Download Print this page

EtherWAN EW200 User Manual

EtherWAN EW200 User Manual

Industrial cellular gateway

Table Of Contents

page of 387

/ 387
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual

Industrial Cellular Gateway

EW200

User Manual

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the EW200 and is the answer not in the manual?

Questions and answers

Summary of Contents for EtherWAN EW200

Page 1 Industrial Cellular Gateway EW200 User Manual...
Page 2 Disclaimer of Liability The information contained in this document is subject to change without notice. EtherWAN is not liable for any errors or omissions contained herein or for resulting damage in connection with the information provided in this manual.
Page 3: Preface
Preface Audience This guide is designed for the person who installs, configures, deploys, and maintains the Ethernet network. This document assumes the reader has moderate hardware, computer, and Internet skills. Document Revision Level This section provides a history of the revision changes to this document. Revision Document Version Date...
Page 4: Table Of Contents
EW200 Industrial Cellular Gateway Contents Preface ................................3 Contents ..............................4 Chapter 1 Introduction ............................9 1.1 Introduction............................9 1.2 Contents List ............................. 10 1.2.1 Package Contents........................10 1.3 Hardware Configuration ........................11 1.4 LED Indicators ..........................13 1.5 Installation & Maintenance........................ 14 1.5.1 SYSTEM REQUIREMENTS ....................
Page 5 EW200 Industrial Cellular Gateway 2.3 Wi-Fi ..............................75 2.3.1 Wi-Fi Configuration........................ 76 2.3.2 Wireless Client List ........................ 86 2.3.3 Advanced Configuration ......................88 2.4 IPv6 ..............................90 2.4.1 IPv6 Configuration ......................... 90 2.5 Port Forwarding ..........................101 2.5.1 Configuration ........................102 2.5.2 Virtual Server &...
Page 6 EW200 Industrial Cellular Gateway Chapter 4 Field Communication ........................172 4.1 Bus & Protocol ..........................172 4.1.1 Port Configuration ........................ 172 4.1.2 Virtual COM ......................... 174 4.1.3 Modbus ..........................184 4.2 Data Interchange ..........................194 4.2.1 OPC UA ..........................194 4.2.2 MQTT ..........................
Page 7 EW200 Industrial Cellular Gateway 6.2 System Operation ..........................300 6.2.1 Password & MMI ......................... 300 6.2.2 System Information ......................302 6.2.3 System Time ......................... 303 6.2.4 System Log........................... 306 6.2.5 Backup & Restore ......................... 310 6.2.6 Reboot & Reset ........................311 6.3 FTP ..............................
Page 8 EW200 Industrial Cellular Gateway 8.2.2 LAN & VLAN Status ......................365 8.2.3 Wi-Fi Status .......................... 366 8.2.4 DDNS Status ........................369 8.3 Security ............................370 8.3.1 VPN Status ........................... 370 8.3.2 Firewall Status ........................374 8.4 Administration..........................378 8.4.1 Configure & Manage Status ....................378 8.4.2 Log Storage Status ........................
Page 9: Chapter 1 Introduction
(256-bit AES encryption) link. The DI/DO feature allows the gateway to respond in real time to events detected by sensors. This EW200 is equipped with a host of security features including VPN, firewall, NAT, port forwarding, DHCP server and other features for outdoor IP surveillance applications. Redundant 12-48 VDC power terminals and dual SIM cards ensure data transmission and network connection without loss.
Page 10: Contents List
EW200 Industrial Cellular Gateway 1.2 Contents List 1.2.1 Package Contents #Standard Package Items Description Contents Quantity EW200 1pcs Industrial Cellular Gateway 8 pin Terminal Block 1pcs 4 pin Terminal Block 1pcs DIN-Rail Bracket 1pcs...
Page 11: Hardware Configuration
EW200 Industrial Cellular Gateway 1.3 Hardware Configuration  Front View 3G/4G 2.4G/5GHz Wi-Fi Ant. Indicators Antenna Reset Serial SIM B SIM A Port Button Port Slot Slot Auto MDI/MDIX RJ45 Ports Auto MDI/MDIX RJ45 Port 4x Gb LAN 1x Gb Configurable WAN ※Reset Button...
Page 12 EW200 Industrial Cellular Gateway DC Power Earth Ground DI/DO Terminal Block Screw Terminal Block...
Page 13: Led Indicators
EW200 Industrial Cellular Gateway 1.4 LED Indicators LED Color LED Icon Indication Description Power Source 1 Blue Steady ON: Device is powered on by power source 1 Power Source 2 Blue Steady ON: Device is powered on by power source 2...
Page 14: Installation & Maintenance
EW200 Industrial Cellular Gateway 1.5 Installation & Maintenance 1.5.1 SYSTEM REQUIREMENTS  A gigabit Ethernet RJ45 cable  3G/4G cellular service subscription Network Requirements  IEEE 802.11 a/b/g/n/ac wireless clients  10/100/1000 Ethernet adapter on PC Computer with the following: ...
Page 15: Hot Surface Caution
EW200 Industrial Cellular Gateway 1.5.3 HOT SURFACE CAUTION CAUTION: The surface temperature for the metallic enclosure can be very high! Especially after long periods of operation, when installed in a closed cabinet without air conditioning, or in a location with a high ambient temperature.
Page 16: Product Information For Ce Red Requirements
EW200 Industrial Cellular Gateway 1.5.4 Product Information for CE RED Requirements The following product information is required to be presented in product User Manual for latest CE RED requirements. (1) Frequency Band & Maximum Power 1.a Frequency Band for Cellular Connection...
Page 17 EW200 Industrial Cellular Gateway (3) Country List for Restrictions (for products with 5GHz radio) For EU/EFTA, this product can be used in all EU member states and EFTA countries. (4) RF Exposure Statements The antenna of the product, under normal use condition, should be at least 20 cm away from the body of...
Page 18: Hardware Installation
This chapter describes how to install and configure the hardware 1.6.1 Mount the Unit The EW200 series product can be mounted on a wall, horizontal plane, or DIN Rail in a cabinet with the mounting accessories (brackets or DIN-rail kit). The mounting accessories are not screwed on the product when shipped from factory.
Page 19: Connecting Power
EW200 Industrial Cellular Gateway 1.6.3 Connecting Power EW200 series product can be powered by connecting one or two power sources to the terminal block. It supports dual 12 to 48V DC power inputs. The following picture indicates the power terminal block pin assignments.
Page 20 EW200 Industrial Cellular Gateway The terminal pin number assignment is shown below Connect the live line, neutral line and earth line to the corresponding locations.  DC Power Terminal Block Installation The Power Supply unit may consist of one set or two sets of DC power output contacts.
Page 21 EW200 Industrial Cellular Gateway Finally, connect the power plug of the power supply cable to an outlet. The power supply units will turn on and provide DC power to the connected device.
Page 22: Connecting Di/Do Devices
EW200 Industrial Cellular Gateway 1.6.5 Connecting DI/DO Devices There is one DI (digital input) and one DO (digital output) port next to the power terminal block. Refer to the following specification for connection of DI and DO devices. Mode Specification...
Page 23: Connecting Serial Devices
EW200 Industrial Cellular Gateway 1.6.6 Connecting Serial Devices The EW200 has a 4-pin Terminal Block serial port for connecting to your serial device. Connect the serial device to the terminal block with the right pin assignments of RS-232/485 (shown below).
Page 24: Setup By Configuring Web Ui
EW200 Industrial Cellular Gateway 1.6.8 Setup by Configuring WEB UI You can use the web UI to configure the device. The IP Address is (http://192.168.123.254) When you see the login page, enter the password ‘admin’ and then click ‘Login’ button.
Page 25: Chapter 2 Basic Network
EW200 Industrial Cellular Gateway Chapter 2 Basic Network 2.1 WAN & Uplink The gateway provides multiple WAN interfaces to let client hosts in the Intranet of the gateway access the Internet via ISP. But ISPs in the world apply various connection protocols to let gateways or user's devices dial in to ISPs and then link to the Internet via different kinds of media.
Page 26: Physical Interface
EW200 Industrial Cellular Gateway 2.1.1 Physical Interface M2M gateways are usually equipped with various WAN interfaces to support different WAN connection scenarios. You can configure the WAN interfaces one by one to get proper internet connection setup. Refer to the product specification for the available WAN interfaces in your model.
Page 27 EW200 Industrial Cellular Gateway POWER OFF the gateway before you insert or  remove a SIM card. The SIM card can be damaged if you insert or  remove SIM card while the gateway is in operation. Attention Operation Mode: There are three option items “Always on”, “Failover”, and “Disable”...
Page 28 EW200 Industrial Cellular Gateway Seamless Failover: In addition, there is a "Seamless" option for Failover operation mode. When seamless option is activated by checking the "Seamless" box in the configuration window, both the primary connection and the failover connection are started up after system rebooting.
Page 29 EW200 Industrial Cellular Gateway Physical Interface Setting Go to Basic Network > WAN > Physical Interface tab. The Physical Interface allows for the setup of the physical WAN interface and adjustment of WAN’s behavior. Note: Number of available WAN Interfaces varies by model.
Page 30 EW200 Industrial Cellular Gateway Interface Configuration: Interface Configuration Item Value setting Description 1. Required setting Select one expected interface from the available interface dropdown list. 2. WAN-1 is the primary Depending on the gateway model, Disable and Failover options will be...
Page 31: Internet Setup
EW200 Industrial Cellular Gateway 2.1.2 Internet Setup After specifying the physical interface for each WAN connection, the connection profile must be configured to satisfy the dial-in process of the ISP, so that all client hosts in the Intranet of the gateway can access the Internet.
Page 32 EW200 Industrial Cellular Gateway Internet Connection List - Ethernet WAN WAN Type for Ethernet Interface: Ethernet is the most common WAN and uplink interface for M2M gateways. Usually it is connected with xDSL or cable modem for you to setup the WAN connection. There are various WAN types for connection with an ISP.
Page 33 EW200 Industrial Cellular Gateway WAN Type = Dynamic IP When selected, "Dynamic IP WAN Type Configuration" will appear. Items and settings are explained below Dynamic IP WAN Type Configuration Item Value setting Description Host Name Enter the host name provided by your service provider.
Page 34 EW200 Industrial Cellular Gateway Static IP WAN Type Configuration Item Value setting Description WAN IP Address Required setting Enter the WAN IP address given by your service provider WAN Subnet Mask Required setting Enter the WAN subnet mask given by your service provider...
Page 35 EW200 Industrial Cellular Gateway WAN Type= PPTP When selected, "PPTP WAN Type Configuration" will appear. Items and settings are explained below PPTP WAN Type Configuration Item Value setting Description Select either Static or Dynamic IP address for PPTP Internet connection.
Page 36 EW200 Industrial Cellular Gateway WAN Type= L2TP When selected, "L2TP WAN Type Configuration" will appear. Items and settings are explained below L2TP WAN Type Configuration Item Value setting Description Select either Static or Dynamic IP address for L2TP Internet connection.
Page 37 EW200 Industrial Cellular Gateway Ethernet Connection Common Configuration There are some important parameters to be set up no matter which type of WAN is selected. Connection Contro Auto-reconnect: The gateway will establish an Internet connection automatically once it has been booted up, and try to reconnect once the connection is down.
Page 38 EW200 Industrial Cellular Gateway Manually: This gateway will not start to establish a WAN connection until the “Connect” button in web UI is pressed. After normal data transfer between LAN and WAN sides, this gateway will disconnect if idle time reaches value of Maximum Idle Time.
Page 39 EW200 Industrial Cellular Gateway Set up “Ethernet Common Configuration” Ethernet WAN Common Configuration Item Value setting Description There are three connection modes.  Auto-reconnect enables the router to always keep the Internet connection on.  Connect-on-demand enables the router to automatically re- establish Internet connection as soon as user attempts to access the Internet.
Page 40 EW200 Industrial Cellular Gateway  Target1 (DNS1 set by default) specifies the first target of sending DNS query/ICMP requests.  DNS1: set the primary DNS to be the target.  DNS2: set the secondary DNS to be the target. ...
Page 41 EW200 Industrial Cellular Gateway Other Host: enter an IP address to be the target. Target1 specifies the second target of sending DNS query/ICMP requests. None: no second target is required. 1. Optional setting DNS1: set the primary DNS to be the target.
Page 42 EW200 Industrial Cellular Gateway Internet Connection – 3G/4G WAN Preferred SIM Card – Dual SIM Failover For 3G/4G embedded devices, one embedded cellular module can create only one WAN interface. This device features dual SIM cards for one module with special fail-over mechanism. It is called Dual SIM Failover. This feature is useful for ISP switch-over when location is changed.
Page 43 EW200 Industrial Cellular Gateway SIM-A/SIM-B only: When “SIM-A Only” or “SIM-B Only” is used, the specified SIM slot card is the only one to be used for negotiation parameters between gateway device and cellular ISP. SIM-A / SIM-B first without enable Failback By default, “SIM-A First”...
Page 44 EW200 Industrial Cellular Gateway 3G/4G Connection Configuration Item Value setting Description 1. Required setting From the dropdown box, select the Internet connection method for 3G/4G WAN Type 2. 3G/4G is set by WAN Connection. Only 3G/4G is available. default. Choose which SIM card you want to use for the connection.
Page 45 EW200 Industrial Cellular Gateway Connection with SIM-A/-B Card Item Value setting Description Select Auto to register a network automatically, regardless of the network type. Select 2G Only to register 2G networks only. 1. Required setting Select 2G Prefer to register 2G networks first if available.
Page 46 EW200 Industrial Cellular Gateway 2. String format: IP setting. If it is not filled-in, the server address is given by the carrier while address (IPv4 type) dialing-up. 1. Optional setting Enter the IP address to change the secondary DNS (Domain Name Server) Secondary DNS 2.
Page 47 EW200 Industrial Cellular Gateway 1. Required setting Select the Authentication method for the 3G/4G connection. Authentication 2. Auto is selected by It can be Auto, PAP, CHAP, or None. default Enter the value for the dial-up order. The valid value is from 1 to 16. It will 1.
