Grandstream Networks GWN7000, User Manual

Page 1: ...Grandstream Networks Inc GWN7000 Enterprise Multi WAN Gigabit VPN Router User Manual ...

Page 2: ...ww grandstream com support Grandstream is a registered trademark and Grandstream logo is trademark of Grandstream Networks Inc in the United States Europe and other countries OPEN SOURCE LICENSES GWN7000 firmware contains third party open source software Grandstream Open source licenses can be downloaded from Grandstream web site from here CAUTION Changes or modifications to this product not expre...

Page 3: ...75 15 Firmware Version 1 0 2 71 15 WELCOME 16 PRODUCT OVERVIEW 17 Technical Specifications 17 INSTALLATION 19 Equipment Packaging 19 Connect your GWN7000 19 Safety Compliances 20 Warranty 20 GETTING STARTED 21 LED Indicators 21 Use the WEB GUI 21 Access WEB GUI 21 WEB GUI Languages 24 WEB GUI Configuration 24 Overview Page 25 Save and Apply Changes 27 ROUTER CONFIGURATION 28 Status 28 Router Confi...

Page 4: ...3 DPI 44 ROUTING 46 Static Routes 46 Policy Routing 48 Feature Overview 48 Creating Configuring Routing Policies 48 Using Routing Policies 50 SETTING UP A WIRELESS NETWORK 54 Discover and Pair GWN76xx Access Points 54 Access Point Location 57 Client Bridge 57 Transfer AP 58 SSIDs 58 Mesh Network 63 Upgrading Access Points 66 Single Access Point upgrade 66 Sequential Upgrade 66 CLIENTS CONFIGURATIO...

Page 5: ...e Self Issued Certificate Authority CA 74 Generate Server Client Certificates 77 Create OpenVPN Server 84 OpenVPN Client configuration 88 L2TP IPSEC Configuration 92 GWN7000 L2TP IPSec Client Configuration 92 PPTP CONFIGURATION 95 GWN7000 Client Configuration 95 GWN7000 PPTP Server Configuration 97 IPSec VPN Tunnel 100 Overview 100 Configuring GWN7000 IPSec Tunnel 101 FIREWALL 108 Basic Settings 1...

Page 6: ...s 122 Post Authentication Rules 122 Files 123 Clients 124 VOUCHER 125 Voucher Feature Description 125 Voucher Configuration 125 Using Voucher with GWN captive portal 127 BANDWIDTH RULES 129 WEBSITE BLOCKING 131 Create Blackhole Policy 131 Assign Blackhole Policy to Network Groups 132 Assign Blackhole Policy to Clients 133 MAINTENANCE AND TROUBLESHOOTING 136 Maintenance 136 Basic 136 Upgrade 136 Ac...

Page 7: ... Table 143 Email Notification 144 Schedule 145 LED 147 File Sharing 148 SNMP 150 User Manager 152 UPGRADING AND PROVISIONING 153 Upgrading Firmware 153 Upgrading via WEB GUI 153 Provisioning and backup 154 Download Configuration 154 Configuration Server 154 Reset and Reboot 154 EXPERIENCING THE GWN7000 ENTERPRISE ROUTER 155 ...

Page 8: ...Table 16 QoS Policy Manager acc 42 Table 17 DPI Settings 45 Table 18 IPv4 Static Routes 46 Table 19 IPv6 Static Routes 47 Table 20 Create Policy Members 49 Table 21 Device Configuration 55 Table 22 Wi Fi 59 Table 23 Wi Fi 65 Table 24 Time Policy Parameters 73 Table 25 CA Certificate 75 Table 26 Server Certificate 78 Table 27 Client Certificate 82 Table 28 OpenVPN Server 85 Table 29 OpenVPN Client ...

Page 9: ...intenance Basic 136 Table 46 Maintenance Upgrade 136 Table 47 Maintenance Access 137 Table 48 Maintenance Syslog 137 Table 49 Debug Capture 140 Table 50 Email Setting 144 Table 51 Email Events 145 Table 52 LEDs 147 Table 53 Add a New File to Share 149 Table 54 SNMP Basic Page 150 Table 55 SNMP Advanced Page 151 Table 56 VPN User Parameters 152 Table 57 Network Upgrade Configuration 153 ...

