Advance Multimedia Internet Technology ISL500001 IIoT 4G User Manual UM IDG500 IOG500

Advance Multimedia Internet Technology Inc. IIoT 4G UM IDG500 IOG500

Contents

Users Manual-2.pdf

M2MCellularGateway
100
Chapter3ObjectDefinition
3.1Scheduling
Schedulingprovidesabilityofadding/deletingtimeschedulerules,whichcanbeappliedtootherfunctionality.
3.1.1SchedulingConfiguration
GotoObjectDefinition>Scheduling>Configurationtab.
Buttondescription
Item Valuesetting Description
Add N/A ClicktheAddbuttontoconfiguretimeschedulerule
Delete N/A ClicktheDeletebuttontodeleteselectedrule(s)
WhenAddbuttonisapplied,TimeScheduleConfigurationandTimePeriodDefinitionscreenswillappear.
TimeScheduleConfiguration
Item ValueSetting Description
RuleName String:anytext Setrulename
RulePolicy DefaultInactivate Inactivate/activatethefunctionbeenappliedtointhetimeperiodbelow
M2MCellularGateway
101
TimePeriodDefinition
Item ValueSetting Description
WeekDay Selectfrommenu Selecteverydayoroneofweekday
StartTime Timeformat(hh:mm)Starttimeinselectedweekday
EndTime Timeformat(hh:mm) Endtimeinselectedweekday
Save N/A Click Save to save the settings
Undo N/A Click Undo to cancel the settings
Refresh N/A Click the Refresh button to refresh the time schedule list.
M2MCellularGateway
102
3.2User(notsupported)
Not supported feature for the purchased product, leave it as blank.
M2MCellularGateway
103
3.3Grouping(notsupported)
Not supported feature for the purchased product, leave it as blank.
M2MCellularGateway
104
3.4ExternalServer
GotoObjectDefinition>ExternalServer>ExternalServertab.
TheExternalServersettingallowsusertoaddexternalserver.
CreateExternalServer
WhenAddbuttonisapplied,ExternalServerConfigurationscreenwillappear.

M2MCellularGateway
105
ExternalServerConfiguration
Item Valuesetting Description
SeverName
1.Stringformatcanbe
anytext
2.AMustfilledsetting
Enteraservername.Enteranamethatiseasyforyoutounderstand.
ServerType AMustfilledsetting
SpecifytheServerTypeoftheexternalserver,andentertherequiredsettings
fortheaccessingtheserver.
EmailServer(AMustfilledsetting):
WhenEmailServerisselected,UserName,andPasswordarealsorequired.
UserName(Stringformat:anytext)
Password(Stringformat:anytext)
RADIUSServer(AMustfilledsetting):
WhenRADIUSServerisselected,thefollowingsettingsarealsorequired.
Primary:
SharedKey(Stringformat:anytext)
AuthenticationProtocol(BydefaultCHAPisselected)
SessionTimeout(Bydefault1)
Thevaluesmustbebetween1and60.
IdleTimeout:(Bydefault1)
Thevaluesmustbebetween1and15.
Secondary:
SharedKey(Stringformat:anytext)
AuthenticationProtocol(BydefaultCHAPisselected)
SessionTimeout(Bydefault1)
Thevaluesmustbebetween1and60.
IdleTimeout:(Bydefault1)
Thevaluesmustbebetween1and15.
FTP(SFTP)Server(AMustfilledsetting):
WhenFTP(SFTP)Serverisselected,thefollowingsettingsarealsorequired.
UserName(Stringformat:anytext)
Password(Stringformat:anytext)
Protocol(SelectFTPorSFTP)
Encryprion(SelectPlain,ExplicitFTPSorImplicitFTPS)
Transfermode(SelectPassiveorActive)
ServerIP/FQDN AMustfilledsetting SpecifytheIPaddressorFQDNusedfortheexternalserver.
ServerPort AMustfilledsetting
SpecifythePortusedfortheexternalserver.Ifyouselectedacertainserver
type,thedefaultserverportnumberwillbeset.
ForEmailServer25willbesetbydefault;
ForSyslogServer,port514willbesetbydefault;
ForRADIUSServer,port1812willbesetbydefault;
ForFTP(SFTP)Server,port21willbesetbydefault;
ValueRange:1~65535.
AccountPort 1.AMustfilledsetting
2.1813issetbydefault
SpecifytheaccountingportusedifyouselectedexternalRADIUSserver.
ValueRange:1~65535.
M2MCellularGateway
106
Server Theboxischeckedby
defaultClickEnabletoactivatethisExternalServer.
Save N/A ClickSavetosavethesettings
Undo N/A ClickUndotocancelthesettings
Refresh N/A ClicktheRefreshbuttontorefreshtheexternalserverlist.

M2MCellularGateway
107
3.5 Certificate
In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an
electronicdocumentusedtoproveownershipofapublickey.Thecertificateincludesinformationaboutthe
key, information about its owner's identity, and the digital signature of an entity that has verified the
certificate'scontentsaregenuine.Ifthesignatureisvalid,andthepersonexaminingthecertificatetruststhe
signer,thentheyknowtheycanusethatkeytocommunicatewithitsowner9.
Inatypicalpublic‐keyinfrastructure(PKI)scheme,thesignerisacertificateauthority(CA),usuallyacompany
suchasVeriSignwhichchargescustomerstoissuecertificatesforthem.Inaweboftrustscheme,thesigneris
eitherthekey'sowner(aself‐signedcertificate)orotherusers("endorsements")whomthepersonexamining
thecertificatemightknowandtrust.ThedevicealsoplaysasaCArole.
CertificatesareanimportantcomponentofTransportLayerSecurity(TLS,sometimescalledbyitsoldername
SSL),wheretheypreventanattackerfromimpersonatingasecurewebsiteorotherserver.Theyarealsoused
inotherimportantapplications,suchasemailencryptionandcode signing. Here, it can be used in IPSec
tunnelingforuserauthentication.
3.5.1Configuration(notsupported)
Not supported feature for the purchased product, leave it as blank.
9 http://en.wikipedia.org/wiki/Public_key_certificate.
M2MCellularGateway
108
3.5.2MyCertificate
MyCertificateincludesaLocalCertificateList.LocalCertificateListshowsallgeneratedcertificatesbytheroot
CAforthegateway.AnditalsostoresthegeneratedCertificateSigningRequests(CSR)whichwillbesignedby
otherexternalCAs.Thesignedcertificatescanbeimportedasthelocalonesofthegateway.
Self‐signedCertificateUsageScenario
ScenarioApplicationTiming
WhentheenterprisegatewayownstherootCAandVPNtunnelingfunction,itcangenerateitsown
localcertificatesbybeingsignedbyitselforimportanylocal certificates that are signed by other
externalCAs.AlsoimportthetrustedcertificatesforotherCAsandClients.Inaddition,sinceithasthe
rootCA,italsocansignCertificateSigningRequests(CSR)toformcorrespondingcertificatesforothers.
Thesecertificatescanbeusedfortworemotepeerstomakesuretheiridentityduringestablishinga
VPNtunnel.
ScenarioDescription
Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. Import a trusted
certificate(BranchCRT)–aBranchCSRcertificateofGateway2signedbyrootCAofGateway1.
Gateway2createsaCSR(BranchCSR)tolettherootCAoftheGateway1signittobetheBranchCRT
certificate.ImportthecertificateintotheGateway2asalocalcertificate.Inaddition,alsoimportthe
certificatesoftherootCAoftheGateway1intotheGateway2asthetrustedones.(Pleasealsorefer
tofollowingtwosub‐sections)
Establish an IPSec VPN tunnel with IKE and X.509 protocols by starting from either peer, so that all
M2MCellularGateway
109
clienthostsinthesebothsubnetscancommunicatewitheachother.
ParameterSetupExample
ForNetwork‐AatHQ
Followingtableslisttheparameterconfigurationasanexampleforthe"MyCertificate"functionused
in the user authentication of IPSec VPN tunnel establishing, asshowninabovediagram.The
configuration example must be combined with the ones in followingtwosectionstocompletethe
wholeuserscenario.
Usedefaultvalueforthoseparametersthatarenotmentionedinthetables.
ConfigurationPath [MyCertificate]‐[RootCACertificateConfiguration]
Name HQRootCA
Key KeyType:RSAKeyLength:1024‐bits
SubjectName Country(C):T
W
State(ST):Taiwan Location(L):Tainan
Organization(O):AMITHQOrganizationUnit(OU):HQRD
CommonName(CN):HQRootCAE‐mail:hqrootca@amit.com.tw
ConfigurationPath [MyCertificate]‐[LocalCertificateConfiguration]
Name HQCRTSel
f
‐signed:
Key KeyType:RSAKeyLength:1024‐bits
SubjectName Country(C):T
W
State(ST):Taiwan Location(L):Tainan
Organization(O):AMITHQOrganizationUnit(OU):HQRD
CommonName(CN):HQCRTE‐mail:hqcrt@amit.com.tw
ConfigurationPath [IPSec]‐[Configuration]
IPSec Enable
ConfigurationPath [IPSec]‐[TunnelConfiguration]
Tunnel Enable
TunnelName s2s‐101
Interface WAN1
TunnelScenario
S
itetoSite
OperationMode
A
lwayson
ConfigurationPath [IPSec]‐[Local&RemoteConfiguration]
LocalSubnet 10.0.76.
0
LocalNetmask 255.255.255.
0
FullTunnel Disable
RemoteSubnet 10.0.75.
0
RemoteNetmask 255.255.255.
0
RemoteGateway 118.18.81.33
M2MCellularGateway
110
ConfigurationPath [IPSec]‐[Authentication]
KeyManagement IKE+X.509LocalCertificate:HQCRTRemoteCertificate:BranchCRT
LocalID UserNameNetwor
A
RemoteID UserNameNetwor
‐B
ConfigurationPath [IPSec]‐[IKEPhase]
NegotiationMode MainMode
X‐Auth None
ForNetwork‐BatBranchOffice
Followingtableslisttheparameterconfigurationasanexampleforthe"MyCertificate"functionused
in the user authentication of IPSec VPN tunnel establishing, asshowninabovediagram.The
configuration example must be combined with the ones in followingtwosectionstocompletethe
wholeuserscenario.
Usedefaultvalueforthoseparametersthatarenotmentionedinthetables.
ConfigurationPath [MyCertificate]‐[LocalCertificateConfiguration]
Name BranchCRTSelf‐signed:
Key KeyType:RSAKeyLength:1024‐bits
SubjectName Country(C):T
W
State(ST):Taiwan Location(L):Tainan
Organization(O):AMITBranchOrganizationUnit(OU):BranchRD
CommonName(CN):BranchCRTE‐mail:branchcrt@amit.com.tw
ConfigurationPath [IPSec]‐[Configuration]
IPSec Enable
ConfigurationPath [IPSec]‐[TunnelConfiguration]
Tunnel Enable
TunnelName s2s‐102
Interface WAN1
TunnelScenario
S
itetoSite
OperationMode
A
lwayson
ConfigurationPath [IPSec]‐[Local&RemoteConfiguration]
LocalSubnet 10.0.75.
0
LocalNetmask 255.255.255.
0
FullTunnel Disable
RemoteSubnet 10.0.76.
0
M2MCellularGateway
111
RemoteNetmask 255.255.255.
0
RemoteGateway 203.95.80.22
ConfigurationPath [IPSec]‐[Authentication]
KeyManagement IKE+X.509LocalCertificate:BranchCRTRemoteCertificate:HQCRT
LocalID UserNameNetwor
‐B
RemoteID UserNameNetwor
A
ConfigurationPath [IPSec]‐[IKEPhase]
NegotiationMode MainMode
X‐Auth None
ScenarioOperationProcedure
Inabovediagram,"Gateway1"isthegatewayofNetworkAinheadquarters and the subnet of its
Intranetis10.0.76.0/24.IthastheIPaddressof10.0.76.2forLANinterfaceand203.95.80.22forWAN‐
1interface."Gateway2"isthegatewayofNetwork‐BinbranchofficeandthesubnetofitsIntranetis
10.0.75.0/24.IthastheIPaddressof10.0.75.2forLANinterfaceand118.18.81.33forWAN‐1interface.
TheybothserveastheNATsecuritygateways.
Gateway 1 generates the root CA and a local certificate (HQCRT) that is signed by itself. Import the
certificates of the root CA and HQCRT into the "Trusted CA Certificate List" and "Trusted Client
CertificateList"ofGateway2.
Gateway 2 generates a Certificate Signing Request (BranchCSR) foritsowncertificate(BranchCRT)
(Pleasegenerateonenotself‐signedcertificateintheGateway2,andclickonthe"View"buttonfor
thatCSR.Justdownloadsit).TaketheCSRtobesignedbytherootCAofGateway1andobtainthe
BranchCRTcertificate(youneedrenameit).Importthecertificateintothe"TrustedClientCertificate
List"oftheGateway1andthe"LocalCertificateList"ofGateway2.
Gateway2canestablishanIPSecVPNtunnelwith"SitetoSite"scenarioandIKEandX.509protocolsto
Gateway1.
Finally,theclienthostsintwosubnetsof10.0.75.0/24and10.0.76.0/24cancommunicatewitheach
other.
M2MCellularGateway
112
MyCertificateSetting
GotoObjectDefinition>Certificate>MyCertificatetab.
The My Certificate setting allows user to create local certificates. In "My Certificate" page, there are two
configurationwindowsforthe"MyCertificate"function.The"LocalCertificateList"windowshowsthestored
certificatesorCSRsforrepresentingthegateway.The"LocalCertificateConfiguration"windowcanletyoufill
requiredinformationnecessaryforcorrespondingcertificatetobegeneratedbyitself,orcorrespondingCSR
tobesignedbyotherCAs.
CreateLocalCertificate
WhenAddbuttonisapplied,LocalCertificateConfigurationscreenwillappear.The required information to be
filled for the certificate or CSR includes the name, key and subject name. It is a certificate if the "Self-signed"
box is checked; otherwise, it is a CSR.
M2MCellularGateway
113
LocalCertificateConfiguration
Item Valuesetting Description
Name 1.Stringformatcanbeany
text
2.AMustfilledsetting
Enteracertificatename.Itwillbeacertificatefilename
IfSelf‐signedischecked,itwillbesignedbyrootCA.IfSelf‐signedisnot
checked,itwillgenerateacertificatesigningrequest(CSR).
Key AMustfilledsetting Thisfieldistospecifythekeyattributesofcertificate.
KeyTypetosetpublic‐keycryptosystems.Currently,onlyRSAissupported.
KeyLengthtosetthelengthinbitsofthekeyusedinacryptographicalgorithm.
Itcanbe512/768/1024/1536/2048.
DigestAlgorithmtosetidentifierinthesignaturealgorithmidentifierof
certificates.ItcanbeMD5/SHA‐1.
SubjectName AMustfilledsetting Thisfieldistospecify theinformationofcertificate.
Country(C)isthetwo‐letterISOcodeforthecountrywhereyourorganizationis
located.
State(ST)isthestatewhereyourorganizationislocated.
Location(L)isthelocationwhereyourorganizationislocated.
Organization(O)isthenameofyourorganization.
OrganizationUnit(OU)isthenameofyourorganizationunit.
CommonName(CN)isthenameofyourorganization.
Emailistheemailofyourorganization.Ithastobeemailaddresssettingonly.
ExtraAttributes AMustfilledsetting Thisfieldistospecify theextrainformationforgeneratingacertificate.
Challenge Password for the password you can use to request certificate
revocationinthefuture.
UnstructuredNameforadditionalinformation.
SCEPEnrollment AMustfilledsetting Thisfieldistospecify theinformationofSCEP.
Ifuserwantstogenerateacertificatesigningrequest(CSR)andthensignedby
SCEPserveronline,usercanchecktheEnablebox.
SelectaSCEPServertoidentifytheSCEPserverforuse.Theserverdetailed
informationcouldbespecifiedinExternalServers.RefertoObjectDefinition>
ExternalServer>ExternalServer.YoumayclickAddObjectbuttonto
generate.
SelectaCACertificatetoidentifywhichcertificatecouldbeacceptedbySCEP
serverforauthentication.ItcouldbegeneratedinTrustedCertificates.
SelectanoptionalCAEncryptionCertificate,ifitisrequired,toidentifywhich
certificatecouldbeacceptedbySCEPserverforencryptiondatainformation.It
couldbegeneratedinTrustedCertificates.
FillinoptionalCAIdentifiertoidentifywhichCAcouldbeusedforsigning
certificates.
Save N/A ClicktheSavebuttontosavetheconfiguration.
Back N/A WhentheBackbuttonisclicked,thescreenwillreturntopreviouspage.
When Import button is applied, an Import screen will appear. You can import a certificate from an existed
certificatefile,ordirectlypasteaPEMencodedstringasthecertificate.
M2MCellularGateway
114
Import
Item Valuesetting Description
Import AMustfilledsetting Selectacertificatefilefromuserscomputer,andclicktheApplybuttonto
importthespecifiedcertificatefiletothegateway.
PEMEncoded 1.Stringformatcanbeany
text
2.AMustfilledsetting
Thisisanalternativeapproachtoimportacertificate.
Youcandirectlyfillin(CopyandPaste)thePEMencodedcertificatestring,and
clicktheApplybuttontoimportthespecifiedcertificatetothegateway.
Apply N/A ClicktheApplybuttontoimportthecertificate.
Cancel N/A ClicktheCancelbuttontodiscardtheimportoperationandthescreenwill
returntotheMyCertificatespage.
M2MCellularGateway
115
3.5.3TrustedCertificate
TrustedCertificateincludesTrustedCACertificateList,TrustedClientCertificateList,andTrustedClientKey
List. The Trusted CA Certificate List places the certificates of external trusted CAs. The Trusted Client
CertificateListplacestheothers'certificateswhatyoutrust.AndtheTrustedClientKeyListplacestheothers’
keyswhatyoutrusted.
Self‐signedCertificateUsageScenario
ScenarioApplicationTiming(sameastheonedescribedin"MyCertificate"section)
WhentheenterprisegatewayownstherootCAandVPNtunnelingfunction,itcangenerateitsown
localcertificatesbybeingsignedbyitself.AlsoimportsthetrustedcertificatesforotherCAsandClients.
Thesecertificatescanbeusedfortworemotepeerstomakesuretheiridentityduringestablishinga
VPNtunnel.
ScenarioDescription(sameastheonedescribedin"MyCertificate"section)
Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. Import a trusted
certificate(BranchCRT)–aBranchCSRcertificateofGateway2signedbyrootCAofGateway1.
Gateway2createsaCSR(BranchCSR)tolettherootCAoftheGateway1signittobetheBranchCRT
certificate.ImportthecertificateintotheGateway2asalocalcertificate.Inaddition,alsoimportsthe
certificatesoftherootCAofGateway1intotheGateway2asthetrustedones.(Pleasealsoreferto
"MyCertificate"and"IssueCertificate"sections).
Establish an IPSec VPN tunnel with IKE and X.509 protocols by starting from either peer, so that all
clienthostsinthesebothsubnetscancommunicatewitheachother.
ParameterSetupExample(sameastheonedescribedin"MyCertificate"section)
M2MCellularGateway
116
ForNetwork‐AatHQ
Followingtableslisttheparameterconfigurationasanexampleforthe"TrustedCertificate"function
used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The
configuration example must be combined with the ones in "My Certificate" and "Issue Certificate"
sectionstocompletethesetupforthewholeuserscenario.
ConfigurationPath [TrustedCertificate]‐[TrustedClientCertificateList]
CommandButton Impor
t
ConfigurationPath [TrustedCertificate]‐[TrustedClientCertificateImportfromaFile]
File BranchCRT.cr
t
ForNetwork‐BatBranchOffice
Followingtableslisttheparameterconfigurationasanexampleforthe"TrustedCertificate"function
used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram. The
configuration example must be combined with the ones in "My Certificate" and "Issued Certificate"
sectionstocompletethesetupforthewholeuserscenario.
ConfigurationPath [TrustedCertificate]‐[TrustedCACertificateList]
CommandButton Impor
t
ConfigurationPath [TrustedCertificate]‐[TrustedCACertificateImportfromaFile]
File HQRootCA.cr
t
ConfigurationPath [TrustedCertificate]‐[TrustedClientCertificateList]
CommandButton Impor
t
ConfigurationPath [TrustedCertificate]‐[TrustedClientCertificateImportfromaFile]
File HQCRT.cr
t
ScenarioOperationProcedure(sameastheonedescribedin"MyCertificate"section)
Inabovediagram,the"Gateway1"isthegatewayofNetworkAinheadquartersandthesubnetofits
Intranetis10.0.76.0/24.IthastheIPaddressof10.0.76.2forLANinterfaceand203.95.80.22forWAN‐
1interface.The"Gateway2"isthegatewayofNetworkBinbranch office and the subnet of its
Intranetis10.0.75.0/24.IthastheIPaddressof10.0.75.2forLANinterfaceand118.18.81.33forWAN‐
1interface.TheybothserveastheNATsecuritygateways.
InGateway2importthecertificatesoftherootCAandHQCRTthat were generated and signed by
Gateway1intothe"TrustedCACertificateList"and"TrustedClientCertificateList"ofGateway2.
M2MCellularGateway
117
Importthe obtainedBranchCRTcertificate(thederived BranchCSRcertificateafterGateway1’s root
CAsignature)intothe"TrustedClientCertificateList"oftheGateway1andthe"LocalCertificateList"
oftheGateway2.Formoredetails,refertotheNetworkBoperation procedure in "My Certificate"
sectionofthismanual.
Gateway2canestablishanIPSecVPNtunnelwith"SitetoSite"scenarioandIKEandX.509protocolsto
Gateway1.
Finally,theclienthostsintwosubnetsof10.0.75.0/24and10.0.76.0/24cancommunicatewitheach
other.
M2MCellularGateway
118
TrustedCertificateSetting
GotoObjectDefinition>Certificate>TrustedCertificatetab.
TheTrustedCertificatesettingallowsusertoimporttrustedcertificatesandkeys.
ImportTrustedCACertificate
When Import button is applied, a Trusted CA importscreenwillappear.YoucanimportaTrustedCA
certificatefromanexistedcertificatefile,ordirectlypasteaPEMencodedstringasthecertificate.
TrustedCACertificateList
Item Valuesetting Description
Importfroma
File
AMustfilledsetting SelectaCAcertificatefilefromuserscomputer,andclicktheApply buttonto
importthespecifiedCAcertificatefiletothegateway.
Importfroma
PEM
1.Stringformatcanbeany
text
2.AMustfilledsetting
ThisisanalternativeapproachtoimportaCAcertificate.
Youcandirectlyfillin(CopyandPaste)thePEMencodedCAcertificatestring,
andclicktheApplybuttontoimportthespecifiedCAcertificatetothegateway.
Apply N/A ClicktheApplybuttontoimportthecertificate.
Cancel N/A ClicktheCancelbuttontodiscardtheimportoperationandthescreenwill
returntotheTrustedCertificatespage.
InsteadofimportingaTrustedCAcertificatewithmentionedapproaches,youcanalsogettheCAcertificate
fromtheSECPserver.
IfSCEPisenabled(RefertoObjectDefinition>Certificate>Configuration),youcanclickGetCAbutton,aGet
CAConfigurationscreenwillappear.
M2MCellularGateway
119
GetCAConfiguration
Item Valuesetting Description
SCEPServer AMustfilledsetting SelectaSCEPServer toidentifytheSCEPserverforuse.Theserverdetailed
informationcouldbespecifiedinExternalServers.RefertoObjectDefinition>
ExternalServer>ExternalServer.YoumayclickAddObjectbuttonto
generate.
CAIdentifier 1.Stringformatcanbeany
text
FillinoptionalCAIdentifier toidentifywhichCAcouldbeusedforsigning
certificates.
Save N/A ClickSave tosavethesettings.
Close N/A ClicktheClosebuttontoreturntotheTrustedCertificatespage.
ImportTrustedClientCertificate
When Import button is applied, a Trusted Client Certificate Import screen will appear. You can import a
Trusted Client Certificate from an existed certificate file, or directly paste a PEM encoded string as the
certificate.
TrustedClientCertificateList
M2MCellularGateway
120
Item Valuesetting Description
Importfroma
File
AMustfilledsetting Selectacertificatefilefromuser’scomputer,andclicktheApplybuttontoimportthe
specifiedcertificatefiletothegateway.
Importfroma
PEM
1.Stringformatcanbeany
text
2.AMustfilledsetting
Thisisanalternativeapproachtoimportacertificate.
Youcandirectlyfillin(CopyandPaste)thePEMencodedcertificatestring,andclickthe
Applybuttontoimportthespecifiedcertificatetothegateway.
Apply N/A ClicktheApplybuttontoimportcertificate.
Cancel N/A ClicktheCancelbuttontodiscardtheimportoperationandthescreenwillreturntothe
TrustedCertificatespage.
ImportTrustedClientKey
When Import button is applied, a Trusted Client Key Import screen will appear. You can import a Trusted
ClientKeyfromanexistedfile,ordirectlypasteaPEMencodedstringasthekey.
TrustedClientKeyList
Item Valuesetting Description
Importfroma
File
AMustfilledsetting Selectacertificatekeyfilefromuser’scomputer,andclicktheApplybuttontoimport
thespecifiedkeyfiletothegateway.
Importfroma
PEM
1.Stringformatcanbeany
text
2.AMustfilledsetting
Thisisanalternativeapproachtoimportacertificatekey.
Youcandirectlyfillin(CopyandPaste)thePEMencodedcertificatekeystring,andclick
theApplybuttontoimportthespecifiedcertificatekeytothegateway.
Apply N/A ClicktheApplybuttontoimportthecertificatekey.
Cancel N/A ClicktheCancelbuttontodiscardtheimportoperationandthescreenwillreturntothe
TrustedCertificatespage.
M2MCellularGateway
121
Chapter4FieldCommunication(notsupported)
Not supported feature for the purchased product, leave it as blank.

M2MCellularGateway
122
Chapter5Security
5.1 VPN
Avirtualprivatenetwork(VPN)extendsaprivatenetworkacross a public network, such as the Internet. It
enablesacomputertosendandreceivedataacrosssharedorpublicnetworksasifitweredirectlyconnected
totheprivatenetwork,whilebenefittingfromthefunctionality, security and management policies of the
privatenetwork.Thisisdonebyestablishingavirtualpoint‐to‐pointconnectionthroughtheuseofdedicated
connections, encryption, or a combination of the two. The tunnel technology supports data confidentiality,
data origin authentication and data integrity of network information by utilizing encapsulation protocols,
encryptionalgorithms,andhashingalgorithms.
The product series supports different tunneling technologies to establish secure tunnels between multiple
sitesfordatatransferring,suchasIPSec,OpenVPN,L2TP(overIPSec),PPTPandGRE.Besides,someadvanced
functions, like Full Tunnel, Tunnel Failover, Tunnel Load Balance, NetBIOS over IPSec, NAT Traversal and
DynamicVPN,arealsosupported.

