (see Chapter 4). Represents the GlobeSurfer 3G firewall. height of the wall corresponds to the security level currently selected: Minimum, Typical or Maximum. Click this icon to configure security...
  • Page 153 The local network will use the following icons: Represents an Ethernet Local Area Network (LAN) connection. Click this icon to configure network parameters for the Ethernet LAN device (see Section 4). Represents a Wireless LAN connection. Click this icon to configure network parameters for the Wireless LAN device (see Section 4).

  • Page 154: Dhcp

    6.5 DHCP The DHCP server of the GlobeSurfer 3G makes it possible to easily add com- puters that are configured as DHCP clients to the local network. It provides a mechanism for allocating IP addresses to these hosts and for delivering net- work configuration parameters to them.

  • Page 155: Dhcp Server Settings

    • Provide host name if not specified by client: If the DHCP client does not have a host name, the GlobeSurfer 3G will assign the client a default name. 5. Click OK to save your changes.

  • Page 156: Dhcp Server Relay Settings

    Figure 6.9: DHCP Settings 6.5.3 DHCP Server Relay Settings To edit the DHCP server relay settings: 1. Click the Edit icon in the Action column (see figure 6.8). 2. Select the DHCP relay option from the DHCP drop-down menu. 3. Click the New IP Address link under the DHCP Relay section. The DHCP Server Relay Address screen will appear (see figure 6.10).
  • Page 157 Note: If a device is listed as Disabled in the Status column then DHCP ser- vices are not being provided to hosts connected to the network through that device. This means that the GlobeSurfer 3G will not assign IP addresses to these computers—useful if you wish to work with static IP addresses only.
  • Page 158 • To remove a host from the table click the Delete icon in the Action column. Figure 6.13: Editing a DHCP Connection...

  • Page 159: Network Objects

    MAC address, IP address, and hostname. Defining such a group can assist when configuring system rules. For example, network ob- jects can be used when configuring GlobeSurfer 3G’s security filtering settings such as IP address filtering, hostname filtering or MAC address filtering.
  • Page 160 Figure 6.16: Item 6. Select the type of the network object from the Network object type combo- box: • IP address • MAC address • Hostname 7. Specify the appropriate description for the network object type. 8. You may repeat the actions described above several times, after which you must click the OK button.

  • Page 161: Routing

    • Netmask: The network mask is used in conjunction with the destination to determine when a route is used. • Gateway: Enter the IP address of the GlobeSurfer 3G. • Metric: A measurement of the preference of a route. Typically, the lowest metric is the most preferred route.

  • Page 162: Multicasting

    6.7.2 Multicasting GlobeSurfer 3G provides support for IGMP multicasting, which allows hosts connected to a network to be updated whenever an important change occurs in the network. A multicast is simply a message that is sent simultaneously to a pre-defined group of recipients. When you join a multicast group you will receive all messages addressed to the group, much like what happens when an e-mail message is sent to a mailing list.

  • Page 163: Managing Users

    The Users table will be displayed. Figure 6.19: User table You can add, edit and delete users allowed to access the GlobeSurfer 3G and your local network by managing the user table as described in Section 2.5. To add a new user click New user in the table and specify the following parameters: •...
  • Page 164 Figure 6.20: Managing Users Please note, that changing any of the user parameters will prompt the con- nection associated with the user to terminate. For changes to take effect you should activate the connection manually after modifying user parameters. You can use email notification to receive indications of system events for a predefined severity classification.

  • Page 165: Certificates

    GlobeSurfer 3G makes use of public-key cryptography to authenticate and en- crypt Wireless and VPN data communication. 6.9.1 Digital Certificates When working with public-key cryptography, you should be careful and make sure that you are using the correct person’s public key.

