Download Print this page

Amit IOG761-0TV21 User Manual

Amit IOG761-0TV21 User Manual

Industry cellular gateway

Table Of Contents

page of 395

/ 395
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual

Industry Cellular Gateway

IOG761-0TV21

User Manual

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the IOG761-0TV21 and is the answer not in the manual?

Questions and answers

Summary of Contents for Amit IOG761-0TV21

Page 1 Industry Cellular Gateway IOG761-0TV21 User Manual...
Page 2: Table Of Contents
Industry Cellular Gateway Chapter 1 Introduction ............................7 1.1 Introduction .............................. 7 1.2 Contents List ............................8 1.2.1 Package Contents ........................... 8 1.3 Hardware Configuration .......................... 9 1.4 LED Indication ............................12 1.5 Installation & Maintenance Notice ......................13 1.5.1 SYSTEM REQUIREMENTS ..................... 13 1.5.2 WARNING ..........................
Page 3 Industry Cellular Gateway 2.4 IPv6 ..............................101 2.4.1 IPv6 Configuration........................101 2.5 Port Forwarding ..........................110 2.5.1 Configuration ..........................111 2.5.2 Virtual Server & Virtual Computer ................... 112 2.5.3 DMZ & Pass Through ....................... 118 2.5.4 Special AP & ALG (not supported) ..................121 2.5.5 IP Translation ..........................
Page 4 Industry Cellular Gateway 4.1.1 Port Configuration ........................181 4.1.2 Virtual COM ..........................183 4.1.3 Modbus ............................. 194 4.2 Data Logging ............................205 4.2.1 Data Logging Configuration ..................... 208 4.2.2 Scheme Setup ..........................210 4.2.3 Log File Management ....................... 212 Chapter 5 Security.............................. 214 5.1 VPN ..............................
Page 5 Industry Cellular Gateway 6.2.4 System Log ..........................317 6.2.5 Backup & Restore ........................321 6.2.6 Reboot & Reset ........................322 6.3 FTP ............................... 323 6.3.1 Server Configuration ......................... 324 6.3.2 User Account ..........................326 6.4 Diagnostic ............................327 6.4.1 Diagnostic Tools ........................327 6.4.2 Packet Analyzer ........................
Page 6 Industry Cellular Gateway 8.4.2 Log Storage Status ........................386 8.5 Statistics & Report ..........................387 8.5.1 Connection Session ........................387 8.5.2 Network Traffic (not supported) ....................388 8.5.3 Device Administration ......................389 8.5.4 Cellular Usage ........................... 390 Appendix A GPL WRITTEN OFFER ....................... 391...
Page 7: Chapter 1 Introduction
Industry Cellular Gateway Chapter 1 Introduction 1.1 Introduction Congratulations on your purchase of this outstanding product: Modbus Cellular Gateway. For M2M (Machine- to-Machine) applications, AMIT Modbus Cellular Gateway is absolutely the right choice. With built-in world- class 4G LTE and VDSL2/ADSL2+ module, you just need to insert SIM card from local mobile carrier to get to Internet.
Page 8: Contents List
Industry Cellular Gateway 1.2 Contents List 1.2.1 Package Contents #Standard Package Items Description Contents Quantity IOG761-0TV21 1pcs Industry Cellular Gateway Cellular Antenna 2pcs WiFi Antenna 2pcs Power Adapter (DC 12V/2A) 1pcs 8 Pin Terminal Block 1pcs 1pcs (Manual) DIN-Rail Bracket 1pcs 1 The maximum power consumption of IOG761 series product is 15.5W.
Page 9: Hardware Configuration
Industry Cellular Gateway 1.3 Hardware Configuration  Front View USB Port RS-232/485 Reset Indicators Port Button 3G/4G (Aux) Auto MDI/MDIX RJ45 Ports 3G/4G (Main) Console Antenna 4x FE LAN to connect local devices Port Antenna ※ Reset Button The RESET button provides user with a quick and easy way to resort the default setting. Press the RESET button continuously for 6 seconds, and then release it.
Page 10 Industry Cellular Gateway  Bottom View SIM B SIM A Slot Slot Left View  2.4GHz WiFi 2.4GHz WiFi Antenna Antenna Power Terminal Block...
Page 11 Industry Cellular Gateway  Right View xDSL Port LED Indicators...
Page 12: Led Indication
Industry Cellular Gateway 1.4 LED Indication LED Color LED Icon Indication Description Power Source 1 Green Steady ON: Device is powered on by power source 1 Power Source 2 Green Steady ON: Device is powered on by power source 2 Steady ON: Wireless radio is enabled WLAN (WiFi) Green...
Page 13: Installation & Maintenance Notice
Industry Cellular Gateway 1.5 Installation & Maintenance Notice 1.5.1 SYSTEM REQUIREMENTS A fast Ethernet RJ45 cable or DSL modem • 3G/4G cellular service subscription • Network Requirements IEEE 802.11n or 802.11b/g wireless clients • 10/100 Ethernet adapter on PC • Computer with the following: Windows®, Macintosh, or Linux-based operating •...
Page 14: Hot Surface Caution
Industry Cellular Gateway 1.5.3 HOT SURFACE CAUTION CAUTION: The surface temperature for the metallic enclosure can be very high! Especially after operating for a long time, installed at a closed cabinet without air conditioning support, or in a high ambient temperature space.
Page 15: Product Information For Ce Red Requirements
Industry Cellular Gateway 1.5.4 Product Information for CE RED Requirements The following product information is required to be presented in product User Manual for latest CE RED requirements. (1) Frequency Band & Maximum Power 1.a Frequency Band for Cellular Connection (for ME3630 E1C version) Band number Operating Frequency Max output power...
Page 16 (2) DoC Information You can get the DoC information of this product from the following URL: http://www.amit.com.tw/products-doc/ (3) RF Exposure Statements The antenna of the product, under normal use condition, is at least 20 cm away from the body of user.
Page 17: Hardware Installation
Industry Cellular Gateway 1.6 Hardware Installation This chapter describes how to install and configure the hardware 1.6.1 Mount the Unit The IOG761 series products can be mounted on a wall, horizontal plane, or DIN Rail in a cabinet with the mounting accessories (brackets or DIN-rail kit).
Page 18: Connecting Power
Industry Cellular Gateway 1.6.3 Connecting Power IOG761 series product can be powered by connecting a power source to the terminal block. It supports dual 9 to 48VDC power inputs. Following picture is the power terminal block pin assignments. Please check carefully and connect to the right power requirements and polarity.
Page 19: Connecting Di/Do Devices
Industry Cellular Gateway 1.6.4 Connecting DI/DO Devices There are a DI and a DO ports together with power terminal block. Please refer to following specification to connect DI and DO devices. Mode Specification Trigger Voltage (high) Logic level 1: 5V~30V Digital Input Normal Voltage (low) Logic level 0: 0V~2.0V...
Page 20: Connecting Serial Devices
Industry Cellular Gateway 1.6.5 Connecting Serial Devices The IOG761 series product provides one standard serial port DB-9 male connector. Connect the serial device to the unit DB-9 male port with the right pin assignments of RS-232/485 are shown as below. Pin1 Pin2 Pin3...
Page 21: Setup By Configuring Web Ui
Industry Cellular Gateway 1.6.7 Setup by Configuring WEB UI You can browse web UI to configure the device. Type in the IP Address (http://192.168.123.254) When you see the login page, enter the user name and password and then click ‘Login’ button. The default setting for both username and password is ‘admin’...
Page 22: Chapter 2 Basic Network
Industry Cellular Gateway Chapter 2 Basic Network 2.1 WAN & Uplink The gateway provides multiple WAN interfaces to let all client hosts in Intranet of the gateway access the Internet via ISP. But ISPs in the world apply various connection protocols to let gateways or user's devices dial in ISPs and then link to the Internet via different kinds of transmit media.
Page 23: Physical Interface
Industry Cellular Gateway 2.1.1 Physical Interface M2M gateways are usually equipped with various WAN interfacess to support different WAN connection scenario for requirement. You can configure the WAN interface one by one to get proper internet connection setup. Refer to the product specification for the available WAN interfaces in the product you purchased. The first step to configure one WAN interface is to specify which kind of connection media to be used for the WAN connection, as shown in "Physical Interface"...
Page 24 Industry Cellular Gateway Please MUST POWER OFF the gateway before you  insert or remove SIM card. The SIM card can be damaged if you insert or  remove SIM card while the gateway is in operation. Attention Operation Mode: There are three option items “Always on”, “Failover”, and “Disable”...
Page 25 Industry Cellular Gateway Seamless Failover: In addition, there is a "Seamless" option for Failover operation mode. When seamless option is activated by checking on the "Seamless" box in configuration window, both the primary connection and the failover connection are started up after system rebooting.
Page 26 Industry Cellular Gateway Physical Interface Setting Go to Basic Network > WAN > Physical Interface tab. The Physical Interface allows user to setup the physical WAN interface and to adjust WAN’s behavior. Note: Numbers of available WAN Interfaces can be different for the purchased gateway. When Edit button is applied, an Interface Configuration screen will appear.
Page 27 Industry Cellular Gateway Select Failover to make this WAN a Failover WAN when the primary or the secondary WAN link failed. Then select the primary or the existed secondary WAN interface to switch Failover from. (Note: for WAN-1, only Always on option is available.) Check Enable box to enter tag value provided by your ISP.
Page 28: Internet Setup
Industry Cellular Gateway 2.1.2 Internet Setup After specifying the physical interface for each WAN connection, administrator must configure their connection profile to meet the dial in process of ISP, so that all client hosts in the Intranet of the gateway can access the Internet.
Page 29 Industry Cellular Gateway Internet Connection List - Ethernet WAN or VDSL WAN WAN Type for Ethernet / VDSL Interface: Ethernet is the most common WAN and uplink interface for M2M gateways. Usually it is connected with external xDSL or cable modem for you to setup the WAN connection. Besides, this product also provides an embedded VDSL modem for directly connecting to ISP’s service.
Page 30 Industry Cellular Gateway WAN Type = Dynamic IP When you select it, "Dynamic IP WAN Type Configuration" will appear. Items and setting is explained below Dynamic IP WAN Type Configuration Item Value setting Description Host Name Enter the host name provided by your Service Provider. An optional setting Enter the MAC address that you have registered with your service provider.
Page 31 Industry Cellular Gateway Static IP WAN Type Configuration Item Value setting Description WAN IP Address A Must filled setting Enter the WAN IP address given by your Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider...
Page 32 Industry Cellular Gateway WAN Type= PPTP When you select it, "PPTP WAN Type Configuration" will appear. Items and setting is explained below PPTP WAN Type Configuration Item Value setting Description Select either Static or Dynamic IP address for PPTP Internet connection. When Static IP Address is selected, you will need to enter the WAN IP ...
Page 33 Industry Cellular Gateway WAN Type= L2TP When you select it, "L2TP WAN Type Configuration" will appear. Items and setting is explained below L2TP WAN Type Configuration Item Value setting Description Select either Static or Dynamic IP address for L2TP Internet connection. When Static IP Address is selected, you will need to enter the WAN IP ...
Page 34 Industry Cellular Gateway Ethernet Connection Common Configuration There are some important parameters to be setup no matter which Ethernet WAN type is selected. You should follow up the rule to configure. Connection Contro Auto-reconnect: This gateway will establish Internet connection automatically once it has been booted up, and try to reconnect once the connection is down.
Page 35 Industry Cellular Gateway Manually: This gateway won’t start to establish WAN connection until you press “Connect” button on web UI. After normal data transferring between LAN and WAN sides, this gateway will disconnect WAN connection if idle time reaches value of Maximum Idle Time. Please be noted, if the WAN interface serves as the primary one for another WAN interface in Failover role, the Connection Control parameter will not be available to you to configure as the system must set it to “Auto- reconnect (Always on)”.
Page 36 Industry Cellular Gateway Set up “Ethernet Common Configuration” Ethernet WAN Common Configuration Item Value setting Description There are three connection modes. • Auto-reconnect enables the router to always keep the Internet connection on. • Connect-on-demand enables the router to automatically re- establish Internet connection as soon as user attempts to access Connection Control A Must filled setting...
Page 37 Industry Cellular Gateway Network Monitoring Configuration Item Value setting Description Check the Enable box to activate the network monitoring function. 1. An optional setting Network Monitoring 2. Box is checked by Configuration default Choose either DNS Query or ICMP Checking to detect WAN link. 1.
Page 38 Industry Cellular Gateway recognize the WAN link down status. Value Range: 1 ~ 10 times. Target1 specifies the first target of sending DNS query/ICMP request. 1. An Optional filled DNS1: set the primary DNS to be the target. setting Target 1 DNS2: set the secondary DNS to be the target.
Page 39 Industry Cellular Gateway Internet Connection – 3G/4G WAN Preferred SIM Card – Dual SIM Fail Over For 3G/4G embedded device, one embedded cellular module can create only one WAN interface. This device has featured by using dual SIM cards for one module with special fail-over mechanism. It is called Dual SIM Failover.
Page 40 Industry Cellular Gateway SIM-A/SIM-B only: When “SIM-A Only” or “SIM-B Only” is used, the specified SIM slot card is the only one to be used for negotiation parameters between gateway device and cellular ISP. SIM-A / SIM-B first without enable Failback By default, “SIM-A First”...
Page 41 Industry Cellular Gateway Configure 3G/4G WAN Setting When Edit button is applied, Internet Connection Configuration, and 3G/4G WAN Configuration screens will appear. 3G/4G Connection Configuration Item Value setting Description 1. A Must filled setting From the dropdown box, select Internet connection method for 3G/4G WAN Type 2.
Page 42 Industry Cellular Gateway Configure SIM-A / SIM-B Card Here you can set configurations for the cellular connection according to your situation or requirement. Note_1: Configurations of SIM-B Card follows the same rule of Configurations of SIM-A Card, here we list SIM- A as the example.
Page 43 Industry Cellular Gateway Select Manual-configuration to set APN (Access Point Name), Dial Number, Account, and Password to what your carrier provides. Select APN Profile List to set more than one profile to dial up in turn, until the connection is established. It will pop up a new filed, please go to Basic Network >...
Page 44 Industry Cellular Gateway Create/Edit SIM-A / SIM-B APN Profile List You can add a new APN profile for the connection, or modify the content of the APN profile you added. It is available only when you select Dial-Up Profile as APN Profile List. List all the APN profile you created, easily for you to check and modify.
Page 45 Industry Cellular Gateway Value Range: 1 ~ 16. The box is checked by Check the box to enable this profile. Profile default Uncheck the box to disable this profile in dialing-up action. Save Click the Save button to save the configuration. Click the Undo button to restore what you just configured back to the Undo previous setting.
Page 46 Industry Cellular Gateway 1. A Must filled setting When (0) Always is selected, it means this WAN is under operation all the Time Schedule 2. By default (0) Always time. Once you have set other schedule rules, there will be other options to is selected select.
Page 47 Industry Cellular Gateway request packets to the destination specified in Target 1 and Target 2. Check the Enable box to activate the loading check function. 1. An optional setting Enable Loading Check allows the gateway to ignore unreturned DNS Loading Check 2.