Page 48 EW200 Industrial Cellular Gateway 2. By default 600 connection when the connection has idle timed out. seconds is filled-in Value Range: 300 ~ 86400. Note: This field is available only when Connect-on-demand or Connect Manually is selected as the connection control scheme.
Page 49 EW200 Industrial Cellular Gateway Query Interval defines the transmitting interval between two DNS Query or ICMP checking packets. Check the Enable box to activate the loading check function. Enable Loading Check allows the gateway to ignore unreturned DNS queries or ICMP requests when WAN bandwidth is fully occupied. This is to prevent false link-down status.
Page 50: Load Balance
EW200 Industrial Cellular Gateway 2.1.3 Load Balance When there are multiple WAN interfaces, and when the bandwidth of one WAN connection is not enough for the traffic loads from the Intranet to the Internet, the WAN load balance function can be used to enlarge the total WAN bandwidth.
Page 51 EW200 Industrial Cellular Gateway By Specific Weight When "By Specific Weight" is selected, you need to set up the ratio of WAN-1/WAN-2 to decide the sessions sent ratio. Total ratio should be 100%. The ratio is usually defined based on the practical WAN speed of the environment.
Page 52 EW200 Industrial Cellular Gateway Load Balance Setting Go to Basic Network > WAN & Uplink > Load Balance Tab. The Load Balance function is used to manage balanced bandwidth usage among multiple WAN connections When "By Smart Weight" is chosen, the system will operate load balancing automatically based on the embedded Smart Weight algorithm.
Page 53 EW200 Industrial Cellular Gateway Weight Definition Item Value setting Description WAN ID The Identifier for each available WAN interface Enter the weight ratio for each WAN interface. 1. Required setting Initially, the bandwidth ratio of each WAN is set by default.
Page 54 EW200 Industrial Cellular Gateway User Policy Configuration Item Value setting Description There are four options: Any: No specific Source IP is provided. The traffic may come from any source Subnet: Specify the subnet for the traffic source. Input format is: Source IP 1.
Page 55: Lan & Vlan
EW200 Industrial Cellular Gateway 2.2 LAN & VLAN This section describes the configuration of LAN and VLAN. VLAN is an optional feature, and its presence depends on the gateway model. 2.2.1 Ethernet LAN The Local Area Network (LAN) can be used to share data or files among computers attached to a network.
Page 56 EW200 Industrial Cellular Gateway Undo Click the Undo button to restore previous settings. Create / Edit Additional IP This gateway provides the LAN IP alias function for special management considerations. You can add additional LAN IPs for this gateway, and access this gateway through the additional IPs.
Page 57: Vlan
EW200 Industrial Cellular Gateway 2.2.2 VLAN VLAN (Virtual LAN) is a logical network under a certain switch or router device to group client hosts with a specific VLAN ID. This gateway supports both Port-based VLAN and Tag-based VLAN. These functions allow you to divide local network into different “virtual LANs”.
Page 58 EW200 Industrial Cellular Gateway and DHCP-2 server equipped. Finally, the administrator also configures the Data Center segment with VLAN ID 1. The VLAN group includes Port-1 with NAT mode to WAN interface as shown in following diagram. The above shows a general case for a gateway with 3 Ethernet LAN ports. If the device has only one Ethernet LAN port, there will be only one VLAN group for the device.
Page 59 EW200 Industrial Cellular Gateway The administrator designs 3 network segments, Lab, Meeting Rooms, and Office. In a Secure VPN Gateway, the administrator can configure the Office segment with VLAN ID 12. The VLAN group is equipped with DHCP- 3 server to construct a 192.168.12.x subnet. He also configures the Meeting Rooms segment with VLAN ID 11.
Page 60 EW200 Industrial Cellular Gateway  VLAN Groups Access Control The administrator can specify the Internet access permission for all VLAN groups. He can also configure which VLAN groups are allowed to communicate with each other. VLAN Group Internet Access The administrator can specify members of one VLAN group to be able to access Internet or not. Following is an example that VLAN groups of VID is 2 and 3 can access Internet but the one with VID 1 cannot access Internet.
Page 61 EW200 Industrial Cellular Gateway Inter VLAN Group Routing: In Port-based tagging, the administrator can specify member hosts of one VLAN group to be able or not able to communicate with another VLAN group. This is a communication pair, and one VLAN group can join many communication pairs.
Page 62 EW200 Industrial Cellular Gateway VLAN Setting Go to Basic Network > LAN & VLAN > VLAN Tab. The VLAN function allows you to divide a local network into different virtual LANs, either port-based or tag- based. Configuration Item Value setting...
Page 63 EW200 Industrial Cellular Gateway Port-based VLAN Configuration Item Value setting Description 1. Required setting Define the Name of this rule. It has default text and cannot be modified. Name 2. String format: already has default text VLAN ID Required setting Define the VLAN ID number, range is 1~4094.
Page 64 EW200 Industrial Cellular Gateway Note: The available member list will depend on product model. WAN & WAN All WANs is selected by Select which WAN or All WANs that allow accessing Internet. VID to Join default. Note: If Bridge mode is selected, you need to select a WAN and enter a VID.
Page 65 EW200 Industrial Cellular Gateway Additionally, you can add some IP rules to the IP Fixed Mapping Rule List if DHCP Server for the VLAN groups is required. When Add button is applied, the Mapping Rule Configuration screen will appear. Mapping Rule Configuration...
Page 66 EW200 Industrial Cellular Gateway Port-based VLAN – Inter VLAN Group Routing Click the VLAN Group Routing button, and the VLAN Group Internet Access Definition and Inter VLAN Group Routing screen will appear. When Edit button is applied, a screen similar to this will appear.
Page 67 EW200 Industrial Cellular Gateway Tag-based VLAN – Create/Edit VLAN Rules The Tag-based VLAN allows you to customize each LAN port according to VLAN ID. There is a default rule that shows the configuration of all LAN ports and all VAPs. If your device has a DMZ port, you will see DMZ configuration too.
Page 68: Dhcp Server
EW200 Industrial Cellular Gateway 2.2.3 DHCP Server  DHCP Server The gateway supports up to 4 DHCP servers to fulfill the DHCP requests from different VLAN groups (refer to VLAN section for details). There is one default setting for whose LAN IP Address is the same as the gateway LAN interface, with its default Subnet Mask setting as “255.255.255.0”, and its default IP Pool range is from...
Page 69 EW200 Industrial Cellular Gateway  Fixed Mapping User can assign fixed IP address to a specific client MAC address, when targets already exist in the DHCP Client List, or add other Mapping Rules manually in advance.
Page 70 EW200 Industrial Cellular Gateway DHCP Server Setting Go to Basic Network > LAN & VLAN > DHCP Server Tab. The DHCP Server setting allows user to create and customize DHCP Server policies to assign IP Addresses to the devices on the local area network (LAN) Create / Edit DHCP Server Policy The gateway allows you to customize your DHCP Server Policy.
Page 71 EW200 Industrial Cellular Gateway DHCP Server Configuration Item Value setting Description DHCP Server 1. String format, any text Enter a DHCP Server name. Name 2. Required setting LAN IP 1. IPv4 format. The LAN IP Address of this DHCP Server.
Page 72 EW200 Industrial Cellular Gateway Mapping Rule Configuration Item Value setting Description 1. MAC Address string MAC Address format The MAC Address of this mapping rule. 2. Required setting 1. IPv4 format. IP Address The IP Address of this mapping rule.
Page 73 EW200 Industrial Cellular Gateway Option Meaning TFTP server name [RFC 2132] Default World Wide Web Server [RFC 2132] [RFC 3679] Create / Edit DHCP Server Options The gateway supports up to a maximum of 99 option settings. When Add/Edit button is applied, DHCP Server Option Configuration screen will appear.
Page 74 EW200 Industrial Cellular Gateway DHCP Server Option Configuration Item Value setting Description 1. String format, any text Option Name Enter a DHCP Server Option name. 2. Required setting. DHCP Server Dropdown list of all available Choose the DHCP server this option should apply to.
Page 75: Wi-Fi
EW200 Industrial Cellular Gateway 2.3 Wi-Fi The gateway provides Wi-Fi interface for mobile devices to access Internet/Intranet. The Wi-Fi function is usually modulized design in the gateway, and there can be single or dual modules within a gateway. The Wi-Fi system in the gateway complies with the IEEE 802.11ac/11n/11g/11b standard in 2.4GHz or 5GHz single band...
Page 76: Wi-Fi Configuration
EW200 Industrial Cellular Gateway 2.3.1 Wi-Fi Configuration Due to optional module(s) and frequency band, you need to set up modules one by one. For each module, you need to specify the operation mode, and then set up the virtual APs for wireless access.
Page 77 EW200 Industrial Cellular Gateway WDS Only Mode WDS (Wireless Distributed System) Only mode drives a Wi-Fi gateway to be a bridge for its wired Intranet and a repeater to extend distance. You can use multiple Wi-Fi gateways as a Wi-Fi repeater chain with all gateways setup as "WDS Only"...
Page 78 EW200 Industrial Cellular Gateway Multiple VAPs VAP (Virtual Access Point) is a function to partition a wireless network into multiple broadcast domains. It can simulate multiple APs in one physical AP. This wireless gateway supports up to 8 VAPs. For each VAP, you need to setup SSID, authentication and encryption to control Wi-Fi client access.
Page 79 EW200 Industrial Cellular Gateway Wi-Fi Configuration Setting The Wi-Fi configuration allows user to configure 2.4GHz or 5GHz Wi-Fi settings. Go to Basic Network > Wi-Fi > Wi-Fi Module One Tab. If the gateway is equipped with two Wi-Fi modules, there will also be a Wi-Fi Module Two. You can do similar configurations on both Wi-Fi modules.
Page 80 EW200 Industrial Cellular Gateway The channel will be selected according to AP numbers (The less, the better).  By Less Interference The channel will be selected according to interference. (The lower, the better). Specify the preferred Wi-Fi System. The dropdown list of Wi-Fi system is based on IEEE 802.11 standard.
Page 81 EW200 Industrial Cellular Gateway VAP Configuration Item Value setting Description Enter the SSID for the VAP, and decide whether to broadcast the SSID. 1. String format: Any SS ID The SSID is used for identifying from another AP, and client stations will associate text with AP according to SSID.
Page 82 EW200 Industrial Cellular Gateway The client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key When WPA / WPA2 is selected It has the same settings as WPA or WPA2. The client stations can associate with this device via WPA or WPA2.
Page 83 EW200 Industrial Cellular Gateway WDS Only Mode For the WDS Only mode, the device only bridges the connected wired clients to another WDS-enabled Wi-Fi device that the device is associated with. WDS Only Mode Item Value setting Description Unchecked by Check the Enable box to activate Green AP function.
Page 84 EW200 Industrial Cellular Gateway For WDS Hybrid mode, the device bridges all the wired LAN and WLAN clients to another WDS or WDS hybrid enabled Wi-Fi devices which the device associated with. WDS Hybrid Mode Item Value setting Description Check the Enable box to activate this function.
Page 85 EW200 Industrial Cellular Gateway for connecting with wireless client devices. Click Add / Edit button in the VAL List screen to create or edit the settings for a VAP. A VAP Configuration screen will appear. For a detailed description of VAP configuration, refer to the description stated in AP-Router section.
Page 86: Wireless Client List
EW200 Industrial Cellular Gateway 2.3.2 Wireless Client List The Wireless Client List page shows the information of wireless clients which are associated with this device. Go to Basic Network > Wi-Fi > Wireless Client List Tab. Select Target Wi-Fi Target Configuration...
Page 87 EW200 Industrial Cellular Gateway RSSI0, RSSI1 It shows the RX sensitivity (RSSI) value for each radio path. Signal The signal strength between client and this device. Interface It shows the VAP ID that the client is associated with. Refresh Click the Refresh button to update the Client List immediately.
Page 88: Advanced Configuration
EW200 Industrial Cellular Gateway 2.3.3 Advanced Configuration This device provides advanced wireless configuration for professional users to optimize wireless performance under specific installation environments. Please note that if you are not familiar with Wi-Fi technology, just leave the advanced configuration at the default values.
Page 89 EW200 Industrial Cellular Gateway Item Value setting Description The default setting It limits the available radio channels of this device. Regulatory Domain depends on location The permissible channels depend on the local Regulatory Domain. where product is sold It shows the time interval between each beacon packet broadcasted.
Page 90: Ipv6
EW200 Industrial Cellular Gateway 2.4 IPv6 The growth of the Internet has created a need for more addresses than are possible with IPv4. IPv6 (Internet Protocol version 6) is a version of the Internet Protocol (IP) intended to succeed IPv4, which is the protocol currently used to direct almost all Internet traffic.
Page 91 EW200 Industrial Cellular Gateway IPv6 WAN Connection Type Static IPv6 Static IPv6 does the same function as static IPv4. The static IPv6 provides manual setting of IPv6 address, IPv6 default gateway address, and IPv6 DNS. Above diagram depicts IPv6 IP addressing. Use the information provided by your ISP to setup the IPv6 network.
Page 92 EW200 Industrial Cellular Gateway IPv6 default gateway address, and IPv6 DNS to client hosts automatically. PPPoEv6 PPPoEv6 in IPv6 performs the same function as PPPoE in IPv4. The PPPoEv6 server provides configuration parameters based on PPPoEv6 client requests. When a PPPoEv6 server gets a client request and successfully authenticates it, the server sends IP address, DNS server addresses and other required parameters to automatically configure the client.
Page 93 EW200 Industrial Cellular Gateway In the above diagram, the 6to4 means there is no need to set gateway address "automatic" tunneling solution. The relay server, as defined in RFC 3068 has included segments 192.88.99.0/24 used as 6to4 relay of any-cast address to complete 6in4 setting.
Page 94 EW200 Industrial Cellular Gateway IPv6 Configuration Setting Go to Basic Network > IPv6 > Configuration Tab. The IPv6 Configuration setting allows user to set the IPv6 connection type to access the IPv6 network. IPv6 Configuration Item Value setting Description IPv6 Unchecked by default Check the Enable box to activate the IPv6 function.
Page 95 EW200 Industrial Cellular Gateway Item Value setting Description IPv6 Address Required setting Enter the WAN IPv6 Address for the router. Subnet Prefix Required setting Enter the WAN Subnet Prefix Length for the router. Length Default Gateway Required setting Enter the WAN Default Gateway IPv6 address.