  • Page 166: Obtaining An X.509 Certificate

    public key. The X.509 standard defines what information goes into the certifi- cate, and describes how to encode it (the data format). All X.509 certificates have the following data: The certificate holder’s public key the public key of the certificate holder, to- gether with an algorithm identifier that specifies which cryptosystem the key belongs to and any associated key parameters.
  • Page 167 Figure 6.21: Certificate Management 2. Click the Local tab. 3. Click the Create certificate request button. The Create X.509 Request screen will appear (see figure 6.22). Figure 6.22: Create X.509 Request 4. Enter the following certification request parameters: • Certificate Name •...
  • Page 168 ”Unsigned”. Figure 6.25: Unsigned Certification Request 9. After receiving a reply from the CA in form of a signed request, click the Load certificate link. The Load GlobeSurfer 3G´ s local certificate screen will appear (see figure 6.26).
  • Page 169 Figure 6.26: Load Certificate 10. Paste the signed request. The contents of the signed request should re- semble what you see in figure 6.27. Figure 6.27: Loading a Signed Certificate 11. Click the Load button to register the signed certificate. If the registration is successful, the certificate management screen will appear, displaying the certificate name and issuer (see figure 6.28).

  • Page 170: Registering A Ca's Certificate

    Figure 6.28: Registered Certificate 6.9.4 Registering a CA’s Certificate To register and load a certificate received from a CA: 1. Click Certificates on the Advanced screen of the management console. The Certificates screen will appear (see figure 6.21). 2. Click the CA tab. 3.

  • Page 171: Date And Time

    The Date and time settings screen will be displayed (see figure 6.30). Figure 6.30: Date and time settings 2. Select the local time zone from the pull-down menu. GlobeSurfer 3G can automatically detect daylight saving setting for the selected time zone.

  • Page 172: Scheduler Rules

    6.11 Scheduler Rules Scheduler rules are used for limiting the activation of settings, such as firewall rules, to specific time periods, specified in days of the week, and hours. To define a Rule: 1. Click Scheduler rules on the Advanced screen of the management console. The Scheduler rules screen will appear (see figure 6.31).
  • Page 173 Figure 6.33: Time Segment Edit...

  • Page 174: Firmware Upgrade

    Note: You can only use files with an rmt extension when performing the firmware upgrade procedure. The file will start loading into your GlobeSurfer 3G. When loading is completed, a confirmation screen will appear, asking you if you want to upgrade to the new version:...
  • Page 175 4. Click OK to confirm. The upgrade process will begin and should take no longer than one minute to complete (see figure 6.37). Figure 6.37: Upgrade in Progress When the upgrading is ready the GlobeSurfer 3G will automatically reboot. The new software version will run, maintaining your custom configurations and settings.

  • Page 176: Point-To-Point Tunneling Protocol (Pptp)

    Select the Users link to define and manage remote users (see figure 6.39). Figure 6.39: User table You can add, edit and delete users allowed to access the GlobeSurfer 3G and your local network by managing the user table as described in Section 2.5. To add a new user click New user in the table and specify the following parameters: •...
  • Page 177 • New password: Type a new password for the remote user. If you do not want to assign a password to the remote user leave this field empty. • Retype new password: If a new password was assigned, type it again to verify correctness.

  • Page 178: Advanced Pptp Server Settings

    • Max. idle time to disconnect in seconds: Specify the amount of idle time (during which no data is sent or received) that should elapse before the GlobeSurfer 3G disconnects a PPTP connection. • Authentication/Encryption required: Select whether PPTP will use au- thentication, encryption, or both.
  • Page 179 • DNS server: Select whether the PPTP client should obtain a DNS server address automatically. If not, configure the DNS server’s IP address. • Internet connection firewall: Select this check-box to include the PPTP client connection as a network interface monitored by the Fire- wall of the GlobeSurfer 3G.

  • Page 180: Ip Security (Ipsec)

    6.14 IP Security (IPsec) IPsec is a series of guidelines for the protection of Internet Protocol (IP) commu- nications. It specifies procedures for securing private information transmitted over public networks. The IPsec protocols include: • AH (Authentication Header) provides packet-level authentication. •...