Page 48 Industry Cellular Gateway Internet Connection – ADSL WAN If the device connects to Internet through ADSL WAN port, this section will help you to complete ADSL WAN connection setup. Go to Basic Network > WAN & Uplink > Internet Setup tab. Configure ADSL WAN Setting When Edit button is applied, Internet Connection Configuration screen will appear.
Page 49 Industry Cellular Gateway Ethernet over ATM with NAT (ADSL WAN) Ethernet over ATM with NAT WAN Type Configuration Item Value setting Description Specify the IP mode for the ADSL connection. It can be Dynamic IP Address, or Static IP address. 1.
Page 50 Industry Cellular Gateway mechanisms are the method for identifying the protocol carried in ATM Adaptation Layer 5 (AAL5) frames specified by RFC 2684, Multi-protocol Encapsulation over ATM. These two options depend on your ISP setting. Enter the VPI, VCI values assigned to you. These values depend on your ISP VPI Number, setting and please ask for the values from your ISP.
Page 51 Industry Cellular Gateway IP over ATM WAN Type Configuration Item Value setting Description Specify the IP mode for the ADSL connection. It can be Dynamic IP Address, or Static IP address. 1. A Must filled setting. IP Mode If you select Static IP address, you have to further specify the information Static IP Address is of WAN IP Address, WAN Subnet Mask, WAN Gateway, and set by default...
Page 52 Industry Cellular Gateway Adaptation Layer 5 (AAL5) frames specified by RFC 2684, Multi-protocol Encapsulation over ATM. These two options depend on your ISP setting. Enter the VPI, VCI values assigned to you. These values depend on your ISP VPI Number, setting and please ask for the values from your ISP.
Page 53 Industry Cellular Gateway PPPoE (ADSL WAN) PPPoE (ADSL) WAN Type Configuration Item Value setting Description PPPoE Account A Must filled setting Enter the PPPoE User Name provided by your Service Provider. PPPoE Password A Must filled setting Enter the PPPoE password provided by your Service Provider. Primary DNS An optional setting Enter the IP address of Primary DNS server.
Page 54 Industry Cellular Gateway mechanisms are the method for identifying the protocol carried in ATM Adaptation Layer 5 (AAL5) frames specified by RFC 2684, Multi-protocol Encapsulation over ATM. These two options depend on your ISP setting. Enter the VPI, VCI values assigned to you. These values depend on your ISP VPI Number, setting and please ask for the values from your ISP.
Page 55 Industry Cellular Gateway PPP over ATM (ADSL WAN) PPP over ATM WAN Type Configuration Item Value setting Description PPPoA Account A Must filled setting Enter the PPPoA User Name provided by your Service Provider. PPPoEAPassword A Must filled setting Enter the PPPoA password provided by your Service Provider. Primary DNS An optional setting Enter the IP address of Primary DNS server.
Page 56 Industry Cellular Gateway mechanisms are the method for identifying the protocol carried in ATM Adaptation Layer 5 (AAL5) frames specified by RFC 2684, Multi-protocol Encapsulation over ATM. These two options depend on your ISP setting. Enter the VPI, VCI values assigned to you. These values depend on your ISP VPI Number, setting and please ask for the values from your ISP.
Page 57 Industry Cellular Gateway Common Network Monitor Configuration Network Monitoring Configuration Item Value setting Description Check the Enable box to activate the network monitoring function. 1. An optional setting Network Monitoring 2. Box is checked by Configuration default Choose either DNS Query or ICMP Checking to detect WAN link. With DNS Query, the system checks the connection by sending DNS Query 1.
Page 58 Industry Cellular Gateway Value Range: 2000 ~ 3000 seconds. Enter a number of detecting disconnection times to be the threshold 1. An Optional setting before disconnection is acknowledged. Fail Threshold 2. 10 times is set by Fail Threshold specifies the detected disconnection before the router default recognize the WAN link down status.
Page 59: Load Balance
Industry Cellular Gateway 2.1.3 Load Balance When there aremultiple WAN interfaces, and when the bandwidth of one WAN connection is not enough for the traffic loads from the Intranet to the Internet, the WAN load balance function can be considered to enlarge the total WAN bandwidth.
Page 60 Industry Cellular Gateway By Specific Weight When you select "By Specific Weight", you need to set up ratio of WAN-1/WAN-2 to decide sessions sent ratio. Total ratio should be 100%. Ratio is usually defined based on practical WAN speed of environment.
Page 61 Industry Cellular Gateway Load Balance Setting Go to Basic Network > WAN & Uplink > Load Balance Tab. The Load Balance function is used to manage balance bandwidth usage among multiple WAN connections When you choose "By Smart Weight" strategy, system will operate load balance function automatically based on the embedded Smart Weight algorithm.
Page 62 Industry Cellular Gateway Weight Definition Item Value setting Description WAN ID The Identifier for each available WAN interface.. Enter the weight ratio for each WAN interface. 1. A Must filled setting Initially, the bandwidth ratio of each WAN is set by default. Weight 2.
Page 63 Industry Cellular Gateway User Policy Configuration Item Value setting Description There are four options can be selected : Any: No specific Source IP is provided. The traffic may come from any source Subnet: Specify the Subnet for the traffics come from the subnet. Input format Source IP 1.
Page 64: Lan & Vlan
Industry Cellular Gateway 2.2 LAN & VLAN This section provides the configuration of LAN and VLAN. VLAN is an optional feature, and it depends on the product specification of the purchased gateway. 2.2.1 Ethernet LAN The Local Area Network (LAN) can be used to share data or files among computers attached to a network.
Page 65 Industry Cellular Gateway by default The default subnet mask is 255.255.255.0 (/24), and it means maximum 254 IP addresses are allowed in this subnet. However, one of them is occupied by LAN IP address of this gateway, so there are maximum 253 clients allowed in LAN network.
Page 66 Industry Cellular Gateway network. Value Range: 255.0.0.0 (/8) ~ 255.255.255.255 (/32). Save Click the Save button to save the configuration...
Page 67: Vlan
Industry Cellular Gateway 2.2.2 VLAN VLAN (Virtual LAN) is a logical network under a certain switch or router device to group client hosts with a specific VLAN ID. This gateway supports both Port-based VLAN and Tag-based VLAN. These functions allow you to divide local network into different “virtual LANs”.
Page 68 Industry Cellular Gateway Staff) with NAT mode and DHCP-2 server equipped. At last, administrator also configure Data Center segment with VLAN ID 1. The VLAN group includes Port-1 with NAT mode to WAN interface as shown in following diagram. Above is the general case for 3 Ethernet LAN ports in the gateway. But if the device just has one Ethernet LAN port, there will be only one VLAN group for the device.
Page 69 Industry Cellular Gateway For example, in a company, administrator schemes out 3 network segments, Lab, Meeting Rooms, and Office. In a Security VPN Gateway, administrator can configure Office segment with VLAN ID 12. The VLAN group is equipped with DHCP-3 server to construct a 192.168.12.x subnet. He also configure Meeting Rooms segment with VLAN ID 11.
Page 70 Industry Cellular Gateway  VLAN Groups Access Control Administrator can specify the Internet access permission for all VLAN groups. He can also configure which VLAN groups are allowed to communicate with each other. VLAN Group Internet Access Administrator can specify members of one VLAN group to be able to access Internet or not. Following is an example that VLAN groups of VID is 2 and 3 can access Internet but the one with VID is 1 cannot access Internet.
Page 71 Industry Cellular Gateway Inter VLAN Group Routing: In Port-based tagging, administrator can specify member hosts of one VLAN group to be able to communicate with the ones of another VLAN group or not. This is a communication pair, and one VLAN group can join many communication pairs.
Page 72 Industry Cellular Gateway VLAN Setting Go to Basic Network > LAN & VLAN > VLAN Tab. The VLAN function allows you to divide local network into different virtual LANs. There are Port-based and Tag-based VLAN types. Select one that applies. Configuration Item Value setting...
Page 73 Industry Cellular Gateway Port-based VLAN Configuration Item Value setting Description 1. A Must filled setting Define the Name of this rule. It has a default text and cannot be modified. Name 2. String format: already have default texts VLAN ID A Must filled setting Define the VLAN ID number, range is 1~4094.
Page 74 Industry Cellular Gateway WAN & WAN All WANs is selected by Select which WAN or All WANs that allow accessing Internet. VID to Join default. Note: If Bridge mode is selected, you need to select a WAN and enter a VID. LAN IP Assign an IP Address for the DHCP Server that the rule used, this IP address is a A Must filled setting...
Page 75 Industry Cellular Gateway Besides, you can add some IP rules in the IP Fixed Mapping Rule List if DHCP Server for the VLAN groups is required. When Add button is applied, Mapping Rule Configuration screen will appear. Mapping Rule Configuration Item Value setting Description...
Page 76 Industry Cellular Gateway Port-based VLAN – Inter VLAN Group Routing Click VLAN Group Routing button, the VLAN Group Internet Access Definition and Inter VLAN Group Routing screen will appear. When Edit button is applied, a screen similar to this will appear. Inter VLAN Group Routing Item Value setting...
Page 77 Industry Cellular Gateway Tag-based VLAN – Create/Edit VLAN Rules The Tag-based VLAN allows you to customize each LAN port according to VLAN ID. There is a default rule shows the configuration of all LAN ports and all VAPs. Also, if your device has a DMZ port, you will see DMZ configuration, too.
Page 78: Dhcp Server
Industry Cellular Gateway 2.2.3 DHCP Server  DHCP Server The gateway supports up to 4 DHCP servers to fulfill the DHCP requests from different VLAN groups (please refer to VLAN section for getting more usage details). And there is one default setting for whose LAN IP Address is the same one of gateway LAN interface, with its default Subnet Mask setting as “255.255.255.0”, and its default IP Pool ranges is from “.100”...
Page 79 Industry Cellular Gateway  Fixed Mapping User can assign fixed IP address to map the specific client MAC address by select them then copy, when targets were already existed in the DHCP Client List, or to add some other Mapping Rules by manually in advance, once the target's MAC address was not ready to connect.
Page 80 Industry Cellular Gateway DHCP Server Setting Go to Basic Network > LAN & VLAN > DHCP Server Tab. The DHCP Server setting allows user to create and customize DHCP Server policies to assign IP Addresses to the devices on the local area network (LAN) Create / Edit DHCP Server Policy The gateway allows you to custom your DHCP Server Policy.
Page 81 Industry Cellular Gateway DHCP Server Configuration Item Value setting Description 1. String format can be any DHCP Server text Enter a DHCP Server name. Enter a name that is easy for you to understand. Name 2. A Must filled setting 1.
Page 82 Industry Cellular Gateway Mapping Rule Configuration Item Value setting Description 1. MAC Address string MAC Address format The MAC Address of this mapping rule. 2. A Must filled setting 1. IPv4 format. IP Address The IP Address of this mapping rule. 2.
Page 83 Industry Cellular Gateway Option Meaning TFTP server name [RFC 2132] Default World Wide Web Server [RFC 2132] [RFC 3679] Create / Edit DHCP Server Options The gateway supports up to a maximum of 99 option settings. When Add/Edit button is applied, DHCP Server Option Configuration screen will appear. DHCP Server Option Configuration Item Value setting...
Page 84 Industry Cellular Gateway Option 144 for url; Each different options has different value types. Single IP Address Single FQDN IP Addresses List, separated by “,” Dropdown list DHCP Single URL Type server option value’s type IP Addresses List, separated by “,” IP Addresses List, separated by “,”...
Page 85 Industry Cellular Gateway DHCP Relay Configuration Item Value setting Description 1. String format can be any Enter a DHCP Relay name. Enter a name that is easy for you to understand. Agent Name text Value Range: 1~64 characters. 2. A Must filled setting. 1.
Page 86: Wifi
Industry Cellular Gateway 2.3 WiFi The gateway provides WiFi interface for mobile devices or BYOD devices to connect for Internet/Intranet accessing. WiFi function is usually modulized design in a gateway, and there can be single or dual modules within a gateway. The WiFi system in the gateway complies with IEEE 802.11ac/11n/11g/11b standard in 2.4GHz or 5GHz single band or 2.4G/5GHz concurrent dual bands of operation.
Page 87: Wifi Configuration
Industry Cellular Gateway 2.3.1 WiFi Configuration Due to optional module(s) and frequency band, you need to setup module one by one. For each module, you need to specify the operation mode, and then setup the virtual APs for wireless access. Hereunder are the scenarios for each wireless operation mode, you can get how it works, and what is the difference among them.
Page 88 Industry Cellular Gateway WDS Only Mode WDS (Wireless Distributed System) Only mode drives a WiFi gateway to be a bridge for its wired Intranet and a repeater to extend distance. You can use multiple WiFi gateways as a WiFi repeater chain with all gateways setup as "WDS Only"...
Page 89 Industry Cellular Gateway Multiple VAPs VAP (Virtual Access Point) is function to partition wireless network into multiple broadcast domains. It can simulate multiple APs in one physical AP. This wireless gateway supports up to 8 VAPs. For each VAP, you need to setup SSID, authentication and encryption to control Wi-Fi client access.
Page 90 Industry Cellular Gateway WiFi Configuration Setting The WiFi configuration allows user to configure 2.4GHz or 5GHz WiFi settings. Go to Basic Network > WiFi > WiFi Module One Tab. If the gateway is equipped with two WiFi modules, there will be another WiFi Module Two. You can do the similar configurations on both WiFi modules. Basic Configuration Basic Configuration Item...
Page 91 Industry Cellular Gateway The channel will be selected according to AP numbers (The less, the better).  By Less Interference The channel will be selected according to interference. (The lower, the better). Specify the preferred WiFi System. The dropdown list of WiFi system is based on IEEE 802.11 standard.
Page 92 Industry Cellular Gateway screen will appear. VAP Configuration Item Value setting Description Enter the SSID for the VAP, and decide whether to broadcast the SSID or not. 1. String format : Any SS ID The SSID is used for identifying from another AP, and client stations will associate text with AP according to SSID.
Page 93 Industry Cellular Gateway 802.11i, but owns the better compatibility. WPA2 had fully implemented 802.11i standard, and owns the highest security.  RADIUS Server The client stations will be authenticated by RADIUS server. RADIUS Server IP (The default IP is 0.0.0.0) RADIUS Server Port (The default value is 1812) RADIUS Shared Key When WPA / WPA2 is selected...
Page 94 Industry Cellular Gateway WDS Only Mode For the WDS Only mode, the device only bridges the connected wired clients to another WDS-enabled WiFi device which the device associated with. That is, it also means the no wireless clients stat can connect to this device while WDS Only Mode is selected.
Page 95 Industry Cellular Gateway WDS Hybrid Mode For the WDS Hybrid mode, the device bridges all the wired LAN and WLAN clients to another WDS or WDS hybrid enabled WiFi devices which the device associated with. WDS Hybrid Mode Item Value setting Description Check the Enable box to activate this function.
Page 96 Industry Cellular Gateway Under WDS Hybrid mode, the VAP function is available and you can further specifying the required VAP settings for connecting with wireless client devices. Click Add / Edit button in the VAL List screen to create or edit the settings for a VAP. A VAP Configuration screen will appear.
Page 97: Wireless Client List
Industry Cellular Gateway 2.3.2 Wireless Client List The Wireless Client List page shows the information of wireless clients which are associated with this device. Go to Basic Network > WiFi > Wireless Client List Tab. Select Target WiFi Target Configuration Item Value setting Description...
Page 98 Industry Cellular Gateway Mode It shows what kind of Wi-Fi system the client used to associate with this device. Rate It shows the data rate between client and this device. RSSI0, RSSI1 It shows the RX sensitivity (RSSI) value for each radio path. Signal The signal strength between client and this device.