Page 96 EW200 Industrial Cellular Gateway DHCPv6 WAN Type Configuration DHCPv6 WAN Type Configuration Item Value setting Description The option [From Select the [Specific DNS] option to activate Primary DNS and Secondary DNS. Server] is selected by Then fill in the DNS information.
Page 97 EW200 Industrial Cellular Gateway PPPoEv6 WAN Type Configuration PPPoEv6 WAN Type Configuration Item Value setting Description Enter the Account for setting up PPPoEv6 connection. If you need more Account Required setting information, contact your ISP. Value Range: 0 ~ 45 characters.
Page 98 EW200 Industrial Cellular Gateway reboot the router. 6to4 WAN Type Configuration 6to4 WAN Type Configuration Item Value setting Description 6to4 Address Value auto-created IPv6 address for access the IPv6 network. Primary DNS Optional setting Enter the WAN primary DNS Server.
Page 99 EW200 Industrial Cellular Gateway 6in4 WAN Type Configuration Locate an IPv6 tunnel broker to establish 6in4 tunnel. Then enter the Local IPv4 address of router into Client IPv4 Address field in IPv6 tunnel broker setting page. 6in4 WAN Type Configuration...
Page 100 EW200 Industrial Cellular Gateway Address Auto-configuration Item Value setting Description Auto-configuration Unchecked by default Check to enable the Auto configuration feature. Define the selected IPv6 WAN Connection Type to establish the IPv6 connectivity. Select Stateless to manage the Local Area Network to be SLAAC + RDNSS Router Advertisement Lifetime (Required setting): Enter the Router Advertisement Lifetime (in seconds).
Page 101: Port Forwarding
EW200 Industrial Cellular Gateway 2.5 Port Forwarding Network address translation (NAT) is a methodology of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. The technique was originally used for ease of rerouting traffic in IP networks without renumbering every host.
Page 102: Configuration
EW200 Industrial Cellular Gateway 2.5.1 Configuration NAT Loopback This feature allows you to access the WAN global IP address from your inside NAT local network. It is useful when you run a server inside your network. For example, if you set a mail server at LAN side, your local devices can access this mail server through gateway’s global IP address when NAT loopback feature is enabled.
Page 103: Virtual Server & Virtual Computer
EW200 Industrial Cellular Gateway 2.5.2 Virtual Server & Virtual Computer There are some important Port Forwarding functions implemented within the gateway, including "Virtual Server", "NAT loopback" and "Virtual Computer". These allow personnel to access servers behind the gateway from outside the network. Those servers can be set up by using "Virtual Server"...
Page 104 EW200 Industrial Cellular Gateway Virtual Server & NAT Loopback "Virtual Server" allows you to access servers with the global IP address or FQDN of the gateway as if they are servers existing in the Internet. But in fact, these servers are located in the Intranet and are physically behind the gateway.
Page 105 EW200 Industrial Cellular Gateway Virtual Server & Virtual Computer Setting Go to Basic Network > Port Forwarding > Virtual Server & Virtual Computer tab. Enable Virtual Server and Virtual Computer Configuration Item Value setting Description Virtual Server Unchecked by default...
Page 106 EW200 Industrial Cellular Gateway Virtual Server Rule Configuration Item Value setting Description Define the selected interface to be the packet-entering interface of the gateway. If the packets to be filtered are coming from WAN-x then select WAN-x for this 1. Required setting WAN Interface field.
Page 107 EW200 Industrial Cellular Gateway When “TCP & UDP” is selected, protocol of packet filter rule is TCP and UDP. Public Port is a predefined port from Well-known Service, and Private Port is the same as Public Port number. When Public Port is set as Single Port and a port number specified, Private Port can be set as Single Port number.
Page 108 EW200 Industrial Cellular Gateway Create / Edit Virtual Computer The gateway allows you to customize your Virtual Computer rules. It supports up to a maximum of 20 rule- based Virtual Computer sets. When the Add button is applied, the Virtual Computer Rule Configuration screen will appear.
Page 109: Dmz & Pass Through
EW200 Industrial Cellular Gateway 2.5.3 DMZ & Pass Through A DMZ (Demilitarized Zone) Host is a host that is exposed to the Internet but still within the protection of a firewall by gateway device. This function allows a computer to execute 2-way communication for Internet games, Video conferencing, Internet telephony and other special applications.
Page 110 EW200 Industrial Cellular Gateway VPN Pass through Scenario Since VPN traffic is different from that of TCP or UDP connection, it will be blocked by NAT gateway. To support the pass through function for the VPN connections initiating from VPN clients behind NAT gateway, the gateway must implement some kind of VPN pass through function for such application.
Page 111: Special Ap & Alg
EW200 Industrial Cellular Gateway 2.5.4 Special AP & ALG A NAT gateway doesn't allow active connection requests from the outside world, they are ignored. But at the client hosts in the Intranet, users may use applications that need more service ports to be allowed for passing through the NAT gateway.
Page 112 EW200 Industrial Cellular Gateway SIP ALG This gateway supports the SIP ALG feature to allow one SIP phone behind the NAT gateway to call another SIP phone in the Internet, even if the gateway executes its NAT mechanism between the Intranet and the Internet.
Page 113 EW200 Industrial Cellular Gateway Special AP & ALG Setting Go to Basic Network > Port Forwarding > Special AP & ALG tab. The Special AP setting allows some applications require multiple connections. The ALG setting allows user to Support some SIP ALG, like STUN.
Page 114 EW200 Industrial Cellular Gateway IP Translation Configuration Item Value setting Description WAN Interface 1. Required setting Check the interface box(es) for which the Special AP rule will be applied. 2. All is checked by By default, All is checked, and the Special AP rule will be applied to all WAN default.
Page 115: Routing
EW200 Industrial Cellular Gateway 2.6 Routing If you have more than one router and subnet, you will need to enable routing in order to allow packets to find a proper routing path and allow different subnets to communicate with each other. Routing is the process of selecting best paths in a network.
Page 116: Static Routing
EW200 Industrial Cellular Gateway 2.6.1 Static Routing "Static Routing" lets you define the routing paths for some dedicated hosts/servers or subnets to be stored in the routing table of the gateway. The gateway routes incoming packets to different peer gateways based on the routing table.
Page 117 EW200 Industrial Cellular Gateway Static Routing Setting Go to Basic Network > Routing > Static Routing Tab. There are three configuration windows for the static routing feature, including "Configuration", "Static Routing Rule List" and "Static Routing Rule Configuration". "Configuration" window lets you activate the global static routing feature.
Page 118 EW200 Industrial Cellular Gateway IPv4 Static Routing Item Value setting Description 1. IPv4 Format Destination IP Specify the Destination IP of this static routing rule. 2. Required setting 255.255.255.0 (/24) is set by Subnet Mask Specify the Subnet Mask of this static routing rule.
Page 119: Dynamic Routing
EW200 Industrial Cellular Gateway 2.6.2 Dynamic Routing Dynamic Routing, also called adaptive routing, describes the capability of a system, through which routes are characterized by their destination, to alter the path that the route takes through the system in response to a change in network conditions.
Page 120 EW200 Industrial Cellular Gateway RIP Scenario The Routing Information Protocol (RIP) is one of the oldest distance-vector routing protocols. It employs the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from the source to a destination.
Page 121 EW200 Industrial Cellular Gateway BGP Scenario Border Gateway Protocol (BGP) is a standard exterior gateway protocol designed to exchange routing and reachability information between autonomous systems (AS) on the Internet. It usually makes routing decisions based on paths, network policies, or rule-sets.
Page 122 EW200 Industrial Cellular Gateway Dynamic Routing Setting Go to Basic Network > Routing > Dynamic Routing Tab. The dynamic routing setting allows user to customize RIP, OSPF, and BGP protocols through the router based on their office settings. In the "Dynamic Routing" page, there are seven configuration windows for dynamic routing feature. They are "RIP Configuration", "OSPF Configuration", "OSPF Area List", "OSPF Area Configuration", "BGP Configuration",...
Page 123 EW200 Industrial Cellular Gateway RIP Configuration RIP Configuration Item Value setting Description Select Disable to disable RIP protocol. RIP Enable Disable is set by default Select RIP v1 to enable RIPv1 protocol. Select RIP v2 to enable RIPv2 protocol. OSPF Configuration...
Page 124 EW200 Industrial Cellular Gateway Create / Edit OSPF Area Rules The gateway allows you to customize your OSPF Area List rules. It supports up to a maximum of 32 rule sets. When the Add button is applied, the OSPF Area Rule Configuration screen will appear.
Page 125 EW200 Industrial Cellular Gateway BGP Configuration BGP Network Configuration Item Value setting Description Unchecked by default Check the Enable box to activate the BGP protocol. 1. Numeric String Format The ASN Number of this router on BGP protocol. 2. Required setting Value Range: 1 ~ 4294967295.
Page 126 EW200 Industrial Cellular Gateway Create / Edit BGP Neighbor Rules The gateway allows you to customize your BGP Neighbor rules. It supports up to a maximum of 32 rule sets. When the Add button is applied, the BGP Neighbor Rule Configuration screen will appear.
Page 127: Routing Information
EW200 Industrial Cellular Gateway 2.6.3 Routing Information The routing information allows user to view the routing table and policy routing information. Policy Routing Information is only available when the Load Balance function is enabled and the Load Balance Strategy is By User Policy Go to Basic Network >...
Page 128: Dns & Ddns
EW200 Industrial Cellular Gateway 2.7 DNS & DDNS How does a user access your server if your WAN IP address changes all the time? One way is to register a new domain name, and maintain your own DNS server. Another simpler way is to apply a domain name to a third- party DDNS service provider.
Page 129 EW200 Industrial Cellular Gateway Dynamic DNS To host your server on a changing IP address, you have to use dynamic domain name service (DDNS). Therefore, anyone wishing to reach your host only needs to know the domain name. Dynamic DNS will...
Page 130 EW200 Industrial Cellular Gateway DNS & DDNS Setting Go to Basic Network > DNS & DDNS > Configuration Tab. The DNS & DDNS setting allows user to create/modify pre-defined domain name list and setup Dynamic DNS feature. Create / Edit Pre-defined Domain Name List The gateway allows you to customize your pre-defined domain name list.
Page 131 EW200 Industrial Cellular Gateway Setup Dynamic DNS The gateway allows you to customize your Dynamic DNS settings. DDNS (Dynamic DNS) Configuration Item Value setting Description DDNS Unchecked by default Check the Enable box to activate this function. WAN Interface WAN 1 is set by default Select the WAN Interface IP Address of the gateway.
Page 132 EW200 Industrial Cellular Gateway Setup DNS Redirect DNS redirect is a special function to redirect certain traffic to a specified host. The administrator can manage the internet / intranet traffic that will access a restricted DNS and force that traffic to be redirected to a specified host.
Page 133 EW200 Industrial Cellular Gateway Redirect Rule Configuration Item Value setting Description Enter a domain name to be redirected. The traffic to specified domain name will 1. String format, any text Domain Name be redirect to the following IP address. 2. Required setting Value Range: at least 1 character is required;...
Page 134: Qos
EW200 Industrial Cellular Gateway 2.8 QoS The total amount of data traffic is steadily increasing due to the higher demands of mobile applications such as games / chat / VoIP / P2P / video / web access. The main goal of QoS (Quality of Service) is prioritizing incoming data, and preventing data loss due to factors such as jitter, delay and dropping.
Page 135 EW200 Industrial Cellular Gateway In the above diagram, a QoS rule is organized by the premise part and the conclusion part. In the premise part, you must specify the WAN interface, host group, service type in the packets, packet flow direction to be watched and the sharing method of group control or individual control.
Page 136 EW200 Industrial Cellular Gateway For bandwidth resources, control functions include guaranteeing bandwidth and limiting bandwidth. For priority queue resources, control function is setting priority. For DSCP resource, control function is DSCP marking. The last resource is Connection Sessions; the related control function is limiting connection sessions.
Page 137 EW200 Industrial Cellular Gateway QoS Rule Example #2 – DifferServ Code Points When the administrator of the gateway wants to convert the code point value, "IP Precedence 4(CS4)", in the packets from some client hosts (IP 10.0.75.196~199) to the code value, "AF Class2(High Drop)", he/she can use the "Rule-based QoS"...
Page 138 EW200 Industrial Cellular Gateway QoS Configuration Setting Go to Basic Network > QoS > Configuration tab. In "QoS Configuration" page, there are several configuration windows for QoS. They are "Configuration", “System Resource Configuration”, "QoS Rule List", and "QoS Rule Configuration".
Page 139 EW200 Industrial Cellular Gateway Set Up System Resource System Resource Configuration Item Value Setting Description Define the system queues that are available for the QoS settings. 1. Required setting. Type of System The supported type of system queues are Bandwidth Queue and Priority 2.
Page 140 EW200 Industrial Cellular Gateway Create / Edit QoS Rules After enabling QoS and configuring the system resources, you have to further specify some QoS rules to provide better service on the relevant traffic. The gateway supports up to a maximum of 128 rule-based QoS rule sets.
Page 141 EW200 Industrial Cellular Gateway before the Host Group option becomes available. Refer to Object Definition > Grouping > Host Grouping. Service 1. Required setting. Specify the service type of traffic to have the QoS rule applied. It can be All, 2.
Page 142 EW200 Industrial Cellular Gateway selected by default. Individual Control: If Individual Control is selected, each host in the group will have his own QoS service resource as specified in the rule. Group Control: If Group Control is selected, all the group hosts share the same QoS service resource.
Page 143: Redundancy
EW200 Industrial Cellular Gateway 2.9 Redundancy In engineering, redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system, usually in the form of a backup or fail-safe. In an IP network, the access gateway is the critical part of the networking system.
Page 144 EW200 Industrial Cellular Gateway As shown in the diagram, a Master Gateway and Backup Gateway are a redundant gateway group of Network-A. Subnet of network-A is 10.0.75.0/24. Master gateway has a LAN IP of 10.0.75.1 and WAN IP of 203.95.80.22.