M2MCellularGateway
123
5.1.1IPSec
InternetProtocolSecurity(IPSec)isaprotocolsuiteforsecuring Internet Protocol (IP) communications by
authenticating and encrypting each IP packet of a communication session. IPSec includes protocols for
establishingmutualauthenticationbetweenagentsatthebeginning of the session and negotiation of
cryptographickeystobeusedduringthesession.
AnIPSecVPNtunnelisestablishedbetweenIPSecclientandserver.Sometimes,wecalltheIPSecVPNclientas
theinitiatorandtheIPSecVPNserverastheresponder.Thisgatewaycanbeconfiguredasdifferentrolesand
establishnumberoftunnelswithvariousremotedevices.BeforegoingtosetuptheVPNconnections,youmay
needtodecidethescenariotypeforthetunneling.
IPSecTunnelScenarios
TobuildIPSectunnel,youneedtofillin
remotegatewayglobalIP,andoptional
subnet if the hosts behind IPSec peer
canaccesstoremotesiteorhosts.
Under such configuration, there are
fourscenarios:
SitetoSite:Youneedtosetupremote
gateway IP and subnet of both
gateways. After the IPSec tunnel
established, hosts behind both
gatewayscancommunicationeach
otherthroughthetunnel.
SitetoHost:SitetoHostissuitablefortunnelingbetweenclientsinasubnetandanapplicationserver(host).
M2MCellularGateway
124
As in the diagram, the clients behind the M2M gateway can access to the host "Host‐DC" located in the
controlcenterthroughSitetoHostVPNtunnel.
Host to Site: On the contrast, for a single host (or mobile user to) to access the resources located in an
intranet,theHosttoSitescenariocanbeapplied.
HosttoHost:HosttoHostisaspecialconfigurationforbuildingaVPNtunnelbetweentwosinglehosts.
SitetoSitewith"FullTunnel"enabled
In"SitetoSite"scenario,clienthostsinremotesitecan
access the enterprise resources in the Intranet of HQ
gateway via an established IPSec tunnel, as described
above. However, Internet access originates from
remotesitestillgothroughitsregularWANconnection.
Ifyouwantallpacketsfromremotesitetoberouted
via this IPSec tunnel, including HQ server access and
Internet access, you can just enable the “Full Tunnel"
setting.Asaresult,everytimeuserssurfswebor
searchingdataonInternet,checkingpersonalemails,or
HQserveraccess,alltrafficswillgothroughthesecure
IPSec tunnel and route by the Security Gateway in
controlcenter.
SitetoSitewith"HubandSpoke"mechanism
Fora controlcenter tomanage thesecure Intranet
among all its remote sites, there is a simple
configuration,called HubandSpoke,forthewhole
VPNnetwork.AHubandSpokeVPNNetworkisset
up in organizations with centralized control center
over all its remote sites, like shops or offices. The
controlcenteracts as theHubroleand theremote
shopsorOfficesactasSpokes.AllVPNtunnelsfrom
remotesitesterminateatthisHub,whichactsasa
concentrator. Site‐to‐site connections between
spokes do not exist. Traffic originating from one
spokeanddestinedforanotherspokehastogovia
the Hub. Under such configuration, you don’t need
tomaintainVPNtunnelsbetweeneachtworemote
clients.
M2MCellularGateway
125
IPSecSetting
GotoSecurity>VPN>IPSectab.
TheIPSecSettingallowsusertocreateandconfigureIPSectunnels.
EnableIPSec
ConfigurationWindow
Item Valuesetting Description
IPsec Uncheckedbydefault ClicktheEnableboxtoenableIPSecfunction.
NetBIOSoverIPSec Uncheckedbydefault ClicktheEnableboxtoenableNetBIOSoverIPSecfunction.
NATTraversal Checkedbydefault ClicktheEnableboxtoenableNATTraversalfunction.
Max.Concurrent
IPSecTunnels
DependsonProduct
specification.
ThespecifiedvaluewilllimitthemaximumnumberofsimultaneousIPSec
tunnelconnection.Thedefaultvaluecanbedifferentforthepurchasedmodel.
Save N/A ClickSavetosavethesettings
Undo N/A ClickUndotocancelthesettings
Create/EditIPSectunnel
EnsurethattheIPSecenableboxischeckedtoenablebeforefurtherconfiguringtheIPSectunnelsettings.
WhenAdd/Editbuttonisapplied,aseriesofconfigurationscreenswillappear.TheyareTunnelConfiguration,
Local & Remote Configuration, Authentication, IKE Phase, IKE Proposal Definition, IPSec Phase, and IPSec
ProposalDefinition.YouhavetoconfigurethetunneldetailsforbothlocalandremoteVPNdevices.
M2MCellularGateway
126
TunnelConfigurationWindow
Item Valuesetting Description
Tunnel Uncheckedbydefault ChecktheEnableboxtoactivatetheIPSectunnel
TunnelName
1.AMustfillsetting
2.Stringformatcanbe
anytext
Enteratunnelname.Enteranamethatiseasyforyoutoidentify.
ValueRange:1~19characters.
Interface
1.AMustfillsetting
2.WAN1isselected
bydefault
SelecttheinterfaceonwhichIPSectunnelistobeestablished.Itcanbethe
availableWANandLANinterfaces.
TunnelScenario
1.AMustfillsetting
2.Sitetositeis
selectedbydefault
SelectanIPSectunnelingscenariofromthedropdownboxforyourapplication.
SelectSite‐to‐Site,Site‐to‐Host,Host‐to‐Site,orHost‐to‐Host.IfLANinterface
isselected,onlyHost‐to‐Hostscenarioisavailable.
WithSite‐to‐SiteorSite‐to‐HostorHost‐to‐Site,IPSecoperatesintunnelmode.
Thedifferenceamongthemisthenumberofsubnets.WithHost‐to‐Host,IPSec
operatesintransportmode.
TunelTCPMSS
1.Anoptionalsetting
2.Autoissetby
default
SelectfromthedropdownboxtodefinethesizeofTunelTCPMSS.
SelectAuto,andalldeviceswilladjustthisparameterautomatically.
SelectManual,andspecifyanexpectedvauleforTunelTCPMSS.
ValueRange:64~1500bytes.
HubandSpoke
1.Anoptionalsetting
2.Noneissetby
default
SelectfromthedropdownboxtosetupyourgatewayforHub‐and‐SpokeIPSec
VPNDeployments.
SelectNoneifyourdeploymentswillnotsupportHuborSpokeencryption.
SelectHubforaHubroleintheIPSecdesign.
SelectSpokeforaSpokeroleintheIPSecdesign.
Note:HubandSpokeareavailableonlyforSite‐to‐SiteVPNtunnelingspecified
inTunnelScenario.ItisnotavailableforDynamicVPNtunnelingapplication.
OperationMode 1.AMustfillsetting
2.Alwayonisselected
DefineoperationmodefortheIPSecTunnel.ItcanbeAlwaysOn,orFailover.
Ifthistunnelissetasafailovertunnel,youneedtofurtherselectaprimary
M2MCellularGateway
127
bydefaulttunnelfromwhichtofailoverto.
Note:FailovermodeisnotavailableforthegatewaywithsingleWAN.
Encapsulation
Protocol
1.AMustfillsetting
2.ESPisselectedby
default
SelecttheEncapsulationProtocolfromthedropdownboxforthisIPSectunnel.
AvailableencapsulationsareESPandAH.
Local&RemoteConfigurationWindow
Item Valuesetting Description
LocalSubnetListAMustfillsetting
SpecifytheLocalSubnetIPaddressandSubnetMask.
ClicktheAddorDeletebuttontoaddordeleteaLocalSubnet.
Note_1:WhenDynamicVPNoptioninTunnelScenarioisselected,therewillbe
onlyonesubnetavailable.
Note_2:WhenHost‐to‐SiteorHost‐to‐HostoptioninTunnelScenariois
selected,LocalSubnetwillnotbeavailable.
Note_3:WhenHubandSpokeoptioninHubandSpokeisselected,therewillbe
onlyonesubnetavailable.
RedirectTraffic Uncheckedbydefault
ClickEnableboxtoactivatetheRedirectTrafficfunction.
Note:RedirectTrafficisavailableonlyforHost‐to‐SitespecifiedinTunnel
Scenario.Bydefault,itisdisabled,soitcanpreventtheun‐expectedand
dangerousaccesstothepeersubnet.Ifyouenablesuchfunction,allthe
networkdevicesbehindtheVPNhost(actually,itisanNATgateway)canaccess
tothepeersubnetwiththehostIP.
FullTunnel Uncheckedbydefault ClickEnableboxtoenableFullTunnel.
Note:FulltunnelisavailableonlyforSite‐to‐SitespecifiedinTunnelScenario.
M2MCellularGateway
128
RemoteSubnetList AMustfillsetting SpecifytheRemoteSubnetIPaddressandSubnetMask.
ClicktheAddorDeletebuttontoaddordeleteRemoteSubnetsetting.
RemoteGateway
1.AMustfillsetting.
2.Formatcanbea
ipv4addressorFQDN
SpecifytheRemoteGateway.
AuthenticationConfigurationWindow
Item Valuesetting Description
KeyManagement
1.AMustfillsetting
2.Pre‐sharedKey8to
32characters.
SelectKeyManagementfromthedropdownboxforthisIPSectunnel.
IKE+Pre‐sharedKey: userneedstosetakey(8~32characters).
IKE+X.509:userneedsCertificatetoauthenticate.IKE+X.509willbeavailable
onlywhenCertificatehasbeenconfiguredproperly.RefertoCertificatesection
ofthismanualandalsoObjectDefinition>Certificateinweb‐basedutility.
Manually:userneedstoenterkeyIDtoauthenticate.Manualkeyconfiguration
willbeexplainedinthefollowingManualKeyManagementsection.
LocalID Anoptionalsetting
SpecifytheLocalIDforthisIPSectunneltoauthenticate.
SelectUserNameforLocalIDandentertheusername.Theusernamemay
includebutcan’tbeallnumbers.
SelectFQDNforLocalIDandentertheFQDN.
SelectUser@FQDNforLocalIDandentertheUser@FQDN.
SelectKeyIDforLocalIDandentertheKeyID(Englishalphabetornumber).
RemoteID Anoptionalsetting
SpecifytheRemoteIDforthisIPSectunneltoauthenticate.
SelectUserNameforRemoteIDandentertheusername.Theusernamemay
includebutcan’tbeallnumbers.
SelectFQDNforLocalIDandentertheFQDN.
SelectUser@FQDNforRemoteIDandentertheUser@FQDN.
SelectKeyIDforRemoteIDandentertheKeyID(Englishalphabetornumber).
Note:RemoteIDwillbenotavailablewhenDynamicVPNoptioninTunnel
Scenarioisselected.
M2MCellularGateway
129
IKEPhaseWindow
Item ValuesettingDescription
IKEVersion
1.Amustfillsetting
2.v1isselectedby
default
SpecifytheIKEversionforthisIPSectunnel.Selectv1orv2
Note:IKEversionswillnotbeavailablewhenDynamicVPNoptioninTunnel
Scenarioisselected,orAHoptioninEncapsulationProtocolisselected.
NegotiationMode MainModeissetby
defaultdefault
SpecifytheNegotiationModeforthisIPSectunnel.SelectMainModeor
AggressiveMode.
X‐AuthNoneisselectedby
default
SpecifytheX‐AuthroleforthisIPSectunnel.SelectServer,Client,orNone.
SelectedNonenoX‐Authauthenticationisrequired.
SelectedServerthisgatewaywillbeanX‐Authserver.ClickontheX‐Auth
AccountbuttontocreateremoteX‐Authclientaccount.
SelectedClientthisgatewaywillbeanX‐Authclient.EnterUsernameand
PasswordtobeauthenticatedbytheX‐Authservergateway.
Note:X‐AuthClientwillnotbeavailableforDynamicVPNoptionselectedin
TunnelScenario.
DeadPeerDetection
(DPD)
1.Checkedbydefault
2.DefaultTimeout
180sandDelay30s
ClickEnableboxtoenableDPDfunction.SpecifytheTimeoutandDelaytimein
seconds.
ValueRange:0~999secondsforTimeoutandDelay.
Phase1KeyLife
Time
1.AMustfillsetting
2.Default3600s
3.Max.86400s
SpecifythePhase1KeyLifeTime.
ValueRange:30~86400.
M2MCellularGateway
130
IKEProposalDefinitionWindow
Item ValuesettingDescription
IKEProposal
Definition AMustfillsetting
SpecifythePhase1Encryptionmethod.ItcanbeDES/3DES/AES‐auto/AES‐
128/AES‐192/AES‐256.
SpecifytheAuthenticationmethod.ItcanbeNone/MD5/SHA1/SHA2‐256.
SpecifytheDHGroup.ItcanbeNone/Group1/Group2/Group5/Group14/
Group15/Group16/Group17/Group18.
CheckEnableboxtoenablethissetting
IPSecPhaseWindow
Item Valuesetting Description
Phase2KeyLifeTime
1.AMustfillsetting
2.28800sissetby
default
3.Max.86400s
SpecifythePhase2KeyLifeTimeinsecond.
ValueRange:30~86400.
M2MCellularGateway
131
IPSecProposalDefinitionWindow
Item Valuesetting Description
IPSecProposal
Definition AMustfillsetting
SpecifytheEncryptionmethod.ItcanbeNone/DES/3DES/AES‐auto/AES‐
128/AES‐192/AES‐256.
Note:NoneisavailableonlywhenEncapsulationProtocolissetasAH;itisnot
availableforESPEncapsulation.
SpecifytheAuthenticationmethod.ItcanbeNone/MD5/SHA1/SHA2‐256.
Note:NoneandSHA2‐256areavailableonlywhenEncapsulationProtocolisset
asESP;theyarenotavailableforAHEncapsulation.
SpecifythePFSGroup.ItcanbeNone/Group1/Group2/Group5/Group14/
Group15/Group16/Group17/Group18.
ClickEnabletoenablethissetting
Save N/A ClickSavetosavethesettings
Undo N/A ClickUndotocancelthesettings
Back N/A ClickBacktoreturntothepreviouspage.
ManualKeyManagement
When the Manually option is selected for Key Management as described in Authentication Configuration
Window, a series of configuration windows for Manual IPSec Tunnel configuration will appear. The
configurationwindowsaretheLocal&RemoteConfiguration,theAuthentication,andtheManualProposal.
AuthenticationWindow
Item Valuesetting Description
M2MCellularGateway
132
KeyManagement AMustfillsetting SelectKeyManagementfromthedropdownboxforthisIPSectunnel.
InthissectionManuallyistheoptionselected.
LocalID Anoptionalsetting SpecifytheLocalIDforthisIPSectunneltoauthenticate.
SelecttheKeyIDforLocalIDandentertheKeyID(Englishalphabetornumber).
RemoteID Anoptionalsetting SpecifytheRemoteIDforthisIPSectunneltoauthenticate.
SelectKeyIDforRemoteIDandentertheKeyID(Englishalphabetornumber).
Local&RemoteConfigurationWindow
Item Valuesetting Description
LocalSubnet AMustfillsetting SpecifytheLocalSubnetIPaddressandSubnetMask.
LocalNetmask AMustfillsetting SpecifytheLocalSubnetMask.
RemoteSubnet AMustfillsetting SpecifytheRemoteSubnetIPaddress
RemoteNetmask AMustfillsetting SpecifytheRemoteSubnetMask.
RemoteGateway
1.AMustfillsetting
2.AnIPv4addressor
FQDNformat
SpecifytheRemoteGateway.TheRemoteGateway
Under the Manually Key Management authentication configuration, only one subnet is supported for both
LocalandRemoteIPSecpeer.
ManualProposalWindow
Item Valuesetting Description
OutboundSPI Hexadecimalformat SpecifytheOutboundSPIforthisIPSectunnel.
M2MCellularGateway
133
ValueRange:0~FFFF.
InboundSPI Hexadecimalformat SpecifytheInboundSPIforthisIPSectunnel.
ValueRange:0~FFFF.
Encryption 1.AMustfillsetting
2.Hexadecimalformat
SpecifytheEncryptionMethodandEncryptionkey.
AvailableencryptionmethodsareDES/3DES/AES‐128/AES‐192/AES‐256.
ThekeylengthforDESis16,3DESis48,AES‐128is32,AES‐192is48,andAES‐
256is64.
Note:WhenAHoptioninEncapsulationisselected,encryptionwillnotbe
available.
Authentication 1.AMustfillsetting
2.Hexadecimalformat
SpecifytheAuthenticationMethodandAuthenticationkey.
AvailableencryptionsareNone/MD5/SHA1/SHA2‐256.
ThekeylengthforMD5is32,SHA1is40,andSHA2‐256is64.
Note:WhenAHoptioninEncapsulationProtocolisselected,Noneoptionin
Authenticationwillnotbeavailable.
Save N/A ClickSavetosavethesettings
Undo N/A ClickUndotocancelthesettings
Back N/A ClickBacktoreturntothepreviouspage.
Create/EditDynamicVPNServerList
SimilartocreateanIPSecVPNTunnelforsite/hosttosite/hostscenario,whenEditbuttonisappliedaseries
of configuration screen will appear. They are Tunnel Configuration,Local&RemoteConfiguration,
Authentication, IKE Phase, IKE Proposal Definition, IPSec Phase, and IPSec Proposal Definition. You have to
configurethetunneldetailsforthegatewayasaDynamicVPNserver.
Note:Forthepurchasedgateway,youcanconfigureoneDynamicVPNserverforeachWANinterface.
M2MCellularGateway
134
TunnelConfigurationWindow
Item Valuesetting Description
Tunnel Uncheckedbydefault ChecktheEnableboxtoactivatetheDynamicIPSecVPNtunnel.
TunnelName
1.AMustfillsetting
2.Stringformatcanbe
anytext
Enteratunnelname.Enteranamethatiseasyforyoutoidentify.
ValueRange:1~19characters.
Interface
1.AMustfillsetting
2.WAN1isselected
bydefault
SelectWANinterfaceonwhichIPSectunnelistobeestablished.
TunnelScenario
1.AMustfillsetting
2.DynamicVPNis
selectedbydefault
TheIPSectunnelingscenarioisfixedtoDynamicVPN.
OperationMode
1.AMustfillsetting
2.Alwayonisselected
bydefault
TheavailableoperationmodeisAlwaysOn.Failoveroptionisnotavailablefor
theDynamicIPSecscenario.
Encapsulation
Protocol
1.AMustfillsetting
2.ESPisselectedby
default
SelecttheEncapsulationProtocolfromthedropdownboxforthisIPSectunnel.
AvailableencapsulationsareESPandAH.
Local&RemoteConfigurationWindow
Item Valuesetting Description
LocalSubnet AMustfillsetting SpecifytheLocalSubnetIPaddress.
LocalNetmask AMustfillsetting SpecifytheLocalSubnetMask.
AuthenticationConfigurationWindow
Item Valuesetting Description
KeyManagement 1.AMustfillsetting SelectKeyManagementfromthedropdownboxforthisIPSectunnel.
M2MCellularGateway
135
2.Pre‐sharedKey8to
32characters.
IKE+Pre‐sharedKey: userneedstosetakey(8~32characters).
LocalID Anoptionalsetting
SpecifytheLocalIDforthisIPSectunneltoauthenticate.
SelectUserNameforLocalIDandentertheusername.Theusernamemay
includebutcan’tbeallnumbers.
SelectFQDNforLocalIDandentertheFQDN.
SelectUser@FQDNforLocalIDandentertheUser@FQDN.
SelectKeyIDforLocalIDandentertheKeyID(Englishalphabetornumber).
RemoteID Anoptionalsetting
SpecifytheRemoteIDforthisIPSectunneltoauthenticate.
SelectUserNameforRemoteIDandentertheusername.Theusernamemay
includebutcan’tbeallnumbers.
SelectFQDNforLocalIDandentertheFQDN.
SelectUser@FQDNforRemoteIDandentertheUser@FQDN.
SelectKeyIDforRemoteIDandentertheKeyID(Englishalphabetornumber).
Note:RemoteIDwillbenotavailablewhenDynamicVPNoptioninTunnel
Scenarioisselected.
FortherestIKEPhase,IKEProposalDefinition,IPSecPhase,andIPSecProposalDefinitionsettings,theyarethe
sameasthatofcreatinganIPSecTunneldescribedinprevioussection.Pleaserefertotherelateddescription.
M2MCellularGateway
136
5.1.2OpenVPN
OpenVPN is an application that implements virtual private network (VPN) techniques for creating secure
point‐to‐pointor site‐to‐siteconnectionsin routedor bridgedconfigurationsand remote access facilities.It
uses a custom security protocol that utilizes SSL/TLS for key exchange.Itiscapableoftraversingnetwork
addresstranslators(NATs)andfirewalls.
OpenVPN allows peers to authenticate each other using a Static Key (pre‐shared key) or certificates. When
used in a multi‐client‐server configuration,itallowstheserver to release an authentication certificate for
every client,using signatureand certificate authority.It uses the OpenSSL encryption library extensively, as
wellastheSSLv3/TLSv1protocol,andcontainsmanysecurityandcontrolfeatures.
OpenVPN Tunneling is a Client and Server based tunneling technology. The OpenVPN Server must have a
StaticIPoraFQDN,andmaintainaClientlist.TheOpenVPNClientmaybeamobileuserormobilesitewith
public IP or private IP, and requesting the OpenVPN tunnel connection. The product can only behave as a
OpenVPNClientroleforanOpenVPNtunnelconnection.
TherearetwoOpenVPNconnectionscenarios.TheyaretheTAPandTUNscenarios.Theproductcancreate
either alayer‐3based IP tunnel (TUN), or a layer‐2based Ethernet TAP that can carry any type of Ethernet
traffic.InadditiontoconfiguringthedeviceasaServerorClient,youhavetospecifywhichtypeofOpenVPN
connectionscenarioistobeadopted.
OpenVPNTUNScenario
Theterm"TUN"modeisreferredtoroutingmodeand
operateswithlayer3packets.Inroutingmode,theVPN
client is given an IP address on a different subnet than
the local LAN under the OpenVPN server. This virtual
subnet is created for connecting to any remote VPN
computers. In routing mode, the OpenVPN server
creates a "TUN" interface with its own IP address pool
which is different to the local LAN. Remote hosts that
dial‐in will get an IP address inside the virtual network
andwillhaveaccessonlytotheserverwhereOpenVPN
resides.
IfyouwanttoofferremoteaccesstoaVPNserverfrom
client(s),andinhibittheaccesstoremoteLANresources
under VPN server, OpenVPN TUN mode is the simplest
solution.
Asshowninthediagram,theM2M‐IoTGatewayisconfiguredasanOpenVPNTUNClient,andconnectstoan
OpenVPN UN Server. Once the OpenVPN TUN connection is established, the connected TUN client will be
M2MCellularGateway
137
assignedavirtualIP(10.8.0.2)whichisbelongtoavirtualsubnetthatisdifferenttothelocalsubnetinControl
Center. With such connection, the local networked devices will get a virtual IP 10.8.0.x if its traffic goes
throughtheOpenVPNTUNconnectionwhenRedirectInternetTrafficsettingsisenabled;Besides,theSCADA
ServerinControlCentercanaccessremoteattachedserialdevice(s)withthevirtualIPaddress(10.8.0.2).
OpenVPNTAPScenario
Theterm"TAP"isreferredtobridgemodeandoperates
with layer 2 packets. In bridge mode, the VPN client is
given an IP address on the same subnet as the LAN
resided under the OpenVPN server. Under such
configuration, the OpenVPN client can directly access to
theresourcesinLAN.Ifyouwanttoofferremoteaccess
totheentireremoteLANforVPNclient(s),youhaveto
setupOpenVPNin“TAP”bridgemode.
As shown in the diagram, the M2M‐IoT Gateway is
configuredasanOpenVPNTAPClient,andconnectstoan
OpenVPNTAPServer.OncetheOpenVPNTAPconnection
isestablished,theconnectedTAPclientwillbeassigneda
virtualIP(192.168.100.210)whichisthe samesubnetas
thatoflocalsubnetinControlCenter.Withsuchconnection,theSCADAServerinControlCentercanaccess
remoteattachedserialdevice(s)withthevirtualIPaddress(192.168.100.210).

M2MCellularGateway
138
OpenVPNSetting
GotoSecurity>VPN>OpenVPNtab.
TheOpenVPNsettingallowsusertocreateandconfigureOpenVPNtunnels.
EnableOpenVPN
Configuration
Item Valuesetting Description
OpenVPN Theboxisuncheckedby
default
ChecktheEnable boxtoactivatetheOpenVPNfunction.
Client Clientisselectedby
default.
Only Clientis available,youcanspecifytheclientsettingsinanotherclient
configurationwindow.