Page 99: Advanced Configuration
Industry Cellular Gateway 2.3.3 Advanced Configuration This device provides advanced wireless configuration for professional user to optimize the wireless performance under the specific installation environment. Please note that if you are not familiar with the WiFi technology, just leave the advanced configuration with its default values, or the connectivity and performance may get worse with improper settings.
Page 100 Industry Cellular Gateway Advanced Configuration Item Value setting Description The default setting is It limits the available radio channel of this device. Regulatory Domain according to where The permissible channels depend on the Regulatory Domain. the product sale to It shows the time interval between each beacon packet broadcasted. Beacon Interval The beacon packet contains SSID, Channel ID and Security setting.
Page 101: Ipv6
Industry Cellular Gateway 2.4 IPv6 The growth of the Internet has created a need for more addresses than are possible with IPv4. IPv6 (Internet Protocol version 6) is a version of the Internet Protocol (IP) intended to succeed IPv4, which is the protocol currently used to direct almost all Internet traffic.
Page 102 Industry Cellular Gateway IPv6 WAN Connection Type Static IPv6 Static IPv6 does the same function as static IPv4. The static IPv6 provides manual setting of IPv6 address, IPv6 default gateway address, and IPv6 DNS. Above diagram depicts the IPv6 IP addressing, type in the information provided by your ISP to setup the IPv6 network.
Page 103 Industry Cellular Gateway Above diagram depicts DHCP IPv6 IP addressing, the DHCPv6 server on the ISP side assigns IPv6 address, IPv6 default gateway address, and IPv6 DNS to client host’s automatically. PPPoEv6 PPPoEv6 in IPv6 does the same function as PPPoE in IPv4. The PPPoEv6 server provides configuration parameters based on PPPoEv6 client request.
Page 104 Industry Cellular Gateway IPv6 Configuration Setting Go to Basic Network > IPv6 > Configuration Tab. The IPv6 Configuration setting allows user to set the IPv6 connection type to access the IPv6 network. IPv6 Configuration Item Value setting Description The box is unchecked IPv6 Check the Enable box to activate the IPv6 function.
Page 105 Industry Cellular Gateway Item Value setting Description IPv6 Address A Must filled setting Enter the WAN IPv6 Address for the router. Subnet Prefix Enter the WAN Subnet Prefix Length for the router. A Must filled setting Length Default Gateway A Must filled setting Enter the WAN Default Gateway IPv6 address.
Page 106 Industry Cellular Gateway DHCPv6 WAN Type Configuration DHCPv6 WAN Type Configuration Item Value setting Description The option [From Select the [Specific DNS] option to active Primary DNS and Secondary DNS. Then Server] is selected by fill the DNS information. default Can not modified by Primary DNS Enter the WAN primary DNS Server.
Page 107 Industry Cellular Gateway PPPoEv6 WAN Type Configuration PPPoEv6 WAN Type Configuration Item Value setting Description Enter the Account for setting up PPPoEv6 connection. If you want more Account A Must filled setting information, please contact your ISP. Value Range: 0 ~ 45 characters. Enter the Password for setting up PPPoEv6 connection.
Page 108 Industry Cellular Gateway the router. Then go to Address Auto-configuration (summary) for setting LAN environment. If above setting is configured, click the save button to save the configuration and click reboot button to reboot the router. Address Auto-configuration Address Auto-configuration Item Value setting Description...
Page 109 Industry Cellular Gateway IPv6 Address Lifetime (A Must filled setting): Enter the DHCPv6 lifetime for your local computers. 36000 is set by default. Value Range: 0 ~ 65535.
Page 110: Port Forwarding
Industry Cellular Gateway 2.5 Port Forwarding Network address translation (NAT) is a methodology of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. The technique was originally used for ease of rerouting traffic in IP networks without renumbering every host.
Page 111: Configuration
Industry Cellular Gateway 2.5.1 Configuration NAT Loopback This feature allows you to access the WAN global IP address from your inside NAT local network. It is useful when you run a server inside your network. For example, if you set a mail server at LAN side, your local devices can access this mail server through gateway’s global IP address when enable NAT loopback feature.
Page 112: Virtual Server & Virtual Computer
Industry Cellular Gateway 2.5.2 Virtual Server & Virtual Computer There are some important Pot Forwarding functions implemented within the gateway, including "Virtual Server", "NAT loopback" and "Virtual Computer". It is necessary for cooperate staffs who travel outside and want to access various servers behind office gateway.
Page 113 Industry Cellular Gateway Virtual Server & NAT Loopback "Virtual Server" allows you to access servers with the global IP address or FQDN of the gateway as if they are servers existed in the Internet. But in fact, these servers are located in the Intranet and are physically behind the gateway.
Page 114 Industry Cellular Gateway Virtual Server & Virtual Computer Setting Go to Basic Network > Port Forwarding > Virtual Server & Virtual Computer tab. Enable Virtual Server and Virtual Computer Configuration Item Value setting Description The box is unchecked by Virtual Server Check the Enable box to activate this port forwarding function default The box is checked by...
Page 115 Industry Cellular Gateway Virtual Server Rule Configuration Item Value setting Description Define the selected interface to be the packet-entering interface of the gateway. If the packets to be filtered are coming from WAN-x then select WAN-x for this 1. A Must filled setting field.
Page 116 Industry Cellular Gateway Port is the same with Public Port number. Public Port is selected Single Port and specify a port number, and Private Port can be set a Single Port number. Public Port is selected Port Range and specify a port range, and Private Port can be selected Single Port or Port Range.
Page 117 Industry Cellular Gateway Create / Edit Virtual Computer The gateway allows you to custom your Virtual Computer rules. It supports up to a maximum of 20 rule-based Virtual Computer sets. When Add button is applied, Virtual Computer Rule Configuration screen will appear. Virtual Computer Rule Configuration Item Value setting...
Page 118: Dmz & Pass Through
Industry Cellular Gateway 2.5.3 DMZ & Pass Through DMZ (De Militarized Zone) Host is a host that is exposed to the Internet cyberspace but still within the protection of firewall by gateway device. So, the function allows a computer to execute 2-way communication for Internet games, Video conferencing, Internet telephony and other special applications.
Page 119 Industry Cellular Gateway VPN Pass through Scenario Since VPN traffic is different from that of TCP or UDP connection, it will be blocked by NAT gateway. To support the pass through function for the VPN connections initiating from VPN clients behind NAT gateway, the gateway must implement some kind of VPN pass through function for such application.
Page 120 Industry Cellular Gateway It can be selected WAN-x box when WAN-x enabled. Note: The available check boxes (WAN-1 ~ WAN-4) depend on the number of WAN interfaces for the product. Pass Through Enable The boxes are checked by Check the box to enable the pass through function for the IPSec, PPTP, and default L2TP.
Page 121: Special Ap & Alg (Not Supported)
Industry Cellular Gateway 2.5.4 Special AP & ALG (not supported) Not supported feature for the purchased product, leave it as blank.
Page 122: Ip Translation
Industry Cellular Gateway 2.5.5 IP Translation IP Translation is slimier to One-to-One NAT. it is a feature where you can configure the gateway with multiple IP addresses issued by your Internet Service Provider (ISP) and map them to individual intranet devices with specific IP addresses.
Page 123 Industry Cellular Gateway IP Translation Setting Go to Basic Network > Port Forwarding > IP Translation tab. Enable IP Translation Configuration Item Value setting Description IP Translation The box is unchecked by Check the Enable box to activate the IP translation function default Save Click the Save button to save the settings.
Page 124 Industry Cellular Gateway Mask 1. A Must filled setting Enter the required subnet mask if Source IP is specified above. 2.255.255.255.255(/32) is It can be a single IP with 255.255.255.255 (/32) subnet mask, or an IP group selected by default. limited with proper subnet setting.
Page 125: Routing
Industry Cellular Gateway 2.6 Routing If you have more than one router and subnet, you will need to enable routing function to allow packets to find proper routing path and allow different subnets to communicate with each other. Routing is the process of selecting best paths in a network.
Page 126: Static Routing
Industry Cellular Gateway 2.6.1 Static Routing "Static Routing" function lets you define the routing paths for some dedicated hosts/servers or subnets to store in the routing table of the gateway. The gateway routes incoming packets to different peer gateways based on the routing table.
Page 127 Industry Cellular Gateway Static Routing Setting Go to Basic Network > Routing > Static Routing Tab. There are three configuration windows for static routing feature, including "Configuration", "Static Routing Rule List" and "Static Routing Rule Configuration" windows. "Configuration" window lets you activate the global static routing feature.
Page 128 Industry Cellular Gateway of each static routing rule can let you modify the rule. IPv4 Static Routing Item Value setting Description 1. IPv4 Format Destination IP Specify the Destination IP of this static routing rule. 2. A Must filled setting 255.255.255.0 (/24) is set by Subnet Mask Specify the Subnet Mask of this static routing rule.
Page 129: Dynamic Routing
Industry Cellular Gateway 2.6.2 Dynamic Routing Dynamic Routing, also called adaptive routing, describes the capability of a system, through which routes are characterized by their destination, to alter the path that the route takes through the system in response to a change in network conditions.
Page 130 Industry Cellular Gateway RIP Scenario The Routing Information Protocol (RIP) is one of the oldest distance-vector routing protocols, which employs the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from the source to a destination.
Page 131 Industry Cellular Gateway BGP Scenario Border Gateway Protocol (BGP) is a standard exterior gateway protocol designed to exchange routing and reachability information between autonomous systems (AS) on the Internet. It usually makes routing decisions based on paths, network policies, or rule-sets. Most ISPs use BGP to establish routing between one another (especially for multi-homed).
Page 132 Industry Cellular Gateway Dynamic Routing Setting Go to Basic Network > Routing > Dynamic Routing Tab. The dynamic routing setting allows user to customize RIP, OSPF, and BGP protocol through the router based on their office setting. In the "Dynamic Routing" page, there are several configuration windows for dynamic routing feature. They are the "RIP Configuration"...
Page 133 Industry Cellular Gateway OSPF Configuration Item Value setting Description OSPF Disable is set by default Click Enable box to activate the OSPF protocol. 1. IPv4 Format Router ID The Router ID of this router on OSPF protocol 2. A Must filled setting The Authentication method of this router on OSPF protocol.
Page 134 Industry Cellular Gateway OSPF Area Configuration Item Value setting Description 1. Classless Inter Domain Routing (CIDR) Subnet Area Subnet Mask Notation. (Ex: The Area Subnet of this router on OSPF Area List. 192.168.1.0/24) 2. A Must filled setting 1. IPv4 Format Area ID The Area ID of this router on OSPF Area List.
Page 135 Industry Cellular Gateway BGP Configuration The BGP configuration setting allows user to customize BGP protocol through the router setting. BGP Network Configuration Item Value setting Description The box is unchecked by Check the Enable box to activate the BGP protocol. default 1.
Page 136 Industry Cellular Gateway 2. A Must filled setting the IP address in this field and the selected subnet mask. The box is unchecked by Network Click Enable box to activate this rule. default. Save Click the Save button to save the configuration Create / Edit BGP Neighbor Rules The gateway allows you to custom your BGP Neighbor rules.
Page 137: Routing Information
Industry Cellular Gateway 2.6.3 Routing Information The routing information allows user to view the routing table and policy routing information. Policy Routing Information is only available when the Load Balance function is enabled and the Load Balance Strategy is By User Policy Go to Basic Network >...
Page 138: Dns & Ddns
Industry Cellular Gateway 2.7 DNS & DDNS How does user access your server if your WAN IP address changes all the time? One way is to register a new domain name, and maintain your own DNS server. Another simpler way is to apply a domain name to a third- party DDNS service provider.
Page 139 Industry Cellular Gateway DNS & DDNS Setting Go to Basic Network > DNS & DDNS > Configuration Tab. The DNS & DDNS setting allows user to setup Dynamic DNS feature and DNS redirect rules. Setup Dynamic DNS The gateway allows you to custom your Dynamic DNS settings. DDNS (Dynamic DNS) Configuration Item Value setting...
Page 140 Industry Cellular Gateway Setup DNS Redirect DNS redirect is a special function to redirect certain traffics to a specified host. Administator can manage the internet / intranet traffics that are going to access some restricted DNS and force those traffics to be redirected to a specified host.
Page 141 Industry Cellular Gateway 2. A Must filled setting Value Range: at least 1 character is required; ‘*’ for any. 1. IPv4 format Enter an IP Address as the target for the DNS redirect. 2. A Must filled setting Specify when will the DNS redirect action can be applied. It can be Always, or WAN Block.
Page 142: Qos
It is indeed required that an access gateway satisfies the requirements of latency-critical applications, minimum access right guarantee, fair bandwidth usage for same subscribed condition and flexible bandwidth management. AMIT Security Gateway provides a Rule-based QoS to carry out the requirements.
Page 143 Industry Cellular Gateway In above diagram, a QoS rule is organized by the premise part and the conclusion part. In the premise part, you must specify the WAN interface, host group, service type in the packets, packet flow direction to be watched and the sharing method of group control or individual control.
Page 144 Industry Cellular Gateway For bandwidth resource, control functions include guaranteeing bandwidth and limiting bandwidth. For priority queue resource, control function is setting priority. For DSCP resource, control function is DSCP marking. The last resource is Connection Sessions; the related control function is limiting connection sessions. Individual / Group Control One QoS rule can be applied to individual member or whole group in the target group.
Page 145 Industry Cellular Gateway QoS Rule Example #2 – DifferServ Code Points When the administrator of the gateway wants to convert the code point value, "IP Precedence 4(CS4)", in the packets from some client hosts (IP 10.0.75.196~199) to the code value, "AF Class2(High Drop)", he can use the "Rule-based QoS"...
Page 146 Industry Cellular Gateway QoS Configuration Setting Go to Basic Network > QoS > Configuration tab. In "QoS Configuration" page, there are some configuration windows for QoS function. They are the "Configuration" window, “System Resource Configuration” window, "QoS Rule List" window, and "QoS Rule Configuration"...
Page 147 Industry Cellular Gateway Setup System Resource System Resource Configuration Item Value Setting Description Define the system queues that are available for the QoS settings. 1. A Must filled setting. Type of System The supported type of system queues are Bandwidth Queue and Priority 2.
Page 148 Industry Cellular Gateway Create / Edit QoS Rules After enabled the QoS function and configured the system resources, you have to further specify some QoS rules for provide better service on the interested traffics. The gateway supports up to a maximum of 128 rule- based QoS rule sets.
Page 149 Industry Cellular Gateway QoS checkbox in the Multiple Bound Services field is checked before the Host Group option become available. Refer to Object Definition > Grouping > Host Grouping. Service 1. A Must filled Specify the service type of traffics that have to be applied with the QoS rule. It setting.