Page 145 EW200 Industrial Cellular Gateway Server 2. Required setting Value Range: 1 ~ 254, and 254 is the highest priority. Virtual Server IP 1. IPv4 Format Specify the Virtual Server IP Address on VRRP of the gateway. Address 2. Required setting Save Click the Save button to save the configuration.
Page 146: Chapter 3 Object Definition
EW200 Industrial Cellular Gateway Chapter 3 Object Definition 3.1 Scheduling Scheduling provides the ability to add/delete time schedule rules, which can be applied to other functions. 3.1.1 Scheduling Configuration Go to Object Definition > Scheduling > Configuration tab. Button description...
Page 147 EW200 Industrial Cellular Gateway Time Period Definition Item Value Setting Description Week Day Select from menu Select every day or a weekday Start Time Time format (hh:mm) Start time in selected weekday End Time Time format (hh:mm) End time in selected weekday...
Page 148: Grouping
EW200 Industrial Cellular Gateway 3.2 Grouping The Grouping function allows user to create groups for services. 3.2.1 Host Grouping Go to Object Definition > Grouping > Host Grouping tab. The Host Grouping function allows the user to make host groups for services, such as QoS, Firewall, and Communication Bus.
Page 149 EW200 Industrial Cellular Gateway When MAC Address-based is selected, only MAC addresses can be added in Member to Join. When Host Name-based is selected, only host names can be added in Member to Join. Note: The available Group Types will differ depending on the device model.
Page 150: External Server
EW200 Industrial Cellular Gateway 3.3 External Server Go to Object Definition > External Server > External Server tab. The External Server setting allows user to add an external server. Create External Server When the Add button is applied, the External Server Configuration screen will appear.
Page 151 EW200 Industrial Cellular Gateway External Server Configuration Item Value setting Description 1. String format, any text Server Name Enter a server name. 2. Required setting Specify the Server Type of the external server, and enter the required settings for the accessing the server.
Page 152 EW200 Industrial Cellular Gateway When TACACS+ Server is selected, the following settings are also required. Shared Key (String format: any text) Session Timeout (String format: any number) The values must be between 1 and 60. SCEP Server (Required setting): When SCEP Server is selected, the following settings are also required.
Page 153: Certificates
EW200 Industrial Cellular Gateway 3.4 Certificates In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. The certificate includes information about the key, information about its owner's identity, and the digital signature of an entity that has verified the certificate's contents are genuine.
Page 154 EW200 Industrial Cellular Gateway Root CA Certificate Configuration Item Value setting Description 1. String format, any text Name Enter a Root CA Certificate name. It will be a certificate file name 2. Required setting This field is to specify the key attribute of certificate.
Page 155 EW200 Industrial Cellular Gateway Setup SCEP SCEP Configuration Description Item Value setting SCEP Unchecked by default Check the Enable box to activate SCEP function. When SCEP is activated, check the Enable box to activate this function. Automatically re-enroll aging Unchecked by default It will automatically check for certificate aging.
Page 156: My Certificate
EW200 Industrial Cellular Gateway 3.4.2 My Certificate My Certificate includes a Local Certificate List. Local Certificate List shows all generated certificates by the root CA for the gateway. It also stores the generated Certificate Signing Requests (CSR) which will be signed by other external CAs.
Page 157 EW200 Industrial Cellular Gateway all client hosts in these both subnets can communicate with each other. Parameter Setup Example For Network-A at HQ The following tables list the parameter configuration as an example for the "My Certificate" function used in the user authentication of IPsec VPN tunnel establishing, as shown in the above diagram.
Page 158 EW200 Industrial Cellular Gateway [IPsec]-[Authentication] Configuration Path IKE+X.509 Local Certificate: HQCRT Remote Certificate: BranchCRT Key Management User Name Network-A Local ID User Name Network-B Remote ID [IPsec]-[IKE Phase] Configuration Path Main Mode Negotiation Mode None X-Auth For Network-B at Branch Office The following tables list the parameter configuration as an example for the "My Certificate"...
Page 159 EW200 Industrial Cellular Gateway 255.255.255.0 Remote Netmask 203.95.80.22 Remote Gateway [IPsec]-[Authentication] Configuration Path IKE+X.509 Local Certificate: BranchCRT Remote Certificate: HQCRT Key Management User Name Network-B Local ID User Name Network-A Remote ID [IPsec]-[IKE Phase] Configuration Path Main Mode Negotiation Mode...
Page 160 EW200 Industrial Cellular Gateway My Certificate Setting Go to Object Definition > Certificate > My Certificate tab. The My Certificate setting allows user to create local certificates. In "My Certificate" page, there are two configuration windows for the "My Certificate" function. The "Local Certificate List" window shows the stored certificates or CSRs for representing the gateway.
Page 161 EW200 Industrial Cellular Gateway Local Certificate Configuration Item Value setting Description Name 1. String format, any text Enter a certificate name. It will be a certificate file name 2. Required setting If Self-signed is checked, it will be signed by root CA. If Self-signed is not checked, it will generate a certificate signing request (CSR).
Page 162 EW200 Industrial Cellular Gateway Import Item Value setting Description Import Required setting Select a certificate file from user’s computer, and click the Apply button to import the specified certificate file to the gateway. PEM Encoded 1. String format, any text This is an alternative approach to import a certificate.
Page 163: Trusted Certificate
EW200 Industrial Cellular Gateway 3.4.3 Trusted Certificate Trusted Certificate includes Trusted CA Certificate List, Trusted Client Certificate List, and Trusted Client Key List. The Trusted CA Certificate List contains the certificates of external trusted CAs. The Trusted Client Certificate List contains the others' certificates that you trust. The Trusted Client Key List contains the others’...
Page 164 EW200 Industrial Cellular Gateway For Network-A at HQ The following tables list the parameter configuration as an example for the "Trusted Certificate" function used in the user authentication of IPsec VPN tunnel establishing, as shown in the above diagram. The configuration example must be combined with the ones in "My Certificate" and "Issue Certificate"...
Page 165 EW200 Industrial Cellular Gateway protocols to Gateway 1. Finally, the client hosts in two subnets of 10.0.75.0/24 and 10.0.76.0/24 can communicate with each other.
Page 166 EW200 Industrial Cellular Gateway Trusted Certificate Setting Go to Object Definition > Certificate > Trusted Certificate tab. The Trusted Certificate setting allows user to import trusted certificates and keys. Import Trusted CA Certificate When the Import button is applied, the Trusted CA import screen will appear. You can import a Trusted CA certificate from an existing certificate file, or directly paste a PEM encoded string as the certificate.
Page 167 EW200 Industrial Cellular Gateway Get CA Configuration Item Value setting Description SCEP Server Required setting Select a SCEP Server to identify the SCEP server for use. The server detailed information can be specified in External Servers. Refer to Object Definition >...
Page 168 EW200 Industrial Cellular Gateway Item Value setting Description Select a certificate file from a connected computer, and click the Apply button to import Import from a Required setting the specified certificate file to the gateway. File This is an alternative approach to importing a certificate.
Page 169: Issue Certificate
EW200 Industrial Cellular Gateway 3.4.4 Issue Certificate When you have a Certificate Signing Request (CSR) that needs to be certified by the root CA of the device, you can issue the request here and let the Root CA sign it. There are two approaches to issue a certificate. One is importing a CSR file from the managing PC and another is to copy-paste the CSR codes in gateway’s web-...
Page 170 EW200 Industrial Cellular Gateway the certificates of the root CA of Gateway 1 into Gateway 2 as trusted ones. (Refer to "My Certificate" and "Trusted Certificate" sections). It will establish an IPsec VPN tunnel with IKE and X.509 protocols starting from either peer, so that all client hosts in these both subnets can communicate with each other.
Page 171 EW200 Industrial Cellular Gateway Issue Certificate Setting Go to Object Definition > Certificate > Issue Certificate tab. The Issue Certificate setting allows user to import Certificate Signing Request (CSR) to be signed by root CA. Import and Issue Certificate Certificate Signing Request (CSR) Import from a File...
Page 172: Chapter 4 Field Communication
EW200 Industrial Cellular Gateway Chapter 4 Field Communication 4.1 Bus & Protocol The gateway may be equipped with a serial port for serial communication by connecting an RS-232 or RS-485 serial device to an IP-based Ethernet LAN. These communication protocols make allow for easy access to serial devices anywhere over a local LAN or the Internet.
Page 173 EW200 Industrial Cellular Gateway Port Configuration Setting Go to Field Communication > Bus & Protocol > Port Configuration tab. In "Port Configuration" page, there is only one configuration window for the serial port settings. The "Configuration" window lets you specify serial port parameters including the operation mode being "Virtual COM", "Modbus"...
Page 174: Virtual Com
EW200 Industrial Cellular Gateway 4.1.2 Virtual COM Create a virtual COM port on user’s PC/Host to provide access to a serial device connected to the serial port on the gateway. This will allow access, control, and management of the connected serial device through the Internet (fixed line or cellular network).
Page 175 EW200 Industrial Cellular Gateway TCP Server Mode When the administrator expects the gateway to wait passively for the serial data requests from the Host Device, and the Host will establish a TCP connection to get data from the serial device, the operation mode for the "Virtual COM"...
Page 176 EW200 Industrial Cellular Gateway RFC-2217 Mode RFC-2217 defines general COM port control options based on the Telnet protocol. A host computer with RFC-2217 driver installed can monitor and manage the remote serial device attached to the gateway’s serial port as though they were connected to the local serial port.
Page 177 EW200 Industrial Cellular Gateway Virtual COM Setting The Virtual COM setting screen enables user to connect a Virtual COM port based device to the Internet, allowing users to access serial data remotely. There are Disable, TCP Client, TCP Server, UDP, and RFC2217 modes for remote accessing the connected serial device.
Page 178 EW200 Industrial Cellular Gateway Specify Data Packing Parameters Data Packing Configuration Item Value setting Description Data Buffer 1. Optional setting Enter the data buffer length for the serial port. Length 2. Default value is 0 Value Range: 0 ~ 1024.
Page 179 EW200 Industrial Cellular Gateway Enable TCP Server Mode Configure the gateway as a TCP (Transmission Control Protocol) Server. The TCP Server waits for connections to be initiated by a remote TCP client devices to receive serial data. The setting allows user to specify specific TCP clients or allow any to send serial data for serial data transmission bandwidth control and access control.
Page 180 EW200 Industrial Cellular Gateway Specify TCP Clients for TCP Server Access If you selected Specific IPs as the trust Type, the Trusted IP Definition window appears. The settings are valid for both TCP Server and RFC-2217 modes. Specify TCP Clients Window...
Page 181 EW200 Industrial Cellular Gateway Enable UDP Mode Window Item Value setting Description Operation Mode Required setting Select UDP mode. Listen Port 4001 is set by default Indicate the listening port of UDP connection. Value Range: 1 ~ 65535 Enable Unchecked by default Check the Enable box to activate the corresponding serial port in specified operation mode.
Page 182 EW200 Industrial Cellular Gateway Enable RFC-2217 Mode RFC-2217 defines general COM port control options based on the Telnet protocol. With the RFC-2217 mode, a remote host can monitor and manage remote serially attached devices as though they were connected to the local serial port.
Page 183 EW200 Industrial Cellular Gateway Specify Remote Host for Access If you selected Specific IPs as the trust Type, the Trusted IP Definition window appears. The settings are valid for both TCP Server and RFC-2217 modes. Specify RFC-2217 Clients for Access Window...
Page 184: Modbus
EW200 Industrial Cellular Gateway 4.1.3 Modbus Modbus is one of the most popular automation protocols in the world, supporting traditional RS-232/422/485 devices and recently developed Ethernet devices. Many industrial devices, such as PLCs, DCSs, HMIs, instruments, and smart meters use the Modbus protocol as the communication standard. It is used to establish master-slave communication between intelligent devices.
Page 185 EW200 Industrial Cellular Gateway Modbus Slave Scenario In addition to behaving as a Modbus Gateway, there is an integrated Modbus Slave option for providing device status, such as Cellular Network and DI/DO status, to remote Modbus Master via Modbus communication.
Page 186 EW200 Industrial Cellular Gateway Modbus Setting Go to Field Communication > Bus & Protocol > Modbus tab. The Modbus setting page enables user to configure the gateway to operate as a Modbus gateway, and allow access among Modbus TCP devices (which are connected to Ethernet network) and Modbus RTU/ASCII devices (which are connected to the Serial Port of the gateway).
Page 187 EW200 Industrial Cellular Gateway Specify Gateway Configuration Gateway Mode Configuration for SPort-n Item Value setting Description Response Timeout 1000 ms is set by Sets the response timeout of the slave after master request is sent. default If the slave does not respond within the specified time, data will be discarded.
Page 188 EW200 Industrial Cellular Gateway Setup TCP/IP Connection for Receiving Modbus Master Request The following Modbus TCP Configuration items allow user to set up the TCP connection so that the remote Modbus Master can access the Modbus gateway. It also allows user to specify authorized masters on the TCP network.
Page 189 EW200 Industrial Cellular Gateway group creation through the Add Rule shortcut button. Settings configured through the Add Rule button will also appear in the Host grouping setting screen. Check the Enable box to enable this rule. Enable Unchecked by default Check the Enable box to enable this rule.
Page 190 EW200 Industrial Cellular Gateway Specify Modbus TCP Slave device(s) If there is a Modbus Master device attached to a serial port of the Modbus Gateway, user must further specify the Modbus TCP Slave device(s) to send requests to or from the attached Modbus RTU/ASCII Master device.
Page 191 EW200 Industrial Cellular Gateway Supported Function Code for Integrated Modbus Slave This is for setting up the Gateway as a standalone Modbus Slave Device. Local SCADA Management System can treat the Gateway as a Slave device, and hence is able to read its information for device monitoring.
Page 192 EW200 Industrial Cellular Gateway Register Register Name R / W Register Range / Description Address ready 2: No SIM card 3G/4G_Module-2_MCC MCC Value 3G/4G_Module-2_MNC MNC Value 3G/4G_Module-2_CS Register 0: Unregistered, 1: Registered Status 3G/4G_Module-2_PS Register 0: Unregistered, 1: Registered Status...