M2MCellularGateway
139
AsanOpenVPNClient
IfClientisselected,anOpenVPNClientListscreenwillappear.
WhenAddbuttonisapplied,OpenVPNClientConfigurationscreenwillappear.OpenVPNClientConfiguration
windowletyouspecifytherequiredparametersforanOpenVPNVPNclient,suchas"OpenVPNClientName",
"Interface", "Protocol", "Tunnel Scenario", "Remote IP/FQDN", "Remote Subnet", "Authorization Mode",
"EncryptionCipher","HashAlgorithm"andtunnelactivation.
M2MCellularGateway
140
OpenVPNClientConfiguration
Item Valuesetting Description
OpenVPNClient
Name
AMustfilledsetting TheOpenVPNClientName willbeusedtoidentifytheclientinthetunnellist.
ValueRange:1~32characters.
Interface 1.AMustfilledsetting
2.BydefaultWAN‐1is
selected.
DefinethephysicalinterfacetobeusedforthisOpenVPNClienttunnel.
Protocol 1.AMustfilledsetting
2.BydefaultTCPis
selected.
DefinetheProtocol fortheOpenVPNClient.
SelectTCP
‐>TheOpenVPNwilluseTCPprotocol,andPortwillbesetas443automatically.
SelectUDP
‐>TheOpenVPNwilluseUDPprotocol,andPortwillbesetas1194
automatically.
Port 1.AMustfilledsetting
2.Bydefault443is
set.
SpecifythePort fortheOpenVPNClienttouse.
Value Range: 1 ~ 65535.
TunnelScenario 1.AMustfilledsetting
2.BydefaultTUNis
selected.
Specify the type o
f
Tunnel Scenario for the OpenVPN Client to use. It can be
TUNforTUNtunnelscenario,orTAPforTAPtunnelscenario.
RemoteIP/FQDN AMustfilledsetting SpecifytheRemoteIP/FQDN ofthepeerOpenVPNServerforthisOpenVPN
Clienttunnel.
FillintheIPaddressorFQDN.
RemoteSubnet1.AnOptionalsetting.
2.Theboxis
uncheckedbydefault.
ChecktheEnable boxtoactivateremotesubnetfunction,andspecify Remote
SubnetofthepeerOpenVPNServerforthisOpenVPNClienttunnel.
Fillintheremotesubnetaddressandremotesubnetmask.
RedirectInternet
Traffic
1.AnOptionalsetting.
2.Theboxis
uncheckedbydefault.
ChecktheEnable boxtoactivatetheRedirectInternetTrafficfunction.
NAT 1.AnOptionalsetting.
2.Theboxis
uncheckedbydefault.
ChecktheEnable boxtoactivatetheNAT function.
AuthorizationMode 1.AMustfilledsetting
2.BydefaultTLSis
selected.
Specify theauthorizationmode fortheOpenVPNServer.
TLS
‐>The OpenVPN will use TLS authorization mode, and the following items CA
Cert.,ClientCert.andClientKeywillbedisplayed.
CA Cert. could be selected in Trusted CA Certificate List. Refer to Object
Definition>Certificate>TrustedCertificate.
ClientCert.couldbeselectedinLocalCertificateList.RefertoObjectDefinition
>Certificate>MyCertificate.
ClientKeycouldbeselectedinTrustedClientkeyList.RefertoObjectDefinition
>Certificate>TrustedCertificate.
StaticKey
‐>TheOpenVPNwillusestatickeyauthorizationmode,andthefollowingitems
LocalEndpointIPAddress,RemoteEndpointIPAddressandStaticKeywillbe
displayed.
LocalEndpointIP
Address
AMustfilledsetting Specifythe virtual LocalEndpointIPAddress ofthisOpenVPNgateway.
ValueRange:TheIPformatis10.8.0.x,therangeofxis1~254.
Note:LocalEndpointIPAddresswillbeavailableonlywhenStaticKeyischosen
inAuthorizationMode.
M2MCellularGateway
141
RemoteEndpointIP
Address
AMustfilledsetting Specifythevirtual Remote EndpointIPAddressofthepeerOpenVPNgateway.
ValueRange:TheIPformatis10.8.0.x,therangeofxis1~254.
Note: Remote Endpoint IP Address will be available only when StaticKeyis
choseninAuthorizationMode.
StaticKe
y
AMustfilledsetting SpecifytheStaticKey.
Note:StaticKeywillbeavailableonlywhenStaticKeyischoseninAuthorization
Mode.
EncryptionCipher BydefaultBlowfishis
selected.
SpecifytheEncryptionCipher.
ItcanbeBlowfish/AES256/AES192/AES128/None.
HashAlgorithm BydefaultSHA‐1is
selected.
SpecifytheHashAlgorithm.
ItcanbeSHA‐1/MD5/MD4/SHA2‐256/SHA2‐512/None/Disable.
LZOCompression BydefaultAdaptiveis
selected.
SpecifytheLZOCompressionscheme.
ItcanbeAdaptive/YES/NO/Default.
PersisKey 1.AnOptionalsetting.
2.Theboxischecked
bydefault.
ChecktheEnable boxtoactivatethePersisKeyfunction.
PersisTun 1.AnOptionalsetting.
2.Theboxischecked
bydefault.
ChecktheEnable boxtoactivatethePersisTunfunction.
Advanced
Configuration
N/A Click the Edit button to specify the Advanced Configuration setting for the
OpenVPNserver.
Ifthebuttonisclicked,AdvancedConfigurationwillbedisplayedbelow.
Tunnel Theboxisunchecked
bydefault
Checkthe Enable boxtoactivate thisOpenVPNtunnel.
Save N/A Click Savetosavethesettings.
Undo N/A Click Undo tocancelthechanges.
Back N/A ClickBack toreturntolastpage.
M2MCellularGateway
142
WhenAdvancedConfigurationisselected,anOpenVPNClientAdvancedConfigurationscreenwillappear.
OpenVPNAdvancedClientConfiguration
Item Valuesetting Description
TLSCipher 1.AMustfilledsetting.
2.TLS‐RSA‐WITH‐
AES128‐SHAisselected
bydefault
SpecifytheTLS Cipher from thedropdownlist.
ItcanbeNone/TLS‐RSA‐WITH‐RC4‐MD5/TLS‐RSA‐WITH‐AES128‐SHA/TLS‐
RSA‐WITH‐AES256‐SHA / TLS‐DHE‐DSS‐AES128‐SHA / TLS‐DHE‐DSS‐AES256‐
SHA.
Note: TLS Cipher will be available only when TLS is chosen in Authorization
Mode.
TLSAuth.Key 1.AnOptionalsetting.
2.Stringformat:anytext
SpecifytheTLSAuth.Key forconnectingtoanOpenVPNserver,iftheserver
requiredit.
Note:TLSAuth.KeywillbeavailableonlywhenTLSischoseninAuthorization
Mode.
M2MCellularGateway
143
UserName AnOptionalsetting. Enter the User account for connecting to an OpenVPN server, if the server
requiredit.
Note:UserNamewillbeavailableonlywhenTLSischoseninAuthorization
Mode.
Password AnOptionalsetting. Enter the Password forconnectingtoanOpenVPNserver,iftheserver
requiredit.
Note:UserNamewillbeavailableonlywhenTLSischoseninAuthorization
Mode.
BridgeTAPtoBydefaultVLAN1is
selected
Specifythe settingofBridgeTAPto” tobridgetheTAPinterfacetoacertain
localnetworkinterfaceorVLAN.
Note: Bridge TAP to will be available only when TAP is chosen in Tunnel
ScenarioandNATisunchecked.
FirewallProtection Theboxisuncheckedby
default.
Checktheboxtoactivatethe FirewallProtectionfunction.
Note:FirewallProtectionwillbeavailableonlywhenNATisenabled.
ClientIPAddress BydefaultDynamicIPis
selected
Specifythe virtualIPAddress fortheOpenVPNClient.
ItcanbeDynamicIP/StaticIP.
TunnelMTU 1.AMustfilledsetting
2.Thevalueis1500by
default
SpecifythevalueofTunnelMTU.
ValueRange:0~1500.
TunnelUDP
Fragment
Thevalueis1500by
default
SpecifythevalueofTunnelUDPFragment.
ValueRange:0~1500.
Note: Tunnel UDP Fragment will be available only when UDP is chosen in
Protocol.
TunnelUDPMSS‐
Fix
Theboxisuncheckedby
default.
ChecktheEnable boxto activate theTunnelUDPMSS‐Fixfunction.
Note: Tunnel UDP MSS‐Fix will be available only when UDP is chosen in
Protocol.
nsCerType
Verification
Theboxisuncheckedby
default.
ChecktheEnable boxtoactivatethensCerTypeVerificationfunction.
Note: nsCerType Verification will be available only when TLS is chosen in
AuthorizationMode.
TLSRenegotiation
Time(seconds)
Thevalueis3600by
default
SpecifythetimeintervalofTLSRenegotiationTime.
ValueRange:‐1~86400.
Connection
Retry(seconds)
Thevalueis‐1bydefault SpecifythetimeintervalofConnectionRetry.
Thedefault‐1meansthatitisnoneedtoexecuteconnectionretry.
ValueRange:‐1~86400,and‐1meansnoretryisrequired.
DNS BydefaultAutomatically
isselected
Specifythe settingo
f
DNS.
ItcanbeAutomatically/Manually.
Additional
Configuration
AnOptionalsetting. Enteroptionalconfigurationstringhere.Upto256charactersisallowable.
ValueRange:0~256characters.
Save N/A Click Savetosavethesettings.
Undo N/A Click Undo tocancelthechanges.
Back N/A ClickBack toreturntolastpage.
M2MCellularGateway
144
5.1.3L2TP
Layer2TunnelingProtocol(L2TP)isatunnelingprotocolusedtosupportvirtualprivatenetworks(VPNs)oras
partofthedeliveryofservicesbyISPs.Itdoesnotprovideanyencryptionorconfidentialitybyitself.Rather,it
relies on an encryption protocol that it passes within the tunnel to provide privacy. This Gateway can only
behaveasaL2TPclientforaL2TPVPNtunel.
L2TPClient:ItcanbemobileusersorgatewaysinremoteofficeswithdynamicIP.Tosetuptunnel,itshould
get“username”,“password”andserver’sglobalIP.Inaddition,itisrequiredtoidentifytheoperationmode
for each tunnel as main connection, failover for another tunnel, or load balance tunnel to increase overall
bandwidth.Itneedstodecide“DefaultGateway”or“RemoteSubnet”forpacketflow.Moreover,youcanalso
define what kind of traffics will pass through the L2TP tunnel in the “Default Gateway / Remote Subnet”
parameter.
Besides, for the L2TP client peer, a Remote
Subnetitemisrequired.ItisfortheIntranetof
L2TP server peer. So, at L2TP client peer, the
packets whose destination is in the dedicated
subnetwillbetransferredviatheL2TPtunnel.
Others will be transferred based on current
routing policy of the gateway at L2TP client
peer. But, if you entered 0.0.0.0/0 in the
Remote Subnet field, it will be treated as a
"DefaultGateway"settingfortheL2TPclient
peer, all packets, including the Internet
accessingofL2TPclientpeer,willgothrough
the established L2TP tunnel. That means the
M2MCellularGateway
145
remoteL2TPserverpeercontrolstheflowofanypacketsfromtheL2TPclientpeer.Certainly,thosepackets
comethroughtheL2TPtunnel.
L2TPSetting
GotoSecurity>VPN>L2TPtab.
TheL2TPsettingallowsusertocreateandconfigureL2TPtunnels.
EnableL2TP
EnableL2TPWindow
Item ValuesettingDescription
L2TP Uncheckedbydefault ClicktheEnableboxtoactivateL2TPfunction.
Client AMustfilledsetting SpecifytheroleofL2TP.OnlyClientroleisavailableforthisgateway.Beloware
theconfigurationwindowsforL2TPClient.
Save N/A ClickSavebuttontosavethesettings
AsaL2TPClient
L2TPClientConfiguration
ItemSetting Valuesetting Description
L2TPClient Theboxisunchecked
bydefaultChecktheEnableboxtoenableL2TPclientroleofthegateway.
Save N/A ClickSavebuttontosavethesettings.
Undo N/A ClickUndobuttontocancelthesettings.
M2MCellularGateway
146
M2MCellularGateway
147
Create/EditL2TPClient
When Add/Editbuttonisapplied,aseriesofconfigurationscreenwillappear.Youcanaddupto8L2TP
Clients.
L2TPClientConfiguration
ItemSetting Valuesetting Description
TunnelName AMustfilledsetting Enteratunnelname.Enteranamethatiseasyforyoutoidentify.
ValueRange:1~32characters.
Interface AMustfilledsetting DefinetheselectedinterfacetobetheusedforthisL2TPtunnel
(WAN‐1isavailableonlywhenWAN‐1interfaceisenabled)
M2MCellularGateway
148
ThesameappliestootherWANinterfaces(e.g.WAN‐2).
OperationMode
1.AMustfilledsetting
2.Alwasyonis
selectedbydefault
DefineoperationmodefortheL2TPTunnel.ItcanbeAlwaysOn,orFailover.
Ifthistunnelissetasafailovertunnel,youneedtofurtherselectaprimary
tunnelfromwhichtofailoverto.
Note:FailovermodeisnotavailableforthegatewaywithsingleWAN.
L2TPoverIPSec Theboxisunchecked
bydefault
ChecktheEnableboxtoactivateL2TPoverIPSec,andfurtherspecifyaPre‐
sharedKey(8~32characters).
RemoteLNS
IP/FQDN AMustfilledsetting EnterthepublicIPaddressortheFQDNoftheL2TPserver.
RemoteLNSPort
1.AMustfilledsetting
2.1701issetby
default
EntertheRemoteLNSPortforthisL2TPtunnel.
ValueRange:1~65535.
UserName AMustfilledsetting
EntertheUserNameforthisL2TPtunneltobeauthenticatedwhenconnectto
L2TPserver.
ValueRange:1~32characters.
Password AMustfilledsetting EnterthePasswordforthisL2TPtunneltobeauthenticatedwhenconnectto
L2TPserver.
Tunneling
Password(Optional)
Theboxisunchecked
bydefault EntertheTunnelingPasswordforthisL2TPtunneltoauthenticate.
RemoteSubnetAMustfilledsetting
SpecifytheremotesubnetforthisL2TPtunneltoreachL2TPserver.
TheRemoteSubnetformatmustbeIPaddress/netmask(e.g.10.0.0.2/24).
ItisfortheIntranetofL2TPVPNserver.So,atL2TPclientpeer,thepackets
whosedestinationisinthededicatedsubnetwillbetransferredviatheL2TP
VPNtunnel.Otherswillbetransferredbasedoncurrentroutingpolicyofthe
securitygatewayatL2TPclientpeer.
Ifyouentered0.0.0.0/0intheRemoteSubnetfield,itwillbetreatedasa
defaultgatewaysettingfortheL2TPclientpeer,allpackets,includingthe
InternetaccessingofL2TPClientpeer,willgothroughtheestablishedL2TPVPN
tunnel.ThatmeanstheremoteL2TPVPNservercontrolstheflowofany
packetsfromtheL2TPclientpeer.Certainly,thosepacketscomethroughthe
L2TPVPNtunnel.
Authentication
Protocol
1.AMustfilledsetting
2.Uncheckedby
default
SpecifyoneoremultipleAuthenticationProtocolforthisL2TPtunnel.
AvailableauthenticationmethodsarePAP/CHAP/MS‐CHAP/MS‐CHAPv2.
MPPEEncryption
1.Uncheckedby
default
2.anoptionalsetting
SpecifywhetherL2TPserversupportsMPPEProtocol.ClicktheEnableboxto
enableMPPE.
Note:whenMPPEEncryptionisenabled,theAuthenticationProtocolPAP/
CHAPoptionswillnotbeavailable.
LCPEchoType
1.Autoissetby
default
SpecifytheLCPEchoTypeforthisL2TPtunnel.ItcanbeAuto,User‐defined,or
Disable.
Auto:thesystemsetstheIntervalandMax.FailureTime.
User‐defined:entertheIntervalandMax.FailureTime.Thedefaultvaluefor
Intervalis30seconds,andMaximumFailureTimesis6Times.
Disable:disabletheLCPEcho.
ValueRange:1~99999forIntervalTime,1~999forFailureTime.
ServicePort AMustfilledsetting SpecifytheServicePortforthisL2TPtunneltouse.ItcanbeAuto,(1701)for
M2MCellularGateway
149
Cisco),orUser‐defined.
Auto:Thesystemdeterminestheserviceport.
1701(forCisco):Thesystemuseport1701forconnectingwithCISCOL2TP
Server.
User‐defined:Entertheserviceport.Thedefaultvalueis0.
ValueRange:0~65535.
Tunnel Uncheckedbydefault ChecktheEnableboxtoenablethisL2TPtunnel.
Save N/A ClickSavebuttontosavethesettings.
Undo N/A ClickUndobuttontocancelthesettings.
M2MCellularGateway
150
5.1.4PPTP
Point‐to‐PointTunnelingProtocol(PPTP)isamethodforimplementingvirtualprivatenetworks.PPTPusesa
controlchanneloverTCPandaGREtunneloperatingtoencapsulatePPPpackets.Itisaclient‐serverbased
technology.TherearevariouslevelsofauthenticationandencryptionforPPTPtunneling,usuallynativelyas
standardfeaturesoftheWindowsPPTPstack.Thesecuritygatewaycanonlyplay"PPTPClient"roleforaPPTP
VPNtunnel.PPTPtunnelprocessisnearlythesameasL2TP.
PPTPClient:ItcanbemobileusersorgatewaysinremoteofficeswithdynamicIP.Tosetuptunnel,itshould
get“username”,“password”andserver’sglobalIP.Inaddition,itisrequiredtoidentifytheoperationmode
for each tunnel as main connection, failover for another tunnel, or load balance tunnel to increase overall
bandwidth.Itneedstodecide“DefaultGateway”or“RemoteSubnet”forpacketflow.Moreover,youcanalso
define what kind of traffics will pass through the PPTP tunnel in the “Default Gateway / Remote Subnet”
parameter.
Besides,forthePPTPclientpeer,aRemote
Subnetitemisrequired.ItisfortheIntranetof
PPTP server peer. So, at PPTP client peer, the
packets whose destination is in the dedicated
subnetwillbetransferred via thePPTPtunnel.
Others will be transferred based on current
routing policy of the gateway at PPTP client
peer. But, if you entered 0.0.0.0/0 in the
Remote Subnet field, it will be treated as a
"DefaultGateway"settingforthePPTPclient
peer, all packets, including the Internet
M2MCellularGateway
151
accessingofPPTPclientpeer,willgothroughtheestablishedPPTPtunnel.ThatmeanstheremotePPTPserver
peercontrolstheflowofanypacketsfromthePPTPclientpeer.Certainly,thosepacketscomethroughthe
PPTPtunnel.
PPTPSetting
GotoSecurity>VPN>PPTPtab.
ThePPTPsettingallowsusertocreateandconfigurePPTPtunnels.
EnablePPTP
EnablePPTPWindow
Item ValuesettingDescription
PPTP Uncheckedbydefault ClicktheEnableboxtoactivatePPTPfunction.
Client AMustfillsetting SpecifytheroleofPPTP.OnlyClientroleisavailableforthisgateway.Beloware
theconfigurationwindowsforPPTPClient.
Save N/A ClickSavebuttontosavethesettings.
AsaPPTPClient
PPTPClientConfiguration
Item Valuesetting Description
PPTPClient Uncheckedbydefault ChecktheEnableboxtoenablePPTPclientroleofthegateway.
Save N/A ClickSavebuttontosavethesettings.
Undo N/A ClickUndobuttontocancelthesettings.
M2MCellularGateway
152
Create/EditPPTPClient
WhenAdd/Editbuttonisapplied,aseriesPPTPClientConfigurationwillappear.
PPTPClientConfigurationWindow
Item Valuesetting Description
TunnelName AMustfillsetting Enteratunnelname.Enteranamethatiseasyforyoutoidentify.
ValueRange:1~32characters.
Interface
1.AMustfillsetting
2.WAN1isselectedby
default
DefinetheselectedinterfacetobetheusedforthisPPTPtunnel
(WAN‐1isavailableonlywhenWAN‐1interfaceisenabled)
ThesameappliestootherWANinterfaces(e.g.WAN‐2).
OperationMode
1.AMustfillsetting
2.Alwasyonis
selectedbydefault
DefineoperationmodeforthePPTPTunnel.ItcanbeAlwaysOn,orFailover.
Ifthistunnelissetasafailovertunnel,youneedtofurtherselectaprimary
tunnelfromwhichtofailoverto.
Note:FailovermodeisnotavailableforthegatewaywithsingleWAN.
M2MCellularGateway
153
RemoteIP/FQDN
1.AMustfillsetting.
2.Formatcanbea
ipv4addressorFQDN
EnterthepublicIPaddressortheFQDNofthePPTPserver.
UserName
AMustfillsetting EntertheUserNameforthisPPTPtunneltobeauthenticatedwhenconnectto
PPTPserver.
ValueRange:1~32characters.
Password AMustfillsetting EnterthePasswordforthisPPTPtunneltobeauthenticatedwhenconnectto
PPTPserver.
RemoteSubnet
AMustfillsetting SpecifytheremotesubnetforthisPPTPtunneltoreachPPTPserver.
TheRemoteSubnetformatmustbeIPaddress/netmask(e.g.10.0.0.2/24).
ItisfortheIntranetofPPTPVPNserver.So,atPPTPclientpeer,thepackets
whosedestinationisinthededicatedsubnetwillbetransferredviathePPTP
VPNtunnel.Otherswillbetransferredbasedoncurrentroutingpolicyofthe
securitygatewayatPPTPclientpeer.
Ifyouentered0.0.0.0/0intheRemoteSubnetfield,itwillbetreatedasa
defaultgatewaysettingforthePPTPclientpeer,allpackets,includingthe
InternetaccessingofPPTPClientpeer,willgothroughtheestablishedPPTPVPN
tunnel.ThatmeanstheremotePPTPVPNservercontrolstheflowofany
packetsfromthePPTPclientpeer.Certainly,thosepacketscomethroughthe
PPTPVPNtunnel.
Authentication
Protocol
1.AMustfillsetting
2.Uncheckedby
default
SpecifyoneoremultipleAuthenticationProtocolforthisPPTPtunnel.
AvailableauthenticationmethodsarePAP/CHAP/MS‐CHAP/MS‐CHAPv2.
MPPEEncryption
1.Uncheckedby
default
2.anoptionalsetting
SpecifywhetherPPTPserversupportsMPPEProtocol.ClicktheEnableboxto
enableMPPE.
Note:whenMPPEEncryptionisenabled,theAuthenticationProtocolPAP/
CHAPoptionswillnotbeavailable.
LCPEchoType
Autoissetbydefault
SpecifytheLCPEchoTypeforthisPPTPtunnel.ItcanbeAuto,User‐defined,or
Disable.
Auto:thesystemsetstheIntervalandMax.FailureTime.
User‐defined:entertheIntervalandMax.FailureTime.Thedefaultvaluefor
Intervalis30seconds,andMaximumFailureTimesis6Times.
Disable:disabletheLCPEcho.
ValueRange:1~99999forIntervalTime,1~999forFailureTime.
Tunnel Uncheckedbydefault ChecktheEnableboxtoenablethisPPTPtunnel.
Save N/A ClickSavebuttontosavethesettings.
Undo N/A ClickUndobuttontocancelthesettings.
Back N/A ClickBackbuttontoreturntothepreviouspage.
M2MCellularGateway
154
5.1.5GRE
GenericRoutingEncapsulation(GRE)isatunnelingprotocoldevelopedbyCiscoSystemsthatencapsulatesa
wide variety of network layer protocols inside virtual point‐to‐point links over an Internet Protocol
internetwork.
DeployaM2Mgatewayforremotesiteandestablishavirtualprivatenetworkwithcontrolcenterbyusing
GRE tunneling. So, all client hosts behind M2M gateway can make data communication with server hosts
behindcontrolcentergateway.
GRETunnelingissimilartoIPSecTunneling,clientrequestingthetunnelestablishmentwiththeserver.Both
theclientandtheservermusthaveaStaticIPoraFQDN.Anypeergatewaycanbeworkedaseitheraclient
oraserver,evenusingthesamesetofconfigurationrule.
GRETunnelScenario
To setup a GRE tunnel, each peer needs to
setup its global IP as tunnel IP and fill in the
other'sglobalIPasremoteIP.
Besides, each peer must further specify the
Remote Subnet item. It is for the Intranet of
GREserverpeer.So,atGREclientpeer,the
packets whose destination is in the dedicated
subnet will be transferred via the GRE tunnel.
Others will be transferred based on current
routingpolicyofthegatewayatGREclientpeer.
But, if you entered 0.0.0.0/0 in the Remote
Subnet field, it will be treated as a "Default
Gateway"settingfortheGREclientpeer,all
packets,includingtheInternetaccessingofGRE
clientpeer,willgothroughtheestablishedGRE
tunnel.Thatmeansthe remoteGREserverpeercontrolsthe flowofanypacketsfromtheGREclientpeer.
Certainly,thosepacketscomethroughtheGREtunnel.
M2MCellularGateway
155
IftheGREserversupportsDMVPNHubfunction,likeCiscorouterastheVPNconcentrator,theGREclientcan
activetheDMVPNspokefunctionheresinceitisimplementedbyGREoverIPSectunneling.
GRESetting
GotoSecurity>VPN>GREtab.
TheGREsettingallowsusertocreateandconfigureGREtunnels.
EnableGRE
EnableGREWindow
Item Valuesetting Description
GRETunnel Uncheckedbydefault ClicktheEnableboxtoenableGREfunction.
Max.Concurrent
GRETunnels
DependsonProduct
specification.
ThespecifiedvaluewilllimitthemaximumnumberofsimultaneousGREtunnel
connection.Thedefaultvaluecanbedifferentforthepurchasedmodel.
Save N/A ClickSavebuttontosavethesettings
Undo N/A ClickUndobuttontocancelthesettings
Create/EditGREtunnel
WhenAdd/Editbuttonisapplied,aGRERuleConfigurationscreenwillappear.
M2MCellularGateway
156
GRERuleConfigurationWindow
Item Valuesetting Description
TunnelName AMustfillsetting Enteratunnelname.Enteranamethatiseasyforyoutoidentify.
ValueRange:1~9characters.
Interface
1.AMustfillsetting
2.WAN1isselected
bydefault
SelecttheinterfaceonwhichGREtunnelistobeestablished.Itcanbethe
availableWANandLANinterfaces.
OperationMode
1.AMustfillsetting
2.Alwayonisselected
bydefault
DefineoperationmodefortheGRETunnel.ItcanbeAlwaysOn,orFailover.
Ifthistunnelissetasafailovertunnel,youneedtofurtherselectaprimary
tunnelfromwhichtofailoverto.
Note:FailovermodeisnotavailableforthegatewaywithsingleWAN.
TunnelIP AnOptionalsetting EntertheTunnelIPaddressandcorrespondingsubnetmask.
RemoteIP AMustfillsetting EntertheRemoteIPaddressofremoteGREtunnelgateway.Normallythisisthe
publicIPaddressoftheremoteGREgateway.
MTU
1.AMustfilledsetting
2.Auto(valuezero)is
setbydefault
MTUreferstoMaximumTransmissionUnit.Itspecifiesthelargestpacketsize
permittedforInternettransmission.
WhensettoAuto(value‘0’),therouterselectsthebestMTUforbestInternet
M2MCellularGateway
157
connectionperformance.
ValueRange:0~1500.
Key AnOptionalsetting EntertheKeyfortheGREconnection.
ValueRange:0~9999999999.
TTL 1.AMustfillsetting
2.1to255range
SpecifyTTLhop‐countvalueforthisGREtunnel.
ValueRange:1~255.
Keepalive
1.Uncheckedby
default
2.5sissetbydefault
ChecktheEnableboxtoenableKeepalivefunction.
SelectPingIPtokeepliveandentertheIPaddresstoping.
Enterthepingtimeintervalinseconds.
ValueRange:5~999seconds.
RemoteSubnetAMustfillsetting
SpecifytheremotesubnetforthisGREtunnel.
TheRemoteSubnetformatmustbeIPaddress/netmask(e.g.10.0.0.2/24).
ItisfortheIntranetofGREserverpeer.So,atGREclientpeer,thepackets
whosedestinationisinthededicatedsubnetwillbetransferredviatheGRE
tunnel.Otherswillbetransferredbasedoncurrentroutingpolicyofthesecurity
gatewayatGREclientpeer.
Ifyouentered0.0.0.0/0intheRemoteSubnetfield,itwillbetreatedasa
defaultgatewaysettingfortheGREclientpeer,allpackets,includingthe
InternetaccessingofGREclientpeer,willgothroughtheestablishedGRE
tunnel.ThatmeanstheremoteGREserverpeercontrolstheflowofanypackets
fromtheGREclientpeer.Certainly,thosepacketscomethroughtheGRE
tunnel.
DMVPNSpoke Uncheckedbydefault SpecifywhetherthegatewaywillsupportDMVPNSpokeforthisGREtunnel.
CheckEnableboxtoenableDMVPNSpoke.
IPSecPre‐shared
Key AMustfillsetting EnteraDMVPNspokeauthenticationPre‐sharedKey(8~32characters).
Note:Pre‐sharedKeyisavailableonlywhenDMVPNSpokeisenabled.
IPSecNATTraversal Uncheckedbydefault CheckEnableboxtoenableNAT‐Traversal.
Note:IPSecNATTraversalwillnotbeavailablewhenDMVPNisnotenabled.
IPSecEncapsulation
Mode Uncheckedbydefault
SpecifyIPSecEncapsulationModefromthedropdownbox.ThereareTransport
modeandTunnelmodesupported.
Note:IPSecEncapsulationModewillnotbeavailablewhenDMVPNisnot
enabled.
Tunnel Uncheckedbydefault CheckEnableboxtoenablethisGREtunnel.
Save N/A ClickSavebuttontosavethesettings.
Undo N/A ClickUndobuttontocancelthesettings.
Back N/A ClickBackbuttontoreturntothepreviouspage.
M2MCellularGateway
158
5.2Firewall
The firewall functions include Packet Filter, URL Blocking, Content Filter, MAC Control, Application Filter, IPS
andsomefirewalloptions.Thesupportedfunctioncanbedifferentforthepurchasedgateway.
5.2.1PacketFilter
M2MCellularGateway
159
"PacketFilter"functioncanletyoudefinesomefilteringrules for incoming and outgoing packets. So the
gatewaycancontrolwhatpacketsareallowedorblockedtopassthroughit.Apacketfilterruleshould
indicatefromandtowhichinterfacethepacketentersandleavesthegateway,thesourceanddestinationIP
addresses,anddestinationserviceporttypeandportnumber.Inaddition,thetimescheduletowhichtherule
willbeactive.
PacketFilterwithWhiteListScenario
Asshowninthediagram,specify"PacketFilterRule
List"aswhitelist(Allow those match the following
rules) and define the rules. Rule‐1 is to allow HTTP
packetstopass,andRule‐2istoallowHTTPSpackets
topass.
Undersuchconfiguration,thegatewaywillallowonly
HTTPandHTTPSpackets,issuedfromtheIPrange
192.168.123.200 to 250, which are targeted to TCP
port80or443topasstheWANinterface.
PacketFilterSetting
GotoSecurity>Firewall>PacketFilterTab.
Thepacketfiltersettingallowsusertocreateandcustomizepacketfilterpoliciestoallowor rejectspecific
inbound/outboundpacketsthroughtherouterbasedontheirofficesetting.
EnablePacketFilter
ConfigurationWindow
ItemName Valuesetting Description
PacketFilter Theboxisuncheckedby ChecktheEnableboxtoactivatePacketFilterfunction
M2MCellularGateway
160
default
BlackList/
WhiteList
Denythosematchthe
followingrulesissetby
default
WhenDenythosematchthefollowingrulesisselected,asthenamesuggest,
packetsspecifiedintheruleswillbeblocked–blacklisted.Incontrast,with
Allowthosematchthefollowingrules,youcanspecificallywhitelistthe
packetstopassandtherestwillbeblocked.
LogAlert Theboxisuncheckedby
default ChecktheEnableboxtoactivateEventLog.
Save N/A ClickSavetosavethesettings
Undo N/A ClickUndotocancelthesettings
Create/EditPacketFilterRules
Thegatewayallowsyoutocustomizeyourpacketfilteringrules.Itsupportsuptoamaximumof20filterrule
sets.
WhenAddbuttonisapplied,PacketFilterRuleConfigurationscreenwillappear.
PacketFilterRuleConfiguration
ItemName Valuesetting Description
RuleName 1.Stringformatcanbe Enterapacketfilterrulename.Enteranamethatiseasyforyoutoremember.
M2MCellularGateway
161
anytext
2.AMustfilledsetting
ValueRange:1~30characters.
FromInterface
1.AMustfilledsetting
2.BydefaultAnyis
selected
Definetheselectedinterfacetobethepacket‐enteringinterfaceoftherouter.
IfthepacketstobefilteredarecomingfromLANtoWANthenselectLANfor
thisfield.OrVLAN‐1toWANthenselectVLAN‐1forthisfield.Otherexamples
areVLAN‐1toVLAN‐2.VLAN‐1toWAN.
SelectAnytofilterpacketscomingintotherouterfromanyinterfaces.
Pleasenotethattwoidenticalinterfacesarenotacceptedbytherouter.e.g.,
VLAN‐1toVLAN‐1.
ToInterface
1.AMustfilledsetting
2.BydefaultAnyis
selected
Definetheselectedinterfacetobethepacket‐leavinginterfaceoftherouter.If
thepacketstobefilteredareenteringfromLANtoWANthenselectWANfor
thisfield.OrVLAN‐1toWANthenselectWANforthisfield.Otherexamplesare
VLAN‐1toVLAN‐2.VLAN‐1toWAN.
SelectAnytofilterpacketsleavingtherouterfromanyinterfaces.
Pleasenotethattwoidenticalinterfacesarenotacceptedbytherouter.e.g.,
VLAN‐1toVLAN‐1.
SourceIP
1.AMustfilledsetting
2.BydefaultAnyis
selected
ThisfieldistospecifytheSourceIPaddress.
SelectAnytofilterpacketscomingfromanyIPaddresses.
SelectSpecificIPAddresstofilterpacketscomingfromanIPaddress.
SelectIPRangetofilterpacketscomingfromaspecifiedrangeofIPaddress.
DestinationIP
1.AMustfilledsetting
2.BydefaultAnyis
selected
ThisfieldistospecifytheDestinationIPaddress.
SelectAnytofilterpacketsthatareenteringtoanyIPaddresses.
SelectSpecificIPAddresstofilterpacketsenteringtoanIPaddressenteredin
thisfield.
SelectIPRangetofilterpacketsenteringtoaspecifiedrangeofIPaddress
enteredinthisfield.
SourceMAC
1.AMustfilledsetting
2.BydefaultAnyis
selected
ThisfieldistospecifytheSourceMACaddress.
SelectAnytofilterpacketscomingfromanyMACaddresses.
SelectSpecificMACAddresstofilterpacketscomingfromaMACaddress.
Protocol
1.AMustfilledsetting
2.BydefaultAny(0)is
selected
ForProtocol,selectAnytofilteranyprotocolpackets
ThenforSourcePort,selectapredefinedportdropdownboxwhenWell‐known
Serviceisselected,otherwiseselectUser‐definedServiceandspecifyaport
range.
ThenforDestinationPort,selectapredefinedportdropdownboxwhenWell‐
knownServiceisselected,otherwiseselectUser‐definedServiceandspecifya
portrange.
ValueRange:1~65535forSourcePort,DestinationPort.
ForProtocol,selectICMPv4tofilterICMPv4packets
ForProtocol,selectTCPtofilterTCPpackets
ThenforSourcePort,selectapredefinedportdropdownboxwhenWell‐known
Serviceisselected,otherwiseselectUser‐definedServiceandspecifyaport
range.
ThenforDestinationPort,selectapredefinedportdropdownboxwhenWell‐
knownServiceisselected,otherwiseselectUser‐definedServiceandspecifya
portrange.
ValueRange:1~65535forSourcePort,DestinationPort.
M2MCellularGateway
162
ForProtocol,selectUDPtofilterUDPpackets
ThenforSourcePort,selectapredefinedportdropdownboxwhenWell‐known
Serviceisselected,otherwiseselectUser‐definedServiceandspecifyaport
range.
ThenforDestinationPort,selectapredefinedportdropdownboxwhenWell‐
knownServiceisselected,otherwiseselectUser‐definedServiceandspecifya
portrange.
ValueRange:1~65535forSourcePort,DestinationPort.
ForProtocol,selectGREtofilterGREpackets
ForProtocol,selectESPtofilterESPpackets
ForProtocol,selectSCTPtofilterSCTPpackets
ForProtocol,selectUser‐definedtofilterpacketswithspecifiedportnumber.
ThenenterapotnumberinProtocolNumberbox.
TimeSchedule AMustfilledsetting
ApplyTimeScheduletothisrule,otherwiseleaveitasAlways.
IfthedropdownlistisemptyensureTimeScheduleispre‐configured.Referto
ObjectDefinition>Scheduling>Configurationtab.
Rule Theboxisuncheckedby
default. ClickEnableboxtoactivatethisrulethensavethesettings.
Save N/A ClickSavetosavethesettings
Undo N/A ClickUndotocancelthesettings
Back N/A WhentheBackbuttonisclickedthescreenwillreturntothePacketFilter
Configurationpage.
M2MCellularGateway
163
5.2.2URLBlocking
"URLBlocking"functioncanletyoudefineblockingorallowingrulesforincomingandoutgoingWebrequest
packets. With defined rules, gateway can control the Web requests containing the complete URL, partial
domainname,orpre‐definedkeywords.Forexample,onecanfilteroutorallowonlytheWebrequestsbased
ondomaininputsuffixeslike.comor.orgorkeywordslike“bct”ormpe.
AnURLblockingruleshouldspecifytheURL,partialdomainname,orincludedkeywordsintheWebrequests
fromandtothegatewayandalsothedestinationserviceport.Besides,acertaintimeschedulecanbeapplied
toactivatetheURLBlockingrulesduringpre‐definedtimeinterval(s).
The gateway will logs and displays the disallowed web accessing requests that matched the defined URL
blockingruleintheblack‐listorintheexclusionofthewhite‐list.
Whenyouchoose"Allowalltopassexceptthosematchthefollowingrules"forthe"URLBlockingRuleList",
youaresettingthedefinedURLblockingrulestobelongtotheblacklist.Thepackets,listedintherulelist,will
be blocked if one pattern in the requests matches to one rule. Other Web requests can pass through the
gateway.Incontrast,whenyouchoose"Denyalltopassexceptthosematchthefollowingrules"forthe"URL
BlockingRuleList",youaresettingthedefinedpacketfiltering rules to belong to the white list. The Web
requests, listed in the rule, will be allowed if one pattern in the requests matches to one rule. Other Web
requestswillbeblocked.
URLBlockingRulewithBlackList
Whentheadministratorofthegatewaywantsto
block the Web requests with some dedicated
patterns,hecanusethe"URLBlocking"function
to block specific Web requests by defining the
black listas shownin abovediagram.Certainly,
whentheadministratorwantstoallowonlythe
Web requests with some dedicated patterns to
go through the gateway, he can also use the
"URL Blocking" function by defining the white
listtomeettherequirement.
As shown in the diagram, enable the URL
blocking function and create the first rule to
denytheWebrequestswith"sex"or"sexygirl"patternsandthe other to deny the Web requests with
"playboy"patterntogothroughthegateway.Systemwillblockthe Web requests with "sex", "sexygirl" or
"playboy"patternstopassthroughthegateway.
M2MCellularGateway
164
URLBlockingSetting
GotoSecurity>Firewall>URLBlockingTab.
In"URL Blocking"page,therearethree configurationwindows.Theyare the"Configuration"window,"URL
BlockingRuleList"window,and"URLBlockingRuleConfiguration"window.
The"Configuration"windowcanletyouactivatetheURLblockingfunctionandspecifytoblacklistingorto
whitelistingthepacketsdefinedinthe"URLBlockingRuleList"entry.Inaddition,logalertingcanbeenabled
torecordon‐goingeventsforanydisallowedWebrequestpackets.Referto"SystemStatus"in"6.1.1System
Related"sectioninthisusermanualforhowtoviewrecordedlog.
The"URLBlockingRuleList"windowlistsallyourdefinedURLblocking rule entry. And finally, the "URL
BlockingRuleConfiguration"windowcanletyoudefineURLblockingrules.Theparametersinaruleinclude
therulename,theSourceIPorMAC,theURL/DomainName/Keyword,thedestinationserviceports,the
integratedtimescheduleruleandtheruleactivation.
EnableURLBlocking
Configuration
Item Valuesetting Description
URLBlocking Theboxisunchecked
bydefault
ChecktheEnable boxtoactivateURLBlockingfunction.
BlackList/
WhiteList
Denythosematchthe
followingrulesisset
bydefault
SpecifytheURLBlockingPolicy,eitherBlackListorWhiteList.
BlackList:WhenDenythosematchthefollowingrulesisselected,asthename
suggest,thematchedWebrequestpacketswillbeblocked.
WhiteList:WhenAllowthosematchthefollowingrulesisselected,thematched
WebrequestpacketscanpassthroughtheGateway,andtheothersthatdon’tmatch
theruleswillbeblocked.
LogAlert Theboxisunchecked
bydefault
ChecktheEnable boxtoactivateEventLog.
Save NA ClickSave buttontosavethesettings
Undo NA ClickUndo buttontocancelthesettings
Create/EditURLBlockingRules
TheGatewaysupportsuptoamaximumof20URLblockingrulesets.EnsurethattheURLBlockingisenabledbeforewe
cancreateblockingrules.
M2MCellularGateway
165
WhenAddbuttonisapplied,theURLBlockingRuleConfigurationscreenwillappear.
URLBlockingRulesConfiguration
Item Valuesetting Description
RuleName
1.Stringformatcanbeany
text
2.AMustfilledsetting
SpecifyanURLBlocking rulename.Enteranamethatiseasyforyouto
understand.
SourceIP
1. AMustfilledsetting
2. Anyissetbydefault
ThisfieldistospecifytheSourceIPaddress.
SelectAnytofilterpacketscomingfromanyIPaddresses.
SelectSpecificIPAddresstofilterpacketscomingfromanIPaddressenteredin
thisfield.
SelectIPRangetofilterpacketscomingfromaspecifiedrangeofIPaddress
enteredinthisfield.
SourceMAC
1. AMustfilledsetting
2. Anyissetbydefault
ThisfieldistospecifytheSourceMAC address.
SelectAnytofilterpacketscomingfromanyMACaddresses.
SelectSpecificMACAddresstofilterpacketscomingfromaMACaddress
enteredinthisfield.
URL/Domain
Name/
Keyword
1.AMustfilledsetting
2.Supportsuptoa
maximumof10Keywords
inarulebyusingthe
delimiter“;”.
SpecifyURL,DomainName,orKeywordlistforURLchecking.
IntheBlackListmode,ifamatchedruleisfound,thepacketswillbedropped.
IntheWhiteListmode,ifamatchedruleisfound,thepacketswillbeaccepted
andtheotherswhichdon’tmatchanyrulewillbedropped.
Destination
Port
1. AMustfilledsetting
2. Anyissetbydefault
ThisfieldistospecifytheDestinationPortnumber.
SelectAnytofilterpacketsgoingtoanyPort.
SelectSpecificServicePorttofilterpacketsgoingtoaspecificPortenteredinthisfield.
SelectPortRangetofilterpacketsgoingtoaspecificrangeofPortsenteredinthisfield.
Time AMustfilledsetting ApplyaspecificTimeScheduletothisrule;otherwiseleaveitas(0)Always.
IfthedropdownlistisemptyensureTimeScheduleispre‐configured.RefertoObject
M2MCellularGateway
166
ScheduleRule Definition>Scheduling>Configuration tab.
Rule Theboxisuncheckedby
default.
ClicktheEnableboxtoactivatethisrule.
Save NA ClicktheSave buttontosavethesettings.
Undo NA ClicktheUndo buttontocancelthechanges.
Back NAClicktheBackbuttontoreturntotheURLBlockingConfigurationpage.
M2MCellularGateway
167
5.2.3MACControl
"MAC Control" function allows you to assign the accessibility to the gateway for different users based on
device’s MAC address. When the administrator wants to reject the traffics from some client hosts with specific
MAC addresses, he can use the "MAC Control" function to reject with the black list configuration.
MACControlwithBlackListScenario
Asshown inthe diagram,enabletheMACcontrol
functionandspecifythe"MACControlRuleList"is
ablacklist,andconfigureoneMACcontrolrulefor
thegatewayto denythe connectionrequestfrom
the "JP NB" with its own MAC address
20:6A:6A:6A:6A:6B.
Systemwillblocktheconnectingfromthe"JPNB"
tothegatewaybutallowothers.
M2MCellularGateway
168
MACControlSetting
GotoSecurity>Firewall>MACControlTab.
TheMACcontrolsettingallowsusertocreateandcustomizeMACaddresspoliciestoalloworrejectpackets
withspecificsourceMACaddress.
EnableMACControl
ConfigurationWindow
Item Valuesetting Description
MACControl Theboxisuncheckedby
default ChecktheEnableboxtoactivatetheMACfilterfunction
BlackList/
WhiteList
DenyMACAddressBelow
issetbydefault
WhenDenyMACAddressBelowisselected,asthenamesuggest,packets
specifiedintheruleswillbeblocked–blacklisted.Incontrast,withAllowMAC
AddressBelow,youcanspecificallywhitelistthepacketstopassandtherest
willbeblocked.
LogAlert Theboxisuncheckedby
default ChecktheEnableboxtoactivatetoactivateEventLog.
KnownMAC
fromLANPCList N/A SelectaMACAddressfromLANClientList.ClicktheCopytotocopythe
selectedMACAddresstothefilterrule.
Save N/A ClickSavetosavethesettings
Undo N/A ClickUndotocancelthesettings
M2MCellularGateway
169
Create/EditMACControlRules
Thegatewaysupportsuptoamaximumof20filterrulesets.EnsurethattheMACControlisenabledbefore
wecancreatecontrolrules.
WhenAddbuttonisapplied,FilterRuleConfigurationscreenwillappear.
MACControlRuleConfiguration
Item Valuesetting Description
RuleName
1.Stringformatcanbeany
text
2.AMustfillsetting
EnteraMACControlrulename.Enteranamethatiseasyforyoutoremember.
MACAddress
(Use:to
Compose)
1.MACAddressstring
Format
2.AMustfillsetting
SpecifytheSourceMACAddresstofilterrule.
TimeSchedule AMustfillsetting
ApplyTimeScheduletothisrule;otherwiseleaveitas(0)Always.
Ifthedropdownlistisempty,ensureTimeScheduleispre‐configured.Referto
ObjectDefinition>Scheduling>Configurationtab
Enable Theboxisuncheckedby
default.ClickEnableboxtoactivatethisrule,andthensavethesettings.
Save N/A ClickSavetosavethesettings
Undo N/A ClickUndotocancelthesettings
Back N/A ClickBacktoreturntotheMACControlConfigurationpage.
M2MCellularGateway
170
5.2.4ContentFilter(notsupported)
Not supported feature for the purchased product, leave it as blank.
M2MCellularGateway
171
5.2.5ApplicationFilter(notsupported)
Not supported feature for the purchased product, leave it as blank.
M2MCellularGateway
172
5.2.6IPS
ToprovideapplicationserversintheInternet,administratormayneedtoopenspecificportsfortheservices.
However,therearesomeriskstoalwaysopenserviceportsintheInternet.Inordertoavoidsuchattackrisks,
itisimportanttoenableIPSfunctions.
Intrusion Prevention System (IPS) is network security appliancesthatmonitornetworkand/orsystem
activitiesformaliciousactivity.ThemainfunctionsofIPSaretoidentifymaliciousactivity,loginformation
aboutthisactivity,attempttoblock/stopitandreportit.YoucanenabletheIPSfunctionandcheckthelisted
intrusion activities when needed. You can also enable the log alerting so that system will record Intrusion
eventswhencorrespondingintrusionsaredetected.
IPSScenario
Asshowninthediagram,thegatewayserves
asanEmailserver,WebServerandalso
provides TCP port 8080 for remote
administration. So, remote users or unknown
userscanrequestthoseservicesfromInternet.
With IPS enabled, the gateway can detect
incoming attack packets, including the TCP
ports(25,80,110,443and8080)withservices.
It will block the attack packets and let the
normalaccesstopassthroughthegateway
M2MCellularGateway
173
IPSSetting
GotoSecurity>Firewall>IPSTab.
TheIntrusionPreventionSystem(IPS)settingallowsusertocustomizeintrusionpreventionrulestoprevent
maliciouspackets.
EnableIPSFirewall
ConfigurationWindow
Item Valuesetting Description
IPS Theboxisuncheckedby
default ChecktheEnableboxtoactivateIPSfunction
LogAlert Theboxisuncheckedby
default ChecktheEnableboxtoactivatetoactivateEventLog.
Save N/A ClickSavetosavethesettings
Undo N/A ClickUndotocancelthesettings
SetupIntrusionPreventionRules
Therouterallowsyoutoselectintrusionpreventionrulesyoumaywanttoenable.EnsurethattheIPSis
enabledbeforewecanenablethedefensefunction.
M2MCellularGateway
174
SetupIntrusionPreventionRules
ItemName Valuesetting Description
SYNFlood
Defense 1.AMustfilledsetting
2.Theboxisuncheckedbydefault.
3.Trafficthresholdissetto300bydefault
4.Thevaluerangecanbefrom10to
10000.
ClickEnableboxtoactivatethisintrusionpreventionruleand
enterthetrafficthresholdinthisfield.
UDPFlood
Defense
ClickEnableboxtoactivatethisintrusionpreventionruleand
enterthetrafficthresholdinthisfield.
ICMPFlood
Defense
ClickEnableboxtoactivatethisintrusionpreventionruleand
enterthetrafficthresholdinthisfield.
ValueRange:10~10000.
PortScan
Defection
1.AMustfilledsetting
2.Theboxisuncheckedbydefault.
3.Trafficthresholdissetto200bydefault
4.Thevaluerangecanbefrom10to
10000.
ClickEnableboxtoactivatethisintrusionpreventionruleand
enterthetrafficthresholdinthisfield.
ValueRange:10~10000.
BlockLand
Attack
Theboxisuncheckedbydefault. ClickEnableboxtoactivatethisintrusionpreventionrule.
BlockPingof
Death
BlockIPSpoof
BlockTCPFlag
Scan
BlockSmurf
M2MCellularGateway
175
Block
Traceroute
BlockFraggle
Attack
ARPSpoofing
Defence
1.AMustfilledsetting
2.Theboxisuncheckedbydefault.
3.Trafficthresholdissetto300bydefault
4.Thevaluerangecanbefrom10to
10000.
ClickEnableboxtoactivatethisintrusionpreventionruleand
enterthetrafficthresholdinthisfield.
ValueRange:10~10000.
Save NA ClickSavetosavethesettings
Undo NA ClickUndotocancelthesettings