Page 10: ...gure 16 QoS 38 Figure 17 DPI Status 45 Figure 18 Routes 47 Figure 19 Create a New Member 49 Figure 20 Create New Routing Policy 50 Figure 21 Members list 51 Figure 22 Policies List 51 Figure 23 LAN Routing Policy 52 Figure 24 Configuring Firewall Rule using Route Policy 53 Figure 25 Discover AP 54 Figure 26 Discovered Devices 55 Figure 27 GWN7610 online 55 Figure 28 Locating Access Points 57 Figur...

Page 11: ...95 Figure 59 PPTP Client Configuration 96 Figure 60 PPTP Client 97 Figure 61 PPTP Server Configuration 98 Figure 62 Branch Office IPSec Phase 1 Configuration 103 Figure 63 Branch Router IPSec Phase 2 Configuration 105 Figure 64 HQ Router IPSec Phase 2 Configuration 106 Figure 65 Basic General Settings 108 Figure 66 Port Forward 109 Figure 67 DMZ 110 Figure 68 INPUT Rule Sample 112 Figure 69 Output...

Page 12: ...iguration 135 Figure 86 Logserver Configuration 139 Figure 87 Capture Files 140 Figure 88 IP Ping 141 Figure 89 Traceroute 142 Figure 90 Syslog 143 Figure 91 Connection Table 144 Figure 92 Create New Schedule 146 Figure 93 Schedules List 147 Figure 94 LED Scheduling Sample 148 Figure 95 Add a New File to Share 149 Figure 96 File Share Actions 149 Figure 97 Access File Share 150 ...

Page 13: ...dministrators Please visit http www grandstream com support to download the latest GWN7000 User Manual This guide covers following topics Product Overview Installation Getting Started Router Configuration Routing Setting up a Wireless Network Clients Configuration VPN Firewall Captive Portal Voucher Bandwidth Rules Website Blocking Maintenance and Troubleshooting Upgrading and Provisioning Experie...

Page 14: ... support for Transfer AP Transfer AP Added support for new methods of authentication in captive portal CAPTIVE PORTAL Added support for post pre authentication rules on captive portal Pre Authentication Rules Post Authentication Rules Added option to select from which interface issue the ping traceroute utilities Ping Traceroute Added option to notify admin if the wan port is down WAN UP Down Noti...

Page 15: ... Web WAN Access Web HTTP Access Web HTTPS Port Added support for E mail notifications Email Notification Firmware Version 1 0 2 75 Added support for Captive Portal CAPTIVE PORTAL Added support for Bandwidth Rules BANDWIDTH RULES Added support for Select Band per SSID SSID Band Added support for selectively enable 802 11b g n Mode Added option to enable disable support for 802 11b devices Allow Leg...

Page 16: ...er office connectivity To maximize network reliability the GWN7000 supports traffic load balancing and failover The GWN7000 features an integrated controller and automated provisioning master that can setup and manage up to 300 in network GWN series Wi Fi Access Points This can be easily operated through the product s intuitive web browser user interface which also offers a central panel to monito...

Page 17: ...gging Auxiliary Ports 2 x USB 3 0 ports 1 x Reset Pinhole Routing Performance Up to 1 million packets second with 64 byte packet size USB Printer sharing File sharing Network Protocols IPv4 IPv6 802 1Q 802 1p VPN Protocols PPTP L2TP IPSec OpenVPN Client Server or pass through LED 8 green color LEDs for device tracking and status indication Mounting Indoor wall mount Desktop QoS VLAN ToS supports m...

Page 18: ...nsumption 16W Environmental Operation 0 C to 50 C Storage 10 C to 60 C Humidity 10 to 90 Non condensing Physical Unit Dimensions 200 x 136 x 37mm Unit Weight 570g Entire Package Dimensions 324 x 163 5 x 54mm Entire Package Weight 930g Package Content GWN7000 Enterprise Router 12V 2A Power Adapter Quick Installation Guide GPL License Compliance FCC CE RCM IC ...