Page 193 EW200 Industrial Cellular Gateway Register Register Name R / W Register Range / Description Address DO_STATUS_1 0: OFF, 1: ON DI_STATUS_2 0: OFF, 1: ON DO_STATUS_2 0: OFF, 1: ON DI_STATUS_3 0: OFF, 1: ON DO_STATUS_3 0: OFF, 1: ON...
Page 194: Data Interchange
EW200 Industrial Cellular Gateway 4.2 Data Interchange Data logging is the process of collecting and storing data over a period of time in order to analyze specific trends or record the data. 4.2.1 OPC UA OPC UA is a secure, and reliable mechanism for transferring data between servers and clients. Compared to the original OPC specification, it provides more open transports, improved security, and a more comprehensive information model.
Page 195 Virtual COM or Modbus, you need to configure the physical components. In this example, the EW200 acts as Broker, Publisher, and Subscriber. Set Digital Input (Button) as a trigger to send MQTT message (Publish), and after receiving MQTT message (Subscribe), it will trigger Digital Output (Light).
Page 196 EW200 Industrial Cellular Gateway 3. Add Publish Message. 4. Add Subscribe Message. Note: Topic of Publish Message and Subscribe Message should be the same.
Page 197 EW200 Industrial Cellular Gateway 5. Go to [Service] -> [SMS & Event] -> [Configuration], set Digital Input and Digital Output. 6. Go to [Managing Event], set DI to trigger MQTT. MQTT here is sending Publish Message.
Page 198 EW200 Industrial Cellular Gateway 7. Go to [Notifying Event], set MQTT to trigger DO. MQTT here is received Subscribe Message.
Page 199: Data Logging
EW200 Industrial Cellular Gateway 8. You can go to [Field Communication] -> [Data Interchange] -> [MQTT] to check received messages. 4.3 Data Logging Data logging is the process of collecting and storing data over a period of time in order to analyze specific trends or record the data-based events/actions of a system, or connected devices.
Page 200 EW200 Industrial Cellular Gateway in local storage (in .CSV file format). When the network connection is recovered, admin/user can download the data log files manually via FTP or web UI for further reference and maintenance. The Modbus Cellular Gateway provides a complete data logging function for collecting the Modbus transaction data for application requirements.
Page 201 EW200 Industrial Cellular Gateway The remote Modbus server can continue its data acquisition process, and if required, the administrator can also retrieve the stored data log files. Under the Data Logging Proxy mode, user must create some data acquisition rules via “Proxy Mode Rule Configuration”...
Page 202 EW200 Industrial Cellular Gateway IP: 172.16.99.160 As illustrated, when the connection to a remote Modbus Master is broken, the Modbus Gateway will activate the data logging proxy function and execute the pre-defined data acquisition task by itself.  The Modbus request issued by the Modbus Gateway (Data Logging Proxy).
Page 203: Data Logging Configuration
EW200 Industrial Cellular Gateway 4.2.1 Data Logging Configuration Data Logging is commonly used in monitoring systems to collect and analyze the field data. With proper configuration, the Gateway will record Modbus messages according to the specified rule list. Go to Field Communication > Data Logging > Configuration tab.
Page 204 EW200 Industrial Cellular Gateway Modbus Proxy Rule Configuration Item Value setting Description Name Required setting. Specify a name as the identifier of the Modbus proxy rule. Value Range: 1 ~ 32 characters. Modbus Slave Type IP Address:Port is Specify the Modbus Slave devices to which to apply the Modbus proxy rule. It selected by default.
Page 205: Scheme Setup
EW200 Industrial Cellular Gateway 4.2.2 Scheme Setup There are five data logging schemes to meet different management requirements. They are Sniffer Mode, Offline Proxy Mode, Full-Time Proxy Mode, and mixed modes for sniffer and proxy combinations. Configure the required data logging rules with selected scheme in this Scheme Setup page.
Page 206 EW200 Industrial Cellular Gateway Sniffer & Full-Time Proxy: This is a mixed mode for both Sniffer and Full-Time Proxy modes. Master Type IP Address is selected Specify the Modbus master device to apply with the data logging rule. It can be by default.
Page 207: Log File Management
EW200 Industrial Cellular Gateway 4.2.3 Log File Management There are five data logging schemes to meet different management requirements. They are Sniffer Mode, Off- Line Proxy Mode, Full-Time Proxy Mode, and mixed modes for sniffer and proxy combinations. Configure the required data logging rules with a selected scheme in this Scheme Setup page.
Page 208 EW200 Industrial Cellular Gateway 2. Unchecked by default Once enabled, specify an external FTP server from the dropdown list for auto uploading the log files to the server. Refer to Object Definition > External Server > External Server tab, or create the FTP server with the Add Object button.
Page 209: Chapter 5 Security
EW200 Industrial Cellular Gateway Chapter 5 Security 5.1 VPN A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefitting from the functionality, security and management policies of the private network.
Page 210: Ipsec
EW200 Industrial Cellular Gateway 5.1.1 IPsec Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.
Page 211 EW200 Industrial Cellular Gateway server (host). As in the diagram, the clients behind the M2M gateway can access to the host "Host- DC" located in the control center through Site to Host VPN tunnel. Host to Site: For a single host (or mobile user) to access the resources located in an intranet, the Host to Site scenario can be applied.
Page 212 EW200 Industrial Cellular Gateway Dynamic VPN Server Scenario Dynamic VPN Server Scenario is an efficient way to build multiple tunnels with remote sites, especially for mobile clients with dynamic IP. In this scenario, the gateway can only be role of server (responder), and it must have a “Static IP”...
Page 213 EW200 Industrial Cellular Gateway IPsec Setting Go to Security > VPN > IPsec tab. The IPsec Setting allows user to create and configure IPsec tunnels. Enable IPsec Configuration Window Item Value setting Description IPsec Unchecked by default Click the Enable box to enable IPsec function.
Page 214 EW200 Industrial Cellular Gateway Tunnel Configuration Window Item Value setting Description Tunnel Unchecked by default Check the Enable box to activate the IPsec tunnel 1. Required setting Enter a tunnel name. Tunnel Name 2. String format, text Value Range: 1 ~ 19 characters.
Page 215 EW200 Industrial Cellular Gateway Local & Remote Configuration Window Item Value setting Description Specify the Local Subnet IP address and Subnet Mask. Click the Add or Delete button to add or delete a Local Subnet. Note_1: When Dynamic VPN option in Tunnel Scenario is selected, there will be Required setting only one subnet available.
Page 216 EW200 Industrial Cellular Gateway Authentication Configuration Window Item Value setting Description Select Key Management from the dropdown box for this IPsec tunnel. IKE+Pre-shared Key: user needs to set a key (8 ~ 32 characters). 1. Required setting IKE+X.509: user needs Certificate to authenticate. IKE+X.509 will be available Key Management 2.
Page 217 EW200 Industrial Cellular Gateway IKE Phase Window Item Value setting Description 1. Required setting Specify the IKE version for this IPsec tunnel. Select v1 or v2 IKE Version 2. v1 is selected by Note: IKE versions will not be available when Dynamic VPN option in Tunnel default Scenario is selected, or AH option in Encapsulation Protocol is selected.
Page 218 EW200 Industrial Cellular Gateway IKE Proposal Definition Window Item Value setting Description Specify the Phase 1 Encryption method. It can be DES / 3DES / AES-auto / AES- 128 / AES-192 / AES-256. IKE Proposal Specify the Authentication method. It can be None / MD5 / SHA1 / SHA2-256.
Page 219 EW200 Industrial Cellular Gateway Manual Key Management When the Manually option is selected for Key Management as described in Authentication Configuration Window, a series of configuration windows for Manual IPsec Tunnel configuration will appear. The configuration windows are the Local & Remote Configuration, Authentication, and Manual Proposal.
Page 220 EW200 Industrial Cellular Gateway Under the Manually Key Management authentication configuration, only one subnet is supported for both Local and Remote IPsec peer. Manual Proposal Window Item Value setting Description Specify the Outbound SPI for this IPsec tunnel. Outbound SPI Hexadecimal format Value Range: 0 ~ FFFF.
Page 221 EW200 Industrial Cellular Gateway Note: You can configure one Dynamic VPN server for each WAN interface. Tunnel Configuration Window Item Value setting Description Tunnel Unchecked by default Check the Enable box to activate the Dynamic IPsec VPN tunnel. 1. Required setting Enter a tunnel name.
Page 222 EW200 Industrial Cellular Gateway Authentication Configuration Window Item Value setting Description 1. Required setting Select Key Management from the dropdown box for this IPsec tunnel. Key Management 2. Pre-shared Key 8 to IKE+Pre-shared Key: Set a key (8 ~ 32 characters).
Page 223: Openvpn
EW200 Industrial Cellular Gateway 5.1.2 OpenVPN OpenVPN is an application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls.
Page 224 EW200 Industrial Cellular Gateway assigned a virtual IP (10.8.0.2) which belongs to a virtual subnet that is different to the local subnet in Control Center. With such a connection, the local networked devices will get a virtual IP 10.8.0.x if its traffic goes through the OpenVPN TUN connection when Redirect Internet Traffic settings is enabled;...
Page 225 EW200 Industrial Cellular Gateway Configuration Item Value setting Description OpenVPN Unchecked by default Check the Enable box to activate the OpenVPN function. Server/ Server Configuration is When Server is selected, server configuration will be displayed below for further Client selected by default.
Page 226 EW200 Industrial Cellular Gateway As an OpenVPN Server If Server is selected, an OpenVPN Server Configuration screen will appear. OpenVPN Server Configuration window lets you enable the OpenVPN server function and specify the virtual IP address of OpenVPN server when remote OpenVPN clients dial in, and the authentication protocol.
Page 227 EW200 Industrial Cellular Gateway OpenVPN Server Configuration Item Value setting Description OpenVPN Server Unchecked by default Click the Enable to activate OpenVPN Server functions. Protocol 1. Required setting Define the selected Protocol for connecting to the OpenVPN Server.  Select TCP , or UDP 2.
Page 228 EW200 Industrial Cellular Gateway DHCP-Proxy Mode is unchecked (disabled). Netmask By default - select one - is Specify the Netmask setting for the OpenVPN server. It will be assigned to the selected. connected OpenVPN clients. Value Range: 255.255.255.0/24 (only support class C) Note_1: Netmask will be available when TAP is chosen in Tunnel Device, and DHCP-Proxy Mode is unchecked (disabled).
Page 229 EW200 Industrial Cellular Gateway When Advanced Configuration is selected, an OpenVPN Server Advanced Configuration screen will appear. OpenVPN Server Advanced Configuration Item Value setting Description TLS Cipher 1. Required setting. Specify the TLS Cipher from the dropdown list: None / TLS-RSA-WITH-RC4- 2.
Page 230 EW200 Industrial Cellular Gateway Protocol. Tunnel UDP 1. Optional setting. Check the Enable box to activate the Tunnel UDP MSS-Fix Function. MSS-Fix 2. Unchecked by default Note: Tunnel UDP MSS-Fix will be available only when UDP is chosen in Protocol.
Page 231 EW200 Industrial Cellular Gateway As an OpenVPN Client If Client is selected, an OpenVPN Client List screen will appear. When Add button is applied, the OpenVPN Client Configuration screen will appear. OpenVPN Client Configuration window lets you specify the required parameters for an OpenVPN VPN client, such as "OpenVPN Client Name", "Interface", "Protocol", "Tunnel Scenario", "Remote IP/FQDN", "Remote Subnet",...
Page 232 EW200 Industrial Cellular Gateway OpenVPN Client Configuration Item Value setting Description OpenVPN Client Required setting The OpenVPN Client Name will be used to identify the client in the tunnel list. Name Value Range: 1 ~ 32 characters. Interface 1. Required setting Define the physical interface to be used for this OpenVPN Client tunnel.
Page 233 EW200 Industrial Cellular Gateway Static Key Required setting Specify the Static Key. Note: Static Key will be available only when Static Key is chosen in Authorization Mode. Encryption Cipher By default Blowfish is Specify the Encryption Cipher. selected. Select from Blowfish/AES-256/AES-192/AES-128/None.
Page 234 EW200 Industrial Cellular Gateway When Advanced Configuration is selected, an OpenVPN Client Advanced Configuration screen will appear. OpenVPN Advanced Client Configuration Item Value setting Description TLS Cipher 1. Required setting. Specify the TLS Cipher from the dropdown list. 2. TLS-RSA-WITH-...
Page 235 EW200 Industrial Cellular Gateway Note: User Name will be available only when TLS is chosen in Authorization Mode. Bridge TAP to By default VLAN 1 is Specify the setting of “Bridge TAP to” to bridge the TAP interface to a certain selected local network interface or VLAN.
Page 236: L2Tp
EW200 Industrial Cellular Gateway 5.1.3 L2TP Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy.
Page 237 EW200 Industrial Cellular Gateway For the L2TP client peer, a Remote Subnet item is required for the Intranet of L2TP server peer. At L2TP client peer, the packets whose destination is in the dedicated subnet will be transferred via the L2TP tunnel. Others will be transferred based on current routing policy of the gateway at L2TP client peer.
Page 238 EW200 Industrial Cellular Gateway L2TP Setting Go to Security > VPN > L2TP tab. The L2TP setting allows user to create and configure L2TP tunnels. Enable L2TP Enable L2TP Window Item Value setting Description L2TP Unchecked by default Click the Enable box to activate L2TP function.
Page 239 EW200 Industrial Cellular Gateway L2TP Server Configuration Item Value setting Description L2TP Server Unchecked by default Click the Enable box to activate L2TP server Click the Enable box to enable L2TP over IPsec and need to fill in the Pre-shared...
Page 240 EW200 Industrial Cellular Gateway User Account List Window Item Value setting Description This is the L2TP authentication user account entry. You can create and add accounts for remote clients to establish L2TP VPN connection to the gateway device. Click Add button to add a user account. Enter the User name and password.
Page 241 EW200 Industrial Cellular Gateway Create/Edit L2TP Client When Add/Edit button is applied, a series of configuration screen will appear. You can add up to 8 L2TP Clients. L2TP Client Configuration Item Setting Value setting Description Enter a tunnel name. Tunnel Name Required setting Value Range: 1 ~ 32 characters.