M2MCellularGateway
176
5.2.7Options
Therearesomeadditionalusefulfirewalloptionsinthispage.
“StealthMode”letsgatewaynottorespondtoportscansfromtheWANsothatmakesitlesssusceptibleto
discoveryandattacksontheInternet.”SPI”enablesgatewaytorecordthepacketinformationlikeIPaddress,
portaddress,ACK,SEQnumberandsoonwhiletheypassthroughthegateway,andthegatewaychecksevery
incomingpackettodetectifthispacketisvalid.
DiscardPingfromWANmakesanyhostontheWANsidecan`tping this gateway. And finally, “Remote
AdministratorHosts”enablesyoutoperformadministrationtaskfromaremotehost.Ifthisfeatureisenabled,
onlyspecifiedIPaddress(es)canperformremoteadministration.
M2MCellularGateway
177
EnableSPIScenario
Asshowninthediagram,GatewayhastheIP
address of 118.18.81.200 for WAN interface and
192.168.1.253forLANinterface.ItservesasaNAT
gateway.UsersinNetworkAinitiatetoaccess
cloud server through the gateway. Sometimes,
unknown users will simulate the packets but use
different source IP to masquerade. With the SPI
featurebeenenabledatthegateway,itwillblock
suchpacketsfromunknownusers.
DiscardPingfromWAN&RemoteAdministratorHostsScenario
“Discard Ping from WAN” makes any host on the
WANsidecan`tpingthisgatewayreplyanyICMP
packets.EnabletheDiscardPingfromWANfunction
to prevent security leak when local users surf the
internet.
Remoteadministratorknowsthegateway’sglobalIP,
and he can access the Gateway GUI via TCP port
8080.
FirewallOptionsSetting
GotoSecurity>Firewall>OptionsTab.
Thefirewalloptionssettingallowsnetworkadministratortomodifythebehaviorofthefirewallandtoenable
RemoteRouterAccessControl.
EnableFirewallOptions
M2MCellularGateway
178
FirewallOptions
Item Valuesetting Description
StealthMode Theboxisuncheckedby
default ChecktheEnableboxtoactivatetheStealthModefunction
SPI Theboxischeckedby
default ChecktheEnableboxtoactivatetheSPIfunction
DiscardPing
fromWAN
Theboxisuncheckedby
default ChecktheEnableboxtoactivatetheDiscardPingfromWANfunction
DefineRemoteAdministratorHost
Therouter allowsnetwork administrator tomanagerouterremotely.Thenetworkadministrator canassign
specificIPaddressandserviceporttoallowaccessingtherouter.
RemoteAdministratorHostDefinition
Item Valuesetting Description
Protocol HTTPissetbydefault SelectHTTPorHTTPSmethodforrouteraccess.
IP AMustfilledsetting
Thisfieldistospecifytheremotehosttoassignaccessrightforremoteaccess.
SelectAnyIPtoallowanyremotehosts
SelectSpecificIPtoallowtheremotehostcomingfromaspecificsubnet.AnIP
addressenteredinthisfieldandaselectedSubnetMasktocomposethe
subnet.
M2MCellularGateway
179
ServicePort
1.80forHTTPbydefault
2.443forHTTPSby
default
ThisfieldistospecifyaServicePorttoHTTPorHTTPSconnection.
ValueRange:1~65535.
Enablingthe
rule
Theboxisuncheckedby
default. ClickEnableboxtoactivatethisrule.
Save N/A ClickEnableboxtoactivatethisrulethensavethesettings.
Undo N/A ClickUndotocancelthesettings
M2MCellularGateway
180
Chapter6Administration
6.1Configure&Manage
Configure&Managereferstoenterprise‐wideadministrationofdistributedsystemsincluding(andcommonly
inpractice)computersystems.Centralizedmanagementhasatimeandefforttrade‐offthatisrelatedtothe
sizeofthecompany,theexpertiseoftheITstaff,andtheamount of technology being used. This device
supportsmanysystemmanagementprotocols,suchasCommandScript,TR‐069,SNMP,andTelnetwithCLI.
Youcansetupthoseconfigurationsinthe"Configure&Manage"section.