  • Page 181: Key Management

    Figure 6.43: IPsec Settings Select the Enabled checkbox to block unauthorized IPsec network connection to GlobeSurfer 3G. To define what an unauthorized IPsec connection means and how long to block it, specify the following: • Maximum number of authentication failures •...

  • Page 182: Log Settings

    The IPsec Log can be used to identify and analyze the history of the IPsec pack- age commands, attempts to create connections, etc. IPsec activity, as well as that of other GlobeSurfer 3G modules, is displayed together in this view. 1. Click the IPsec icon from the Advanced screen.
  • Page 183 You can choose 3DES-CBC, DES-CBC or NULL encryption algo- rithms; MD5 or SHA1 authentication algorithms. AH Select the hash algorithms the GlobeSurfer 3G will use during Phase 2 of the automatic key exchange method. You can choose MD5 or SHA1 authentication header algorithms.
  • Page 184 IPsec protocol Select the encryption and authentication algorithms. All algorithms values should be entered in HEX format. Routing Define the connection’s routing rules. Please refer to Section for instructions about creating routing rules. Internet connection firewall Select this check-box to include the IPsec connection as a network interface monitored by the gateway’s Fire- wall.

  • Page 185: Universal Plug And Play (Upnp)

    figure 6.46). Figure 6.46: Universal Plug and Play 2. Check the Allow other network users to control GlobeSurfer 3G´ s setwork fea- tures checkbox, to enable the UPnP feature. This will enable you to define UPnP services on any of the LAN hosts.

  • Page 186: Simple Network Management Protocol (Snmp)

    6.16 Simple Network Management Protocol (SNMP) SNMP enables network management systems to remotely configure and mon- itor GlobeSurfer 3G. Your Internet service provider (ISP) may use SNMP in order to identify and resolve technical problems. 6.16.1 Configuring GlobeSurfer 3G’s SNMP Agent Technical information regarding the properties of GlobeSurfer 3G’s SNMP agent...

  • Page 187: Diagnostics

    6.17 Diagnostics The Diagnostics screen can assist you in testing network connectivity. This feature will enable you to ping (ICMP echo) an IP address and view statistics such as the number of packets transmitted and received, round trip time and success status.

  • Page 188: Advanced Remote Administration

    6.18 Advanced Remote Administration In its default state, GlobeSurfer 3G blocks all external users from connecting to or communicating with your network. Therefore the system is safe from hackers who may try to intrude on the network and damage it. However, you may wish to enable certain services that grant remote users administrative privileges in your network.
  • Page 189 The self generated cer- tificate is safe, and provides you with a secure SSL connection. It is also possible to assign a user-defined certificate to GlobeSurfer 3G. To learn about certificates, see Section 6.9.

  • Page 190: Sim Setup

    PIN code of your own. By default the PIN code is required but it can be stored in the GlobeSurfer 3G after the first use so that you don’t have to enter it more than once. These settings can be changed but note that you should disconnect before doing any changes to the SIM setup.

  • Page 191: Unlock Device

    6.20 Unlock Device In case the GlobeSurfer 3G is locked to a specific ISP it can be unlocked with a code that you should be able to get from your ISP. Normally there are certain conditions that must be fulfilled to be able to unlock the device.

  • Page 192: Restoring Default Settings

    6.21 Restoring Default Settings You may sometimes wish to restore GlobeSurfer 3G’s factory default settings. This may happen, for example, when you wish to build a new network from the beginning, or when you cannot recall changes made to the network and wish to go back to the default configuration.

  • Page 193: Restart

    1. Click Restart on the Advanced screen of the management console. The Restart screen will be displayed (see figure 6.52). 2. Click OK to restart the GlobeSurfer 3G. This may take up to one minute. To reenter the management console after restarting the GlobeSurfer 3G, click...

  • Page 194: Technical Information

    1. Click Technical information on the Advanced screen of the management con- sole. The Technical information screen will appear. Figure 6.53: Technical Information 2. Click Configuration file to view the contents of GlobeSurfer 3G’s configu- ration file. Figure 6.54: Configuration File 3.