Page 242 EW200 Industrial Cellular Gateway (WAN-1 is available only when WAN-1 interface is enabled) The same applies to other WAN interfaces (e.g. WAN-2). 1. Required setting Define operation mode for the L2TP Tunnel. It can be Always On, or Failover. 2. Always on is...
Page 243 EW200 Industrial Cellular Gateway Auto: The system determines the service port. 1701 (for Cisco): The system uses port 1701 for connecting with CISCO L2TP Server. User-defined: Enter the service port. The default value is 0. Value Range: 0 ~ 65535.
Page 244: Pptp
EW200 Industrial Cellular Gateway 5.1.4 PPTP Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. It is a client-server based technology. There are various levels of authentication and encryption for PPTP tunneling, usually natively as standard features of the Windows PPTP stack.
Page 245 EW200 Industrial Cellular Gateway “user name”, “password” and server’s global IP. In addition, it is required to identify the operation mode for each tunnel as main connection, failover for another tunnel, or load balance tunnel to increase overall bandwidth. Select “Default Gateway” or “Remote Subnet” for packet flow. You can also define what kind of traffic will pass through the PPTP tunnel in the “Default Gateway / Remote Subnet”...
Page 246 EW200 Industrial Cellular Gateway PPTP Setting Go to Security > VPN > PPTP tab. The PPTP setting allows user to create and configure PPTP tunnels. Enable PPTP Enable PPTP Window Item Value setting Description PPTP Unchecked by default Click the Enable box to activate PPTP function.
Page 247 EW200 Industrial Cellular Gateway PPTP Server Configuration Window Item Value setting Description PPTP Server Unchecked by default Check the Enable box to enable PPTP server role of the gateway. 1. Required setting Specify the PPTP server Virtual IP address. The virtual IP address will serve as Server Virtual IP 2.
Page 248 EW200 Industrial Cellular Gateway User Account List Window Item Value setting Description This is the PPTP authentication user account entry. You can create and add accounts for remote clients to establish PPTP VPN connection to the gateway device. Click Add button to add user account. Enter the User name and password. Then Max.
Page 249 EW200 Industrial Cellular Gateway PPTP Client Configuration Window Item Value setting Description Required setting Enter a tunnel name. Tunnel Name Value Range: 1 ~ 32 characters. 1. Required setting Define the selected interface to be the used for this PPTP tunnel Interface 2.
Page 250 EW200 Industrial Cellular Gateway tunnel. Others will be transferred based on current routing policy of the security gateway at PPTP client peer. If 0.0.0.0/0 is entered in the Remote Subnet field, it will be treated as a default gateway setting for the PPTP client peer. All packets, including the Internet accessing of PPTP Client peers, will go through the established PPTP VPN tunnel.
Page 251: Gre
EW200 Industrial Cellular Gateway 5.1.5 GRE Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that encapsulates a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol internetwork. Deploy an M2M gateway for a remote site and establish a virtual private network with control center by using GRE tunneling.
Page 252 EW200 Industrial Cellular Gateway client can activate the DMVPN spoke function here since it is implemented by GRE over IPsec tunneling. GRE Setting Go to Security > VPN > GRE tab. The GRE setting allows user to create and configure GRE tunnels.
Page 253 EW200 Industrial Cellular Gateway GRE Rule Configuration Window Item Value setting Description Tunnel Name Required setting Enter a tunnel name. Value Range: 1 ~ 9 characters. 1. Required setting Select the interface on which GRE tunnel is to be established. It can be any Interface 2.
Page 254 EW200 Industrial Cellular Gateway 2. 5s is set by default Enter the ping time interval in seconds. Value Range: 5 ~ 999 seconds. Specify the remote subnet for this GRE tunnel. The Remote Subnet format must be IP address/netmask (e.g. 10.0.0.2/24).
Page 255: Firewall
EW200 Industrial Cellular Gateway 5.2 Firewall The firewall functions include Packet Filter, URL Blocking, Content Filter, MAC Control, Application Filter, IPS and some firewall options. Supported functions vary depending on the gateway model. 5.2.1 Packet Filter...
Page 256 EW200 Industrial Cellular Gateway The "Packet Filter" function lets you define filtering rules for incoming and outgoing packets, allowing the gateway to control what packets are allowed or blocked as they pass through it. A packet filter rule should indicate from and to which interface the packet enters and leaves the gateway, the source and destination IP addresses, and destination service port type and port number.
Page 257 EW200 Industrial Cellular Gateway following rules is set by packets specified in the rules will be blocked –blacklisted. In contrast, with default Allow those match the following rules, you can specifically white list the packets to pass and the rest will be blocked.
Page 258 EW200 Industrial Cellular Gateway selected this field. If VLAN-1 to WAN then select VLAN-1 for this field. Other examples are VLAN-1 to VLAN-2. VLAN-1 to WAN. Select Any to filter packets coming into the router from any interfaces. Please note that two identical interfaces are not accepted by the router. e.g., VLAN-1 to VLAN-1.
Page 259 EW200 Industrial Cellular Gateway For Protocol, select ICMPv4 to filter ICMPv4 packets For Protocol, select TCP to filter TCP packets For Source Port, select a predefined port dropdown box when Well-known Service is selected, otherwise select User-defined Service and specify a port range.
Page 260: Url Blocking
EW200 Industrial Cellular Gateway 5.2.2 URL Blocking "URL Blocking" function lets you define blocking or allowing rules for incoming and outgoing web request packets. With defined rules, the gateway can control the Web requests containing the complete URL, partial domain name, or pre-defined keywords. For example, one can filter out or allow only the Web requests based on domain input suffixes like .com or .org or keywords like “bct”...
Page 261 EW200 Industrial Cellular Gateway URL Blocking Setting Go to Security > Firewall > URL Blocking Tab. In "URL Blocking" page, there are three configuration windows. They are "Configuration", "URL Blocking Rule List", and "URL Blocking Rule Configuration." The "Configuration" window lets you activate the URL blocking function and specify blacklisting or whitelisting packets as defined in the "URL Blocking Rule List"...
Page 262 EW200 Industrial Cellular Gateway When Add button is applied, the URL Blocking Rule Configuration screen will appear. URL Blocking Rules Configuration Item Value setting Description 1. String format, any text Specify an URL Blocking rule name. Rule Name 2. Required setting This field is to specify the Source IP address.
Page 263 EW200 Industrial Cellular Gateway This field is to specify the Destination Port number.  Select Any to filter packets going to any Port. Destination 1. Required setting  Select Specific Service Port to filter packets going to a specific Port entered in this field.
Page 264: Mac Control
EW200 Industrial Cellular Gateway 5.2.3 MAC Control "MAC Control" function allows you to assign the accessibility to the gateway for different users based on device’s MAC address. When the administrator wants to reject the traffic from some client hosts with specific MAC addresses, the "MAC Control"...
Page 265 EW200 Industrial Cellular Gateway MAC Control Setting Go to Security > Firewall > MAC Control Tab. The MAC control setting allows user to create and customize MAC address policies to allow or reject packets with specific source MAC address. Enable MAC Control...
Page 266 EW200 Industrial Cellular Gateway Create/Edit MAC Control Rules The gateway supports up to a maximum of 20 filter rule sets. Ensure that the MAC Control is enabled before creating control rules. When Add button is applied, Filter Rule Configuration screen will appear.
Page 267: Ips
EW200 Industrial Cellular Gateway 5.2.4 IPS To provide application servers in the Internet, the administrator may need to open specific ports for services. However, there are some risks to open service ports to the Internet. In order to avoid such attack risks, it is important to enable IPS functions.
Page 268 EW200 Industrial Cellular Gateway IPS Setting Go to Security > Firewall > IPS Tab. The Intrusion Prevention System (IPS) setting allows user to customize intrusion prevention rules to prevent malicious packets. Enable IPS Firewall Configuration Window Item Value setting Description...
Page 269 EW200 Industrial Cellular Gateway Setup Intrusion Prevention Rules Item Name Value setting Description SYN Flood Click Enable box to activate this intrusion prevention rule and Defense enter the traffic threshold in this field. 1. Required setting UDP Flood 2. Unchecked by default...
Page 270 EW200 Industrial Cellular Gateway Block Traceroute Block Fraggle Attack 1. Required setting 2. Unchecked by default Click Enable box to activate this intrusion prevention rule and ARP Spoofing 3. Traffic threshold is set to 300 by default enter the traffic threshold in this field.
Page 271: Options
EW200 Industrial Cellular Gateway 5.2.5 Options There are some additional useful firewall options in this page. “Stealth Mode” lets the gateway not respond to port scans from the WAN so that makes it less susceptible to discovery and attacks on the Internet. ”SPI” enables gateway to record the packet information like IP address, port address, ACK, SEQ number and so on while they pass through the gateway, and the gateway checks every incoming packet to detect if the packet is valid.
Page 272 EW200 Industrial Cellular Gateway Enable SPI Scenario As shown in the diagram, the Gateway has the IP address of 118.18.81.200 for WAN interface and 192.168.1.253 for LAN interface. It serves as a NAT gateway. Users in Network-A initiate access to cloud server through the gateway.
Page 273 EW200 Industrial Cellular Gateway Firewall Options Setting Go to Security > Firewall > Options Tab. The firewall options setting allows network administrator to modify the behavior of the firewall and to enable Remote Router Access Control. Enable Firewall Options Firewall Options...
Page 274 EW200 Industrial Cellular Gateway Remote Administrator Host Definition Item Value setting Description Protocol HTTP is set by default Select HTTP or HTTPS method for router access. This field is to specify the remote host to assign access rights for remote access.
Page 275: Chapter 6 Administration
EW200 Industrial Cellular Gateway Chapter 6 Administration 6.1 Configure & Manage Configure & Manage refers to enterprise-wide administration of distributed systems including (and commonly in practice) computer systems. Centralized management has a time and effort trade-off that is related to the size of the company, the expertise of the IT staff, and the amount of technology being used.
Page 276: Command Script
EW200 Industrial Cellular Gateway 6.1.1 Command Script Command script configuration is the application that allows administrator to set up a pre-defined configuration in plain text style and apply configuration on startup. Go to Administration > Command Script > Configuration Tab.
Page 277 EW200 Industrial Cellular Gateway Edit/Backup Plain Text Command Script You can edit the plain text configuration settings in the configuration screen as shown above. Plain Text Configuration Item Value setting Description Clean Clean text area. (Click Save button to further clean the configuration already saved in the system.)
Page 278 EW200 Industrial Cellular Gateway OPENVPN_CA_CERT Required Setting Specify the Trusted CA certificate for the OpenVPN client. It will go through Base64 Conversion. OPENVPN_LOCAL_CERT Required Setting Specify the local certificate for OpenVPN client. It will go through Base64 Conversion. OPENVPN_LOCAL_KEY Required Setting Specify the local key for the OpenVPN client.
Page 279: 279
EW200 Industrial Cellular Gateway 6.1.2 TR-069 TR-069 (Technical Report 069) is a Broadband Forum technical specification entitled CPE WAN Management Protocol (CWMP). It defines an application layer protocol for remote management of end-user devices, like this gateway device. As a bidirectional SOAP/HTTP-based protocol, it provides the communication between customer-premises equipment (CPE) and Auto Configuration Servers (ACS).
Page 280 EW200 Industrial Cellular Gateway Following tables list the parameter configuration as an example for the Gateway 1 in above diagram with "TR-069" enabling. Scenario Operation Procedure In above diagram, the ACS server can manage multiple gateways in the Internet. The "Gateway 1" is one of them and has 118.18.81.33 IP address for its WAN-1 interface.
Page 281 EW200 Industrial Cellular Gateway TR-069 Setting Go to Administration > Configure & Manage > TR-069 tab. In "TR-069" page, there is only one configuration window for TR-069 function. In the window, you must specify the related information for your security gateway to connect to the ACS. Drive the function to work by specifying the URL of the ACS server, the account information to login the ACS server, the service port and the account information for connection requesting from the ACS server, and the time interval for job inquiry.
Page 282 EW200 Industrial Cellular Gateway TR-069 Item Value setting Description The box is unchecked by TR-069 Check the Enable box to activate TR-069 function. default When you finish set basic network WAN-1 ~ WAN-n, you can choose WAN-1 ~ WAN-n WAN-1 is selected by Interface When you finish set Security >...
Page 283 EW200 Industrial Cellular Gateway Enable STUN Server STUN Settings Configuration Item Value setting Description The box is checked by STUN Check the Enable box to activate STUN function. default 1. String format: any Specify the IP address for the expected STUN Server.
Page 284: Snmp
The device supports several public MIBs and one private MIB for the SNMP agent. The supported MIBs are as follow: MIB-II (RFC 1213, Include IPv6), IF-MIB, IP-MIB, TCP-MIB, UDP-MIB, SMIv1 and SMIv2, SNMPv2-TM and SNMPv2-MIB, and AMIB (ETHERWAN Private MIB) SNMP Management Scenario Scenario Application Timing There are two application scenarios for SNMP Network Management Systems (NMS).
Page 285 EW200 Industrial Cellular Gateway manage devices whose WAN interfaces are connected together by a switch or a router with UDP forwarding. Scenario Description The NMS server can monitor and configure the managed devices by using SNMP protocol, and those devices are located at where UDP packets can reach from NMS.
Page 286 EW200 Industrial Cellular Gateway When the manager wants to configure the managed devices, the NMS system allows for that with SNMP set commands. The "UserName1" account is used if the manager uses SNMPv3 protocol for configuring "Gateway 1". Only the "UserName1" account can let "Gateway 1" accept the configuration from the NMS since the authority of the account is "Read/Write".
Page 287 EW200 Industrial Cellular Gateway SNMP Setting Go to Administration > Configure & Manage > SNMP tab. The SNMP tab allows user to configure SNMP relevant settings, including interface, version, access control and trap receiver. Enable SNMP SNMP Item Value setting Description Select the interface for the SNMP and enable SNMP functions.
Page 288 EW200 Industrial Cellular Gateway port is 161. 3. Required setting Save Click Save to save the settings Undo Click Undo to cancel the settings Create/Edit Multiple Community The SNMP allows you to customize your access control for version 1 and version 2 users. The router supports up to a maximum of 10 community sets.
Page 289 EW200 Industrial Cellular Gateway Create/Edit User Privacy The SNMP allows you to customize your access control for version 3 users. The router supports up to a maximum of 128 User Privacy sets. When Add button is applied, User Privacy Rule Configuration screen will appear.