Page 19: ...y powered up and connected to the network This section describes detailed information on installation connection and warranty policy of the GWN7000 Equipment Packaging Table 2 GWN7000 Equipment Packaging Main Case Yes 1 Power adaptor Yes 1 Quick Installation Guide Yes 1 GPL License Yes 1 Connect your GWN7000 Figure 1 GWN7000 Front View ...

Page 20: ...ociated LED ports will flash in green 6 Optional Connect LAN port s to your LAN including GWN76XX access points and other devices the associated LED port s will flash in green Safety Compliances The GWN7000 Enterprise Router complies with FCC CE and various safety standards The GWN7000 power adapter is compliant with the UL standard Use the universal power adapter provided with the GWN7000 package...

Page 21: ...ators LED Status Indication POWER OFF GWN7000 is powered off or abnormal power supply Solid green GWN7000 is powered on correctly WAN 1 2 Flashing green GWN7000 is connected as a client to another network and data is transferring Solid green GWN7000 is connected as a client to another network and there is no activity LAN 1 2 3 4 5 Flashing green A device is connected to the corresponding LAN port ...

Page 22: ...t https 192 168 1 1 Default IP address 4 Enter the administrator s login and password to access the Web Configuration Menu The default administrator s username and password are admin and admin Note At first boot or after factory reset users will be asked to change the default administrator and user passwords before accessing GWN7000 web interface The password field is case sensitive with a maximum...

Page 23: ... 4 Change Password on first boot At first login a Setup Wizard tool will pop up to help going through the configuration setup or exit to configure manually Setup Wizard can be accessed anytime by clicking on while on the web interface Figure 5 Setup Wizard ...

Page 24: ...s to configure and manage the router and check connection status Overview Provides an overall view of the GWN7000 s information presented in a Dashboard style for easy monitoring Router Displays device s status and used to configure ports settings such as IP configuration for WAN ports load balancing failover static routes switch port mirroring QoS and DDNS Routing Gives the admin the possibility ...

Page 25: ...going traffic Captive Portal Configuration settings for the captive portal feature Bandwidth Rules Configures the bandwidths rules that allows users to limit bandwidth utilization per SSID or client MAC address or IP address System Settings For Maintenance and debugging features as well as generating certificates and file sharing Overview Page Overview is the first page shown after successful logi...

Page 26: ...age combining upload and download Click on to go to Access Points page for basic and advanced configuration options for the APs Top SSID Shows the Top SSIDs list assort the list by number of clients connected to each SSID or data usage combining upload and download Click on to go to SSID page for more options Top Clients Shows the Top Clients list assort the list of clients by their upload or down...

Page 27: ...after configuring or changing any option on the web GUI pages A message mentioning the number of changes will appear on the upper menu Figure 9 Apply Changes Click on button to apply changes or to undo the changes The router will reload all necessary services in order to for the changes to take effect ...

Page 28: ...ss Part Number Firmware related information and Uptime for the GWN7000 and WAN Status showing general information about WAN Ports such as uptime current throughput aggregate usage and IP address and also the application traffic Router s Status page can be accessed from Web GUI Router Status Figure 10 Router s Status Note Once DPI is enabled under Router feature Users will be able to see their appl...

Page 29: ... acquire an IPv4 address automatically from the DHCP server Static When selected the user should set a static IPv4 address IPv4 Subnet Mask IPv4 Gateway and adding Additional IPv4 Addresses as well to communicate with the web interface SSH or other services running on the device PPPoE When selected the user should set the PPPoE account and password PPPoE Keep alive interval and Inter Key Timeout i...

Page 30: ...dress If Preferred DNS is set GWN7000 will use it in priority Alternate IPv6 DNS This option appears only when Native IPv6 option is enabled It is used to set an Alternate DNS server address IPv6 address If Preferred DNS is set GWN7000 will use it in when the Preferred DNS fails IPv6 Relay to LAN This option appears only when Native IPv6 option is enabled When enabled the GWN7000 will relay IPv6 a...