  • Page 195: System Monitoring

    System Monitoring The System monitoring screen (see figure 7.1) displays important system infor- mation, including: • Key network device parameters • Network traffic statistics • The system log • The amount of time that has passed since the system was last started To display the System monitoring screen: 1.

  • Page 196: Monitoring Connections

    7.1 Monitoring Connections The Connections tab shows a table summarizing data of the monitored connec- tions. Figure 7.1: Monitoring Connections...

  • Page 197: Traffic Statistics

    7.2 Traffic Statistics GlobeSurfer 3G is constantly monitoring traffic within the local network and between the local network and the Internet. Select the Traffic tab to display up-to-the-second statistical information about data received from and transmitted to the Internet (WAN) and about data re- ceived from and transmitted to computers in the local network (LAN).

  • Page 198: System Log

    7.3 System Log Select the System log tab to display a list of the most recent activity that has taken place on GlobeSurfer 3G. Figure 7.3: System Log...

  • Page 199: System Up Time

    7.4 System Up Time Select the System tab to display the amount of time that has passed since the system was last started. Figure 7.4: System Up Time...

  • Page 200: A Glossary

    Glossary PAP Password Authentication Protocol, the most basic form of authentica- tion, in which a user’s name and password are transmitted over a net- work and compared to a table of name-password pairs. Typically, the passwords stored in the table are encrypted. The Basic Authentication feature built into the HTTP protocol uses PAP.
  • Page 201 PPTP Point-to-Point Tunneling Protocol, a technology for creating Virtual Pri- vate Networks (VPNs). Because the Internet is essentially an open net- work, the Point-to-Point Tunneling Protocol (PPTP) is used to ensure that messages transmitted from one VPN node to another are secure. With PPTP, users can dial in to their corporate network via the Internet.
  • Page 202 DHCP Acronym for Dynamic Host Configuration Protocol. A TCP/IP protocol that automatically assigns temporary IP addresses to computers on a lo- cal area network (LAN). GlobeSurfer 3G supports the use of DHCP. You can use DHCP to share one Internet connection with multiple computers on a network.
  • Page 203 Domain In a networked computer environment, a collection of computers that share a common domain database and security policy. A domain is administered as a unit with common rules and procedures, and each domain has a unique name. Domain name An address of a network connection that identifies the owner of that address in a hierarchical format: server.organization.type.
  • Page 204 I-E-E-E. Infrastructure network A network configuration in which wireless devices connect to a wireless access point (such as GlobeSurfer 3G) instead of connecting to each other directly.
  • Page 205 Internet domain In a networked computer environment, a collection of com- puters that share a common domain database and security policy. A do- main is administered as a unit with common rules and procedures, and each domain has a unique name. Intranet A network within an organization that uses Internet technologies (such a Web browser for viewing information) and protocols (such as TCP/IP), but is available only to certain people, such as employees of a...
  • Page 206 mapping A process that allows one computer to communicate with a resource located on another computer on the network. For example, if you want to access a folder that resides on another computer, you ”map to” that folder, as long as the computer that holds the folder has been configured to share it.
  • Page 207 PING A protocol for testing whether a particular computer is connected to the Internet by sending a packet to the computer’s IP address and waiting for a response. Plug and Play A set of specifications that allows a computer to automatically detect and configure various peripheral devices, such as monitors, modems, and printers.
  • Page 208 10Mbit per second. Unlike the Crossover cable, straight-through cable has the same order of pin contacts on each end-plug of the cable. Subnet A distinct network that forms part of a larger computer network. Sub- nets are connected through routers and can use a shared network address to connect to the Internet.
  • Page 209 WAN Acronym for Wide Area Network. A geographically widespread network that might include many linked local area networks. Wi-Fi A term commonly used to mean the wireless 802.11b standard. Wireless Refers to technology that connects computers without the use of wires and cables.

Table of Contents