Page 290 EW200 Industrial Cellular Gateway selected by default noAuthNoPriv. No authentication types or encryption protocols are used. authNoPriv. Specify the Authentication and Password. authPriv. Specify the Authentication, Password, Encryption and Privacy Key. Privacy Key 1. String format: any When your Privacy Mode is authPriv, specify the Privacy Key...
Page 291 EW200 Industrial Cellular Gateway When v2c is selected, the configuration screen is exactly the same as that of v1, except the version. When v3 is selected, the configuration screen will provide more setting items for the version 3 Trap. Trap Event Receiver Rule Configuration...
Page 292 EW200 Industrial Cellular Gateway Select the version for the trap The configuration screen will provide the version 1 required items. 1. v1 is selected by SNMP Version default The configuration screen will provide the version 2c required items. The configuration screen will provide the version 3 required items.
Page 293 EW200 Industrial Cellular Gateway Specify SNMP MIB-2 System If required, you can also specify the required information for the MIB-2 System. SNMP MIB-2 System Configuration Item Value setting Description sysContact 1. Optional setting Specify the contact information for MIB-2 system.
Page 294 EW200 Industrial Cellular Gateway 1. The default value is Specify the Enterprise OID for the particular private MIB. 1.3.6.1.4.1.2736.4 The range of the each OID number is 1-2080768. Enterprise OID 2. Required setting The maximum length of the enterprise OID is 31.
Page 295: Telnet With Cli
EW200 Industrial Cellular Gateway 6.1.4 Telnet with CLI A command-line interface (CLI), also known as command-line user interface, and console user interface are means of interacting with a computer program where the user (or client) issues commands to the program in the form of successive lines of text (command lines).
Page 296 EW200 Industrial Cellular Gateway Parameter Setup Example The following table lists the parameter configuration as an example for the Gateway in the above diagram with "Telnet with CLI" enabled at LAN and WAN interfaces. Use default value for parameters that are not mentioned in the table.
Page 297 EW200 Industrial Cellular Gateway Telnet with CLI Setting Go to Administration > Configure & Manage > Telnet with CLI tab. The Telnet with CLI setting allows administrator to access this device through the traditional Telnet program. Before you can Telnet (login) to the device, configure the related settings and password carefully. The password management part allows you to set a root password for logging in with Telnet and SSH.
Page 298 EW200 Industrial Cellular Gateway Configuration Item Value setting Description root 1. String: any text but no Type old password and specify new password to change the root password. Note: It is highly recommended to change the default Telnet password before blank characters deploying the device.
Page 299: Lldp
Note: If you are using EtherWAN’s eVue network management utility, then make sure that LLDP is enabled on this and all other devices that you want to monitor with the software. eVue uses LLDP for its topology visualization.
Page 300: System Operation
EW200 Industrial Cellular Gateway 6.2 System Operation System Operation allows the network administrator to manage system and settings such as web-based utility, password change, system information, system time, system log, firmware/configuration backup & restore, and reset & reboot. 6.2.1 Password & MMI Go to Administration >...
Page 301 EW200 Industrial Cellular Gateway Web UI Item Value Setting Description Enter the login trial counting value. Value Range: 3 ~ 10. If someone tries to log in to the web GUI with incorrect password for more than Login 3 times is set by default this value, a warning message “Already reaching maximum Password-Guessing...
Page 302: System Information
EW200 Industrial Cellular Gateway 6.2.2 System Information The system Information screen gives network administrator a quick look up on the device information for the gateway. Go to Administration > System Operation > System Information tab. System Information Item Value Setting...
Page 303: System Time
EW200 Industrial Cellular Gateway 6.2.3 System Time The gateway provides manual setup and auto-synchronized approaches for the administrator to set up the system time for the gateway. The supported time synchronization methods are Time Server, Manual, and PC. Select the method first, and then configure the corresponding settings.
Page 304 EW200 Industrial Cellular Gateway Time 2. Unchecked by default When this function is enabled, specify the start and end date for the daylight saving time duration. Synchronize Click the Active button to synchronize the system time with specified time immediately server immediately.
Page 305 EW200 Industrial Cellular Gateway Synchronize with PC System Time Information Item Value Setting Description 1. A Required item. Synchronization Select PC as the synchronization method for the system time to let the system 2. Time Server is selected method synchronize its date and time to the time of the administration PC.
Page 306: System Log
EW200 Industrial Cellular Gateway 6.2.4 System Log The system Log screen contains various event log tools to facilitate local event logging and remote reporting. Go to Administration > System Operation > System Log tab. View & Email Log History The View button allows for the viewing of log history. The Email Now button enables administrator to send instant Email for analysis.
Page 307 EW200 Industrial Cellular Gateway Web Log List Window Item Value Setting Description Time column Displays event time stamps Log column Displays Log messages Web Log List Button Description Item Value setting Description Previous Click the Previous button to move to the previous page.
Page 308 EW200 Industrial Cellular Gateway Web Log Type Category Setting Window Item Value Setting Description System Checked by default Log system events and to display in the Web Log List window. Attacks Checked by default Log attack events and to display in the Web Log List window.
Page 309 EW200 Industrial Cellular Gateway Syslogd Syslogd screen allows the network administrator to select the type of event to log and be sent to the designated Syslog server. Syslogd Setting Window Item Value Setting Description Enable Unchecked by default Check Enable box to activate the Syslogd function, and send event logs to a syslog server Select one syslog server from the Server dropdown box to send event log to.
Page 310: Backup & Restore
EW200 Industrial Cellular Gateway 6.2.5 Backup & Restore In the Backup & Restore window, you can upgrade the device firmware when new firmware is available and also backup / restore the device configuration. In addition to the factory default settings, you can also customize a special configuration setting as a customized default value.
Page 311: Reboot & Reset
EW200 Industrial Cellular Gateway 6.2.6 Reboot & Reset For some special reason or situation, you may need to reboot the gateway or reset the device configuration to its default settings. In addition to performing these operations through the Power ON/OFF, or pressing the reset button on the device panel, you can do it through the web GUI too.
Page 312: Ftp
EW200 Industrial Cellular Gateway 6.3 FTP The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. FTP is built on client-server model architecture and uses separate control and data connections between the client and the server.
Page 313: Server Configuration
EW200 Industrial Cellular Gateway 6.3.1 Server Configuration This section allows user to set up the embedded FTP and SFTP server for retrieving log files. Go to Administration > FTP > Server Configuration tab. Enable FTP Server Configuration Item Value setting Description Check Enable box to activate the embedded FTP Server function.
Page 314 EW200 Industrial Cellular Gateway Check the Enable box to activate the support of PASV mode for a FTP PASV Mode Optional setting connection from FTP clients. Port Range of Port 50000 ~ 50031 is set Specify the port range to allocate for PASV style data connection.
Page 315: User Account
EW200 Industrial Cellular Gateway 6.3.2 User Account This section allows user to set up user accounts for logging to the embedded FTP and SFTP server to retrieve log files. Go to Administration > FTP > User Account tab. Create/Edit FTP User Accounts When the Add button is applied, the User Account Configuration screen will appear.
Page 316: Diagnostics
EW200 Industrial Cellular Gateway 6.4 Diagnostics This gateway supports simple network diagnostic tools for the administrator to troubleshoot and analyze abnormal behavior or traffic passing through the gateway. 6.4.1 Diagnostic Tools The Diagnostic Tools provide some frequently used network connectivity tools (approaches) for the network administrator to check device connectivity.
Page 317: Packet Analyzer
EW200 Industrial Cellular Gateway 6.4.2 Packet Analyzer The Packet Analyzer can capture packets according to custom settings. User can specify interfaces to capture packets and filter by setting a rule. Ensure that log storage is available (either embedded SD-Card or external USB Storage), otherwise Packet Analyzer cannot be enabled.
Page 318 EW200 Industrial Cellular Gateway Once you have enabled the Packet Analyzer function on specific Interface(s), you can further specify some filter rules to capture the packets which match the rules. Capture Fitters Item Value setting Description Filter Optional setting Check Enable box to activate the Capture Filter function.
Page 319 EW200 Industrial Cellular Gateway e.g. 80; 53 Value Range: 1 ~ 65535. Destination MACs Optional setting Define the filter rule with Destination MACs, the destination MAC address of packets. Packets which match the rule will be captured. Up to 10 MACs are supported, but they must be separated with “;”, e.g.
Page 320: Chapter 7 Service
EW200 Industrial Cellular Gateway Chapter 7 Service 7.1 Cellular Toolkit Besides cellular data connection, you may also want to monitor data usage of the cellular WAN, send text messages through SMS, change the PIN code of the SIM card, communicate with carrier/ISP by USSD (Unstructured Supplementary Service Data) command, or perform a cellular network scan for diagnostic purposes.
Page 321: Data Usage
EW200 Industrial Cellular Gateway 7.1.1 Data Usage Most data plans for cellular connection have data caps. If data usage is over the set limit, it may result in a much lower data throughput that affects your operations, or an exceptionally high bill with over-quota surcharges.
Page 322 EW200 Industrial Cellular Gateway Data Usage Setting Go to Service > Cellular Toolkit > Data Usage tab. To configure Data Usage, you need to know the billing start date, bill period, and data limit for your data plan. Create / Edit 3G/4G Data Usage Profile When Add button is applied, 3G/4G Data Usage Profile Configuration screen will appear.
Page 323: Sms
EW200 Industrial Cellular Gateway 7.1.2 SMS Short Message Service (SMS) is a text messaging service which is used to be widely-used on mobile phones. It uses standardized communications protocols to allow mobile phones or cellular devices to exchange short text messages in an instant and convenient way.
Page 324 EW200 Industrial Cellular Gateway SMS Summary Shows Unread SMS, Received SMS, Remaining SMS, and allows editing of SMS context to send, reading of SMS from SIM card. SMS Summary Item Value setting Description If SIM card is inserted for first time, unread SMS value is zero. When new SMS are Unread SMS received but not read, this value increases.
Page 325 EW200 Industrial Cellular Gateway Item Value setting Description Enter the receivers to which the SMS will be sent. Add a semicolon to separate Receivers multiple receivers. Text Message Write the SMS content. A maximum length of 1023 characters is supported.
Page 326: Sim Pin
EW200 Industrial Cellular Gateway 7.1.3 SIM PIN In most cases, users need to insert a SIM card (a.k.a. UICC) into end devices connecting to a cellular network. The SIM card is usually released by mobile operators or service providers. Each SIM card has a unique number (so-called ICCID) for network owners or service providers to identify each subscriber.
Page 327 EW200 Industrial Cellular Gateway SIM PIN Setting Go to Service > Cellular Toolkit > SIM PIN Tab With the SIM PIN Function window, it allows you to enable or disable SIM lock (which means protected by PIN code), or change the PIN code. You can also see the information for remaining times of failure trials as mentioned earlier.
Page 328 EW200 Industrial Cellular Gateway Enable / Change PIN Code Enable or Disable PIN code (password) function, and even change PIN code function. SIM function Window Item Setting Value setting Description SIM lock Depends on SIM card Click the Enable button to activate the SIM lock function.
Page 329 EW200 Industrial Cellular Gateway specified in the Basic Network > WAN & Uplink > Internet Setup > Connection with SIM Card page. Otherwise, it may result in wrong SIM PIN trials with the invalid (old) PIN code. Unlock with a PUK Code The PUK Function window is only available for configuration if that SIM card is locked by PUK code.
Page 330: Ussd
EW200 Industrial Cellular Gateway 7.1.4 USSD Unstructured Supplementary Service Data (USSD) is a protocol used by GSM cellular telephones to communicate with the service provider's computers. USSD can be used for WAP browsing, prepaid callback service, mobile-money services, location-based content services, menu-based information services, and as part of configuring the phone on the network.
Page 331 EW200 Industrial Cellular Gateway USSD Setting Go to Service > Cellular Toolkit > USSD tab. In the "USSD" page, there are four windows for the USSD function. The "Configuration" window lets you specify which 3G/4G module (physical interface) is used USSD, and the system will show which SIM card in the module is the current one.
Page 332 EW200 Industrial Cellular Gateway When Add button is applied, the USSD Profile Configuration screen will appear. USSD Profile Configuration Item Value setting Description Profile Name Enter a name for the USSD profile. Enter the USSD command defined for the profile.
Page 333: Network Scan
EW200 Industrial Cellular Gateway 7.1.5 Network Scan "Network Scan" function lets the administrator specify how the device will connect to the mobile system for data communication for each 3G/4G interface. For example, the administrator can specify which generation of mobile system is used for connection, 2G, 3G or LTE. Moreover, he/she can define their connection sequence for connecting to mobile systems.
Page 334 EW200 Industrial Cellular Gateway The second window is the "Network Provider List" window and it appears when the Manually Scan Approach is selected in the Configuration window. By clicking on the "Scan" button and waiting for 1 to 3 minutes, the found mobile operator systems will be displayed for you to choose from.
Page 335: Sms & Event
EW200 Industrial Cellular Gateway 7.2 SMS & Event SMS & Event is the application that allows the administrator to setup pre-defined events, handlers, or response behavior with individual profiles. With proper configuration, the administrator can easily and remotely obtain the status and information via the gateway. Moreover, he/she can also handle and manage some important system related functions, even connected field bus devices and D/O devices.
Page 336 EW200 Industrial Cellular Gateway The following is the summary list for the provided profiles, and events: (Note: The available profiles and events will vary depending on product model.)  Profiles (Rules): • SMS Configuration and Accounts • Email Accounts •...
Page 337: Configuration
EW200 Industrial Cellular Gateway 7.2.1 Configuration Go to Service > SMS & Event> Configuration Tab. SMS & Event is the service that allows administrator to set up pre-defined events, handlers, or response behavior with individual profiles. Enable Event Management Configuration...
Page 338 EW200 Industrial Cellular Gateway Physical Interface The box is 3G/4G-1 by Choose a cellular interface (3G/4G-1 or 3G/4G-2). default. Note: 3G/4G-2 is only available for products with dual cellular modules. SIM Status Show the connected cellular service (identified with SIM_A or SIM_B).