M2MCellularGateway
181
6.1.1CommandScript
Command script configuration is the application that allows administrator to setup the pre‐defined
configurationinplaintextstyleandapplyconfigurationonstartup.
GotoAdministration>CommandScript>ConfigurationTab.
EnableCommandScriptConfiguration
Configuration
Item Valuesetting Description
Configuration Theboxisuncheckedby
default ChecktheEnableboxtoactivatetheCommandScriptfunction.
BackupScript N/A ClicktheViaWebUIorViaStoragebuttontobackuptheexistedcommand
scriptina.txtfile.YoucanspecifythescriptfilenameinScriptNamebelow.
UploadScript N/A ClicktheViaWebUIorViaStoragebuttontoUploadtheexistedcommand
scriptfromaspecified.txtfile.
ScriptName 1.AnOptionalsetting
2.Anyvalidfilename
Specifyascriptfilenameforscriptbackup,ordisplaytheselecteduploadscript
filename.
ValueRange:0~32characters.
Version 1.AnOptionalsetting
2.Anystring
SpecifytheversionnumberfortheappliedCommandscript.
ValueRange:0~32characters.
Description 1.AnOptionalsetting
2.Anystring EnterashortdescriptionfortheappliedCommandscript.
Updatetime N/A Itrecordstheuploadtimeforlastcommadscriptupload.

M2MCellularGateway
182
Edit/BackupPlainTextCommandScript
Youcanedittheplaintextconfigurationsettingsintheconfigurationscreenasabove.
PlainTextConfiguration
Item Valuesetting Description
Clean NA Cleantextarea.(YoushouldclickSave buttontofurthercleantheconfiguration
alreadysavedinthesystem.)
Backup NA Backupanddownloadconfiguration.
Save NA Saveconfiguration
The supported plain text configuration items are shown in the followinglist.Forthesettingsthatcanbe
executedwithstandardLinuxcommands,youcanputtheminascriptfile,andapplytothesystemconfigure
with STARTUP command. For those configurations without corresponding Linux command set to configure,
youcanconfigurethemwithproprietarycommandset.
ConfigurationContent
Key Valuesetting Description
OPENVPN_ENABLED 1:enable
0:disable
EnableordisableOpenVPNClientfunction.
OPENVPN_DESCRIPTION AMustfilled
Setting
SpecifythetunnelnamefortheOpenVPNClientconnection.
OPENVPN_PROTO udp
tcp
DefinetheProtocol fortheOpenVPNClient.
SelectTCPorTCP/UDP
‐>TheOpenVPNwilluseTCPprotocol,andPortwillbesetas443
automatically.
SelectUDP
‐>TheOpenVPNwilluseUDPprotocol,andPortwillbesetas1194
automatically.
OPENVPN_PORT AMustfilled
Setting
SpecifythePort fortheOpenVPNClienttouse.
OPENVPN_REMOTE_IPADDR IPorFQDN SpecifytheRemoteIP/FQDN ofthepeerOpenVPNServerforthis
OpenVPNClienttunnel.
FillintheIPaddressorFQDN.
OPENVPN_PING_INTVL seconds SpecifythetimeintervalforOpenVPNkeep‐alivechecking.
OPENVPN_PING_TOUT seconds SpecifythetimeoutvalueforOpenVPNClientkeep‐alivechecking.
OPENVPN_COMP Adaptive SpecifytheLZOCompression algorithmforOpenVPNclient.
OPENVPN_AUTH StaticKey/TLS Specifytheauthorizationmode fortheOpenVPNtunnel.
M2MCellularGateway
183
TLS
‐>TheOpenVPNwilluseTLSauthorizationmode,andthefollowing
itemsCACert.,ClientCert.andClientKeyneedtospecifyaswell.
OPENVPN_CA_CERT AMustfilled
Setting
SpecifytheTrustedCAcertificatefortheOpenVPNclient.Itwillgo
throughBase64Conversion.
OPENVPN_LOCAL_CERT AMustfilled
Setting
SpecifythelocalcertificateforOpenVPNclient.Itwillgothrough
Base64Conversion.
OPENVPN_LOCAL_KEY AMustfilled
Setting
SpecifythelocalkeyfortheOpenVPNclient.ItwillgothroughBase64
Conversion.
OPENVPN_EXTRA_OPTS Options SpecifytheextraoptionssettingfortheOpenVPNclient.
IP_ADDR1 Ip EthernetLANIP
IP_NETM1 Netmask EthernetLANMASK
PPP_MONITORING 1:enable
0:disable
WhentheNetworkMonitoringfeatureisenabled,therouterwilluse
DNSQueryorICMPtoperiodicallycheckInternetconnection–
connectedordisconnected.
PPP_PING 0:DNSQuery
1:ICMPQuery
With DNSQuery,thesystemcheckstheconnectionbysendingDNS
QuerypacketstothedestinationspecifiedinPPP_PING_IPADDR.
WithICMPQuery,thesystemwillcheckconnectionbysendingICMP
requestpacketstothedestinationspecifiedinPPP_PING_IPADDR.
PPP_PING_IPADDR IP SpecifyanIPaddressasthetargetforsendingDNSquery/ICMP
request.
PPP_PING_INTVL seconds Specifythetimeintervalfor betweentwoDNSQueryorICMP
checkingpackets.
STARTUP Scriptfile FortheconfigurationsthatcanbeconfiguredwithstandardLinux
commands,youcanputtheminascriptfile,andapplythescriptfile
withSTARTUPcommand.
Forexample,
STARTUP=#!/bin/sh
STARTUP=echo“startupdone”>/tmp/demo
PlainTextSystemConfigurationwithTelnet
Inadditiontotheweb‐styleplaintextconfigurationasmentionedabove,thegatewaysystemalsoallowthe
configurationviaTelnet CLI.AdministratorcanusetheproprietarytelnetcommandtxtConfig” andrelated
actionitemstoperformtheplainsystemconfiguration.
Thecommandformatis:txtConfig(action)[option]
Action Option Description
clone Outputfile Duplicatetheconfigurationcontentfromdatabaseandstoredasa
configurationfile.
(ex:txtConfigclone/tmp/config)
Thecontentsintheconfigurationfilearethesameastheplaintextcommands
mentionedabove.Thisactionisexactlythesameasperformingthe“Backup”
plaintextconfiguration.
commit aexistingfile Committheconfigurationcontenttodatabase.
(ex:txtConfigcommit/tmp/config)
enable NA Enableplaintextsystemconfig.
M2MCellularGateway
184
(ex:txtConfigenable)
disable NA Disableplaintextsystemconfig.
(ex:txtConfigdisable)
run_immediately NA Applytheconfigurationcontentthathasbeencommittedindatabase.
(ex:txtConfigrun_immediately)
run_immediately aexistingfile Assignaconfigurationfiletoapply.
(ex:txtConfigrun_immediately/tmp/config)