Page 150 Industry Cellular Gateway Specify the preferred sharing method for how to apply the QoS rule on the selected group. It can be Individual Control or Group Control. 1. A Must filled setting. Sharing Method Individual Control: If Individual Control is selected, each host in the group will 2.
Page 151: Redundancy
Industry Cellular Gateway 2.9 Redundancy In engineering, redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system, usually in the form of a backup or fail-safe. In an IP networking, the access gateway is the critical part of the networking system.
Page 152 Industry Cellular Gateway As shown in the diagram, Master Gateway and Backup Gateway are redundant gateway group of Network-A. Subnet of network-A is 10.0.75.0/24. Master gateway has LAN IP 10.0.75.1 and WAN IP 203.95.80.22. Backup gateway has LAN IP 10.0.75.2 and 118.18.81.33 for WAN-1.
Page 153 Industry Cellular Gateway 1. Numberic String Format Specify the Virtual Server ID on VRRP of the gateway. Virtual Server ID 2. A Must filled setting Value Range: 1 ~ 255. Priority of 1. Numberic String Format Specify the Priority of Virtual Server on VRRP of the gateway. Virtual Server 2.
Page 154: Chapter 3 Object Definition
Industry Cellular Gateway Chapter 3 Object Definition 3.1 Scheduling Scheduling provides ability of adding/deleting time schedule rules, which can be applied to other functionality. 3.1.1 Scheduling Configuration Go to Object Definition > Scheduling > Configuration tab. Button description Item Value setting Description Click the Add button to configure time schedule rule Delete...
Page 155 Industry Cellular Gateway Time Period Definition Item Value Setting Description Week Day Select from menu Select everyday or one of weekday Start Time Time format (hh :mm) Start time in selected weekday End Time Time format (hh :mm) End time in selected weekday Save Click Save to save the settings Undo...
Page 156: User (Not Supported)
Industry Cellular Gateway 3.2 User (not supported) Not supported feature for the purchased product, leave it as blank.
Page 157: Grouping
Industry Cellular Gateway 3.3 Grouping The Grouping function allows user to make group for some services. 3.3.1 Host Grouping Go to Object Definition > Grouping > Host Grouping tab. The Host Grouping function allows user to make host group for some services, such as QoS, Firewall, and Communication Bus.
Page 158 Industry Cellular Gateway When MAC Address-based is selected, only MAC address can be added in Member to Join. When Host Name-based is selected, only host name can be added in Member to Join. Note: The available Group Type can be different for the purchased model. Add the members to the group in this field.
Page 159: External Server
Industry Cellular Gateway 3.4 External Server Go to Object Definition > External Server > External Server tab. The External Server setting allows user to add external server. Create External Server When Add button is applied, External Server Configuration screen will appear.
Page 160 Industry Cellular Gateway External Server Configuration Item Value setting Description 1. String format can be Sever Name any text Enter a server name. Enter a name that is easy for you to understand. 2. A Must filled setting Specify the Server Type of the external server, and enter the required settings for the accessing the server.
Page 161 Industry Cellular Gateway TACACS+ Server (A Must filled setting) : When TACACS+ Server is selected, the following settings are also required. Shared Key (String format: any text) Session Timeout (String format: any number) The values must be between 1 and 60. SCEP Server (A Must filled setting) : When SCEP Server is selected, the following settings are also required.
Page 162: Certificate
Industry Cellular Gateway 3.5 Certificate In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. The certificate includes information about the key, information about its owner's identity, and the digital signature of an entity that has verified the certificate's contents are genuine.
Page 163 Industry Cellular Gateway Root CA Certificate Configuration Item Value setting Description 1. String format can be any Name text Enter a Root CA Certificate name. It will be a certificate file name 2. A Must filled setting This field is to specify the key attribute of certificate. Key Type to set public-key cryptosystems.
Page 164 Industry Cellular Gateway Setup SCEP SCEP Configuration Item Value setting Description The box is unchecked by SCEP Check the Enable box to activate SCEP function. default When SCEP is activated, check the Enable box to activate this function. Automatically The box is unchecked by re-enroll aging It will be automatically check which certificate is aging.
Page 165: My Certificate
Industry Cellular Gateway 3.5.2 My Certificate My Certificate includes a Local Certificate List. Local Certificate List shows all generated certificates by the root CA for the gateway. And it also stores the generated Certificate Signing Requests (CSR) which will be signed by other external CAs.
Page 166 HQRootCA Key Type: RSA Key Length: 1024-bits Subject Name Country(C): TW State(ST): Taiwan Location(L): Tainan Organization(O): AMITHQ Organization Unit(OU): HQRD Common Name(CN): HQRootCA E-mail: hqrootca@amit.com.tw Configuration Path [My Certificate]-[Local Certificate Configuration] Name HQCRT Self-signed: ■ Key Type: RSA Key Length: 1024-bits...
Page 167 [My Certificate]-[Local Certificate Configuration] BranchCRT Self-signed: □ Name Key Type: RSA Key Length: 1024-bits Subject Name Country(C): TW State(ST): Taiwan Location(L): Tainan Organization(O): AMITBranch Organization Unit(OU): BranchRD Common Name(CN): BranchCRT E-mail: branchcrt@amit.com.tw Configuration Path [IPSec]-[Configuration] ■ Enable IPSec Configuration Path [IPSec]-[Tunnel Configuration] Tunnel ■...
Page 168 Industry Cellular Gateway Remote Netmask 255.255.255.0 Remote Gateway 203.95.80.22 Configuration Path [IPSec]-[Authentication] Key Management IKE+X.509 Local Certificate: BranchCRT Remote Certificate: HQCRT Local ID User Name Network-B Remote ID User Name Network-A Configuration Path [IPSec]-[IKE Phase] Negotiation Mode Main Mode X-Auth None Scenario Operation Procedure In above diagram, "Gateway 1"...
Page 169 Industry Cellular Gateway My Certificate Setting Go to Object Definition > Certificate > My Certificate tab. The My Certificate setting allows user to create local certificates. In "My Certificate" page, there are two configuration windows for the "My Certificate" function. The "Local Certificate List" window shows the stored certificates or CSRs for representing the gateway.
Page 170 Industry Cellular Gateway Local Certificate Configuration Item Value setting Description Name 1. String format can be any Enter a certificate name. It will be a certificate file name text If Self-signed is checked, it will be signed by root CA. If Self-signed is not 2.
Page 171 Industry Cellular Gateway Import Item Value setting Description Import A Must filled setting Select a certificate file from user’s computer, and click the Apply button to import the specified certificate file to the gateway. PEM Encoded 1. String format can be any This is an alternative approach to import a certificate.
Page 172: Trusted Certificate
Industry Cellular Gateway 3.5.3 Trusted Certificate Trusted Certificate includes Trusted CA Certificate List, Trusted Client Certificate List, and Trusted Client Key List. The Trusted CA Certificate List places the certificates of external trusted CAs. The Trusted Client Certificate List places the others' certificates what you trust. And the Trusted Client Key List places the others’ keys what you trusted.
Page 173 Industry Cellular Gateway For Network-A at HQ Following tables list the parameter configuration as an example for the "Trusted Certificate" function used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The configuration example must be combined with the ones in "My Certificate" and "Issue Certificate"...
Page 174 Industry Cellular Gateway Import the obtained BranchCRT certificate (the derived BranchCSR certificate after Gateway 1’s root CA signature) into the "Trusted Client Certificate List" of the Gateway 1 and the "Local Certificate List" of the Gateway 2. For more details, refer to the Network-B operation procedure in "My Certificate"...
Page 175 Industry Cellular Gateway Trusted Certificate Setting Go to Object Definition > Certificate > Trusted Certificate tab. The Trusted Certificate setting allows user to import trusted certificates and keys. Import Trusted CA Certificate When Import button is applied, a Trusted CA import screen will appear. You can import a Trusted CA certificate from an existed certificate file, or directly paste a PEM encoded string as the certificate.
Page 176 Industry Cellular Gateway Get CA Configuration Item Value setting Description SCEP Server A Must filled setting Select a SCEP Server to identify the SCEP server for use. The server detailed information could be specified in External Servers. Refer to Object Definition > External Server >...
Page 177 Industry Cellular Gateway Item Value setting Description Import from a A Must filled setting Select a certificate file from user’s computer, and click the Apply button to import the specified certificate file to the gateway. File Import from a 1. String format can be any This is an alternative approach to import a certificate.
Page 178: Issue Certificate
Industry Cellular Gateway 3.5.4 Issue Certificate When you have a Certificate Signing Request (CSR) that needs to be certificated by the root CA of the device, you can issue the request here and let Root CA sign it. There are two approaches to issue a certificate. One is from a CSR file importing from the managing PC and another is copy-paste the CSR codes in gateway’s web- based utility, and then click on the "Sign"...
Page 179 Industry Cellular Gateway also imports the certificates of the root CA of the Gateway 1 into the Gateway 2 as the trusted ones. (Please also refer to "My Certificate" and "Trusted Certificate" sections). Establish an IPSec VPN tunnel with IKE and X.509 protocols by starting from either peer, so that all client hosts in these both subnets can communicate with each other.
Page 180 Industry Cellular Gateway Issue Certificate Setting Go to Object Definition > Certificate > Issue Certificate tab. The Issue Certificate setting allows user to import Certificate Signing Request (CSR) to be signed by root CA. Import and Issue Certificate Certificate Signing Request (CSR) Import from a File Item Value setting Description...
Page 181: Chapter 4 Field Communication
Industry Cellular Gateway Chapter 4 Field Communication 4.1 Bus & Protocol The gateway may equip a serial port for various serial communication use through connecting the RS-232 or RS-485 serial device to an IP-based Ethernet LAN. These communication protocols make user access serial devices anywhere over a local LAN or the Internet easily.
Page 182 Industry Cellular Gateway Interface Select RS-232 or RS-485 physical interface for connecting to the access device(s) RS-232 is set by default with the same interface specification. Baud Rate 19200 is set by default Select the appropriate baud rate for serial device communication. RS-232: 1200 / 2400 / 4800 / 9600 / 19200 / 38400 / 57600 / 115200 RS-485 can use higher baud rate for 230400 and 460800.
Page 183: Virtual Com
Industry Cellular Gateway 4.1.2 Virtual COM Create a virtual COM port on user’s PC/Host to provide access to serial device connected to the serial port on gateway. Therefore, users can access, control, and manage the connected serial device through Internet (fixed line, or cellular network) anywhere.
Page 184 Industry Cellular Gateway TCP Server Mode When the administrator expects the gateway to wait passively for the serial data requests from the Host Device (usually we use a computer to play as a Host), and the Host will establish a TCP connection to get data from the serial device, the operation mode for the "Virtual COM"...
Page 185 Industry Cellular Gateway RFC-2217 Mode RFC-2217 defines general COM port control options based on telnet protocol. A host computer with RFC-2217 driver installed can monitor and manage the remote serial device attached to the gateway’s serial port, as though they were connected to the local serial port.
Page 186 Industry Cellular Gateway Virtual COM Setting Virtual COM setting screen enables user to connect a Virtual COM port based device to the Internet. It allows user to access serial data remotely. There are Disable, TCP Client, TCP Server, UDP, and RFC2217 modes for remote accessing the connected serial device.
Page 187 Industry Cellular Gateway...
Page 188 Industry Cellular Gateway Specify Data Packing Parameters Data Packing Configuration Item Value setting Description Data Buffer 1.An optional filled setting Enter the data buffer length for the serieal port. Length 2.Default value is 0 Value Range: 0 ~ 1024. Delimiter 1.An optional filled setting Check the Enable box to activate the Delimiter character 1, and enter the Hex Character 1...
Page 189 Industry Cellular Gateway Definition The box is unchecked by Check the Enable box to enable the TCP server configuration. Enable default Save Click the Save button to save the configuration Enable TCP Server Mode Configure the gateway as the TCP (Transmission Control Protocol) Server. The TCP Server waits for connections to be initiated by a remote TCP client device to receive serial data.
Page 190 Industry Cellular Gateway Specify TCP Clients for TCP Server Access If you selected Specific IPs as the trust Type, the Trusted IP Definition window appears. The settings are valid for both TCP Server and RFC-2217 modes. Specify TCP Clients Window Item Value setting Description...
Page 191 Industry Cellular Gateway Enable UDP Mode Window Item Value setting Description Operation Mode A Must filled setting Select UDP mode. Listen Port 4001 is set by default Indicate the listening port of UDP connection. Value Range: 1 ~ 65535 Enable The box is unchecked by Check the Enable box to activate the corresponding serial port in specified default.
Page 192 Industry Cellular Gateway Enable RFC-2217 Mode RFC-2217 defines general COM port control options based on telnet protocol. With the RFC-2217 mode, remote host can monitor and manage remote serially attached devices, as though they were connected to the local serial port. When a virtual serial port on the local serial device is being created, it is required to specify the IP-address of the remote hosts to establish connection with.
Page 193 Industry Cellular Gateway Specify Remote Host for Access If you selected Specific IPs as the trust Type, the Trusted IP Definition window appears. The settings are valid for both TCP Server and RFC-2217 modes. Specify RFC-2217 Clients for Access Window Item Value setting Description...
Page 194: Modbus
Industry Cellular Gateway 4.1.3 Modbus Modbus is one of the most popular automation protocols in the world, supporting traditional RS-232/422/485 devices and recently developed Ethernet devices. Many industrial devices, such as PLCs, DCSs, HMIs, instruments, and smart meters, use Modbus protocol as the communication standard. It is used to establish master-slave communication between intelligent devices.
Page 195 Industry Cellular Gateway Modbus Slave Scenario In addition to behave as a Modbus Gateway, there is an integrated Modus Slave option for providing some device status, like Cellular Network Status, device DI/DO status, to remote Modbus Master via Modbus communication. With the Slave option enabled, the Modbus Master device can request the information or sending control commands to the IoT Gateway, the Modbus TCP/RTU...
Page 196 Industry Cellular Gateway Modbus Setting Go to Field Communication > Bus & Protocol > Modbus tab. The Modbus setting page enables user to configure the gateway to operate as a Modbus gateway, and allow access among Modbus TCP devices (which are connected to Ethernet network) and Modbus RTU/ASCII devices (which are connected to the Serial Port of the gateway).
Page 197 Industry Cellular Gateway Value Range: 1 ~ 65535. Note: Use different port number among the serial ports for the product with multiple serial ports. Serial Protocol RTU is set by default Select the serial protocol that is adopted by the attached Modbus device(s). It can be RTU or ASCII.
Page 198 Industry Cellular Gateway to the Master. However, if the 0Bh exception box is checked (see below), a 0Bh hex code based-error message will be send instead. Value Range: 0 ~ 5. 0Bh Exception The box is unchecked Check the Enable box to enable gateway to send a 0Bh exception code message by default.