Page 339 EW200 Industrial Cellular Gateway Enable Unchecked by default Click Enable box to activate this account. Save Click the Save button to save the configuration. Create / Edit Email Service Account Set up the Email Service Account for event notification. It supports up to a maximum of 5 accounts.
Page 340 EW200 Industrial Cellular Gateway Create / Edit Digital Input (DI) Profile Rule (DI/DO support required) Set up the Digital Input (DI) Profile rules. It supports up to a maximum of 10 profiles. When the Add button is applied, the Digital Input (DI) Profile Configuration screen will appear.
Page 341 EW200 Industrial Cellular Gateway Create / Edit Digital Output (DO) Profile Rule (DI/DO support required) Set up the Digital Output (DO) Profile rules. It supports up to a maximum of 10 profiles. When Add button is applied, the Digital Output (DO) Profile Configuration screen will appear.
Page 342 EW200 Industrial Cellular Gateway Create / Edit Modbus Notifying Events Profile (Modbus support required) Set up the Modbus Notifying Events Profile. It supports up to a maximum of 10 profiles. Click the Add / Edit button to configure the profile.
Page 343 EW200 Industrial Cellular Gateway 1. NA for Serial on Modbus Specify the IP for TCP on Modbus Mode. IPv4 Format. Mode. 2. Required setting for TCP on Modbus Mode. Port 1. NA for Serial on Modbus Specify the Port for TCP on Modbus Mode.
Page 344 EW200 Industrial Cellular Gateway Create / Edit Modbus Managing Events Profile (Modbus support required) Set up the Modbus Managing Events Profile. It supports up to a maximum of 10 profiles. You can click the Add / Edit button to configure the profile.
Page 345 EW200 Industrial Cellular Gateway 2. Required setting for TCP on Modbus Mode. Port 1. NA for Serial on Modbus Specify the Port for TCP on Modbus Mode. Mode. Value Range: 1 ~ 65535. 2. Required setting for TCP on Modbus Mode.
Page 346: Managing Events
EW200 Industrial Cellular Gateway 7.2.2 Managing Events Managing Events allow the administrator to define the relationship (rule) among event triggers, handlers and response. Go to Service > Event Handling > Managing Events Tab. Enable Managing Events Configuration Item Value setting...
Page 347 EW200 Industrial Cellular Gateway As shown in the screen above, there are some pre-defined SMS event rules. You can customize them with your own definitions by clicking the Edit button, and enable or disable each rule accordingly. When the Add or Edit button is applied, the Managing Event Configuration screen will appear.
Page 348 EW200 Industrial Cellular Gateway Firewall: Select Firewall Checkbox and the relevant sub-items (Remote Administrator Host ID On/Off), the gateway will change the settings as the action for the event; VPN: Select VPN Checkbox and the relevant sub-items (IPsec Tunnel ON/Off, PPTP Client On/Off, L2TP Client On/Off, OpenVPN Client On/Off), the gateway will change the settings as the action for the event;...
Page 349: Notifying Events
EW200 Industrial Cellular Gateway 7.2.3 Notifying Events Go to Service > Event Handling > Notifying Events Tab. Notifying Events setting allows administrator to define the relationship (rule) between event trigger and handlers. Enable Notifying Events Configuration Item Value setting Description...
Page 350 EW200 Industrial Cellular Gateway As shown in the screen above, there are some pre-defined notifying event rules. You can customize them with your own definitions by clicking the Edit button, and enable or disable each rule accordingly. When Add or Edit button is applied, the Notifying Event Configuration screen will appear.
Page 351 EW200 Industrial Cellular Gateway for the event; SNMP Trap: Select SNMP Trap, and the gateway will send out SNMP Trap to the defined SNMP Event Receivers as the action for the event; Email Alert: Select Email Alert, and the gateway will send out an Email to the defined Email accounts as the action for the event;...
Page 352: Azure Agent
EW200 Industrial Cellular Gateway 7.3 Azure Agent This feature allows for the upload of sensors' data to Azure Server via Azure Agent on EW-200. Data Flow Sensor→ EW-200 → Azure Server → Azure Remote Monitor 7.3.1 Azure Configuration Go to Service > Azure Agent> Configuration Tab.
Page 353 EW200 Industrial Cellular Gateway Click on IoT devices. Click Add to create a new IoT device. Enter Device ID. Select Auto-generate keys. Save the configuration.
Page 354: Azure Configuration
EW200 Industrial Cellular Gateway 7.3.2 EW-200 Azure Configuration Go to Field Communication > Bus & Protocol> Port Configuration tab. Input the parameters and save the configuration. Next, navigate to Field Communication > Bus & Protocol> Modbus tab. Input the parameters and save the configuration.
Page 355 EW200 Industrial Cellular Gateway Next, navigate to Field Communication > Data Logging> Configuration tab. Input the parameters and save the configuration. Repeat the procedure for the Scheme Setup and Log File Management tabs. Finally, navigate to Services > Azure Agent. Click the checkbox to enable Azure agent, and click Save. Then use...
Page 356 EW200 Industrial Cellular Gateway Navigate to the Azure website, and click on the device that you have created. Click on the button to copy the Connection String.
Page 357 EW200 Industrial Cellular Gateway Navigate back to the EW-2000 web console, and paste the Connection String into the corresponding field. Click the checkbox to enable Azure Rule Configuration. Then click Save. Navigate to the Azure Remote Monitor web console, and click on the newly created device. You will be able to...
Page 358 EW200 Industrial Cellular Gateway...
Page 359: Chapter 8 Status
EW200 Industrial Cellular Gateway Chapter 8 Status 8.1 Dashboard 8.1.1 Device Dashboard The Device Dashboard window shows the current status in graph or table format for quickly understanding the operation status of the gateway. The display will be refreshed once per second.
Page 360 EW200 Industrial Cellular Gateway System Information History The System Information History screen shows statistical graphs for the CPU and memory. Network Interface Status The Network Interface Status screen shows the statistical information for each network interface of the gateway. The statistical information includes the Interface Type, Upload Traffic, Download Traffic, and Current...
Page 361: Basic Network
EW200 Industrial Cellular Gateway 8.2 Basic Network 8.2.1 WAN & Uplink Status Go to Status > Basic Network > WAN & Uplink tab. The WAN & Uplink Status window shows the current status for different network types, including network configuration, connecting information, modem status and traffic statistics. The display will be refreshed every five seconds.
Page 362 EW200 Industrial Cellular Gateway Status are Connected or disconnected. Renew button allows user to force the device to request an IP address from the DHCP server. Note: Renew button is available when DHCP WAN Type is used and WAN connection is disconnected.
Page 363 EW200 Industrial Cellular Gateway configuration page. (Basic Network > IPv6 > Configuration.) LAN Interface Network Status LAN Interface Network Status screen shows IPv4 and IPv6 information of LAN networks. LAN Interface Network Status Item Value setting Description Displays the current IPv4 IP Address of the gateway IPv4 Address This is also the IP Address user use to access Router’s Web-based Utility.
Page 364 EW200 Industrial Cellular Gateway Card Displays the vendor’s 3G/4G modem model name. Information Displays the 3G/4G connection status. The status can be Connecting, Connected, Link Status Disconnecting, and Disconnected. Signal Displays the 3G/4G wireless signal level. Strength Network Displays the name of the service network carrier.
Page 365: Lan & Vlan Status
EW200 Industrial Cellular Gateway 8.2.2 LAN & VLAN Status Go to Status > Basic Network > LAN & VLAN tab. Client List The Client List shows you the LAN Interface, IP address, Host Name, MAC Address, and Remaining Lease Time of each device that is connected to this gateway.
Page 366: Wi-Fi Status
EW200 Industrial Cellular Gateway 8.2.3 Wi-Fi Status Go to Status > Basic Network > Wi-Fi tab. The Wi-Fi Status window shows the overall statistics of Wi-Fi VAP entries. Wi-Fi Virtual AP List The Wi-Fi Virtual AP List shows all of the virtual AP information. The Edit button allows for quick configuration changes.
Page 367 EW200 Industrial Cellular Gateway Wi-Fi WDS Status The Wi-Fi Traffic Statistic shows all the received and transmitted packets on Wi-Fi network. Wi-Fi IDS Status Item Value setting Description SSID Displays the network ID of VAP. Remote AP MAC Displays the Remote AP MAC list for the WDS peers.
Page 368 EW200 Industrial Cellular Gateway Ensure WIDS function is enabled Go to Basic Network > Wi-Fi > Advanced Configuration tab Note that the WIDS of 2.4G or 5G should be configured separately. Wi-Fi Traffic Statistics The Wi-Fi Traffic Statistics shows all the received and transmitted packets on Wi-Fi network.
Page 369: Ddns Status
EW200 Industrial Cellular Gateway 8.2.4 DDNS Status Go to Status > Basic Network > DDNS tab. The DDNS Status window shows the current DDNS service in use, the last update status, and the last update time to the DDNS service server.
Page 370: Security
EW200 Industrial Cellular Gateway 8.3 Security 8.3.1 VPN Status Go to Status > Security > VPN tab. The VPN Status widow shows the overall VPN tunnel status. The display will be refreshed every five seconds. IPsec Tunnel Status IPsec Tunnel Status windows show the configuration for establishing IPsec VPN connection and current connection status.
Page 371 EW200 Industrial Cellular Gateway you to the IPsec configuration page. (Security > VPN > IPsec tab) OpenVPN Server Status According to OpenVPN configuration, the OpenVPN Server/Client Status shows the status and statistics for the OpenVPN connection from the server side or client side.
Page 372 EW200 Industrial Cellular Gateway LT2TP Server/Client Status shows the configuration for establishing LT2TP tunnel and current connection status. L2TP Server Status Item Value setting Description User Name Displays the login name of the user used for the connection. Displays the public IP address (the WAN IP address) of the connected L2TP Remote IP client.
Page 373 EW200 Industrial Cellular Gateway PPTP Server/Client Status PPTP Server/Client Status shows the configuration for establishing PPTP tunnel and current connection status. PPTP Server Status Item Value setting Description User Name Displays the login name of the user used for the connection.
Page 374: Firewall Status
EW200 Industrial Cellular Gateway 8.3.2 Firewall Status Go to Status > Security > Firewall Status Tab. The Firewall Status provides user a quick view of the firewall status and current firewall settings. It also keeps the log history of packets dropped by the firewall rule policies, and includes the administrator remote login settings specified in the Firewall Options.
Page 375 EW200 Industrial Cellular Gateway Blocked URL The logged packet information. The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format. ("Month" Time "Day" "Hours":"Minutes":"Seconds") Note: Ensure URL Blocking Log Alert is enabled.
Page 376 EW200 Industrial Cellular Gateway MAC Control Status MAC Control Status Item Value setting Description Activated The MAC Control Rule name. Control Rule Blocked MAC The MAC address of the logged packet. Addresses The Source IP (IPv4) of the logged packet.
Page 377 EW200 Industrial Cellular Gateway IPS Status IPS Firewall Status Item Value setting Description Detected The intrusion type of the packets being blocked. Intrusion The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format. ("Month" "Day"...
Page 378: Administration
EW200 Industrial Cellular Gateway 8.4 Administration 8.4.1 Configure & Manage Status Go to Status > Administration > Configure & Manage tab. The Configure & Manage Status window shows the status for managing remote network devices. The type of management available in your device is depended on the device model purchased. The commonly used ones are the SNMP and UPnP.
Page 379: Log Storage Status
EW200 Industrial Cellular Gateway 8.4.2 Log Storage Status Go to Status > Administration > Log Storage tab. The Log Storage Status screen shows the status for selected device storage. Log Storage Status Log Storage Status screen shows the status of current the selected device storage. The status includes Device...
Page 380: Statistics & Reports
EW200 Industrial Cellular Gateway 8.5 Statistics & Reports 8.5.1 Connection Session Go to Status > Statistics & Reports > Connection Session tab. Internet Surfing Statistic shows the connected tracks on this router. Internet Surfing Statistic Item Value setting Description Previous Click the Previous button to see the previous page of track list.
Page 381: Network Traffic
EW200 Industrial Cellular Gateway 8.5.2 Network Traffic Go to Status > Statistics & Reports > Network Traffic tab. Network Traffic Statistics screen shows the historical graph for the selected network interface. Use the interface drop list to select the interface you want to monitor.
Page 382: Device Administration
EW200 Industrial Cellular Gateway 8.5.3 Device Administration Go to Status > Statistics & Reports > Device Administration tab. Device Administration shows the login information. Device Manager Login Statistic Item Value setting Description Previous Click the Previous button to see the previous page of login statistics.
Page 383: Cellular Usage
EW200 Industrial Cellular Gateway 8.5.4 Cellular Usage Go to Status > Statistics & Reports > Cellular Usage tab. Cellular Usage screen shows data usage statistics for the selected cellular interface. The cellular data usage can be accumulated per hour or per day.
Page 384: Specifications
EW200 Industrial Cellular Gateway Specifications Cellular Interface Cellular Frequency Bands: (Refer to order information for optional bands) Standards 4G LTE: FDD-LTE, TDD-LTE 3G: WCDMA 2G: GSM/EDGE Antenna connectors 2 x SMA Male SIM Slots WLAN Interface 802.11 a/b/g/n/ac 2T2R WiFi (2.4G/5GHz selectable)
Page 385 EW200 Industrial Cellular Gateway Serial Ports 1 x RS-232/RS-485 1 x DI (“Logic 0”: 0~2V, “Logic 1”: 5V~30V), Digital I/O 1 x DO (Relay Mode, up to 30V / 1A) Standard USB 2.0 Ports 1 x USB Type A Functions...
Page 386 EW200 Industrial Cellular Gateway Physical 62 x 125 x 160mm (w/o mounting kit) Dimensions 62 x 135 x 160mm (with DIN Rail kit) (W x D x H) 200 x 125 x 65mm (with Bracket kit) Weight 1.2Kg (2.64lb) Mounting...
Page 387: Contact Information
Tel: +886 -2- 6629-8986 Email: info@etherwan.com.tw EtherWAN has made a good faith effort to ensure the accuracy of the information in this document and disclaims the implied warranties of merchantability and fitness for a particular purpose, and makes no express warranties, except as may be stated in its written agreement with and for its customers.