M2MCellularGateway
185
6.1.2TR‐069
TR‐069 (Technical Report 069)is a Broadband Forum technical specification entitledCPE WAN Management
Protocol(CWMP).Itdefinesanapplicationlayerprotocolforremotemanagementofend‐userdevices,likethis
gatewaydevice.AsabidirectionalSOAP/HTTPbasedprotocol,it provides the communication between
customer‐premisesequipment(CPE)andAutoConfigurationServers(ACS).TheSecurityGatewayissuchCPE.
TR069isacustomizedfeatureforISP.Itisnotrecommendthatyouchangetheconfigurationforthis.Ifyou
haveanyprobleminusingthisfeaturefordevicemanagement,please contact with your ISP or the ACS
providerforhelp.AttherightuppercornerofTR‐069Settingscreen,one“[Help]”commandletyouseethe
samemessageaboutthat.
Scenario‐ManagingdeployedgatewaysthroughanACSServer
ScenarioApplicationTiming
When the enterprise data center wants to use an ACS server to manage remote gateways
geographically distributed elsewhere in the world, the gatewaysinallbranchofficesmusthavean
embeddedTR‐069agenttocommunicate withtheACSserver.SothattheACSservercanconfigure,
FWupgradeandmonitorthesegatewaysandtheircorrespondingIntranets.
ScenarioDescription
TheACSservercanconfigure,upgradewithlatestFWandmonitorthesegateways.
RemotegatewaysinquiretheACSserverforjobstodoineachtimeperiod.
TheACSservercanaskthegatewaystoexecutesomeurgentjobs.
ParameterSetupExample
M2MCellularGateway
186
Followingtableslisttheparameterconfigurationasanexample fortheGateway 1inabovediagram
with"TR‐069"enabling.
Usedefaultvalueforthoseparametersthatarenotmentionedinthetables.
ConfigurationPath [TR‐069]‐[Configuration]
TR‐069 Enable
ACSURL http://qa.acslite.com/cpe.php
ACSUserName
A
CSUserName
ACSPassword
A
CSPassword
ConnectionRequestPort 8099
ConnectionRequestUserName ConnReqUserName
ConnectionRequestPassword ConnReqPassword
Inform EnableInterval90
0
ScenarioOperationProcedure
Inabovediagram,theACSservercanmanagemultiple gatewaysintheInternet.The"Gateway 1"is
oneofthemandhas118.18.81.33IPaddressforitsWAN‐1interface.
Whenallremotegatewayshavebootedup,theywilltrytoconnecttotheACSserver.
Oncetheconnectionsareestablishedsuccessfully,theACSservercanconfigure,upgradewithlatest
FWandmonitorthesegateways.
RemotegatewaysinquiretheACSserverforjobstodoineachtimeperiod.
IftheACSserverneedssomeurgentjobstobedonebythegateways,itwillissuethe"Connection
Request"commandtothosegateways.Andthosegatewaysmakeimmediateconnectionsinresponse
totheACSserver’simmediateconnectionrequestforexecutingtheurgentjobs.
M2MCellularGateway
187
TR‐069Setting
GotoAdministration>Configure&Manage>TR‐069tab.
In "TR‐069" page, there is only one configuration window for TR‐069 function. In the window, you must
specifytherelatedinformationforyoursecuritygatewaytoconnecttotheACS.Drivethefunctiontoworkby
specifyingtheURLoftheACSserver,theaccountinformationtologintheACSserver,theserviceportandthe
account information for connection requesting from the ACS server, and the time interval for job inquiry.
Excepttheinquirytime,therearenoactivitiesbetweentheACSserverandthegatewaysuntilthenextinquiry
cycle.ButiftheACSserverhasnewjobsthatareexpectedtodobythegatewaysurgently,itwillaskthese
gatewaysbyusingconnectionrequestrelatedinformationforimmediate connection for inquiring jobs and
executing.
EnableTR‐069
TR‐069
Item Valuesetting Description
M2MCellularGateway
188
TR‐069 Theboxisuncheckedby
defaultChecktheEnableboxtoactivateTR‐069function.
Interface WAN‐1isselectedby
default.
WhenyoufinishsetbasicnetworkWAN‐1~WAN‐n,youcanchooseWAN‐1~
WAN‐n
WhenyoufinishsetSecurity>VPN>IPSec/OpenVPN/PPTP/L2TP/GRE,you
canchooseIPSec/OpenVPN/PPTP/L2TP/GREtunnel,theinterfacejustlike
“IPSec#1”
DataModel ACSCloudDataModel
isselectedbydefault.
SelecttheTR‐069datmodelfortheremotemanagement.
Standard:theACSServerisastandardone,whichisfullycomplywithTR‐
069.
ACSCloudDataModel:SelectthisdatamodelifyouintendtouseCloudACS
Servertomanagingthedeployedgateways.
ACSURL AMustfilledsetting YoucanaskACSmanagerprovideACSURLandmanuallyset
ACSUsername AMustfilledsetting YoucanaskACSmanagerprovideACSusernameandmanuallyset
ACSPassword AMustfilledsetting YoucanaskACSmanagerprovideACSpasswordandmanuallyset
ConnectionRequest
Port
1.AMustfilledsetting.
2.Bydefault8099isset.
YoucanaskACSmanagerprovideACSConnectionRequestPortandmanually
set
ValueRange:0~65535.
ConnectionRequest
UserName AMustfilledsetting YoucanaskACSmanagerprovideACSConnectionRequestUsernameand
manuallyset
ConnectionRequest
Password AMustfilledsetting YoucanaskACSmanagerprovideACSConnectionRequestPasswordand
manuallyset
Inform
1.Theboxischeckedby
default.
2.TheIntervalvalueis
300bydefault.
WhentheEnableboxischecked,thegateway(CPE)willperiodiclysend
informmessagetoACSServeraccordingtotheIntervalsetting.
ValueRange:0~86400forInformInterval.
CertificationSetup Thedefaultboxis
selectedbydefault
Youcanleaveitasdefaultorselectanexpectedcertificateandkeyfromthe
dropdownlist.
RefertoObjectDefinition>CertificateSectionfortheCertificate
configuration.
Save N/A ClickSavetosavethesettings.
Undo N/A ClickUndotocancelthemodifications.
WhenyoufinishsetACSURLACSUsernameACSPassword,yourgateway(CPE,ClientPremiumEquipment)
cansendinformtoACSServer.
WhenyoufinishsetConnectionRequestPortConnectionRequest Username ConnectionRequest Password,
ACSServercanaskthegateway(CPE)tosendinformtoACSServer.
EnableSTUNServer
M2MCellularGateway
189
STUNSettingsConfiguration
Item Valuesetting Description
STUN Theboxischeckedby
defaultChecktheEnableboxtoactivateSTUNfunction.
ServerAddress
1.Stringformat:any
IPv4address
2.Itisanoptionalitem.
SpecifytheIPaddressfortheexpectedSTUNServer.
ServerPort 1.Anoptionalsetting
2.3478issetbydefault
SpecifytheportnumberfortheexpectedSTUNServer.
ValueRange:1~65535.
KeepAlivePeriod 1.Anoptionalsetting
2.0issetbydefault
SpecifythekeepalivetimeperiodfortheconnectionwithSTUNServer.
ValueRange:0~65535.
Save N/A ClickSavetosavethesettings.
Undo N/A ClickUndotocancelthemodifications.
M2MCellularGateway
190
6.1.3SNMP
Inbrief,SNMP,theSimpleNetworkManagementProtocol,isaprotocoldesignedtogiveauserthecapability
toremotelymanageacomputernetworkbypollingandsettingterminal values and monitoring network
events.
IntypicalSNMPuses,oneormoreadministrativecomputers,calledmanagers,havethetaskofmonitoringor
managingagroupofhostsordevicesonacomputernetwork.Eachmanagedsystemexecutes,atalltimes,a
softwarecomponentcalledanagentwhichreportsinformationviaSNMPtothemanager.
SNMPagentsexposemanagementdataonthemanagedsystemsasvariables.Theprotocolalsopermitsactive
managementtasks,suchasmodifyingandapplyinganewconfigurationthroughremotemodificationofthese
variables.ThevariablesaccessibleviaSNMPareorganizedinhierarchies. These hierarchies, and other
metadata(suchastypeanddescriptionofthevariable),aredescribed by Management Information Bases
(MIBs).
ThedevicesupportsseveralpublicMIBsandoneprivateMIBfortheSNMPagent.ThesupportedMIBsareas
follow: MIB-II (RFC 1213, Include IPv6), IF-MIB, IP-MIB, TCP-MIB, UDP-MIB, SMIv1 and SMIv2,
SNMPv2-TM and SNMPv2-MIB, and AMIB (a Proprietary MIB)
SNMPManagementScenario
ScenarioApplicationTiming
TherearetwoapplicationscenariosofSNMPNetworkManagementSystems (NMS).LocalNMSisin
M2MCellularGateway
191
theIntranet andmanageall devices thatsupportSNMP protocolinthe Intranet.Anotheroneis the
Remote NMS to manage some devices whose WAN interfaces are connected together by using a
switch or a router with UDP forwarding. If you want to manage some devices and they all have
supportedSNMPprotocol,useeitheroneapplicationscenario,especiallythemanagementofdevices
intheIntranet.InmanagingdevicesintheInternet,theTR‐069isthebettersolution.Pleasereferto
lastsub‐section.
ScenarioDescription
TheNMSservercanmonitorandconfigurethemanageddevicesbyusingSNMPprotocol,andthose
devicesarelocatedatwhereUDPpacketscanreachfromNMS.
ThemanageddevicesreporturgenttrapeventstotheNMSservers.
UseSNMPv3versionofprotocolcanprotectedthetransmittingofSNMPcommandsandresponses.
TheremoteNMSwithprivilegeIPaddresscanmanagethedevices,butotherremoteNMScan't.
ParameterSetupExample
FollowingtableslisttheparameterconfigurationasanexamplefortheGateway1inabovediagram
with"SNMP"enablingatLANandWANinterfaces.
Usedefaultvalueforthoseparametersthatarenotmentionedinthetables.
ConfigurationPath [SNMP]‐[Configuration]
SNMPEnable LANWA
N
SupportedVersions v1v2cv3
Get/SetCommunity ReadCommunity/WriteCommunit
y
TrapEventReceiver1 118.18.81.11
WANAccessIPAddress 118.18.81.11
ConfigurationPath [SNMP]‐[UserPrivacyDefinition]
ID 12 3
UserName UserName1UserName2 UserName3
Password Password1 Password2 Disable
Authentication MD5
S
HA‐1 Disable
Encryption DE
S
 Disable Disable
PrivacyMode authPri
v
 authNoPriv noAuthNoPri
v
PrivacyKey 1234567
8
 Disable Disable
Authority Read/Write Read Read
Enable Enable Enable Enable
ScenarioOperationProcedure
Inabovediagram,theNMSservercanmanagemultipledevicesin the Intranet or a UDP‐reachable
network.The"Gateway1"isoneofthemanageddevices,andithas theIPaddressof 10.0.75.2for
LANinterfaceand118.18.81.33forWAN‐1interface.ItservesasaNATrouter.
M2MCellularGateway
192
Atfirststage,theNMSmanagerpreparesrelatedinformationfor all managed devices and records
themintheNMSsystem.ThenNMSsystemgetsthestatusofallmanageddevicesbyusingSNMPget
commands.
Whenthemanagerwantstoconfigurethemanageddevices,theNMSsystemallowshimtodothatby
usingSNMPsetcommands.The"UserName1"accountisusedifthemanagerusesSNMPv3protocol
forconfiguringthe"Gateway 1".Onlythe"UserName1"accountcanletthe"Gateway1"acceptthe
configurationfromtheNMSsincetheauthorityoftheaccountis"Read/Write".
Once a managed device has an urgent event to send, the device will issue a trap to the Trap Event
Receivers.TheNMSitselfcouldbeoneamongthem.
If you want to secure the transmitted SNMP commands and responsesbetweentheNMSandthe
manageddevices,useSNMPv3versionofprotocol.
TheremoteNMSwithoutprivilegeIPaddresscan'tmanagethe"Gateway1",since"Gateway1"allows
onlytheNMSwithprivilegeIPaddresscanmanageitviaitsWANinterface.
M2MCellularGateway
193
SNMPSetting
GotoAdministration>Configure&Manage>SNMPtab.
TheSNMPallowsusertoconfigureSNMPrelevantsettingwhichincludes interface, version, access control
andtrapreceiver.
EnableSNMP
SNMP
Item Valuesetting Description
SNMPEnable 1.Theboxesare
uncheckedbydefault
SelecttheinterfacefortheSNMPandenableSNMPfunctions.
WhenChecktheLANbox,itwillactivateSNMPfunctionsandyoucanaccess
SNMPfromLANside;
WhenChecktheWANbox,itwillactivateSNMPfunctionsandyoucanaccess
SNMPfromWANside.
WANInterface
1.AMustfilledsetting
2.ALLWANsis
selectedbydefault
SpecifytheWANinterfacethataremoteSNMPhostcanaccesstothedevice.
Bydefault,AllWANsisselected,andthereisnolimitationfortheWAN
inferface.
SupportedVersions
1.AMustfilledsetting
2.Theboxesare
uncheckedbydefault
SelecttheversionfortheSNMP
WhenCheckthev1box.
ItmeansyoucanaccessSNMPbyversion1.
WhenCheckthev2cbox.
ItmeansyoucanaccessSNMPbyversion2c.
WhenCheckthev3box.
ItmeansyoucanaccessSNMPbyversion3.
RemoteAceessIP
1.Stringformat:any
IPv4address
2.Itisanoptional
item.
SpecifytheRemoteAccessIPforWAN.
SelectSpecificIPAddress,andfillinacertainIPaddress.ItmeansonlythisIP
addresscanaccessSNMPfromLAN/WANside.
SelectIPRange,andfillinarangeofIPaddresses.ItmeanstheIPaddress
withinspecifiedrangecanaccessSNMPfromLAN/WANside.
Ifyouleftitasblank,itmeansanyIPaddresscanaccessSNMPfromWANside.
M2MCellularGateway
194
SNMPPort
1.Stringformat:any
portnumber
2.ThedefaultSNMP
portis161.
3.AMustfilledsetting
SpecifytheSNMPPort.
Youcanfillinanyportnumber.Butyoumustensuretheportnumberisnotto
beused.
ValueRange:1~65535.
Save N/A ClickSavetosavethesettings
Undo N/A ClickUndotocancelthesettings
Create/EditMultipleCommunity
TheSNMPallowsyoutocustomyouraccesscontrolforversion1andversion2user.Theroutersupportsupto
amaximumof10communitysets.
WhenAddbuttonisapplied,MultipleCommunityRuleConfigurationscreenwillappear.
MultipleCommunityRuleConfiguration
Item Valuesetting Description
Community
1.ReadOnlyis
selectedbydefault
2.AMustfilledsetting
3.Stringformat:any
text
Specifythisversion1orversionv2cuser’scommunitythatwillbeallowedRead
Only(GETandGETNEXT)orRead‐Write(GET,GETNEXTandSET)access
respectively.
Themaximumlengthofthecommunityis32.
Enable 1.Theboxischecked
bydefault ClickEnabletoenablethisversion1orversionv2cuser.
Save N/A
ClicktheSavebuttontosavetheconfiguration.ButitdoesnotapplytoSNMP
functions.WhenyoureturntotheSNMPmainpage.Itwillshow“Clickonsave
buttontoapplyyourchanges”remindusertoclickmainpageSavebutton.
Undo N/A ClicktheUndobuttontocancelthesettings.
Back N/A ClicktheBackbuttontoreturntolastpage.
M2MCellularGateway
195
Create/EditUserPrivacy
TheSNMPallowsyoutocustomyouraccesscontrolforversion3user.Theroutersupportsuptoamaximum
of128UserPrivacysets.
WhenAddbuttonisapplied,UserPrivacyRuleConfigurationscreenwillappear.
UserPrivacyRuleConfiguration
Item Valuesetting Description
UserName 1.AMustfilledsetting
2.Stringformat:any
text
SpecifytheUserNameforthisversion3user.
ValueRange:1~32characters.
Password 1.Stringformat:any
text
WhenyourPrivacyModeisauthNoPrivorauthPriv,youmustspecifythe
Passwordforthisversion3user.
ValueRange:8~64characters.
Authentication 1.Noneisselectedby
default
WhenyourPrivacyModeisauthNoPrivorauthPriv,youmustspecifythe
Authenticationtypesforthisversion3user.
SelectedtheauthenticationtypesMD5/SHA‐1touse.
Encryption 1.Noneisselectedby
default
WhenyourPrivacyModeisauthPriv,youmustspecifytheEncryption
protocolsforthisversion3user.
SelectedtheencryptionprotocolsDES/AEStouse.
M2MCellularGateway
196
PrivacyMode 1.noAuthNoPrivis
selectedbydefault
SpecifythePrivacyModeforthisversion3user.
SelectedthenoAuthNoPriv.
Youdonotuseanyauthenticationtypesandencryptionprotocols.
SelectedtheauthNoPriv.
YoumustspecifytheAuthenticationandPassword.
SelectedtheauthPriv.
YoumustspecifytheAuthentication,Password,EncryptionandPrivacyKey.
PrivacyKey 1.Stringformat:any
text
WhenyourPrivacyModeisauthPriv,youmustspecifythePrivacyKey(8~64
characters)forthisversion3user.
Authority 1.Readisselectedby
default
Specifythisversion3user’sAuthoritythatwillbeallowedReadOnly(GETand
GETNEXT)orRead‐Write(GET,GETNEXTandSET)accessrespectively.
OIDFilterPrefix 1.Thedefaultvalueis
1
2.AMustfilledsetting
3.Stringformat:any
legalOID
TheOIDFilterPrefixrestrictsaccessforthisversion3usertothesub‐tree
rootedatthegivenOID.
ValueRange:1~2080768.
Enable 1.Theboxischecked
bydefault
ClickEnabletoenablethisversion3user.
Save N/A ClicktheSavebuttontosavetheconfiguration.ButitdoesnotapplytoSNMP
functions.WhenyoureturntotheSNMPmainpage.Itwillshow“Clickonsave
buttontoapplyyourchanges”remindusertoclickmainpageSavebutton.
Undo N/A ClicktheUndobuttontocancelthesettings
Back N/A ClicktheBackbuttontoreturnthelastpage.
Create/EditTrapEventReceiver
The SNMP allows you to custom your trap event receiver. The router supports up to a maximum of4 Trap
EventReceiversets.
WhenAddbuttonisapplied,TrapEventReceiverRuleConfigurationscreenwillappear.ThedefaultSNMP
Versionisv1.Theconfigurationscreenwillprovidetheversion1mustfilleditems.
M2MCellularGateway
197
Whenyouselectedv2c,theconfigurationscreenisexactlythesameasthatofv1,excepttheversion.
Whenyouselectedv3,theconfigurationscreenwillprovidemoresettingitemsfortheversion3Trap.
TrapEventReceiverRuleConfiguration
Item Valuesetting Description
ServerIP
1.AMustfilledsetting
2.Stringformat:any
IPv4addressorFQDN
SpecifythetrapServerIPorFQDN.
TheDUTwillsendtraptotheserverIP/FQDN.
ServerPort
1.Stringformat:any
portnumber
2.ThedefaultSNMP
trapportis162
3.AMustfilledsetting
SpecifythetrapServerPort.
Youcanfillinanyportnumber.Butyoumustensuretheportnumberisnotto
beused.
ValueRange:1~65535.
M2MCellularGateway
198
SNMPVersion 1.v1isselectedby
default
Selecttheversionforthetrap
Selectedthev1.
Theconfigurationscreenwillprovidetheversion1mustfilleditems.
Selectedthev2c.
Theconfigurationscreenwillprovidetheversion2cmustfilleditems.
Selectedthev3.
Theconfigurationscreenwillprovidetheversion3mustfilleditems.
CommunityName
1.Av1andv2cMust
filledsetting
2.Stringformat:any
text
SpecifytheCommunityNameforthisversion1orversionv2ctrap.
ValueRange:1~32characters.
UserName
1.Av3Mustfilled
setting
2.Stringformat:any
text
SpecifytheUserNameforthisversion3trap.
ValueRange:1~32characters.
Password
1.Av3Mustfilled
setting
2.Stringformat:any
text
WhenyourPrivacyModeisauthNoPrivorauthPriv,youmustspecifythe
Passwordforthisversion3trap.
ValueRange:8~64characters.
PrivacyMode
1.Av3Mustfilled
setting
2.noAuthNoPrivis
selectedbydefault
SpecifythePrivacyModeforthisversion3trap.
SelectedthenoAuthNoPriv.
Youdonotuseanyauthenticationtypesandencryptionprotocols.
SelectedtheauthNoPriv.
YoumustspecifytheAuthenticationandPassword.
SelectedtheauthPriv.
YoumustspecifytheAuthentication,Password,EncryptionandPrivacyKey.
Authentication
1.Av3Mustfilled
setting
2.Noneisselectedby
default
WhenyourPrivacyModeisauthNoPrivorauthPriv,youmustspecifythe
Authenticationtypesforthisversion3trap.
SelectedtheauthenticationtypesMD5/SHA‐1touse.
Encryption
1.Av3Mustfilled
setting
2.Noneisselectedby
default
WhenyourPrivacyModeisauthPriv,youmustspecifytheEncryption
protocolsforthisversion3trap.
SelectedtheencryptionprotocolsDES/AEStouse.
PrivacyKey
1.Av3Mustfilled
setting
2.Stringformat:any
text
WhenyourPrivacyModeisauthPriv,youmustspecifythePrivacyKey(8~64
characters)forthisversion3trap.
Enable 1.Theboxischecked
bydefault ClickEnabletoenablethistrapreceiver.
Save N/A
ClicktheSavebuttontosavetheconfiguration.ButitdoesnotapplytoSNMP
functions.WhenyoureturntotheSNMPmainpage.Itwillshow“Clickonsave
buttontoapplyyourchanges”remindusertoclickmainpageSavebutton.
Undo N/A ClicktheUndobuttontocancelthesettings.
Back N/A ClicktheBackbuttontoreturnthelastpage.
M2MCellularGateway
199
SpecifySNMPMIB‐2System
Ifrequired,youcanalsospecifytherequiredonformationthetheMIB‐2System.
SNMPMIB‐2SystemConfiguration
Item Valuesetting Description
sysContact 1.AnOptionalfilled
setting
2.Stringformat:any
text
SpecifythecontactinformationforMIB‐2system.
ValueRange:0~64characters.
sysLocation 1.AnOptionalfilled
setting
2.Stringformat:any
text
SpecifythelocationinformationforMIB‐2system.
ValueRange:0~64characters.
EditSNMPOptions
IfyouusesomeparticularprivateMIB,youmustfilltheenterprisename,numberandOID.
Options
M2MCellularGateway
200
Item Valuesetting Description
EnterpriseName
1.Thedefaultvalueis
Default
2.AMustfilledsetting
3.Stringformat:any
text
SpecifytheEnterpriseNamefortheparticularprivateMIB.
ValueRange:1~10characters,andonlystringwithA~Z,a~z,0~9,’–‘,‘_’.
EnterpriseNumber
Thedefaultvalueis
12823
(DefaultEnterprise
Number)
2.AMustfilledsetting
3.Stringformat:any
number
SpecifytheEnterpriseNumberfortheparticularprivateMIB.
ValueRange:1~2080768.
EnterpriseOID
1.Thedefaultvalueis
1.3.6.1.4.1.12823.4.4.9
(DefaultEnterpriseOID)
2.AMustfilledsetting
3.Stringformat:any
legalOID
SpecifytheEnterpriseOIDfortheparticularprivateMIB.
TherangeoftheeachOIDnumberis1‐2080768.
ThemaximumlengthoftheenterpriseOIDis31.
Theseventhnumbermustbeidenticalwiththeenterprisenumber.
Save N/A ClicktheSavebuttontosavetheconfigurationandapplyyourchangesto
SNMPfunctions.
Undo N/A ClicktheUndobuttontocancelthesettings.
M2MCellularGateway
201
6.1.4Telnet&SSH
Acommand‐lineinterface(CLI),also knownascommand‐line userinterface,and consoleuserinterfaceare
meansofinteractingwithacomputerprogramwheretheuser(orclient)issuescommandstotheprogramin
theformofsuccessivelinesoftext(commandlines).Theinterfaceisusuallyimplementedwithacommand
lineshell,which isaprogram thatacceptscommands as textinputandconverts commandstoappropriate
operating system functions. Programs with command‐line interfacesaregenerallyeasiertoautomatevia
scripting. The device supports both Telnet and SSH (Secure Shell) CLI with default service port 23 and 22,
respectively.
Telnet&SSHScenario
ScenarioApplicationTiming
WhentheadministratorofthegatewaywantstomanageitfromremotesiteintheIntranetorInternet,
hemayuse"TelnetwithCLI"functiontodothatbyusing"Telnet"or"SSH"utility.
ScenarioDescription
TheLocalAdminortheRemoteAdmincanmanagetheGatewaybyusing"Telnet"or"SSH"utilitywith
privilegedusernameandpassword.
ThedatapacketsbetweentheLocalAdminandtheGatewayorbetweentheRemoteAdminandthe
Gateway can be plain texts or encrypted texts. Suggest they are plain texts in the Intranet for Local
Admintouse"Telnet"utility,andencryptedtextsintheInternetforRemoteAdmintouse"SSH"utility.
M2MCellularGateway
202
ParameterSetupExample
FollowingtableliststheparameterconfigurationasanexamplefortheGatewayinabovediagramwith
"TelnetwithCLI"enablingatLANandWANinterfaces.
Usedefaultvalueforthoseparametersthatarenotmentionedinthetable.
ConfigurationPath [Telnet
&
SSH]‐[Configuration]
Telnet LAN: EnableWAN: Enable
ServicePort:23
SSH LAN: EnableWAN: Enable
ServicePort:22
ScenarioOperationProcedure
Inabovediagram,"LocalAdmin"or"RemoteAdmin"canmanagethe "Gateway" in the Intranet or
Internet.The"Gateway"isthegatewayofNetworkA,andthesubnetofitsIntranetis10.0.75.0/24.It
hastheIPaddressof10.0.75.2forLANinterfaceand118.18.81.33forWAN‐1interface.Itservesasa
NATgateway.
The"LocalAdmin"intheIntranetuses"Telnet"utilitywithprivilegedaccounttologintheGateway.
Orthe"RemoteAdmin"intheInternetuses"SSH"utilitywithprivilegedaccounttologintheGateway.
Theadministratorofthegatewaycancontrolthedeviceaslikeheisinfrontofthegateway.
M2MCellularGateway
203
Telnet&SSHSetting
GotoAdministration>Configure&Manage>Telnet&SSHtab.
TheTelnet&SSHsettingallowsadministratortoaccessthisdevicethroughthetraditionalTelnetorSSH
Telnetprogram.Beforeyoucantelnet(login)tothedevice,please configure the related settings and
passwordwithcare.Thepasswordmanagementpartallowsyoutosetrootpasswordforloggingtelnetand
SSH.
Configuration
Item Valuesetting Description
Telnet 1. TheLANEnableboxis
checkedbydefault.
2. BydefaultService
Portis23.
ChecktheEnableboxtoactivatetheTelnetfunctionforconnectingfromLANorWAN
interfaces.
You can set which number of Service Portyouwanttoprovideforthecorresponding
service.
ValueRange:1~65535.
SSH 3. TheLANEnableboxis
checkedbydefault.
4. BydefaultService
Portis22.
ChecktheEnableboxtoactivatetheSSHTelnetfunctionforconnectingfromLANor
WANinterfaces.
You can set which number of Service Portyouwanttoprovideforthecorresponding
service.
ValueRange:1~65535.
Save N/A ClickSavetosavethesettings
Undo N/A ClickUndotocancelthesettings
M2MCellularGateway
204
Configuration
Item Valuesetting Description
root 1.String:anytextbutno
blankcharacter
2.Thedefaultpassword
fortelnetis
wirelessm2m’.
Typeoldpasswordandspecifynewpasswordtochangerootpassword.
Note_1:Youarehighlyrecommendedtochangethedefaulttelnetpasswordwith
yoursbeforethedeviceisdeployed.
Note_2:IfyouhavetroubleforthedefaultpasswordforpreviousFWversion,please
checkthecorrespondingUserManualtogetthecorrectone.
Save N/A ClickSavetosavethesettings
Undo N/A ClickUndotocancelthesettings
M2MCellularGateway
205
6.2SystemOperation
System Operation allows the network administrator to manage system, settings such as web‐based utility
access password change, system information, system time, system log, firmware/configuration backup &
restore,andreset&reboot.
6.2.1Password&MMI
GotoAdministration>SystemOperation>Password&MMItab.
ChangeUserName
ChangeUsernamescreenallowsnetworkadministratortochangetheweb‐basedMMIloginaccounttoaccess
gateway.ClicktheModifybuttonandprovidethenewusernamesetting.
UsernameConfiguration
Item Valuesetting Description
Username
1.ThedefaultUsername
forweb‐basedMMIis
admin’.
DisplaythecurrentMMIloginaccount(Username).
NewUsername String:anytext EnternewUsernametoreplacethecurrentsetting.
Password String:anytext Entercurrentpasswordtoverifyifyouhavethepermissiontochangethe
usernamesetting.
Save N/A ClickSavebuttontosavethesettings
Undo N/A ClickUndobuttontocancelthesettings
ChangePassword
ChangepasswordscreenallowsnetworkadministratortochangethewebbasedMMIloginpasswordto
accessgateway.
M2MCellularGateway
206
PasswordConfiguration
Item Valuesetting Description
OldPassword
1.String:anytext
2.Thedefaultpassword
forweb‐basedMMIis
‘admin’.
Enterthecurrentpasswordtoenableyouunlocktochangepassword.
NewPassword String:anytext Enternewpassword
NewPassword
Confirmation String:anytext Enternewpasswordagaintoconfirm
Save N/A ClickSavebuttontosavethesettings
Undo N/A ClickUndobuttontocancelthesettings
ChangeMMISettingforAccessing
This is the gateway’s web‐based MMI access which allows administrator to access the gateway for
management.Thegateway’sweb‐basedMMIwillautomaticallylogoutwhentheidletime haselapsed.The
settingallowsadministratortoenableautomaticlogoutandsetthelogoutidletime.Whenthelogintimeout
isdisabled,thesystemwon’tlogouttheadministratorautomatically.
M2MCellularGateway
207
MMIConfiguration
Item Valuesetting Description
Login 3timesissetbydefault
Enterthelogintrialcountingvalue.
ValueRange:3~10.
IfsomeonetriedtologinthewebGUIwithincorrectpasswordformore
thanthecountingvalue,anwarningmessage“Alreadyreachingmaximum
Password‐Guessingtimes,pleasewaitafewseconds!”willbedisplayed
andignorethefollowinglogintrials.
LoginTimeout
TheEnableboxis
checked,and300isset
bydefault.
ChecktheEnableboxtoactivatetheautologoutfunction,andspecifythe
maximumidletimeaswell.
ValueRange:30~65535.
GUIAccessProtocol http/httpsis
selectedbydefault.
SelecttheprotocolthatwillbeusedforGUIaccess.Itcanbehttp/https,
httponly,orhttpsonly.
HTTPsCertificate
Setup
Thedefaultboxis
selectedbydefault
IfthehttpsAccessProtocolisselected,theHTTPsCertificateSetupoption
willbeavailableforfurtherconfiguration.
Youcanleaveitasdefaultorselectaexpectedcertificateandkeyfromthe
dropdownlist.
RefertoObjectDefinition>CertificateSectionfortheCertificate
configuration.
httpCompression Theboxisuncheckedby
default.
Checkthebox(gzip,ordeflate)ifanycomprerssionmethodispreferred.
SystemBootMode NormalModeisselected
bydefault.
Selectthesystembootmodethatwillbeadoptedtobootupthedevice.
NormalMode:Ittakeslongerbootuptime,about200seconds,with
completefirmwareimagecheckduringthedevicebooting.
FastMode:Ittakesshorterbootuptime,about120seconds,without
checkingthefirmwareimageduringthedevicebooting.
QuickMode:Ittakesshorterbootuptime,about90seconds,without
checkingthefirmwareimageandcreatetheinternaldatabasefor
User/Group/CaptivePortalfunctions.
Note:UseQuickModewithcare,onceselected,theUser/Group/Captive
Portalfunctionwillbecomenon‐functional.
Save N/A ClickSavebuttontosavethesettings
Undo N/A ClickUndobuttontocancelthesettings
M2MCellularGateway
208
6.2.2SystemInformation
SystemInformationscreengivesnetwork administrator a quick look up on the device information for the
purchadesgateway.
GotoAdministration>SystemOperation>SystemInformationtab.
SystemInformation
Item ValueSetting Description
ModelName N/A Itdisplaysthemodelnameofthisproduct.
DeviceSerial
Number N/A Itdisplaystheserialnumberofthisproduct.
KernelVersionN/A ItdisplaystheLinuxkernelversionoftheproduct
FWVersion N/A Itdisplaysthefirmwareversionoftheproduct
CPUUsage N/A ItdisplaysthepercentageofCPUutilization.
MemoryUsage N/A Itdisplaysthepercentageofdevicememoryutilization.
SystemTime N/A Itdisplaysthecurrentsystemtimethatyoubrowsedthiswebpage.
DeviceUp‐Time N/A Itdisplaysthestatisticsforthedeviceup‐timesincelastbootup.
Refresh N/A ClicktheRefreshbuttontoupdatethesystemInformationimmediately.
M2MCellularGateway
209
6.2.3SystemTime
Thegatewayprovidesmanuallysetupandauto‐synchronizedapproachesfortheadministratortosetupthe
systemtimeforthegateway.
GotoAdministration>SystemOperation>SystemTimetab.
SystemTimeInformation
Item ValueSetting Description
TimeZone
1.Itisanoptionalitem.
2.GMT+00:00is
selectedbydefault.
Select a time zone where this device locates.
Auto‐
synchronization
1.Checkedbydefault.
2.Autoisselectedby
default.
ChecktheEnablebuttontoactivatethetimeauto‐synchronizationfunctionwith
acertainNTPserver.
YoucanentertheIPorFQDNfortheNTPserveryouexpected,orleaveitas
automodesothattheavailableserverwillbeusedfortimesynchronizationone
byone.
DaylightSaving
Time
1.Itisanoptionalitem.
2.Un‐checkedbydefault
ChecktheEnablebuttontoactivatethedaylightsavingfunction.
When you enabled this function, you have to specify the start date and end date
for the daylight saving time duration.
SetDate&Time 1.Itisanoptionalitem. If you do not enable the time auto-synchronization function, you can also
manually set the date (Year/Month/Day) and time (Hour:Minute:Second).
Save N/A ClicktheSavebuttontosavethesettings.
Refresh N/A ClicktheRefreshbuttontoupdatethesystemtimeimmediately.
Insteadofmanuallyconfiguringthesystemtimeforthegateway,therearetwosimpleandquicksolutionsfor
youtosetthecorrecttimeinformationandsetitasthesystemtimeforthegateway.
M2MCellularGateway
210
Thefirstoneis“SyncwithTimerServer”.Basedonyourselectionoftimezoneandtimeserverinabovetime
informationconfigurationwindow,systemwillcommunicatewithtimeserverbyNTPProtocoltogetsystem
dateandtimeafteryouclickontheSyncwithTimerServerbutton.
Note:Remembertoselectacorrecttimezoneforthedevice,otherwise,youwilljustgettheUTC
(CoordinatedUniversalTime)time,notthelocaltimeforthedevice.
Thesecondoneis“SyncwithmyPC”.ClickontheSyncwithmyPCbuttontoletsystemsynchronizeitsdate
andtimetothetimeoftheadministrationPC.
M2MCellularGateway
211
6.2.4SystemLog
SystemLogscreencontainsvariouseventlogtoolsfacilitatingnetworkadministratortoperformlocalevent
loggingandremotereporting.
GotoAdministration>SystemOperation>SystemLogtab.
View&EmailLogHistory
View button is provided for network administrator to view log history on the gateway. Email Now button
enablesadministratortosendinstantEmailforanalysis.
View&EmailLogHistory
Item Valuesetting Description
Viewbutton N/A ClicktheViewbuttontoviewLogHistoryinWebLogListWindow.
EmailNow
button N/A ClicktheEmailNowbuttontosendLogHistoryviaEmailinstantly.
M2MCellularGateway
212
WebLogListWindow
Item ValueSetting Description
Timecolumn N/A Itdisplayseventtimestamps
LogcolumnN/A ItdisplaysLogmessages
WebLogListButtonDescription
Item Valuesetting Description
Previous N/A ClickthePreviousbuttontomovetothepreviouspage.
Next N/A ClicktheNextbuttontomovetothenextpage.
First N/A ClicktheFirstbuttontojumptothefirstpage.
Last N/A ClicktheLastbuttontojumptothelastpage.
Download N/A ClicktheDownloadbuttontodownloadlogtoyourPCintarfileformat.
Clear N/A ClicktheClearbuttontoclearalllog.
Back N/A ClicktheBackbuttontoreturntothepreviouspage.
WebLogTypeCategory
WebLogTypeCategoryscreenallowsnetworkadministratortoselect the type of events to log and be
displayedintheWebLogListWindowasdescribedintheprevioussection.ClickontheViewbuttontoview
LogHistoryintheWebLogListwindow.
M2MCellularGateway
213
WebLogTypeCategorySettingWindow
Item ValueSetting Description
System Checkedbydefault ChecktologsystemeventsandtodisplayintheWebLogListwindow.
Attacks Checkedbydefault ChecktologattackeventsandtodisplayintheWebLogListwindow.
Drop Checkedbydefault ChecktologpacketdropeventsandtodisplayintheWebLogListwindow.
Loginmessage Checkedbydefault ChecktologsystemlogineventsandtodisplayintheWebLogListwindow.
Debug Un‐checkedbydefault ChecktologdebugeventsandtodisplayintheWebLogListwindow.
EmailAlert
EmailAlertscreenallowsnetworkadministratortoselectthetypeofeventtologandbesenttothedestined
Emailaccount.
EmailAlertSettingWindow
Item ValueSetting Description
Enable Un‐checkedbydefault CheckEnableboxtoenablesendingeventlogmessagestodestinedEmail
accountdefinedintheE‐mailAddressesblankspace.
Server N/A
SelectoneemailserverfromtheServerdropdownboxtosendEmail.Ifnone
hasbeenavailable,clicktheAddObjectbuttontocreateanoutgoingEmail
server.
You may also add an outgoing Email server from Object Definition > External
Server > External Server tab.
E‐mailaddressString:emailformat
EntertherecipientsEmailaddress.SeparateEmailaddresseswithcomma‘,’or
semicolon‘;’
EntertheEmailaddressintheformatof‘myemail@domain.com’
Subject String:anytext EnteranEmailsubjectthatiseasyforyoutoidentifyontheEmailclient.
Logtypecategory Defaultunchecked Select the type of events to log and be sent to the designated Email account.
AvailableeventsareSystem,Attacks,Drop,Loginmessage,andDebug.
M2MCellularGateway
214
Syslogd
Syslogdscreenallowsnetworkadministratortoselectthetypeofeventtologandbesenttothedesignated
Syslogserver.
SyslogdSettingWindow
Item ValueSetting Description
Enable Un‐checkedbydefault CheckEnableboxtoactivatetheSyslogdfunction,andsendeventlogstoasyslogserver
Server N/A
SelectonesyslogserverfromtheServerdropdownboxtosenteventlogto.
Ifnonehasbeenavailable,clicktheAddObjectbuttontocreateasystemlogserver.
You may also add an system log server from the Object Definition > External Server >
External Server tab.
Logtype
category Un‐checkedbydefault Selectthetypeofeventtologandbesenttothedestinedsyslogserver.Available
eventsareSystem,Attacks,Drop,Loginmessage,andDebug.
LogtoStorage
Log to Storagescreen allowsnetworkadministratorto select the type of events tolog and be stored at an
internaloranexternalstorage.
LogtoStorageSettingWindow
Item ValueSetting Description
Enable Un‐checkedbydefault Checktoenablesendinglogtostorage.
SelectDevice Internalisselectedby
default Selectinternalorexternalstorage.
Logfilename Un‐checkedbydefault Enterlogfilenametosavelogsindesignatedstorage.
SplitfileEnable Un‐checkedbydefault Checkenableboxtosplitfilewheneverlogfilereachingthespecifiedlimit.
SplitfileSize 200KBissetbydefault Enterthefilesizelimitforeachsplitlogfile.
ValueRange:10~1000.
Logtypecategory Un‐checkedbydefault Checkwhichtypeoflogstosend:System,Attacks,Drop,Loginmessage,Debug
LogtoStorageButtonDescription
Item Valuesetting Description
Downloadlog
file
N/A ClicktheDownloadlogfilebuttontodownloadlogfilestoalog.tarfile.
M2MCellularGateway
215
6.2.5Backup&Restore
IntheBackup&Restorewindow,youcanupgradethedevicefirmwarewhennewfirmwareisavailableand
alsobackup/restorethedeviceconfiguration.
In addition to the factory defaultsettings,youcanalsocustomizeaspecialconfigurationsettingasa
customizeddefaultvalue.Withthiscustomizeddefaultvalue,youcanresetthedevicetotheexpecteddefault
settingifneeded.
GotoAdministration>SystemOperation>Backup&Restoretab.
FWBackup&Restore
Item ValueSetting Description
FWUpgrade ViaWebUIisselectedby
default
Ifnewfirmwareisavailable,clicktheFWUpgradebuttontoupgradethedevice
firmwareviaWebUI,orViaStorage.
Afterclickingonthe“FWUpgrade”commandbutton,youneedtospecifythe
filenameofnewfirmwarebyusing“Browse”button,andthenclick“Upgrade”
buttontostarttheFWupgradingprocessonthisdevice.Ifyouwanttoupgrade
afirmwarewhichisfromGPLpolicy,pleasecheck“Acceptunofficialfirmware”
Backup
Configuration
Settings
Downloadisselectedby
default
YoucanbackuporrestorethedeviceconfigurationsettingsbyclickingtheVia
WebUIbutton.
Download:forbackupthedeviceconfigurationtoaconfig.binfile.
Upload:forrestoreadesignatedconfigurationfiletothedevice.
ViaWebUI:toretrievetheconfigurationfileviaWebGUI.
AutoRestore
Configuration
TheEnableboxis
uncheckedbydefault
ChicktheEnablebuttontoactivatethecustomizeddefaultsettingfunction.
Oncethefunctionisactivated,youcansavetheexpectedsettingasa
customizeddefaultsettingbyclickingtheSaveConf.button,orclickingthe
CleanConf.buttontoerasethestoredcustomizedconfiguration.
M2MCellularGateway
216
6.2.6Reboot&Reset
Forsomespecialreasonorsituation,youmayneedtorebootthegatewayorresetthedeviceconfigurationto
itsdefault value.Inadditionto performtheseoperationsthroughthePowerON/OFF,orpressingthereset
buttononthedevicepanel,youcandoitthroughthewebGUItoo.
GotoAdministration>SystemOperation>Reboot&Resettab.
In the Reboot & Reset window, you can reboot this device by clicking the “Reboot” button, and reset this
devicetodefaultsettingsbyclickingthe“Reset”button.
SystemOperationWindow
Item ValueSetting Description
Reboot Nowisselectedby
default
ChicktheRebootbuttontorebootthegatewayimmediatelyoronapre‐defined
timeschedule.
Now:Rebootimmediately
TimeSchedule:Selectapre‐definedauto‐reboottimescheduleruletoreboot
theautodeviceonadesignatedtim.Todefineatimeschedulerule,goto
ObjectDefinition>Scheduling>Configurationtab.
ResettoDefault N/A ClicktheResetbuttontoresetthedeviceconfigurationtoitsdefaultvalue.
M2MCellularGateway
217
6.3FTP(notsupported)
Not supported feature for the purchased product, leave it as blank.
M2MCellularGateway
218
6.4Diagnostic
Thisgatewaysupportssimplenetworkdiagnosistoolsfortheadministratortotroubleshootandfindtheroot
causeoftheabnormalbehaviorortrafficspassingthroughthe gateway.TherecanbeaPacketAnalyzerto
helprecordthepacketsforadesignatedinterfaceorspecificsource/destinationhost,andanotherPingand
Tracerttoolsfortestingthenetworkconnectivityissues.
6.4.1DiagnosticTools
TheDiagnosticToolsprovidesomefrequentlyusednetworkconnectivitydiagnostictools(approaches)forthe
networkadministratortocheckthedeviceconnectivity.
GotoAdministration>Diagnostic>DiagnosticToolstab.
DiagnosticTools
Item Valuesetting Description
PingTestOptionalSetting
ThisallowsyoutospecifyanIP/FQDNandthetestinterface(LAN,WAN,or
Auto),sosystemwilltrytopingthespecifieddevicetotestwhetheritisalive
afterclickingonthePingbutton.Atestresultwindowwillappearbeneathit.
TracertTest Optionalsetting
Traceroute(tracert)commandisanetworkdiagnostictoolfordisplayingthe
route(path)andmeasuringtransitdelaysofpacketsacrossanIPnetwork.
Tracerouteproceedsuntilall(three)sentpacketsarelostformorethan
twice,thentheconnectionislostandtheroutecannotbeevaluated.
First,youneedtospecifyanIP/FQDN,thetestinterface(LAN,WAN,or
Auto)andtheprotocol(UDPorICMP),andbydefault,itisUDP.
Then,systemwilltrytotracethespecifiedhosttotestwhetheritisalive
afterclickingonTracertbutton.Atestresultwindowwillappearbeneathit.
WakeonLAN Optionalsetting
WakeonLAN(WOL)isanEthernetnetworkingstandardthatallowsa
computertobeturnedonorawakenedbyanetworkmessage.Youcan
specifytheMACaddressofthecomputer,inyourLANnetwork,tobe
remotelyturnedonbyclickingontheWakeupcommandbutton.
Save N/A ClicktheSavebuttontosavetheconfiguration.

M2MCellularGateway
219
Chapter7Service
7.1 CellularToolkit
Besides cellular data connection, you may
alsoliketomonitordatausageofcellular
WAN,sendingtextmessagethroughSMS,
changing PIN code of SIM card,
communicating with carrier/ISP by USSD
command, or doing a cellular network scan
fordiagnosticpurpose.
In Cellular Toolkit section, it includes several
useful features that are related to cellular
configuration or application. You can
configure settings of Data Usage, SMS, SIM
PIN, USSD, and Network Scan here. Please
noteatleastavalidSIMcardisrequiredtobe
insertedtodevicebeforeyoucontinuesettingsinthissection.

M2MCellularGateway
220
7.1.1DataUsage
Mostofdataplanforcellularconnectioniswithalimitedamountofdatausage.Ifdatausagehasbeenover
limitedquota,eitheryouwillgetmuchlowerdatathroughputthatmayaffectyourdailyoperation,oryouwill
geta‘billshock’inthenextmonthbecausecarrier/ISPchargesalotfortheover‐quotadatausage.
WithhelpfromDataUsagefeature,devicewillmonitorcellulardatausagecontinuouslyandtakeactions.If
datausagereacheslimitedquota,devicecanbesettodropthecellulardataconnectionrightaway.Otherwise,
if secondary SIM card is inserted, device will switch to secondary SIM and establish another cellular data
connectionwithsecondarySIMautomatically.
IfDataUsagefeatureisenabled,allhistoryofcellulardatausage can be viewed at Status>Statistics &
Reports>CellularUsagetab.