Page 199 Industry Cellular Gateway Item Value setting Description Source IP A Must fill setting Select Specific IP Address to only allow an IP address of the allowed Master to access the attached Slave(s). Select IP Range to only allow a set range of IP addresses of the allowed Master to access the attached Slave(s).
Page 200 Industry Cellular Gateway Item Value setting Description Message Buffering 1. Unchecked by Check the Enable box to buffer up to 32 requests from Modbus Master. default If the Enable box is checked, a Modbus Priority Definition dialog will appear 2. Buffer up to 32 consequently.
Page 201 Industry Cellular Gateway ID Range Range 1 to 247 Enter the Modbus ID range for the Modbus TCP Slave(s) that will respond to the Master’s request. In addition to specify the Slave IP and Port, for accessing those Remote Modbus RTU Salve(s) located behind another Modbus Gateway, user has to specify the Modus ID range of the Modbus RTU Slave(s).
Page 202 Industry Cellular Gateway Supported Function Code for Integrated Modbus Slave This setting can setup the Gateway as a standalone Modbus Slave Device. Local SCADA Management System can treat the Gateway as a Slave device, and hence is able to read its information for device monitoring. Currently, the integrated Modbus Slave device supports the following commands for accessing the 3G/4G Modem Status of the Gateway.
Page 203 Industry Cellular Gateway Register Register Name R / W Register Range / Description Address 0 : SIM card with PIN code insert 1 : SIM card 3G/4G_Module-2_SIM_STATUS ready 2 : No SIM card 3G/4G_Module-2_MCC MCC Value 3G/4G_Module-2_MNC MNC Value 3G/4G_Module-2_CS Register 0 : Unregistered, 1: Registered Status 3G/4G_Module-2_PS Register...
Page 204 Industry Cellular Gateway Register Register Name R / W Register Range / Description Address DI_STATUS_1 0 : OFF, 1 : ON DO_STATUS_1 0 : OFF, 1 : ON DI_STATUS_2 0 : OFF, 1 : ON DO_STATUS_2 0 : OFF, 1 : ON DI_STATUS_3 0 : OFF, 1 : ON DO_STATUS_3...
Page 205: Data Logging
Industry Cellular Gateway 4.2 Data Logging Data logging is the process of collecting and storing data over a period of time in order to analyze specific trends or record the data-based events/actions of a system, or connected devices. Data logging function is a very useful and also important feature for SCADA telemetry;...
Page 206 Industry Cellular Gateway among the Master and Slave sides or not. However, if there is any network connection problem between the Modbus gateway and remote NOC/SCADA, the remote Modbus server can’t reach the Slave devices attached to the Modbus gateway, and consequently, nothing can be monitored and stored under such situation.
Page 207 Industry Cellular Gateway IP: 172.16.99.160 As illustrated, when the connection to a remote Modbus Master broken, the Modbus Gateway will activate the data logging proxy function and execute the pre-defined data acquisition task by itself.  The Modbus request issued by the Modbus Gateway (Data Logging Proxy). ...
Page 208: Data Logging Configuration
Industry Cellular Gateway 4.2.1 Data Logging Configuration Data Logging is commonly used in monitoring systems to collect and analyze the field data. With proper configuration, the Gateway will record Modbus messages according to the specified rule list. Go to Field Communication > Data Logging > Configuration tab. Enable Data Logging Configuration Item...
Page 209 Industry Cellular Gateway Modbus Proxy Rule Configuration Item Value setting Description Name A Must filled setting. Specify a name as the identifier of the Modbus proxy rule. Value Range: 1 ~ 32 characters. Modbus Slave Type IP Address :Port is Specify the Modbus Slave devices to apply with the Modbus proxy rule.
Page 210: Scheme Setup
Industry Cellular Gateway 4.2.2 Scheme Setup There are five data logging schemes to meet different management requirements. They are the Sniffer Mode, Offline Proxy Mode, Full-Time Proxy Mode, and the mixed modes for sniffer and proxy combinations. User has to configure the required data logging rules with selected scheme in this Scheme Setup page. Go to Field Communication >...
Page 211 Industry Cellular Gateway Sniffer & Full-Time Proxy: This is a mixed mode for both Sniffer and Full-Time Proxy modes. Master Type IP Address is selected Specify the Modbus master device to apply with the data logging rule. It can be by default.
Page 212: Log File Management
Industry Cellular Gateway 4.2.3 Log File Management There are five data logging schemes to meet different management requirements. They are the Sniffer Mode, Off-Line Proxy Mode, Full-Time Proxy Mode, and the mixed modes for sniffer and proxy combinations. User has to configure the required data logging rules with selected scheme in this Scheme Setup page. Go to Field Communication >...
Page 213 Industry Cellular Gateway Auto Upload 1. An Optional filled Check the Enable box to activate the auto upload function for logged files. setting Once been enabled, user has to specify an external FTP server from the 2. The box is unchecked dropdown list for auto uploading the log files to the server.
Page 214: Chapter 5 Security
Industry Cellular Gateway Chapter 5 Security 5.1 VPN A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefitting from the functionality, security and management policies of the private network.
Page 215: Ipsec
Industry Cellular Gateway 5.1.1 IPSec Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPSec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.
Page 216 Industry Cellular Gateway As in the diagram, the clients behind the M2M gateway can access to the host "Host-DC" located in the control center through Site to Host VPN tunnel. Host to Site: On the contrast, for a single host (or mobile user to) to access the resources located in an intranet, the Host to Site scenario can be applied.
Page 217 Industry Cellular Gateway Dynamic VPN Server Scenario Dynamic VPN Server Scenario is an efficient way to build multiple tunnels with remote sites, especially for mobile clients with dynamic IP. In this scenario, gateway can only be role of server (responder), and it must have a “Static IP”...
Page 218 Industry Cellular Gateway IPSec Setting Go to Security > VPN > IPSec tab. The IPSec Setting allows user to create and configure IPSec tunnels. Enable IPSec Configuration Window Item Value setting Description IPsec Unchecked by default Click the Enable box to enable IPSec function. NetBIOS over IPSec Unchecked by default Click the Enable box to enable NetBIOS over IPSec function.
Page 219 Industry Cellular Gateway Tunnel Configuration Window Item Value setting Description Tunnel Unchecked by default Check the Enable box to activate the IPSec tunnel 1. A Must fill setting Enter a tunnel name. Enter a name that is easy for you to identify. Tunnel Name 2.
Page 220 Industry Cellular Gateway by default tunnel from which to failover to. Note: Failover mode is not available for the gateway with single WAN. 1. A Must fill setting Encapsulation Select the Encapsulation Protocol from the dropdown box for this IPSec tunnel. 2.
Page 221 Industry Cellular Gateway Specify the Remote Subnet IP address and Subnet Mask. Remote Subnet List A Must fill setting Click the Add or Delete button to add or delete Remote Subnet setting. 1. A Must fill setting. Remote Gateway 2. Format can be a Specify the Remote Gateway.
Page 222 Industry Cellular Gateway IKE Phase Window Item Value setting Description 1. A must fill setting Specify the IKE version for this IPSec tunnel. Select v1 or v2 IKE Version 2. v1 is selected by Note: IKE versions will not be available when Dynamic VPN option in Tunnel default Scenario is selected, or AH option in Encapsulation Protocol is selected.
Page 223 Industry Cellular Gateway IKE Proposal Definition Window Item Value setting Description Specify the Phase 1 Encryption method. It can be DES / 3DES / AES-auto / AES- 128 / AES-192 / AES-256. Specify the Authentication method. It can be None / MD5 / SHA1 / SHA2-256. IKE Proposal A Must fill setting Definition...
Page 224 Industry Cellular Gateway IPSec Proposal Definition Window Item Value setting Description Specify the Encryption method. It can be None / DES / 3DES / AES-auto / AES- 128 / AES-192 / AES-256. Note: None is available only when Encapsulation Protocol is set as AH; it is not available for ESP Encapsulation.
Page 225 Industry Cellular Gateway Select Key Management from the dropdown box for this IPSec tunnel. Key Management A Must fill setting In this section Manually is the option selected. Specify the Local ID for this IPSec tunnel to authenticate. Local ID An optional setting Select the Key ID for Local ID and enter the Key ID (English alphabet or number).
Page 226 Industry Cellular Gateway Value Range: 0 ~ FFFF. Specify the Inbound SPI for this IPSec tunnel. Inbound SPI Hexadecimal format Value Range: 0 ~ FFFF. Specify the Encryption Method and Encryption key. Available encryption methods are DES/3DES/AES-128/AES-192/AES-256. 1. A Must fill setting The key length for DES is 16, 3DES is 48, AES-128 is 32, AES-192 is 48, and AES- Encryption 2.
Page 227 Industry Cellular Gateway Tunnel Configuration Window Item Value setting Description Tunnel Unchecked by default Check the Enable box to activate the Dynamic IPSec VPN tunnel. 1. A Must fill setting Enter a tunnel name. Enter a name that is easy for you to identify. Tunnel Name 2.
Page 228 Industry Cellular Gateway 2. Pre-shared Key 8 to IKE+Pre-shared Key: user needs to set a key (8 ~ 32 characters). 32 characters. Specify the Local ID for this IPSec tunnel to authenticate. Select User Name for Local ID and enter the username. The username may include but can’t be all numbers.
Page 229: Openvpn
Industry Cellular Gateway 5.1.2 OpenVPN OpenVPN is an application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls.
Page 230 Industry Cellular Gateway assigned a virtual IP (10.8.0.2) which is belong to a virtual subnet that is different to the local subnet in Control Center. With such connection, the local networked devices will get a virtual IP 10.8.0.x if its traffic goes through the OpenVPN TUN connection when Redirect Internet Traffic settings is enabled;...
Page 231 Industry Cellular Gateway Open VPN Setting Go to Security > VPN > OpenVPN tab. The OpenVPN setting allows user to create and configure OpenVPN tunnels. Enable OpenVPN Enable OpenVPN and select an expected configuration, either server or client, for the gateway to operate. Configuration Item Value setting...
Page 232 Industry Cellular Gateway As an OpenVPN Server If Server is selected, an OpenVPN Server Configuration screen will appear. OpenVPN Server Configuration window can let you enable the OpenVPN server function, specify the virtual IP address of OpenVPN server, when remote OpenVPN clients dial in, and the authentication protocol. The OpenVPN Server supports up to 4 TUN / TAP tunnels at the same time.
Page 233 Industry Cellular Gateway Item Value setting Description OpenVPN Server The box is unchecked by Click the Enable to activate OpenVPN Server functions. default. Protocol 1. A Must filled setting Define the selected Protocol for connecting to the OpenVPN Server. 2. By default TCP is •...
Page 234 Industry Cellular Gateway Gateway A Must filled setting Specify the Gateway setting for the OpenVPN server. It will be assigned to the connected OpenVPN clients. Note: Gateway will be available only when TAP is chosen in Tunnel Device, and DHCP-Proxy Mode is unchecked (disabled). Netmask By default - select one - is Specify the Netmask setting for the OpenVPN server.
Page 235 Industry Cellular Gateway When Advanced Configuration is selected, an OpenVPN Server Advanced Configuration screen will appear. OpenVPN Server Advanced Configuration Item Value setting Description TLS Cipher 1. A Must filled setting. Specify the TLS Cipher from the dropdown list. 2. TLS-RSA-WITH-AES128- It can be None / TLS-RSA-WITH-RC4-MD5 / TLS-RSA-WITH-AES128-SHA / TLS- SHA is selected by default RSA-WITH-AES256-SHA / TLS-DHE-DSS-AES128-SHA / TLS-DHE-DSS-AES256-...
Page 236 Industry Cellular Gateway Protocol. Tunnel UDP 1. An Optional setting. Check the Enable box to activate the Tunnel UDP MSS-Fix Function. MSS-Fix 2. The box is unchecked by Note: Tunnel UDP MSS-Fix will be available only when UDP is chosen in default.
Page 237 Industry Cellular Gateway As an OpenVPN Client If Client is selected, an OpenVPN Client List screen will appear. When Add button is applied, OpenVPN Client Configuration screen will appear. OpenVPN Client Configuration window let you specify the required parameters for an OpenVPN VPN client, such as "OpenVPN Client Name", "Interface", "Protocol", "Tunnel Scenario", "Remote IP/FQDN", "Remote Subnet", "Authorization Mode", "Encryption Cipher", "Hash Algorithm"...
Page 238 Industry Cellular Gateway OpenVPN Client Configuration Item Value setting Description OpenVPN Client A Must filled setting The OpenVPN Client Name will be used to identify the client in the tunnel list. Name Value Range: 1 ~ 32 characters. Interface 1. A Must filled setting Define the physical interface to be used for this OpenVPN Client tunnel.
Page 239 Industry Cellular Gateway Remote Endpoint IP A Must filled setting Specify the virtual Remote Endpoint IP Address of the peer OpenVPN gateway. Address Value Range: The IP format is 10.8.0.x, the range of x is 1~254. Note: Remote Endpoint IP Address will be available only when Static Key is chosen in Authorization Mode.
Page 240 Industry Cellular Gateway When Advanced Configuration is selected, an OpenVPN Client Advanced Configuration screen will appear. OpenVPN Advanced Client Configuration Item Value setting Description TLS Cipher Specify the TLS Cipher from the dropdown list. 1. A Must filled setting. 2. TLS-RSA-WITH- It can be None / TLS-RSA-WITH-RC4-MD5 / TLS-RSA-WITH-AES128-SHA / TLS- AES128-SHA is selected RSA-WITH-AES256-SHA / TLS-DHE-DSS-AES128-SHA / TLS-DHE-DSS-AES256-...
Page 241 Industry Cellular Gateway User Name An Optional setting. Enter the User account for connecting to an OpenVPN server, if the server required it. Note: User Name will be available only when TLS is chosen in Authorization Mode. Password An Optional setting. Enter the Password for connecting to an OpenVPN server, if the server required it.
Page 242: L2Tp
Industry Cellular Gateway 5.1.3 L2TP Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy.
Page 243 Industry Cellular Gateway Besides, for the L2TP client peer, a Remote Subnet item is required. It is for the Intranet of L2TP server peer. So, at L2TP client peer, the packets whose destination is in the dedicated subnet will be transferred via the L2TP tunnel. Others will be transferred based on current routing policy of the gateway at L2TP client peer.
Page 244 Industry Cellular Gateway L2TP Setting Go to Security > VPN > L2TP tab. The L2TP setting allows user to create and configure L2TP tunnels. Enable L2TP Enable L2TP Window Item Value setting Description L2TP Unchecked by default Click the Enable box to activate L2TP function. Specify the role of L2TP.
Page 245 Industry Cellular Gateway L2TP Server Configuration Item Value setting Description The box is unchecked When click the Enable box L2TP Server by default It will active L2TP server When click the Enable box. The box is unchecked L2TP over IPSec It will enable L2TP over IPSec and need to fill in the Pre-shared Key (8~32 by default...
Page 246 Industry Cellular Gateway User Account List Window Item Value setting Description This is the L2TP authentication user account entry. You can create and add accounts for remote clients to establish L2TP VPN connection to the gateway device. Click Add button to add user account. Enter User name and password. Then Max.of 10 user User Account List check the enable box to enable the user.
Page 247 Industry Cellular Gateway Create/Edit L2TP Client When Add/Edit button is applied, a series of configuration screen will appear. You can add up to 8 L2TP Clients. L2TP Client Configuration Item Setting Value setting Description Enter a tunnel name. Enter a name that is easy for you to identify. Tunnel Name A Must filled setting Value Range: 1 ~ 32 characters.
Page 248 Industry Cellular Gateway (WAN-1 is available only when WAN-1 interface is enabled) The same applies to other WAN interfaces (e.g. WAN-2). 1. A Must filled setting Define operation mode for the L2TP Tunnel. It can be Always On, or Failover. 2.
Page 249 Industry Cellular Gateway Value Range: 1 ~ 99999 for Interval Time, 1~999 for Failure Time. Specify the Service Port for this L2TP tunnel to use. It can be Auto, (1701) for Cisco), or User-defined. Auto: The system determines the service port. Service Port 1701 (for Cisco): The system use port 1701 for connecting with CISCO L2TP A Must filled setting...
Page 250: Pptp
Industry Cellular Gateway 5.1.4 PPTP Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. It is a client-server based technology. There are various levels of authentication and encryption for PPTP tunneling, usually natively as standard features of the Windows PPTP stack.
Page 251 Industry Cellular Gateway get “user name”, “password” and server’s global IP. In addition, it is required to identify the operation mode for each tunnel as main connection, failover for another tunnel, or load balance tunnel to increase overall bandwidth. It needs to decide “Default Gateway” or “Remote Subnet” for packet flow. Moreover, you can also define what kind of traffics will pass through the PPTP tunnel in the “Default Gateway / Remote Subnet”...
Page 252 Industry Cellular Gateway PPTP Setting Go to Security > VPN > PPTP tab. The PPTP setting allows user to create and configure PPTP tunnels. Enable PPTP Enable PPTP Window Item Value setting Description PPTP Unchecked by default Click the Enable box to activate PPTP function. Specify the role of PPTP.
Page 253 Industry Cellular Gateway PPTP Server Configuration Window Item Value setting Description PPTP Server Unchecked by default Check the Enable box to enable PPTP server role of the gateway. 1. A Must fill setting Specify the PPTP server Virtual IP address. The virtual IP address will serve as Server Virtual IP 2.
Page 254 Industry Cellular Gateway User Account List Window Item Value setting Description This is the PPTP authentication user account entry. You can create and add accounts for remote clients to establish PPTP VPN connection to the gateway device. Click Add button to add user account. Enter User name and password. Then Max.of 10 user User Account List check the enable box to enable the user.
Page 255 Industry Cellular Gateway PPTP Client Configuration Window Item Value setting Description A Must fill setting Enter a tunnel name. Enter a name that is easy for you to identify. Tunnel Name Value Range: 1 ~ 32 characters. 1. A Must fill setting Define the selected interface to be the used for this PPTP tunnel Interface 2.
Page 256 Industry Cellular Gateway VPN tunnel. Others will be transferred based on current routing policy of the security gateway at PPTP client peer. If you entered 0.0.0.0/0 in the Remote Subnet field, it will be treated as a default gateway setting for the PPTP client peer, all packets, including the Internet accessing of PPTP Client peer, will go through the established PPTP VPN tunnel.
Page 257: Gre
Industry Cellular Gateway 5.1.5 GRE Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that encapsulates a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol internetwork. Deploy a M2M gateway for remote site and establish a virtual private network with control center by using GRE tunneling.
Page 258 Industry Cellular Gateway If the GRE server supports DMVPN Hub function, like Cisco router as the VPN concentrator, the GRE client can active the DMVPN spoke function here since it is implemented by GRE over IPSec tunneling. GRE Setting Go to Security > VPN > GRE tab. The GRE setting allows user to create and configure GRE tunnels.
Page 259 Industry Cellular Gateway GRE Rule Configuration Window Item Value setting Description Enter a tunnel name. Enter a name that is easy for you to identify. Tunnel Name A Must fill setting Value Range: 1 ~ 9 characters. 1. A Must fill setting Select the interface on which GRE tunnel is to be established.
Page 260 Industry Cellular Gateway default Select Ping IP to keep live and enter the IP address to ping. 2. 5s is set by default Enter the ping time interval in seconds. Value Range: 5 ~ 999 seconds. Specify the remote subnet for this GRE tunnel. The Remote Subnet format must be IP address/netmask (e.g.
Page 261: Firewall
Industry Cellular Gateway 5.2 Firewall The firewall functions include Packet Filter, URL Blocking, Content Filter, MAC Control, Application Filter, IPS and some firewall options. The supported function can be different for the purchased gateway. 5.2.1 Packet Filter...
Page 262 Industry Cellular Gateway "Packet Filter" function can let you define some filtering rules for incoming and outgoing packets. So the gateway can control what packets are allowed or blocked to pass through it. A packet filter rule should indicate from and to which interface the packet enters and leaves the gateway, the source and destination IP addresses, and destination service port type and port number.
Page 263 Industry Cellular Gateway default When Deny those match the following rules is selected, as the name suggest, Deny those match the Black List / packets specified in the rules will be blocked –black listed. In contrast, with following rules is set by White List Allow those match the following rules, you can specifically white list the default...
Page 264 Industry Cellular Gateway any text Value Range: 1 ~ 30 characters. 2. A Must filled setting Define the selected interface to be the packet-entering interface of the router. If the packets to be filtered are coming from LAN to WAN then select LAN for this field.
Page 265 Industry Cellular Gateway Then for Destination Port, select a predefined port dropdown box when Well- known Service is selected, otherwise select User-defined Service and specify a port range. Value Range: 1 ~ 65535 for Source Port, Destination Port. For Protocol, select ICMPv4 to filter ICMPv4 packets For Protocol, select TCP to filter TCP packets Then for Source Port, select a predefined port dropdown box when Well-known Service is selected, otherwise select User-defined Service and specify a port...
Page 266: Url Blocking
Industry Cellular Gateway 5.2.2 URL Blocking "URL Blocking" function can let you define blocking or allowing rules for incoming and outgoing Web request packets. With defined rules, gateway can control the Web requests containing the complete URL, partial domain name, or pre-defined keywords. For example, one can filter out or allow only the Web requests based on domain input suffixes like .com or .org or keywords like “bct”...
Page 267 Industry Cellular Gateway URL Blocking Setting Go to Security > Firewall > URL Blocking Tab. In "URL Blocking" page, there are three configuration windows. They are the "Configuration" window, "URL Blocking Rule List" window, and "URL Blocking Rule Configuration" window. The "Configuration"...
Page 268 Industry Cellular Gateway When Add button is applied, the URL Blocking Rule Configuration screen will appear. URL Blocking Rules Configuration Item Value setting Description 1. String format can be any Specify an URL Blocking rule name. Enter a name that is easy for you to Rule Name text understand.
Page 269 Industry Cellular Gateway delimiter “;”. This field is to specify the Destination Port number. Destination 1. A Must filled setting • Select Any to filter packets going to any Port. Port 2. Any is set by default • Select Specific Service Port to filter packets going to a specific Port entered in this field. •...
Page 270: Mac Control
Industry Cellular Gateway 5.2.3 MAC Control "MAC Control" function allows you to assign the accessibility to the gateway for different users based on device’s MAC address. When the administrator wants to reject the traffics from some client hosts with specific MAC addresses, he can use the "MAC Control"...
Page 271 Industry Cellular Gateway MAC Control Setting Go to Security > Firewall > MAC Control Tab. The MAC control setting allows user to create and customize MAC address policies to allow or reject packets with specific source MAC address. Enable MAC Control Configuration Window Item Value setting...
Page 272 Industry Cellular Gateway Create/Edit MAC Control Rules The gateway supports up to a maximum of 20 filter rule sets. Ensure that the MAC Control is enabled before we can create control rules. When Add button is applied, Filter Rule Configuration screen will appear. MAC Control Rule Configuration Item Value setting...
Page 273: Content Filter (Not Supported)
Industry Cellular Gateway 5.2.4 Content Filter (not supported) Not supported feature for the purchased product, leave it as blank.
Page 274: Application Filter (Not Supported)
Industry Cellular Gateway 5.2.5 Application Filter (not supported) Not supported feature for the purchased product, leave it as blank.
Page 275: Ips
Industry Cellular Gateway 5.2.6 IPS To provide application servers in the Internet, administrator may need to open specific ports for the services. However, there are some risks to always open service ports in the Internet. In order to avoid such attack risks, it is important to enable IPS functions.
Page 276 Industry Cellular Gateway IPS Setting Go to Security > Firewall > IPS Tab. The Intrusion Prevention System (IPS) setting allows user to customize intrusion prevention rules to prevent malicious packets. Enable IPS Firewall Configuration Window Item Value setting Description The box is unchecked by Check the Enable box to activate IPS function default The box is unchecked by...
Page 277 Industry Cellular Gateway Setup Intrusion Prevention Rules Item Name Value setting Description SYN Flood Click Enable box to activate this intrusion prevention rule and Defense enter the traffic threshold in this field. 1. A Must filled setting 2. The box is unchecked by default. Click Enable box to activate this intrusion prevention rule and UDP Flood Defense...
Page 278 Industry Cellular Gateway Block Traceroute Block Fraggle Attack 1. A Must filled setting 2. The box is unchecked by default. Click Enable box to activate this intrusion prevention rule and ARP Spoofing 3. Traffic threshold is set to 300 by default enter the traffic threshold in this field.
Page 279: Options
Industry Cellular Gateway 5.2.7 Options There are some additional useful firewall options in this page. “Stealth Mode” lets gateway not to respond to port scans from the WAN so that makes it less susceptible to discovery and attacks on the Internet. ”SPI” enables gateway to record the packet information like IP address, port address, ACK, SEQ number and so on while they pass through the gateway, and the gateway checks every incoming packet to detect if this packet is valid.
Page 280 Industry Cellular Gateway Enable SPI Scenario As shown in the diagram, Gateway has the IP address of 118.18.81.200 for WAN interface and 192.168.1.253 for LAN interface. It serves as a NAT gateway. Users in Network-A initiate to access cloud server through the gateway. Sometimes, unknown users will simulate the packets but use different source IP to masquerade.
Page 281 Industry Cellular Gateway Firewall Options Item Value setting Description The box is unchecked by Stealth Mode Check the Enable box to activate the Stealth Mode function default The box is checked by Check the Enable box to activate the SPI function default Discard Ping The box is unchecked by...
Page 282 Industry Cellular Gateway 1. 80 for HTTP by default This field is to specify a Service Port to HTTP or HTTPS connection. Service Port 2. 443 for HTTPS by Value Range: 1 ~ 65535. default Enabling the The box is unchecked by Click Enable box to activate this rule.
Page 283: Chapter 6 Administration
Industry Cellular Gateway Chapter 6 Administration 6.1 Configure & Manage Configure & Manage refers to enterprise-wide administration of distributed systems including (and commonly in practice) computer systems. Centralized management has a time and effort trade-off that is related to the size of the company, the expertise of the IT staff, and the amount of technology being used.
Page 284: Command Script
Industry Cellular Gateway 6.1.1 Command Script Command script configuration is the application that allows administrator to setup the pre-defined configuration in plain text style and apply configuration on startup. Go to Administration > Command Script > Configuration Tab. Enable Command Script Configuration Configuration Item Value setting...
Page 285 Industry Cellular Gateway Edit/Backup Plain Text Command Script You can edit the plain text configuration settings in the configuration screen as above. Plain Text Configuration Item Value setting Description Clean Clean text area. (You should click Save button to further clean the configuration already saved in the system.) Backup Backup and download configuration.
Page 286 Industry Cellular Gateway • TLS ->The OpenVPN will use TLS authorization mode, and the following items CA Cert., Client Cert. and Client Key need to specify as well. OPENVPN_CA_CERT A Must filled Specify the Trusted CA certificate for the OpenVPN client. It will go Setting through Base64 Conversion.
Page 287 Industry Cellular Gateway (ex: txtConfig enable) disable Disable plain text system config. (ex: txtConfig disable) run_immediately Apply the configuration content that has been committed in database. (ex: txtConfig run_immediately) run_immediately a existing file Assign a configuration file to apply. (ex: txtConfig run_immediately /tmp/config)
Page 288: 288
Industry Cellular Gateway 6.1.2 TR-069 TR-069 (Technical Report 069) is a Broadband Forum technical specification entitled CPE WAN Management Protocol (CWMP). It defines an application layer protocol for remote management of end-user devices, like this gateway device. As a bidirectional SOAP/HTTP-based protocol, it provides the communication between customer-premises equipment (CPE) and Auto Configuration Servers (ACS).
Page 289 Industry Cellular Gateway Following tables list the parameter configuration as an example for the Gateway 1 in above diagram with "TR-069" enabling. Use default value for those parameters that are not mentioned in the tables. Configuration Path [TR-069]-[Configuration] ■ Enable TR-069 ACS URL http://qa.acslite.com/cpe.php...
Page 290 Industry Cellular Gateway TR-069 Setting Go to Administration > Configure & Manage > TR-069 tab. In "TR-069" page, there is only one configuration window for TR-069 function. In the window, you must specify the related information for your security gateway to connect to the ACS. Drive the function to work by specifying the URL of the ACS server, the account information to login the ACS server, the service port and the account information for connection requesting from the ACS server, and the time interval for job inquiry.
Page 291 Industry Cellular Gateway The box is unchecked by TR-069 Check the Enable box to activate TR-069 function. default When you finish set basic network WAN-1 ~ WAN-n, you can choose WAN-1 ~ WAN-n WAN-1 is selected by Interface When you finish set Security > VPN > IPSec/OpenVPN/PPTP/L2TP/GRE, you default.
Page 292 Industry Cellular Gateway STUN Settings Configuration Item Value setting Description The box is checked by STUN Check the Enable box to activate STUN function. default 1. String format: any Specify the IP address for the expected STUN Server. Server Address IPv4 address 2.
Page 293: Snmp
The device supports several public MIBs and one private MIB for the SNMP agent. The supported MIBs are as follow: MIB-II (RFC 1213, Include IPv6), IF-MIB, IP-MIB, TCP-MIB, UDP-MIB, SMIv1 and SMIv2, SNMPv2-TM and SNMPv2-MIB, and AMIB (AMIT Private MIB) SNMP Management Scenario Scenario Application Timing There are two application scenarios of SNMP Network Management Systems (NMS).
Page 294 Industry Cellular Gateway the Intranet and manage all devices that support SNMP protocol in the Intranet. Another one is the Remote NMS to manage some devices whose WAN interfaces are connected together by using a switch or a router with UDP forwarding. If you want to manage some devices and they all have supported SNMP protocol, use either one application scenario, especially the management of devices in the Intranet.
Page 295 Industry Cellular Gateway At first stage, the NMS manager prepares related information for all managed devices and records them in the NMS system. Then NMS system gets the status of all managed devices by using SNMP get commands. When the manager wants to configure the managed devices, the NMS system allows him to do that by using SNMP set commands.
Page 296 Industry Cellular Gateway SNMP Setting Go to Administration > Configure & Manage > SNMP tab. The SNMP allows user to configure SNMP relevant setting which includes interface, version, access control and trap receiver. Enable SNMP SNMP Item Value setting Description Select the interface for the SNMP and enable SNMP functions.
Page 297 Industry Cellular Gateway 1. String format: any Specify the SNMP Port. port number You can fill in any port number. But you must ensure the port number is not to SNMP Port 2. The default SNMP be used. port is 161. Value Range: 1 ~ 65535.
Page 298 Industry Cellular Gateway Create/Edit User Privacy The SNMP allows you to custom your access control for version 3 user. The router supports up to a maximum of 128 User Privacy sets. When Add button is applied, User Privacy Rule Configuration screen will appear. User Privacy Rule Configuration Item Value setting...