3G/4GDataUsage
DataUsagefeatureenablinggatewaydeviceto
continuously monitor cellular data usage and take
actions.Inthediagram,quotalimitofSIMAis1Gb
permonthandbillstartdateis20thofeverymonth.
Thedeviceissmarttostartanewcalculationof
data usage on every 20th of month. Enable
Connection Restrict will force gateway device to
dropcellularconnectionofSIMAwhendatausage
reaches quota limit (1Gb in this case). If SIM
failover feature is configured in Internet Setup,
then gateway will switch to SIM B and establish a
newcellulardataconnectionautomatically.

M2MCellularGateway
221
DataUsageSetting
GotoService>CellularToolkit>DataUsagetab.
BeforefinishedsettingsforDataUsage,youneedtoknowbillstartdate,billperiod,andquotalimitofdata
usageaccordingtoyourdataplan.YoucanaskthisinformationfromyourcarrierorISP.
Create/Edit3G/4GDataUsageProfile
WhenAddbuttonisapplied,3G/4GDataUsageProfileConfigurationscreenwillappear.Youcancreateupto
fourdatausageprofiles,oneprofileforeachSIMcardusedintheGateway.
3G/4GDataUsageProfileConfiguration
ItemSetting ValuesettingDescription
SIMSelect 3G/4G‐1andSIMAby
default.
Chooseacellularinterface (3G/4G‐1or3G/4G‐2),andaSIMcardboundtothe
selectedcellularinterfacetoconfigureitsdatausageprofile.
CarrierName Itisanoptionalitem. FillintheCarrierNamefortheselectedSIMcardforidentification.
CyclePeriod Daysbydefault Thefirstboxhas threetypes forcycleperiod.TheyareDays,WeeklyandMonthly.
Days:ForperDayscycleperiods,youhavetofurtherspecifythenumberofdaysin
thesecondbox.
ValueRange:1~90days.
Weekly,Monthly:Thecycleperiodisoneweekoronemonth.
StartDate N/A Specifythedateto startmeasurenetworktraffic.
Pleasedon’tselectthedaybeforenow,otherwise,thetrafficstatisticswillbe
incorrect.
M2MCellularGateway
222
DataLimitation N/A Specifytheallowabledatalimitationforthedefinedcycleperiod.
Connection
Restrict
Un‐Checkedbydefault. ChecktheEnable boxtoactivate theconnectionrestrictionfunction.
Duringthespecifiedcycleperiod,iftheactualdatausageexceedstheallowabledata
limitation,thecellularconnectionwillbeforcedtodisconnect.
Enable Un‐Checkedbydefault. ChecktheEnable boxtoactivate thedatausageprofile.
M2MCellularGateway
223
7.1.2SMS
ShortMessageService(SMS)isatextmessagingservice,whichisusedtobewidely‐usedonmobilephones.It
usesstandardizedcommunicationsprotocolstoallowmobilephonesorcellulardevicestoexchangeshorttext
messagesinaninstantandconvenientway.
SMSSetting
GotoService>CellularToolkit>SMStab
Withthisgatewaydevice,youcansendSMStextmessagesorbrowsereceivedSMSmessagesasyouusually
doonacellularphone.
SetupSMSConfiguration
Configuration
Item Valuesetting Description
Physical
Interface
Theboxis3G/4G‐1by
default
Chooseacellularinterface(3G/4G‐1or3G/4G‐2)forthefollowingSMSfunction
configuration.
SMS Theboxischeckedby
default
ThisistheSMSswitch.IftheboxcheckedthattheSMSfunctionenable,ifthe
boxuncheckedthattheSMSfunctiondisable.
SIMStatus N/A DependoncurrentlySIMstatus.ThepossiblevaluewillbeSIM_AorSIM_B.
SMSStorage TheboxisSIMCardOnly
bydefaultThisistheSMSstoragelocation.CurrentlytheoptiononlySIMCardOnly.
Save N/A ClicktheSavebuttontosavethesettings

M2MCellularGateway
224
SMSSummary
ShowUnreadSMS,ReceivedSMS,RemainingSMS,andeditSMScontexttosend,readSMSfromSIMcard.
SMSSummary
Item Valuesetting Description
UnreadSMS N/A IfSIMcardinserttorouterfirsttime,unreadSMSvalueiszero.Whenreceivedthe
newSMSbutdidn’tread,thisvalueplusone.
ReceivedSMS N/A ThisvaluerecordtheexistingSMSnumbersfromSIMcard,Whenreceivedthenew
SMS,thisvalueplusone.
RemainingSMS N/A ThisvalueisSMScapacityminusreceivedSMS,WhenreceivedthenewSMS,this
valueminusone.
NewSMS N/AClickNewSMSbutton,aNewSMSscreenappears.UsercansettheSMSsetting
fromthisscreen.RefertoNewSMSinthenextpage.
SMSInbox N/A
ClickSMSInboxbutton,aSMSInboxListscreenappears.Usercanreadordelete
SMS,replySMSorforwardSMSfromthisscreen.RefertoSMSInboxListinthe
nextpage.
Refresh N/A ClicktheRefreshbuttontoupdatetheSMSsummaryimmediately.
NewSMS
YoucansettheSMSsettingfromthisscreen.
M2MCellularGateway
225
NewSMS
Item Valuesetting Description
Receivers N/A WritethereceiverstosendSMS.Userneedtoaddthesemicolonandcompose
multiplereceiversthatcangroupsendSMS.
TextMessage N/A WritetheSMScontexttosendSMS.Theroutersupportsuptoamaximumof
1023characterforSMScontextlength.
Send N/A ClicktheSendbutton,abovetextmessagewillbesentasaSMS.
Result N/AIfSMShasbeensentsuccessfully,itwillshowSendOK,otherwiseSendFailed
willbedisplayed.
SMSInboxList
YoucanreadordeleteSMS,replySMSorforwardSMSfromthisscreen.
SMSInboxList
Item Valuesetting Description
ID N/A ThenumberorSMS.
FromPhone
Number N/A WhatthephonenumberfromSMS
Timestamp N/AWhattimereceiveSMS
SMSText
Preview N/A PreviewtheSMStext.ClicktheDetailbuttontoreadacertainmessage.
Action Theboxisuncheckedby
default
ClicktheDetailbuttontoreadtheSMSdetail;ClicktheReply/Forwardbutton
toreply/forwardSMS.
Besides,youcancheckthebox(es),andthenclicktheDeletebuttontodelete
thecheckedSMS(s).
Refresh N/A RefreshtheSMSInboxList.
Delete N/A DeletetheSMSforallcheckedboxfromAction.
Close N/A ClosetheDetailSMSMessagescreen.

M2MCellularGateway
226
7.1.3SIMPIN
Withmostcasesintheworld,usersneedtoinsertaSIMcard(a.k.a.UICC)intoenddevicestogetoncellular
networkforvoiceserviceordatasurfing.TheSIMcardisusually released by mobile operators or service
providers. Each SIMcard hasa unique number(so‐called ICCID) fornetworkowners orserviceproviders to
identifyeachsubscriber.AsSIMcardplaysanimportantrolebetweenserviceprovidersandsubscribers,some
securitymechanismsarerequiredonSIMcardtopreventanyunauthorizedaccess.
EnablingaPINcodeinSIMcardisaneasyandeffectivewayofprotectingcellulardevicesfromunauthorized
access.ThisgatewaydeviceallowsyoutoactivateandmanagePINcodeonaSIMcardthroughitswebGUI.
ActivatePINcodeonSIMCard
ThisgatewaydeviceallowsyoutoactivatePINcodeonSIMcard.This
exampleshowshow toactivatePINcodeon SIM‐Afor3G/4G‐1with
defaultPINcode“0000”.
ChangePINcodeonSIMCard
ThisgatewaydeviceallowsyoutochangePINcodeonSIMcard.
Followingtheexampleabove,youneed to type original PIN code
0000,andthentypenewPINcodewith‘1234ifyouliketosetnew
PINcodeas‘1234’.ToconfirmthenewPINcodeyoutypeiswhatyou
want,youneedtotypenewPINcode‘1234’inVerifiedNewPINCode
again.
UnlockSIMcardbyPUKCode
IfyouenteredincorrectPINcodeatconfigurationpagefor3G/4G‐1
WANoverthreetimes,andthenitwillcauseSIMcardtobelockedby
PUKcode.ThenyouhavetocallservicenumbertogetaPUKcodeto
unlockSIMcard.Inthediagram,thePUKcodeis“12345678”andnew
PINcodeis“5678”.
M2MCellularGateway
227
SIMPINSetting
GotoService>CellularToolkit>SIMPINTab
WiththeSIMPINFunctionwindow,itallowsyoutoenableordisableSIMlock(whichmeansprotectedbyPIN
code),orchangePINcode.Youcanalsoseetheinformationofremaining times of failure trials as we
mentionedearlier.Ifyourunoutofthesefailuretrials,youneedtogetaPUKcodetounlockSIMcard.
SelectaSIMCard
ConfigurationWindow
Item Valuesetting Description
Physical
Interface
Theboxis3G/4G‐1by
default
Chooseacellularinterface(3G/4G‐1or3G/4G‐2)tochangetheSIMPINsetting
fortheselectedSIMCard.
Thenumberofphysicalmodemsdependsonthegatewaymodelyou
purchased.
SIMStatus N/A IndicationfortheselectedSIMcardandtheSIMcardstatus.
The status could be Ready, Not Insert, or SIM PIN.
Ready -- SIM card is inserted and ready to use. It can be a SIM card without PIN
protection or that SIM card is already unlocked by correct PIN code.
Not Insert -- No SIM card is inserted in that SIM slot.
SIM PIN -- SIM card is protected by PIN code, and it’s not unlocked by a
correct PIN code yet. That SIM card is still at locked status.
SIMSelection N/A SelecttheSIMcardforfurtherSIMPINconfiguration.
PresstheSwitchbutton,thentheGatewaywillswitchSIMcardtoanotherone.
Afterthat,youcanconfiguretheSIMcard.
M2MCellularGateway
228
Enable/ChangePINCode
Enable or Disable PIN code (password) function, and even change PIN code function.
SIMfunctionWindow
ItemSetting ValuesettingDescription
SIMlock DependonSIMcard ClicktheEnable buttontoactivatetheSIMlockfunction.
ForthefirsttimeyouwanttoenabletheSIMlockfunction,youhaveto
fillinthePINcodeaswell,andthenclickSavebuttontoapplythesetting.
Remainingtimes DependonSIMcard RepresenttheremainingtrialtimesfortheSIMPINunlocking.
Save N/A ClicktheSavebuttontoapplythesetting.
ChangePINCode N/A ClicktheChangePINcodebuttontochangethePINcode(password).
IftheSIMLockfunctionisnotenabled,theChangePINcodebuttonis
disabled.Inthecase,ifyoustillwanttochangethePINcode,youhaveto
enabletheSIMLockfunctionfirst,fillinthePINcode,andthenclicktheSave
buttontoenable.Afterthat,YoucanclicktheChangePINcodebuttonto
changethePINcode.
WhenChangePINCodebuttonisclicked,thefollowingscreenwillappear.
Item ValueSettingDescription
CurrentPIN
Code
AMustfilledsetting Fillinthecurrent (old)PINcodeoftheSIMcard.
NewPINCode AMustfilledsetting FillinthenewPINCodeyouwanttochange.
VerifiedNew
PINCode
AMustfilledsettingConfirmthenewPINCodeagain.
Apply N/A ClicktheApplybuttontochangethePINcodewithspecifiednewPINcode.
Cancel N/A ClicktheCancel buttontocancelthechangesandkeepcurrentPINcode.
Note:IfyouchangedthePINcodeforacertainSIMcard,youmustalsochangethecorrespondingPINcode
M2MCellularGateway
229
specified in the Basic Network>WAN & Uplink>Internet Setup>Connection with SIM Cardpage.
Otherwise,itmayresultinwrongSIMPINtrialswithinvalid(old)PINcode.
UnlockwithaPUKCode
ThePUKFunctionwindowisonlyavailableforconfigurationifthatSIMcardislockedbyPUKcode.Itmeans
thatSIMcardislockedandneedsadditionalPUKcodetounlock.Usuallyithappensaftertoomanytrialsof
incorrectPINcode,andtheremainingtimesinSIMFunctiontable turnsto0. Inthissituation, youneed to
contactyourserviceproviderandrequestaPUKcodeforyourSIMcard,andtrytounlockthelockedSIMcard
withtheprovidedPUKcode.AfterunlockingaSIMcardbyPUKcodesuccessfully,theSIMlockfunctionwillbe
activatedautomatically.
PUKFunctionWindow
Item ValuesettingDescription
PUKstatus PUKUnlock
/PUKLock
IndicationforthePUKstatus.
ThestatuscouldbePUKLockorPUKUnlock.Asmentionedearlier,theSIMcard
willbelockedbyPUKcodeaftertoomanytrialsoffailurePINcode.Inthiscase,
thePUKStatuswillturnstoPUKLock.Inanormalsituation,itwilldisplayPUK
Unlock.
Remainingtimes DependonSIMcard Represent theremainingtrialtimesforthePUKunlocking.
Note:DONOTmaketheremainingtimesdowntozero,itwilldamagetheSIM
cardFOREVER!CallforyourISPshelptogetacorrectPUKandunlocktheSIMif
youdon’thavethePUKcode.
PUKCode AMustfilledsetting FillinthePUKcode(8digits)thatcanunlocktheSIMcardinPUKunlockstatus.
NewPINCode AMustfilledsetting FillintheNewPINCode(4~8digits)fortheSIMcard.
YouhavetodetermineyournewPINcodetoreplacetheold,forgottenone.
KeepthePINcode(password)inmindwithcare.
Save N/A ClicktheSavebuttontoapplythesetting.
Note:IfyouchangedthePUKcodeandPINcodeforacertainSIMcard, you must also change the
correspondingPINcodespecifiedintheBasicNetwork>WAN&Uplink>InternetSetup>Connectionwith
SIMCardpage.Otherwise,itmayresultinwrongSIMPINtrialswithinvalid(old)PINcode.

M2MCellularGateway
230
7.1.4USSD
Unstructured Supplementary Service Data (USSD) is a protocol used by GSM cellular telephones to
communicate with theservice provider's computers. USSD can be usedforWAPbrowsing,prepaidcallback
service, mobile‐money services, location‐based content services, menu‐based information services, and as
partofconfiguringthephoneonthenetwork.
An USSD message is up to 182 alphanumeric characters in length. Unlike Short Message Service (SMS)
messages, USSD messages create a real‐time connection during an USSD session. The connection remains
open,allowingatwowayexchangeofasequenceofdata.ThismakesUSSDmoreresponsivethanservices
thatuseSMS.
USSDScenario
USSDallowsyoutohaveaninstantbidirectional
communicationwithcarrier/ISP.Inthediagram,theUSSD
command ‘*135#isreferredtodataroamingservices.
AftersendingthatUSSDcommandtocarrier,youcanget
a response at window USSD Response. Please note the
USSDcommandvariesfordifferentcarriers/ISP.
M2MCellularGateway
231
USSDSetting
GotoService>CellularToolkit>USSDtab.
In"USSD"page,therearefourwindowsfortheUSSDfunction.The"Configuration"windowcanletyouspecify
which3G/4Gmodule(physicalinterface)isusedfortheUSSDfunction,andsystemwillshowwhichSIMcardin
themoduleisthecurrentusedone.Thesecondwindowisthe"USSDProfileList"anditshowsallyourdefined
USSDprofilesthatstorepre‐commandsforactivatinganUSSDsession.An"Add"buttoninthewindowcanlet
youaddonenewUSSDprofileanddefinethecommandfortheprofileinthethirdwindow,the"USSDProfile
Configuration".WhenyouwanttostarttheactivationofanUSSD connection session to the USSD server,
selecttheUSSDprofileortypeinthecorrectprecommand,andthenclickonthe"Send"buttonforthe
session. The responses from the USSD server will be displayed beneath the "USSD Command" line. When
commandstypedinthe"USSDCommand"fieldaresent,receivedresponses will be displayed in the "USSD
Response"blankspace.UsercancommunicatewiththeUSSDserverbysendingUSSDcommandsandgetting
USSDresponsesviathegateway.
USSDConfiguration
Configuration
Item Valuesetting Description
PhysicalInterface Theboxis3G/4G‐1by
default.
Chooseacellularinterface(3G/4G‐1or3G/4G‐2)toconfiguretheUSSDsetting
fortheconnectedcellularservice(identifiedwithSIM_AorSIM_B).
SIMStatus N/A Showtheconnectedcellularservice(identifiedwithSIM_AorSIM_B).
Create/EditUSSDProfile
ThecellulargatewayallowsyoutocustomyourUSSDprofile.Itsupportsuptoamaximumof35USSDprofiles.
WhenAddbuttonisapplied,USSDProfileConfigurationscreenwillappear.
M2MCellularGateway
232
USSDProfileConfiguration
Item Valuesetting Description
ProfileName N/A EnteranamefortheUSSDprofile.
USSDCommand N/A
EntertheUSSDcommanddefinedfortheprofile.
Normally,itisacommandstringcomposedwithnumerickeypad“0~9”,“*”,
and“#”.TheUSSDcommandsarehighlyrelatedtothecellularservice,please
checkwithyourserviceproviderforthedetails.
Comments N/A Enterabriefcommentfortheprofile.
SendUSSDRequest
WhensendtheUSSDcommand,theUSSDResponsescreenwillappear.
WhenclicktheClearbutton,theUSSDResponsewilldisappear.
USSDRequest
Item Valuesetting Description
USSDProfile N/A SelectaUSSDprofilenamefromthedropdownlist.
USSDCommand N/A TheUSSDCommandstringoftheselectedprofilewillbeshownhere.
USSDResponse N/A
ClicktheSendbuttontosendtheUSSDcommand,andtheUSSDResponse
screenwillappear.Youwillseetheresponsemessageofthecorresponding
service,receivetheserviceSMS.

M2MCellularGateway
233
7.1.5NetworkScan
"Network Scan" function can let administrator specify the device how to connect to the mobile system for
data communication in each 3G/4G interface. For example, administrator can specify which generation of
mobilesystemisusedforconnection,2G,3GorLTE.Moreover,hecandefinetheirconnectionsequencefor
the gateway device to connect to the mobile system automatically.Administratoralsocanscanthemobile
systemsintheairmanually,selectthetargetoperatorsystemandapplyit.Themanualscanningapproachis
usedforproblemdiagnosis.
NetworkScanSetting
GotoService>CellularToolkit>NetworkScantab.
In"NetworkScan"page,therearetwowindowsfortheNetworkScanfunction.The"Configuration"window
canletyouselectwhich3G/4Gmodule(physicalinterface)isusedtoperformNetworkScan,andsystemwill
showthecurrentusedSIMcardinthemodule.Youcanconfigureeach3G/4GWANinterfacebyexecutingthe
networkscanningoneafteranother.Youcanalsospecifytheconnectionsequenceofthetargetedgeneration
ofmobilesystem,2G/3G/LTE.
NetworkScanConfiguration
Configuration
Item Valuesetting Description
Physical
Interface
Theboxis3G/4G‐1by
default
Chooseacellularinterface(3G/4G‐1or3G/4G‐2)forthenetworkscanfunction.
Note:3G/4G‐2isonlyavailableforfortheproductwithdualcellularmodule.
SIMStatus N/A Showtheconnectedcellularservice(identifiedwithSIM_AorSIM_B).
NetworkType Autoisselectedby
default.
Specifythenetworktypeforthenetworkscanfunction.
ItcanbeAuto,2GOnly,2Gprefer,3GOnly,3Gprefer,orLTEOnly.
WhenAutoisselected,thenetworkwillberegisterautomatically;
Ifthepreferoptionisselected,networkwillberegisterforyouroptionfirst;
Iftheonlyoptionisselected,networkwillberegisterforyouroptiononly.
ScanApproach Autoisselectedby
default.
WhenAutoselected,cellularmoduleregisterautomatically.
IftheManuallyoptionisselected,aNetworkProviderListscreenappears.
PressScanbuttontoscanforthenearestbasestations.Select(checkthebox)
thepreferredbasestationsthenclickApplybuttontoapplysettings.
M2MCellularGateway
234
Save N/A ClickSavetosavethesettings
Thesecondwindowisthe"NetworkProviderList"windowanditappearswhentheManuallyScanApproach
isselectedintheConfigurationwindow.Byclickingonthe"Scan"buttonandwaitfor1to3minutes,thefound
mobileoperatorsystemwillbedisplayedforyoutochoose.Clickagainonthe"Apply"buttontodrivesystem
toconnecttothatmobileoperatorsystemforthededicated3G/4Ginterface.
M2MCellularGateway
235
Chapter8Status
8.1Dashboard(notsupported)
Not supported feature for the purchased product, leave it as blank.

M2MCellularGateway
236
8.2BasicNetwork
8.2.1WAN&UplinkStatus
GotoStatus>BasicNetwork>WAN&Uplinktab.
The WAN & Uplink Status window shows the current status for different network type, including network
configuration, connecting information, modem status and trafficstatistics.Thedisplaywillberefreshedon
everyfiveseconds.
WANinterfaceIPv4NetworkStatus
WANinterfaceIPv4NetworkStatusscreenshowsstatusinformationforIPv4network.
WANinterfaceIPv4NetworkStatus
Item ValuesettingDescription
ID N/A ItdisplayscorrespondingWANinterfaceWANIDs.
Interface N/A ItdisplaysthetypeofWANphysicalinterface.
Dependingonthemodelpurchased,itcanbeEthernet,3G/4G,etc...
WANType N/A
ItdisplaysthemethodwhichpublicIPaddressisobtainedfromyourISP.
Dependingonthemodelpurchased,itcanbeStaticIP,DynamicIP,PPPoE,
PPTP,L2TP,3G/4G.
NetworkType N/A
ItdisplaysthenetworktypefortheWANinterface(s).
Dependingonthemodelpurchased,itcanbeNAT,Routing,Bridge,orIPPass‐
through.
IPAddr. N/A ItdisplaysthepublicIPaddressobtainedfromyourISPforInternet
connection.Defaultvalueis0.0.0.0ifleftunconfigured.
SubnetMask N/A ItdisplaystheSubnetMaskforpublicIPaddressobtainedfromyourISPfor
Internetconnection.Defaultvalueis0.0.0.0ifleftunconfigured.
Gateway N/A ItdisplaystheGatewayIPaddressobtainedfromyourISPforInternet
connection.Defaultvalueis0.0.0.0ifleftunconfigured.
DNS N/A ItdisplaystheIPaddressofDNSserverobtainedfromyourISPforInternet
connection.Defaultvalueis0.0.0.0ifleftunconfigured.
MACAddress N/A ItdisplaystheMACAddressforyourISPtoallowyouforInternetaccess.Note:
NotallISPmayrequirethisfield.
Conn.Status N/A ItdisplaystheconnectionstatusofthedevicetoyourISP.
M2MCellularGateway
237
StatusareConnectedordisconnected.
Action N/A
Thisareaprovidesfunctionalbuttons.
RenewbuttonallowsusertoforcethedevicetorequestanIPaddressfrom
theDHCPserver.Note:RenewbuttonisavailablewhenDHCPWANTypeis
usedandWANconnectionisdisconnected.
ReleasebuttonallowsusertoforcethedevicetoclearitsIPaddresssettingto
disconnectfromDHCPserver.Note:ReleasebuttonisavailablewhenDHCP
WANTypeisusedandWANconnectionisconnected.
ConnectbuttonallowsusertomanuallyconnectthedevicetotheInternet.
Note:ConnectbuttonisavailablewhenConnectionControlinWANType
settingissettoConnectManually(RefertoEditbuttoninBasicNetwork>
WAN&Uplink>InternetSetup)andWANconnectionstatusisdisconnected.
Disconnectbuttonallowsusertomanuallydisconnectthedevicefromthe
Internet.Note:ConnectbuttonisavailablewhenConnectionControlinWAN
TypesettingissettoConnectManually(RefertoEditbuttoninBasicNetwork
>WAN&Uplink>InternetSetup)andWANconnectionstatusisconnected.
WANinterfaceIPv6NetworkStatus
WANinterfaceIPv6NetworkStatusscreenshowsstatusinformationforIPv6network.
WANinterfaceIPv6NetworkStatus
Item ValuesettingDescription
ID N/A ItdisplayscorrespondingWANinterfaceWANIDs.
Interface N/A ItdisplaysthetypeofWANphysicalinterface.
Dependingonthemodelpurchased,itcanbeEthernet,3G/4G,etc...
WANType N/A ItdisplaysthemethodwhichpublicIPaddressisobtainedfromyourISP.WAN
typesettingcanbechangedfromBasicNetwork>IPv6>Configuration.
Link‐localIPAddress N/A ItdisplaystheLANIPv6Link‐Localaddress.
GlobalIPAddress N/A ItdisplaystheIPv6globalIPaddressassignedbyyourISPforyourInternet
connection.
Conn.Status N/A Itdisplaystheconnectionstatus.Thestatuscanbeconnected,disconnected
andconnecting.
Action N/A Thisareaprovidesfunctionalbuttons.
M2MCellularGateway
238
EditButtonwhenpressed,web‐basedutilitywilltakeyoutotheIPv6
configurationpage.(BasicNetwork>IPv6>Configuration.)
LANInterfaceNetworkStatus
LANInterfaceNetworkStatusscreenshowsIPv4andIPv6informationofLANnetwork.
LANInterfaceNetworkStatus
Item Valuesetting Description
IPv4Address N/AItdisplaysthecurrentIPv4IPAddressofthegateway
ThisisalsotheIPAddressuserusetoaccessRouter’sWeb‐basedUtility.
IPv4SubnetMask N/AItdisplaysthecurrentmaskofthesubnet.
IPv6Link‐local
Address N/A ItdisplaysthecurrentLANIPv6Link‐Localaddress.
ThisisalsotheIPv6IPAddressuserusetoaccessRouter’sWeb‐basedUtility.
IPv6GlobalAddress N/A ItdisplaysthecurrentIPv6globalIPaddressassignedbyyourISPforyour
Internetconnection.
MACAddress N/A ItdisplaystheLANMACAddressofthegateway
Action N/A
Thisareaprovidesfunctionalbuttons.
EditIPv4Buttonwhenpress,web‐basedutilitywilltakeyoutotheEthernet
LANconfigurationpage.(BasicNetwork>LAN&VLAN>EthernetLANtab).
EditIPv6Buttonwhenpress,web‐basedutilitywilltakeyoutotheIPv6
configurationpage.(BasicNetwork>IPv6>Configuration.)
3G/4GModemStatus
3G/4GModemStatusListscreenshowsstatusinformationfor3G/4GWANnetwork(s).
3G/4GModemStatusList
Item Valuesetting Description
Physical
Interface N/A ItdisplaysthetypeofWANphysicalinterface.
Note:Somedevicemodelmaysupporttwo3G/4Gmodules.Theirphysicalinterface
M2MCellularGateway
239
namewillbe3G/4G‐1and3G/4G‐2.
Card
Information N/A Itdisplaysthevendor’s3G/4Gmodemmodelname.
LinkStatus N/A Itdisplaysthe3G/4Gconnectionstatus.ThestatuscanbeConnecting,Connected,
Disconnecting,andDisconnected.
Signal
Strength N/A Itdisplaysthe3G/4Gwirelesssignallevel.
Network
Name N/A Itdisplaysthenameoftheservicenetworkcarrier.
Refresh N/A ClicktheRefreshbuttontorenewtheinformation.
Action N/A
Thisareaprovidesfunctionalbuttons.
DetailButtonwhenpress,windowsofdetailinformationwillappear.Theyarethe
ModemInformation,SIMStatus,andServiceInformation.Refertonextpagefor
more.
When the Detail button is pressed, 3G/4G modem information windows such as Modem Information, SIM
Status,ServiceInformation,SignalStrength/Quality,andErrorMessagewillappear.
InterfaceTrafficStatistics