Page 299 Industry Cellular Gateway Privacy Mode 1. noAuthNoPriv is Specify the Privacy Mode for this version 3 user. selected by default Selected the noAuthNoPriv. You do not use any authentication types and encryption protocols. Selected the authNoPriv. You must specify the Authentication and Password. Selected the authPriv.
Page 300 Industry Cellular Gateway When you selected v2c, the configuration screen is exactly the same as that of v1, except the version. When you selected v3, the configuration screen will provide more setting items for the version 3 Trap. Trap Event Receiver Rule Configuration Item Value setting Description...
Page 301 Industry Cellular Gateway Select the version for the trap Selected the v1. The configuration screen will provide the version 1 must filled items. 1. v1 is selected by SNMP Version Selected the v2c. default The configuration screen will provide the version 2c must filled items. Selected the v3.
Page 302 Item Value setting Description 1. The default value is AMIT Specify the Enterprise Name for the particular private MIB. Enterprise Name 2. A Must filled setting Value Range: 1 ~ 10 characters, and only string with A~Z, a~z, 0~9, ’–‘, ‘_’.
Page 303 1. The default value is 1.3.6.1.4.1.12823.4.4.9 Specify the Enterprise OID for the particular private MIB. (AMIT Enterprise OID) The range of the each OID number is 1-2080768. Enterprise OID 2. A Must filled setting The maximum length of the enterprise OID is 31.
Page 304: Telnet & Ssh
Industry Cellular Gateway 6.1.4 Telnet & SSH A command-line interface (CLI), also known as command-line user interface, and console user interface are means of interacting with a computer program where the user (or client) issues commands to the program in the form of successive lines of text (command lines).
Page 305 Industry Cellular Gateway Parameter Setup Example Following table lists the parameter configuration as an example for the Gateway in above diagram with "Telnet with CLI" enabling at LAN and WAN interfaces. Use default value for those parameters that are not mentioned in the table. Configuration Path [Telnet &...
Page 306 Industry Cellular Gateway Telnet & SSH Setting Go to Administration > Configure & Manage > Telnet & SSH tab. The Telnet & SSH setting allows administrator to access this device through the traditional Telnet or SSH Telnet program. Before you can telnet (login) to the device, please configure the related settings and password with care.
Page 307 Industry Cellular Gateway Configuration Item Value setting Description root 1. String: any text but no Type old password and specify new password to change root password. Note_1: You are highly recommended to change the default telnet password with blank character yours before the device is deployed.
Page 308: System Operation
Industry Cellular Gateway 6.2 System Operation System Operation allows the network administrator to manage system, settings such as web-based utility access password change, system information, system time, system log, firmware/configuration backup & restore, and reset & reboot. 6.2.1 Password & MMI Go to Administration >...
Page 309 Industry Cellular Gateway Password Configuration Item Value setting Description 1. String: any text 2. The default password Old Password Enter the current password to enable you unlock to change password. for web-based MMI is ‘admin’. New Password String: any text Enter new password New Password String: any text...
Page 310 Industry Cellular Gateway MMI Configuration Item Value setting Description Enter the login trial counting value. Value Range: 3 ~ 10. If someone tried to login the web GUI with incorrect password for more Login 3 times is set by default than the counting value, an warning message “Already reaching maximum Password-Guessing times, please wait a few seconds!”...
Page 311: System Information
Industry Cellular Gateway 6.2.2 System Information System Information screen gives network administrator a quick look up on the device information for the purchades gateway. Go to Administration > System Operation > System Information tab. System Information Item Value Setting Description Model Name It displays the model name of this product.
Page 312: System Time
Industry Cellular Gateway 6.2.3 System Time The gateway provides manually setup and auto-synchronized approaches for the administrator to setup the system time for the gateway. The time supported synchronization methods can be Time Server, Manual, PC, Cellular Module, or GPS Signal. Select the method first, and then configure rest settings. Instead of manually configuring the system time for the gateway, there are two simple and quick solutions for you to set the correct time information and set it as the system time for the gateway.
Page 313 Industry Cellular Gateway Check the Enable button to activate the daylight saving function. Daylight Saving 1. It is an optional item. When you enabled this function, you have to specify the start date and end date Time 2. Un-checked by default for the daylight saving time duration.
Page 314 Industry Cellular Gateway its local connected devices. Save Click the Save button to save the settings. Synchronize with PC System Time Information Item Value Setting Description 1. A Must-filled item. Select PC as the synchronization method for the system time to let system Synchronization 2.
Page 315 Industry Cellular Gateway Synchronize with Cellular Time Service System Time Information Item Value Setting Description Select Cellular Module as the synchronization method for the system time to let 1. A Must-filled item. Synchronization system synchronize its date and time to the time provided from the connected 2.
Page 316 Industry Cellular Gateway Synchronize with GPS Time Service System Time Information Item Value Setting Description Select GPS Signal as the synchronization method for the system time to let 1. A Must-filled item. Synchronization system synchronize its date and time to the time provided from the GNSS 2.
Page 317: System Log
Industry Cellular Gateway 6.2.4 System Log System Log screen contains various event log tools facilitating network administrator to perform local event logging and remote reporting. Go to Administration > System Operation > System Log tab. View & Email Log History View button is provided for network administrator to view log history on the gateway.
Page 318 Industry Cellular Gateway Web Log List Window Item Value Setting Description Time column It displays event time stamps Log column It displays Log messages Web Log List Button Description Item Value setting Description Previous Click the Previous button to move to the previous page. Next Click the Next button to move to the next page.
Page 319 Industry Cellular Gateway Web Log Type Category Setting Window Item Value Setting Description System Checked by default Check to log system events and to display in the Web Log List window. Attacks Checked by default Check to log attack events and to display in the Web Log List window. Drop Checked by default Check to log packet drop events and to display in the Web Log List window.
Page 320 Industry Cellular Gateway Syslogd Syslogd screen allows network administrator to select the type of event to log and be sent to the designated Syslog server. Syslogd Setting Window Item Value Setting Description Enable Un-checked by default Check Enable box to activate the Syslogd function, and send event logs to a syslog server Select one syslog server from the Server dropdown box to sent event log to.
Page 321: Backup & Restore
Industry Cellular Gateway 6.2.5 Backup & Restore In the Backup & Restore window, you can upgrade the device firmware when new firmware is available and also backup / restore the device configuration. In addition to the factory default settings, you can also customize a special configuration setting as a customized default value.
Page 322: Reboot & Reset
Industry Cellular Gateway 6.2.6 Reboot & Reset For some special reason or situation, you may need to reboot the gateway or reset the device configuration to its default value. In addition to perform these operations through the Power ON/OFF, or pressing the reset button on the device panel, you can do it through the web GUI too.
Page 323: Ftp
Industry Cellular Gateway 6.3 FTP The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. FTP is built on a client-server model architecture and uses separate control and data connections between the client and the server.
Page 324: Server Configuration
Industry Cellular Gateway 6.3.1 Server Configuration This section allows user to setup the embedded FTP and SFTP server for retrieving the interested fog files. Go to Administration > FTP > Server Configuration tab. Enable FTP Server Configuration Item Value setting Description Check Enable box to activate the embedded FTP Server function.
Page 325 Industry Cellular Gateway Check the Enable box to activate the support of PASV mode for a FTP PASV Mode Optional setting connection from FTP clients. Port Range of Port 50000 ~ 50031 is set Specify the port range to allocate for PASV style data connection. PASV Mode by default.
Page 326: User Account
Industry Cellular Gateway 6.3.2 User Account This section allows user to setup user accounts for logging to the embedded FTP and SFTP server to retrieve the interested fog files. Go to Administration > FTP > User Account tab. Create/Edit FTP User Accounts When Add button is applied, User Account Configuration screen will appear.
Page 327: Diagnostic
Industry Cellular Gateway 6.4 Diagnostic This gateway supports simple network diagnosis tools for the administrator to troubleshoot and find the root cause of the abnormal behavior or traffics passing through the gateway. There can be a Packet Analyzer to help record the packets for a designated interface or specific source/destination host, and another Ping and Tracert tools for testing the network connectivity issues.
Page 328: Packet Analyzer
Industry Cellular Gateway 6.4.2 Packet Analyzer The Packet Analyzer can capture packets depend on user settings. User can specify interfaces to capture packets and filter by setting rule. Ensure the log storage is available (either embedded SD-Card or external USB Storage), otherwise Packet Analyzer cannot be enabled.
Page 329 Industry Cellular Gateway Select Binary mode or String mode for the serial interface. VAP: This means the virtual AP. When WiFi and VAP are enabled,  it can be selected here. Save Click the Save button to save the configuration. Click the Undo button to restore what you just configured back to the Undo previous setting.
Page 330 Industry Cellular Gateway Source IPs Optional setting Define the filter rule with Source IPs, which means the source IP address of packets. Packets which match the rule will be captured. Up to 10 IPs are supported, but they must be separated with “;”, e.g.
Page 331: Chapter 7 Service
Industry Cellular Gateway Chapter 7 Service 7.1 Cellular Toolkit Besides cellular data connection, you may also like to monitor data usage of cellular WAN, sending text message through SMS, changing code card, communicating with carrier/ISP by USSD command, or doing a cellular network scan for diagnostic purpose.
Page 332: Data Usage
Industry Cellular Gateway 7.1.1 Data Usage Most of data plan for cellular connection is with a limited amount of data usage. If data usage has been over limited quota, either you will get much lower data throughput that may affect your daily operation, or you will get a ‘bill shock’...
Page 333 Industry Cellular Gateway Data Usage Setting Go to Service > Cellular Toolkit > Data Usage tab. Before finished settings for Data Usage, you need to know bill start date, bill period, and quota limit of data usage according to your data plan. You can ask this information from your carrier or ISP. Create / Edit 3G/4G Data Usage Profile When Add button is applied, 3G/4G Data Usage Profile Configuration screen will appear.
Page 334 Industry Cellular Gateway Data Limitation Specify the allowable data limitation for the defined cycle period. Connection Un-Checked by default. Check the Enable box to activate the connection restriction function. Restrict During the specified cycle period, if the actual data usage exceeds the allowable data limitation, the cellular connection will be forced to disconnect.
Page 335: Sms
Industry Cellular Gateway 7.1.2 SMS Short Message Service (SMS) is a text messaging service, which is used to be widely-used on mobile phones. It uses standardized communications protocols to allow mobile phones or cellular devices to exchange short text messages in an instant and convenient way. SMS Setting Go to Service >...
Page 336 Industry Cellular Gateway SMS Summary Show Unread SMS, Received SMS, Remaining SMS, and edit SMS context to send, read SMS from SIM card. SMS Summary Item Value setting Description If SIM card insert to router first time, unread SMS value is zero. When received the Unread SMS new SMS but didn’t read, this value plus one.
Page 337 Industry Cellular Gateway New SMS Item Value setting Description Write the receivers to send SMS. User need to add the semicolon and compose Receivers multiple receivers that can group send SMS. Write the SMS context to send SMS. The router supports up to a maximum of Text Message 1023 character for SMS context length.
Page 338: Sim Pin
Industry Cellular Gateway 7.1.3 SIM PIN With most cases in the world, users need to insert a SIM card (a.k.a. UICC) into end devices to get on cellular network for voice service or data surfing. The SIM card is usually released by mobile operators or service providers.
Page 339 Industry Cellular Gateway SIM PIN Setting Go to Service > Cellular Toolkit > SIM PIN Tab With the SIM PIN Function window, it allows you to enable or disable SIM lock (which means protected by PIN code), or change PIN code. You can also see the information of remaining times of failure trials as we mentioned earlier.
Page 340 Industry Cellular Gateway Enable / Change PIN Code Enable or Disable PIN code (password) function, and even change PIN code function. SIM function Window Item Setting Value setting Description SIM lock Depend on SIM card Click the Enable button to activate the SIM lock function. For the first time you want to enable the SIM lock function, you have to fill in the PIN code as well, and then click Save button to apply the setting.
Page 341 Industry Cellular Gateway specified in the Basic Network > WAN & Uplink > Internet Setup > Connection with SIM Card page. Otherwise, it may result in wrong SIM PIN trials with invalid (old) PIN code. Unlock with a PUK Code The PUK Function window is only available for configuration if that SIM card is locked by PUK code.
Page 342: Ussd
Industry Cellular Gateway 7.1.4 USSD Unstructured Supplementary Service Data (USSD) is a protocol used by GSM cellular telephones to communicate with the service provider's computers. USSD can be used for WAP browsing, prepaid callback service, mobile-money services, location-based content services, menu-based information services, and as part of configuring the phone on the network.
Page 343 Industry Cellular Gateway USSD Setting Go to Service > Cellular Toolkit > USSD tab. In "USSD" page, there are four windows for the USSD function. The "Configuration" window can let you specify which 3G/4G module (physical interface) is used for the USSD function, and system will show which SIM card in the module is the current used one.
Page 344 Industry Cellular Gateway USSD Profile Configuration Item Value setting Description Profile Name Enter a name for the USSD profile. Enter the USSD command defined for the profile. Normally, it is a command string composed with numeric keypad “0~9”, “*”, USSD Command and “#”.
Page 345: Network Scan
Industry Cellular Gateway 7.1.5 Network Scan "Network Scan" function can let administrator specify the device how to connect to the mobile system for data communication in each 3G/4G interface. For example, administrator can specify which generation of mobile system is used for connection, 2G, 3G or LTE. Moreover, he can define their connection sequence for the gateway device to connect to the mobile system automatically.
Page 346 Industry Cellular Gateway Save Click Save to save the settings The second window is the "Network Provider List" window and it appears when the Manually Scan Approach is selected in the Configuration window. By clicking on the "Scan" button and wait for 1 to 3 minutes, the found mobile operator system will be displayed for you to choose.
Page 347: Event Handling
Industry Cellular Gateway 7.2 Event Handling Event handling is the application that allows administrator to setup the pre-defined events, handlers, or response behavior with individual profiles. With properly configuring the event handling function, administrator can easily and remotely obtain the status and information via the purchased gateway. Moreover, he can also handle and manage some important system related functions, even the field bus devices and D/O devices which are already well connected to.
Page 348 Industry Cellular Gateway field bus device status monitoring, digital sensors detection controlling, and so on. All of such management and notification function can be realized effectively via the Event Handling feature. The following is the summary lists for the provided profiles, and events: (Note: The available profiles and events could be different for the purchased product.) ...
Page 349: Configuration
Industry Cellular Gateway 7.2.1 Configuration Go to Service > Event Handling > Configuration Tab. Event handling is the service that allows administrator to setup the pre-defined events, handlers, or response behavior with individual profiles. Enable Event Management Configuration Item Value setting Description Event The box is unchecked by...
Page 350 Industry Cellular Gateway Physical Interface Choose a cellular interface (3G/4G-1 or 3G/4G-2) to configure the SMS The box is 3G/4G-1 by management setting. default. Note: 3G/4G-2 is only available for for the product with dual cellular module. SIM Status Show the connected cellular service (identified with SIM_A or SIM_B). Delete Managed The box is unchecked Check the Enable box to delete the received managing event SMS after it has...
Page 351 Industry Cellular Gateway default. received a SMS managing event. The confirmed message is similar to following format: “Device received a SMS with command xxxxx.” Enable The box is unchecked by Click Enable box to activate this account. default. Save Click the Save button to save the configuration. Create / Edit Email Service Account Setup the Email Service Account for event notification.
Page 352 Industry Cellular Gateway Create / Edit Digital Input (DI) Profile Rule (DI/DO support required) Setup the Digital Input (DI) Profile rules. It supports up to a maximum of 10 profiles. When Add button is applied, the Digital Input (DI) Profile Configuration screen will appear. Digital Input (DI) Profile Configuration Item Value setting...
Page 353 Industry Cellular Gateway Create / Edit Digital Output (DO) Profile Rule (DI/DO support required) Setup the Digital Output (DO) Profile rules. It supports up to a maximum of 10 profiles. When Add button is applied, the Digital Output (DO) Profile Configuration screen will appear. Digital Output (DO) Profile Configuration Item Value setting...
Page 354 Industry Cellular Gateway Create / Edit Modbus Notifying Events Profile (Modbus support required) Setup the Modbus Notifying Events Profile. It supports up to a maximum of 10 profiles. You can click the Add / Edit button to configure the profile. Modbus Notifying Events Profile Item Value setting...
Page 355 Industry Cellular Gateway 1. NA for Serial on Modbus Specify the IP for TCP on Modbus Mode. IPv4 Format. Mode. 2. A Must filled setting for TCP on Modbus Mode. Port 1. NA for Serial on Modbus Specify the Port for TCP on Modbus Mode. Mode.
Page 356 Industry Cellular Gateway Create / Edit Modbus Managing Events Profile (Modbus support required) Setup the Modbus Managing Events Profile. It supports up to a maximum of 10 profiles. You can click the Add / Edit button to configure the profile. Modbus Managing Events Profile Item Value setting...
Page 357 Industry Cellular Gateway 2. A Must filled setting for TCP on Modbus Mode. Port 1. NA for Serial on Modbus Specify the Port for TCP on Modbus Mode. Mode. Value Range: 1 ~ 65535. 2. A Must filled setting for TCP on Modbus Mode.
Page 358: Managing Events
Industry Cellular Gateway 7.2.2 Managing Events Managing Events allow administrator to define the relationship (rule) among event trigger, handlers and response. Go to Service > Event Handling > Managing Events Tab. Enable Managing Events Configuration Item Value setting Description Managing The box is unchecked by Check the Enable box to activate the Managing Events function.
Page 359 Industry Cellular Gateway As shown in the screen, there are some pre-defined SMS event rules. You can customize it with your own definition by clicking the Edit button, and enable or disable each rule accordingly. When Add or Edit button is applied, the Managing Event Configuration screen will appear. Managing Event Configuration Item Value setting...
Page 360 Industry Cellular Gateway Firewall: Select Firewall Checkbox and the interested sub-items (Remote Administrator Host ID On/Off), the gateway will change the settings as the action for the event; VPN: Select VPN Checkbox and the interested sub-items (IPSec Tunnel ON/Off, PPTP Client On/Off, L2TP Client On/Off, OpenVPN Client On/Off), the gateway will change the settings as the action for the event;...
Page 361: Notifying Events
Industry Cellular Gateway 7.2.3 Notifying Events Go to Service > Event Handling > Notifying Events Tab. Notifying Events Setting allows administrator to define the relationship (rule) between event trigger and handlers. Enable Notifying Events Configuration Item Value setting Description Notifying Events Check the Enable box to activate the Notifying Events function.
Page 362 Industry Cellular Gateway As shown in the screen, there are some pre-defined notifying event rules. You can customize it with your own definition by clicking the Edit button, and enable or disable each rule accordingly. When Add or Edit button is applied, the Notifying Event Configuration screen will appear. Notifying Event Configuration Item Value setting...
Page 363 Industry Cellular Gateway Syslog: Select Syslog and select/unselect the Enable Checkbox to as the action for the event; SNMP Trap: Select SNMP Trap, and the gateway will send out SNMP Trap to the defined SNMP Event Receivers as the action for the event; Email Alert: Select Email Alert, and the gateway will send out an Email to the defined Email accounts as the action for the event;...
Page 364: Chapter 8 Status
Industry Cellular Gateway Chapter 8 Status 8.1 Dashboard (not supported) Not supported feature for the purchased product, leave it as blank.
Page 365: Basic Network
Industry Cellular Gateway 8.2 Basic Network 8.2.1 WAN & Uplink Status Go to Status > Basic Network > WAN & Uplink tab. The WAN & Uplink Status window shows the current status for different network type, including network configuration, connecting information, modem status and traffic statistics. The display will be refreshed on every five seconds.
Page 366 Industry Cellular Gateway Not all ISP may require this field. It displays the connection status of the device to your ISP. Conn. Status Status are Connected or disconnected. This area provides functional buttons. Renew button allows user to force the device to request an IP address from the DHCP server.
Page 367 Industry Cellular Gateway and connecting. This area provides functional buttons. Action Edit Button when pressed, web-based utility will take you to the IPv6 configuration page. (Basic Network > IPv6 > Configuration.) LAN Interface Network Status LAN Interface Network Status screen shows IPv4 and IPv6 information of LAN network. LAN Interface Network Status Item Value setting...
Page 368 Industry Cellular Gateway It displays the type of WAN physical interface. Physical Note: Some device model may support two 3G/4G modules. Their physical interface Interface name will be 3G/4G-1 and 3G/4G-2. Card It displays the vendor’s 3G/4G modem model name. Information It displays the 3G/4G connection status.
Page 369 Industry Cellular Gateway ADSL Basic Status Item Value setting Description Data Rate It displays the downstream / upstream data rate of the ADSL connnection. Line It displays the signal attenuation of the ADSL line. Attenuation It displays the signal SNR of the ADSL line. VDSL Modem Status VDSL Modem Status screen shows status information for embedded VDSL modem.
Page 370 Industry Cellular Gateway VDSL Basic Status Item Value setting Description Actual Data It displays the downstream / upstream data rate of the VDSL connnection. Rate It displays the signal SNR of the VDSL line. Interface Traffic Statistics Interface Traffic Statistics screen displays the Interface’s total transmitted packets. Interface Traffic Statistics Item Value setting...
Page 371: Lan & Vlan Status
Industry Cellular Gateway 8.2.2 LAN & VLAN Status Go to Status > Basic Network > LAN & VLAN tab. Client List The Client List shows you the LAN Interface, IP address, Host Name, MAC Address, and Remaining Lease Time of each device that is connected to this gateway. LAN Client List Item Value setting...
Page 372: Wifi Status
Industry Cellular Gateway 8.2.3 WiFi Status Go to Status > Basic Network > WiFi tab. The WiFi Status window shows the overall statistics of WiFi VAP entries. WiFi Virtual AP List The WiFi Virtual AP List shows all of the virtual AP information. The Edit button allows for quick configuration changes.
Page 373 Industry Cellular Gateway WiFi WDS Status The WiFi Traffic Statistic shows all the received and transmitted packets on WiFi network. WiFi IDS Status Item Value setting Description SSID It displays the network ID of VAP. Remote AP MAC It displays the the Remote AP MAC list for the WDS peers. Channel It displays the wireless channel used.
Page 374 Industry Cellular Gateway Ensure WIDS function is enabled Go to Basic Network > WiFi > Advanced Configuration tab Note that the WIDS of 2.4G or 5G should be configured separately. WiFi Traffic Statistic The WiFi Traffic Statistic shows all the received and transmitted packets on WiFi network. WiFi Traffic Statistic Item Value setting...
Page 375: Ddns Status
Industry Cellular Gateway 8.2.4 DDNS Status Go to Status > Basic Network > DDNS tab. The DDNS Status window shows the current DDNS service in use, the last update status, and the last update time to the DDNS service server. DDNS Status DDNS Status Item...
Page 376: Security
Industry Cellular Gateway 8.3 Security 8.3.1 VPN Status Go to Status > Security > VPN tab. The VPN Status widow shows the overall VPN tunnel status. IPSec Tunnel Status IPSec Tunnel Status windows show the configuration for establishing IPSec VPN connection and current connection status.
Page 377 Industry Cellular Gateway OpenVPN Server Status According to OpenVPN configuration, the OpenVPN Server/Client Status shows the status and statistics for the OpenVPN connection from the server side or client side. OpenVPN Server Status Item Value setting Description User Name It displays the Client name you have entered for identification. Remote It displays the public IP address (the WAN IP address) of the connected IP/FQDN...
Page 378 Industry Cellular Gateway L2TP Server/Client Status LT2TP Server/Client Status shows the configuration for establishing LT2TP tunnel and current connection status. L2TP Server Status Item Value setting Description User Name It displays the login name of the user used for the connection. It displays the public IP address (the WAN IP address) of the connected L2TP Remote IP client.
Page 379 Industry Cellular Gateway PPTP Server/Client Status PPTP Server/Client Status shows the configuration for establishing PPTP tunnel and current connection status. PPTP Server Status Item Value setting Description User Name It displays the login name of the user used for the connection. It displays the public IP address (the WAN IP address) of the connected PPTP Remote IP client.
Page 380: Firewall Status
Industry Cellular Gateway 8.3.2 Firewall Status Go to Status > Security > Firewall Status Tab. The Firewall Status provides user a quick view of the firewall status and current firewall settings. It also keeps the log history of the dropped packets by the firewall rule policies, and includes the administrator remote login settings specified in the Firewall Options.
Page 381 Industry Cellular Gateway The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format. ("Month" Time "Day" "Hours":"Minutes":"Seconds") Note: Ensure URL Blocking Log Alert is enabled. Refer to Security > Firewall > URL Blocking tab. Check Log Alert and save the setting. Web Content Filter Status Web Content Filter Status Item...
Page 382 Industry Cellular Gateway MAC Control Status MAC Control Status Item Value setting Description Activated This is the MAC Control Rule name. Control Rule Blocked MAC This is the MAC address of the logged packet. Addresses The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet.
Page 383 Industry Cellular Gateway IPS Status IPS Firewall Status Item Value setting Description Detected This is the intrusion type of the packets being blocked. Intrusion The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet. Date & time format. ("Month" "Day" Time "Hours":"Minutes":"Seconds") Note: Ensure IPS Log Alert is enabled.
Page 384: Administration
Industry Cellular Gateway 8.4 Administration 8.4.1 Configure & Manage Status Go to Status > Administration > Configure & Manage tab. The Configure & Manage Status window shows the status for managing remote network devices. The type of management available in your device is depended on the device model purchased. The commonly used ones are the SNMP, TR-069, and UPnP.
Page 385 Industry Cellular Gateway TR-069 Status TR-069 Status screen shows the current connection status with the TR-068 server. TR-069 Status Item Value setting Description It displays the current connection status with the TR-068 server. The connection Link Status status is either On when the device is connected with the TR-068 server or Off when disconnected.
Page 386: Log Storage Status
Industry Cellular Gateway 8.4.2 Log Storage Status Go to Status > Administration > Log Storage tab. The Log Storage Status screen shows the status for selected device storage. Log Storage Status Log Storage Status screen shows the status of current the selected device storage. The status includes Device Select, Device Description, Usage, File System, Speed, and status...
Page 387: Statistics & Report
Industry Cellular Gateway 8.5 Statistics & Report 8.5.1 Connection Session Go to Status > Statistics & Reports > Connection Session tab. Internet Surfing Statistic shows the connection tracks on this router. Internet Surfing Statistic Item Value setting Description Previous Click the Previous button; you will see the previous page of track list. Next Click the Next button;...
Page 388: Network Traffic (Not Supported)
Industry Cellular Gateway 8.5.2 Network Traffic (not supported) Not supported feature for the purchased product, leave it as blank.
Page 389: Device Administration
Industry Cellular Gateway 8.5.3 Device Administration Go to Status > Statistics & Reports > Device Administration tab. Device Administration shows the login information. Device Manager Login Statistic Item Value setting Description Previous Click the Previous button; you will see the previous page of login statistics. Next Click the Next button;...
Page 390: Cellular Usage
Industry Cellular Gateway 8.5.4 Cellular Usage Go to Status > Statistics & Reports > Cellular Usage tab. Cellular Usage screen shows data usage statistics for the selected cellular interface. The cellular data usage can be accumulated per hour or per day.
Page 391: Appendix A Gpl Written Offer
Industry Cellular Gateway Appendix A GPL WRITTEN OFFER This product incorporates open source software components covered by the terms of third party copyright notices and license agreements contained below. GPSBabel Version 1.4.4 Copyright (C) 2002-2005 Robert Lipe<robertlipe@usa.net> GPL License: https://www.gpsbabel.org/ Curl Version 7.19.6 Copyright (c) 1996-2009, Daniel Stenberg, <daniel@haxx.se>.
Page 392 Industry Cellular Gateway socat - Multipurpose relay Version: 2.0.0-b8 GPLv2 http://www.dest-unreach.org/socat/ LibModbus Version: 3.0.3 LGPL v2 http://libmodbus.org/news/ LibIEC60870 GPLv2 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111- 1307 USA https://sourceforge.net/projects/mrts/ Openswan Version: v2.6.38 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Page 393 Industry Cellular Gateway Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. http://pptpclient.sourceforge.net/ PPTPServ Version: 1.3.4 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Page 394 Industry Cellular Gateway CoovaChilli is an open-source software access controller for captive portal (UAM) and 802.1X access provisioning. Version: 1.3.0 Copyright: (C) 2007-2012 David Bird (Coova Technologies) <support@coova.com> Krb5: Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
Page 395 Industry Cellular Gateway Version: 20080615 Copyright (C) 1998-2004 WIDE Project. BSD License: https://sourceforge.net/projects/wide-dhcpv6/...

This manual is also suitable for:

Iog761 Iog880