InterfaceTrafficStatisticsscreendisplaystheInterface’stotaltransmittedpackets.
InterfaceTrafficStatistics
Item Valuesetting Description
ID N/A ItdisplayscorrespondingWANinterfaceWANIDs.
Interface N/A ItdisplaysthetypeofWANphysicalinterface.
Dependingonthemodelpurchased,itcanbeEthernet,3G/4G,etc…
ReceivedPackets
(Mb) N/A Itdisplaysthedownstreampackets(Mb).Itisresetwhenthedeviceis
rebooted.
TransmittedPackets
(Mb) N/A Itdisplaystheupstreampackets(Mb).Itisresetwhenthedeviceisrebooted.
M2MCellularGateway
240
8.2.2LAN&VLANStatus
GotoStatus> BasicNetwork>LAN&VLANtab.
ClientList
TheClientListshowsyoutheLANInterface,IPaddress,HostName,MACAddress,andRemainingLeaseTime
ofeachdevicethatisconnectedtothisgateway.
LANClientList
Item Valuesetting Description
LANInterface N/A ClientrecordofLANInterface.StringFormat.
IPAddress N/A ClientrecordofIPAddressTypeandtheIPAddress.TypeisStringFormatand
theIPAddressisIPv4Format.
HostName N/A ClientrecordofHostName.StringFormat.
MACAddress N/A ClientrecordofMACAddress.MACAddressFormat.
RemainingLease
Time N/A ClientrecordofRemainingLeaseTime.TimeFormat.
M2MCellularGateway
241
8.2.3WiFiStatus(notsupported)
Not supported feature for the purchased product, leave it as blank.
M2MCellularGateway
242
8.2.4DDNSStatus
GotoStatus> BasicNetwork>DDNStab.
TheDDNSStatuswindowshowsthecurrentDDNSserviceinuse,thelastupdatestatus,andthelastupdate
timetotheDDNSserviceserver.
DDNSStatus
DDNSStatus
Item ValueSetting Description
HostName N/A It displays the name you entered to identifyDDNSserviceprovider
Provider N/A It displays the DDNS server of DDNSserviceprovider
EffectiveIP N/A It displays the public IP address of the device updated to the DDNS server
LastUpdate
Status N/A It displays whether the last update of the device public IP address to the DDNS
server has been successful (Ok) or failed (Fail).
LastUpdateTime N/A It displays time stamp of the last update of public IP address to the DDNS server.
Refresh N/A Therefreshbuttonallowsusertoforcethedisplaytorefreshinformation.
M2MCellularGateway
243
8.3Security
8.3.1VPNStatus
GotoStatus> Security>VPNtab.
TheVPNStatus widow shows the overall VPN tunnel status. The display will berefreshedoneveryfive
seconds.
IPSecTunnelStatus
IPSec Tunnel Status windows show the configuration for establishing IPSec VPN connection and current
connectionstatus.
IPSecTunnelStatus
Item Valuesetting Description
TunnelName N/A Itdisplaysthetunnelnameyouhaveenteredtoidentify.
TunnelScenario N/A ItdisplaystheTunnelScenariospecified.
LocalSubnets N/A ItdisplaystheLocalSubnetsspecified.
RemoteIP/FQDN N/A ItdisplaystheRemoteIP/FQDNspecified.
RemoteSubnets N/A ItdisplaystheRemoteSubnetsspecified.
Conn.Time N/A ItdisplaystheconnectiontimefortheIPSectunnel.
Status N/A ItdisplaystheStatusoftheVPNconnection.Thestatusdisplaysare
M2MCellularGateway
244
Connected,Disconnected,Waitfortraffic,andConnecting.
EditButton N/A ClickonEditButtontochangeIPSecsetting,web‐basedutilitywilltakeyou
totheIPSecconfigurationpage.(Security>VPN>IPSectab)
OpenVPNClientStatus
OpenVPNClientStatus
Item Valuesetting Description
OpenVPNClient
Name
N/A Itdisplaysthe Client nameyouhaveenteredforidentification.
Interface N/A ItdisplaystheWANinterfacespecifiedfortheOpenVPNclientconnection.
Remote
IP/FQDN
N/A Itdisplaysthe peer OpenVPN ServersPublicIPaddress(theWANIPaddress)or
FQDN.
RemoteSubnetN/A ItdisplaystheRemoteSubnetspecified.
TUN/TAP
Read(bytes)
N/A ItdisplaystheTUN/TAPReadBytesofOpenVPNClient.
TUN/TAP
Write(bytes)
N/A Itdisplaysthe TUN/TAPWriteBytesofOpenVPNClient.
TCP/UDP
Read(bytes)
N/A ItdisplaystheTCP/UDPReadBytesofOpenVPNClient.
TCP/UDP
Write(bytes)
N/A ItdisplaystheTCP/UDPWriteBytesofOpenVPNClient.
Connection
Conn.Time N/A Itdisplays the connectiontimeforthecorrespondingOpenVPNtunnel.
Conn.Status N/A ItdisplaystheconnectionstatusofthecorrespondingOpenVPNtunnel.
ThestatuscanbeConnected,orDisconnected.

M2MCellularGateway
245
L2TPClientStatus
LT2TPClientStatusshowstheconfigurationforestablishingLT2TPtunnelandcurrentconnectionstatus.
L2TPClientStatus
Item Valuesetting Description
ClientName N/A ItdisplaysNamefortheL2TPClientspecified.
Interface N/A ItdisplaystheWANinterfacewithwhichthegatewaywillusetorequest
PPTPtunnelingconnectiontothePPTPserver.
VirtualIP N/A ItdisplaystheIPaddressassignedbyVirtualIPserverofL2TPserver.
RemoteIP/FQDN N/A ItdisplaystheL2TPServer’sPublicIPaddress(theWANIPaddress)or
FQDN.
Default
Gateway/Remote
Subnet
N/A
ItdisplaysthespecifiedIPaddressofthegatewaydeviceusedtoconnectto
theinternettoconnecttotheL2TPserver–thedefaultgateway.Orother
specifiedsubnetifthedefaultgatewayisnotusedtoconnecttotheL2TP
server–theremotesubnet.
Conn.Time N/A ItdisplaystheconnectiontimefortheL2TPtunnel.
Status N/A ItdisplaystheStatusoftheVPNconnection.ThestatusdisplaysConnected,
Disconnect,andConnecting.
Edit N/A ClickonEditButtontochangeL2TPclientsetting,web‐basedutilitywilltake
youtotheL2TPclientpage.(Security>VPN>L2TPtab)

M2MCellularGateway
246
PPTPClientStatus
PPTPClientStatusshowstheconfigurationforestablishingPPTPtunnelandcurrentconnectionstatus.
PPTPClientStatus
Item Valuesetting Description
ClientName N/A ItdisplaysNameforthePPTPClientspecified.
Interface N/A ItdisplaystheWANinterfacewithwhichthegatewaywillusetorequest
PPTPtunnelingconnectiontothePPTPserver.
VirtualIP N/A ItdisplaystheIPaddressassignedbyVirtualIPserverofPPTPserver.
RemoteIP/FQDN N/A ItdisplaysthePPTPServer’sPublicIPaddress(theWANIPaddress)or
FQDN.
DefaultGateway/
RemoteSubnetN/A
ItdisplaysthespecifiedIPaddressofthegatewaydeviceusedtoconnectto
theinternettoconnecttothePPTPserver–thedefaultgateway.Orother
specifiedsubnetifthedefaultgatewayisnotusedtoconnecttothePPTP
server–theremotesubnet.
Conn.Time N/A ItdisplaystheconnectiontimeforthePPTPtunnel.
Status N/A ItdisplaystheStatusoftheVPNconnection.ThestatusdisplaysConnected,
Disconnect,andConnecting.
EditButton N/A ClickonEditButtontochangePPTPclientsetting,web‐basedutilitywill
takeyoutothePPTPserverpage.(Security>VPN>PPTPtab)
M2MCellularGateway
247
8.3.2FirewallStatus
GotoStatus>Security>FirewallStatusTab.
TheFirewallStatusprovidesuseraquickviewofthefirewallstatusandcurrentfirewallsettings.Italsokeeps
the log history of the dropped packets by the firewall rule policies, and includes the administrator remote
loginsettingsspecifiedintheFirewallOptions.
Byclickingtheicon[+],thestatustablewillbeexpandedtodisplayloghistory.Clicking the Editbuttonthe
screenwillbeswitchedtotheconfigurationpage.
PacketFilterStatus
PacketFilterStatus
Item Valuesetting Description
ActivatedFilter
Rule N/A ThisisthePacketFilterRulename.
Detected
Contents N/A
Thisistheloggedpacketinformation,includingthesourceIP,destinationIP,
protocol,anddestinationport–theTCPorUDP.
Stringformat:
SourceIPtoDestinationIP:DestinationProtocol(TCPorUDP)
IP N/A TheSourceIP(IPv4)oftheloggedpacket.
Time N/A TheDateandTimestampoftheloggedpacket.Date&timeformat.("Month"
"Day""Hours":"Minutes":"Seconds")
Note:EnsurePacketFilterLogAlertisenabled.
RefertoSecurity>Firewall>PacketFiltertab.CheckLogAlertandsavethesetting.
URLBlockingStatus
URLBlockingStatus
Item Valuesetting Description
Activated
BlockingRule N/A ThisistheURLBlockingRulename.
BlockedURL N/A Thisistheloggedpacketinformation.
M2MCellularGateway
248
IP N/A TheSourceIP(IPv4)oftheloggedpacket.
Time N/A TheDateandTimestampoftheloggedpacket.Date&timeformat.("Month"
"Day""Hours":"Minutes":"Seconds")
Note:EnsureURLBlockingLogAlertisenabled.
RefertoSecurity>Firewall>URLBlockingtab.CheckLogAlertandsavethesetting.
WebContentFilterStatus
WebContentFilterStatus
Item Valuesetting Description
ActivatedFilter
Rule N/A Loggedpacketoftherulename.Stringformat.
Detected
Contents N/A Loggedpacketofthefilterrule.Stringformat.
IP N/A LoggedpacketoftheSourceIP.IPv4format.
Time N/A LoggedpacketoftheDateTime.Datetimeformat("Month""Day"
"Hours":"Minutes":"Seconds")
Note:EnsureWebContentFilterLogAlertisenabled.
RefertoSecurity>Firewall>WebContentFiltertab.CheckLogAlertandsavethesetting.
M2MCellularGateway
249
MACControlStatus
MACControlStatus
Item Valuesetting Description
Activated
ControlRule N/A ThisistheMACControlRulename.
BlockedMAC
Addresses N/A ThisistheMACaddressoftheloggedpacket.
IP N/A TheSourceIP(IPv4)oftheloggedpacket.
Time N/A TheDateandTimestampoftheloggedpacket.Date&timeformat.("Month"
"Day""Hours":"Minutes":"Seconds")
Note:EnsureMACControlLogAlertisenabled.
RefertoSecurity>Firewall>MACControltab.CheckLogAlertandsavethesetting.
ApplicationFiltersStatus
ApplicationFiltersStatus
Item Valuesetting Description
FilteredApplication
Category N/A ThenameoftheApplicationCategorybeingblocked.
FilteredApplication
Name N/A ThenameoftheApplicationbeingblocked.
IP N/A TheSourceIP(IPv4)oftheloggedpacket.
Time N/A TheDateandTimestampoftheloggedpacket.Date&timeformat.("Month"
"Day""Hours":"Minutes":"Seconds")
Note:EnsureApplicationFilterLogAlertisenabled.
RefertoSecurity>Firewall>ApplicationFiltertab.CheckLogAlertandsavethesetting.

M2MCellularGateway
250
IPSStatus
IPSFirewallStatus
Item Valuesetting Description
Detected
Intrusion N/A Thisistheintrusiontypeofthepacketsbeingblocked.
IP N/A TheSourceIP(IPv4)oftheloggedpacket.
Time N/A TheDateandTimestampoftheloggedpacket.Date&timeformat.("Month""Day"
"Hours":"Minutes":"Seconds")
Note:EnsureIPSLogAlertisenabled.
RefertoSecurity>Firewall>IPStab.CheckLogAlertandsavethesetting.
FirewallOptionsStatus
FirewallOptionsStatus
Item Valuesetting Description
StealthMode N/A EnableorDisablesettingstatusofStealthModeonFirewallOptions.
StringFormat:DisableorEnable
SPI N/A EnableorDisablesettingstatusofSPIonFirewallOptions.
StringFormat:DisableorEnable
Discard Ping from
WAN N/A
EnableorDisablesettingstatusofDiscardPingfromWANonFirewall
Options.
StringFormat:DisableorEnable
Remote
Administrator
Management
N/A
EnableorDisablesettingstatusofRemoteAdministrator.
IfRemoteAdministratorisenabled,itshowsthecurrentlyloggedin
administratorssourceIPaddressandloginusernameandthelogintime.
Format:
IP:"SourceIP",UserName:"LoginUserName",Time:"Datetime"
Example:
IP:192.168.127.39,UserName:admin,Time:Mar301:34:13
Note:EnsureFirewallOptionsLogAlertisenabled.
RefertoSecurity>Firewall>Optionstab.CheckLogAlertandsavethesetting.

M2MCellularGateway
251
8.4Administration
8.4.1Configure&ManageStatus
GotoStatus>Administration>Configure&Managetab.
TheConfigure&ManageStatuswindowshowsthestatusformanagingremotenetworkdevices.Thetypeof
managementavailableinyourdeviceisdependedonthedevicemodelpurchased.Thecommonlyusedones
aretheSNMP,TR‐069,andUPnP.
SNMPLinkingStatus
SNMPLinkStatusscreenshowsthestatusofcurrentactiveSNMPconnections.
SNMPLinkStatus
Item Valuesetting Description
UserName N/A Itdisplaystheusernameforauthentication.ThisisonlyavailableforSNMP
version3.
IPAddress N/A ItdisplaystheIPaddressofSNMPmanager.
Port N/A ItdisplaystheportnumberusedtomaintainconnectionwiththeSNMP
manager.
Community N/A ItdisplaysthecommunityforSNMPversion1orversion2conly.
Auth.Mode N/A ItdisplaystheauthenticationmethodforSNMPversion3only.
PrivacyMode N/A Itdisplaystheprivacymodeforversion3only.
SNMPVersion N/A ItdisplaystheSNMPVersionemployed.
SNMPTrapInformation
SNMPTrapInformationscreenshowsthestatusofcurrentreceivedSNMPtraps.
SNMPTrapInformation
Item Valuesetting Description
TrapLevel N/AItdisplaysthetraplevel.
Time N/A Itdisplaysthetimestampoftrapevent.
TrapEvent N/A ItdisplaystheIPaddressofthetrapsenderandeventtype.
M2MCellularGateway
252
TR‐069Status
TR‐069StatusscreenshowsthecurrentconnectionstatuswiththeTR‐068server.
TR‐069Status
Item Valuesetting Description
LinkStatus N/A
ItdisplaysthecurrentconnectionstatuswiththeTR‐068server.Theconnection
statusiseitherOnwhenthedeviceisconnectedwiththeTR‐068serverorOff
whendisconnected.

M2MCellularGateway
253
8.5Statistics&Report
8.5.1ConnectionSession
GotoStatus>Statistics&Reports>ConnectionSessiontab.
InternetSurfingStatisticshowstheconnectiontracksonthisrouter.
InternetSurfingStatistic
Item Valuesetting Description
Previous N/A ClickthePreviousbutton;youwillseethepreviouspageoftracklist.
Next N/A ClicktheNextbutton;youwillseethenextpageoftracklist.
First N/A ClicktheFirstbutton;youwillseethefirstpageoftracklist.
Last N/A ClicktheLastbutton;youwillseethelastpageoftracklist.
Export(.xml)N/A ClicktheExport(.xml)buttontoexportthelisttoxmlfile.
Export(.csv) N/A ClicktheExport(.csv)buttontoexportthelisttocsvfile.
Refresh N/A ClicktheRefreshbuttontorefreshthelist.
M2MCellularGateway
254
8.5.2NetworkTraffic(notsupported)
Not supported feature for the purchased product, leave it as blank.
M2MCellularGateway
255
8.5.3DeviceAdministration
GotoStatus>Statistics&Reports>DeviceAdministrationtab.
DeviceAdministrationshowsthelogininformation.
DeviceManagerLoginStatistic
Item Valuesetting Description
Previous N/A ClickthePreviousbutton;youwillseethepreviouspageofloginstatistics.
Next N/A ClicktheNextbutton;youwillseethenextpageofloginstatistics.
First N/A ClicktheFirstbutton;youwillseethefirstpageofloginstatistics.
Last N/A ClicktheLastbutton;youwillseethelastpageofloginstatistics.
Export(.xml)N/A ClicktheExport(.xml)buttontoexporttheloginstatisticstoxmlfile.
Export(.csv) N/A ClicktheExport(.csv)buttontoexporttheloginstatisticstocsvfile.
Refresh N/A ClicktheRefreshbuttontorefreshtheloginstatistics.

M2MCellularGateway
256
8.5.4CellularUsage
GotoStatus>Statistics&Reports>CellularUsagetab.
Cellular Usage screenshowsdata usagestatisticsfortheselectedcellularinterface.Thecellulardatausage
canbeaccumulatedperhourorperday.

M2MCellularGateway
257
AppendixAGPLWRITTENOFFER
This product incorporates open source software components covered by the terms of third party copyright notices
and license agreements contained below.
GPSBabel
Version 1.4.4
Copyright (C) 2002-2005 Robert Lipe<robertlipe@usa.net>
GPL License: https://www.gpsbabel.org/
Curl
Version 7.19.6
Copyright (c) 1996-2009, Daniel Stenberg, <daniel@haxx.se>.
MIT/X derivate License: https://curl.haxx.se/
OpenSSL
Version 1.0.2c
Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
GPL License: https://www.openssl.org/
brctl - ethernet bridge administration
Stephen Hemminger <shemminger@osdl.org>
Lennert Buytenhek <buytenh@gnu.org>
version 1.1
GNU GENERAL PUBLIC LICENSE Version 2, June 1991
tc - show / manipulate traffic control settings
Stephen Hemminger<shemminger@osdl.org>
Alexey Kuznetsov<kuznet@ms2.inr.ac.ru>
version iproute2-ss050330
GNU GENERAL PUBLIC LICENSE Version 2, June 1991
dhcp-fwd — starts the DHCP forwarding agent
Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
version 0.7
GNU GENERAL PUBLIC LICENSE Version 2, June 1991
lftp - Sophisticated file transfer program
Alexander V. Lukyanov <lav@yars.free.net>
version:4.5.x
Copyright (c) 1996-2014 by Alexander V. Lukyanov (lav@yars.free.net)
dnsmasq - A lightweight DHCP and caching DNS server.
Simon Kelley <simon@thekelleys.org.uk>
version:2.72
dnsmasq is Copyright (c) 2000-2014 Simon Kelley
M2MCellularGateway
258
socat - Multipurpose relay
Version: 2.0.0-b8
GPLv2
http://www.dest-unreach.org/socat/
LibModbus
Version: 3.0.3
LGPL v2
http://libmodbus.org/news/
LibIEC60870
GPLv2
Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-
1307 USA
https://sourceforge.net/projects/mrts/
Openswan
Version: v2.6.38 GNU GENERAL PUBLIC LICENSE Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-
1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
https://www.openswan.org/
Opennhrp
Version: v0.14.1
OpenNHRP is an NHRP implementation for Linux. It has most of the RFC2332
and Cisco IOS extensions.
Project homepage: http://sourceforge.net/projects/opennhrp
Git repository: git://opennhrp.git.sourceforge.net/gitroot/opennhrp
LICENSE
OpenNHRP is licensed under the MIT License. See MIT-LICENSE.txt for
additional details.
OpenNHRP embeds libev. libev is dual licensed with 2-clause BSD and
GPLv2+ licenses. See libev/LICENSE for additional details.
OpenNHRP links to c-ares. c-ares is licensed under the MIT License.
https://sourceforge.net/projects/opennhrp/
IPSec-tools
Ve r sio n: v0 .8
No GPL be written
http://ipsec-tools.sourceforge.net/
PPTP
Version: pptp-1.7.1
GNU GENERAL PUBLIC LICENSE Version 2, June 1991
M2MCellularGateway
259
Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
http://pptpclient.sourceforge.net/
PPTPServ
Version: 1.3.4
GNU GENERAL PUBLIC LICENSE Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed. http://poptop.sourceforge.net/
L2TP
Version: 0.4
Copying All software included in this package is Copyright 2002 Roaring
Penguin Software Inc. You may distribute it under the terms of the
GNU General Public License (the "GPL"), Version 2, or (at your option)
any later version.
http://www.roaringpenguin.com/
L2TPServ
Version: v 1.3.1 GNU GENERAL PUBLIC LICENSEVersion 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.59 Temple Place, Suite 330, Boston, MA 02111-
1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
http://www.xelerance.com/software/xl2tpd/
Mpstat: from sysstat, system performance tools for Linux
Version: 10.1.6
Copyright: (C) 1999-2013 by Sebastien Godard (sysstat <at> orange.fr)
SSHD: dropbear, a SSH2 server
Version: 0.53.1
Copyright: (c) 2002-2008 Matt Johnston
Libncurses: The ncurses (new curses) library is a free software emulation of curses in System V Release 4.0
(SVr4), and more.
Version: 5.9
Copyright: (c) 1998,2000,2004,2005,2006,2008,2011,2015 Free Software Foundation, Inc., 51 Franklin Street,
Boston, MA 02110-1301, USA
MiniUPnP: The miniUPnP daemon is an UPnP IGD (internet gateway device) which provide NAT traversal
services to any UPnP enabled client on the network.
Version: 1.7
Copyright: (c) 2006-2011, Thomas BERNARD
M2MCellularGateway
260
CoovaChilli is an open-source software access controller for captive portal (UAM) and 802.1X access
provisioning.
Version: 1.3.0
Copyright: (C) 2007-2012 David Bird (Coova Technologies) <support@coova.com>
Krb5: Kerberos is a network authentication protocol. It is designed to provide strong authentication for
client/server applications by using secret-key cryptography.
Version: 1.11.3
Copyright: (C) 1985-2013 by the Massachusetts Institute of Technology and its contributors
OpenLDAP: a suite of the Lightweight Directory Access Protocol (v3) servers, clients, utilities, and
development tools.
Version: 2.4
Copyright: 1998-2014 The OpenLDAP Foundation
Samba3311: the free SMB and CIFS client and server for UNIX and other operating systems
Version: 3.3.11
Copyright: (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
NTPClient: an NTP (RFC-1305, RFC-4330) client for unix-alike computers
Version: 2007_365
Copyright: 1997, 1999, 2000, 2003, 2006, 2007 Larry Doolittle
exFAT: FUSE-based exFAT implementation
Version: 0.9.8
Copyright: (C) 2010-2012 Andrew Nayenko
ONTFS_3G: The NTFS-3G driver is an open source, freely available read/write NTFS driver for Linux,
FreeBSD, Mac OS X, NetBSD, Solaris and Haiku.
Version: 2009.4.4
Copyright: (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-
1301 USA
mysql-5_1_72: a release of MySQL, a dual-license SQL database server
Version: 5.1.72
Copyright: (c) 2000, 2013, Oracle and/or its affiliates
FreeRadius: a high performance and highly configurable RADIUS server
Version: 2.1.12
Copyright: (C) 1999-2011 The FreeRADIUS server project and contributors
Linux IPv6 Router Advertisement Daemon – radvd
Version: V 1.15
Copyright (c) 1996,1997 by Lars Fenneberg<lf@elemental.net>
BSD License: http://www.litech.org/radvd/
WIDE-DHCPv6
Dynamic Host Configuration Protocol for IPv6 (DHCPv6) clients, servers, and relay agents.
M2MCellularGateway
261
Version: 20080615
Copyright (C) 1998-2004 WIDE Project.
BSD License: https://sourceforge.net/projects/wide-dhcpv6/
Federal Communication Commission Interference Statement
This device complies with Part 15 of the FCC Rules. Operation is subject to
the following two conditions: (1) This device may not cause harmful
interference, and (2) this device must accept any interference received,
including interference that may cause undesired operation.
This equipment has been tested and found to comply with the limits for a
Class B digital device, pursuant to Part 15 of the FCC Rules. These limits
are designed to provide reasonable protection against harmful interference in a
residential installation. This equipment generates, uses and can radiate radio
frequency energy and, if not installed and used in accordance with the
instructions, may cause harmful interference to radio communications.
However, there is no guarantee that interference will not occur in a particular
installation. If this equipment does cause harmful interference to radio or
television reception, which can be determined by turning the equipment off
and on, the user is encouraged to try to correct the interference by one of the
following measures:
- Reorient or relocate the receiving antenna.
- Increase the separation between the equipment and receiver.
- Connect the equipment into an outlet on a circuit different from that
to which the receiver is connected.
- Consult the dealer or an experienced radio/TV technician for help.
FCC Caution: Any changes or modifications not expressly approved by the
party responsible for compliance could void the user's authority to operate this
equipment.
This transmitter must not be co-located or operating in conjunction with any
other antenna or transmitter.
FOR MOBILE DEVICE USAGE (>20cm/low power)
Radiation Exposure Statement:
This equipment complies with FCC radiation exposure limits set forth for an
uncontrolled environment. This equipment should be installed and operated
with minimum distance 20cm between the radiator & your body.
M2MCellularGateway
262

Navigation menu