Page 31: ...Table 7 6In4 Tunnels WAN Interface Choose the WAN port on which to setup the 6in4 tunnel MTU Set the Maximum Transmission Unit value The valid range is 64 9000 Default value is 1500 6in4 IPv4 Peer Address Enter the IPv4 tunnel endpoint at the tunnel s provider 6in4 Tunnel Endpoint IPv6 Address Enter the local IPv6 address delegated to the tunnel endpoint Example 2001 db8 2222 2 64 6in4 Routed Pref...

Page 32: ...erface Specifies the WAN interface to bind the tunnel to Name Set a name for the tunnel connection Enabled Enabled Disable the tunnel connection GRE Peer IP Address Specifies the tunnel destination address public IP GRE Tunnel IP Address Specify the local GRE tunnel interface ex 10 1 1 2 GRE Tunnel Netmask Set the Tunnel interface netmask ex 255 255 255 0 MTU Configures the maximum transmission un...

Page 33: ...e Policy Routing section MAC Override Address This option is used to override the MAC address of the GWN7000 Router MAC Address octets in hex are separated by in English input condition The characters here must be lowercase Note Reboot the router to take effect Switch Configuration LAN GWN7000 supports creating up to 16 different LAN groups separated as VLANs with the possibility to add and pair G...

Page 34: ...nabled Check to activate the newly created LAN group Routing Policy Select which routing to use for this LAN network See Policy Routing section for more details Destination If enabled choose which groups you want to forward if not you can manually configure the forward rules under firewall settings LAN Membership Configure the LAN port membership If choose lan1 NET Port please make sure you have e...

Page 35: ...12h DHCP Options Set the DHCP options Click on to add another option and to delete an option Example 44 192 168 2 50 for DHCP option 44 and 192 168 2 50 is the WINS server s address Please refer to the following link for DHCP options syntax https wiki openwrt org doc howto dhcp dnsmasq DHCP Gateway Defines the IP address of the DHCP gateway DHCP Preferred DNS Set the preferred DNS Servers via DHCP...

Page 36: ...CP Binding 4 Press Save and Apply to submit the changes Figure 14 Static DHCP Devices List Switch Under switch configuration menu admin users can enable port mirroring and the GWN7000 will send a copy of all network packets seen on one LAN port to another port where the packet can be analyzed Refer to the below table for the available fields to configure Also users can have flexibility in configur...

Page 37: ...ect which LAN port that will act as mirrored port Default is Disabled Use Custom Port Mapping Use this option in order to enable VLAN tagging on the ports or disable it or block the port from participating in the selected VLAN click on button to change the settings Three options are available for each port Tagged the port will participate on the VLAN and will tag the outgoing frames with the 802 1...

Page 38: ...forms better per packet per flow network scheduling reduces the buffer bloat and keeps latency at acceptable levels The users can from this menu select which QoS mode to use on each WAN interface either ACC SQM or Legacy QoS Legacy QoS Legacy QoS allows creating Traffic Classes to prioritize traffic for specific resources on the network by controlling transmission upload rate Note that different c...

Page 39: ...ral Settings Up Down Stream QoS Enabled Check to enable upstream and downstream bandwidth speeds for the selected WAN interface Upstream Set the Upstream value to specify the upload bandwidth for selected interface the value should end with Mbit Note that the set value will affect and limit the bandwidth values on created classes on QoS Upstream Examples 500Mbit 100Kbit Downstream Set the Downstre...

Page 40: ... type for the WAN connection This can be used to compensate for the link layer overhead of certain types of WAN connections None default Ethernet should be selected for VDSL connections ATM should be selected for ADSL connections Overhead If the link layer is set to something other than none then the link layer overhead setting can be used to specify how many bytes of overhead there are Defaults a...

Page 41: ...et the priority of the traffic class the lower the value the highest the priority Valid range is between 1 and 64 Interface Select the WAN interface from which the traffic will be classified make sure to enable the desired interface it from in order to appear Upstream Set Upstream bandwidth value The value should end with Mbit Kbit Note that the sum of created classes should have upstream bandwidt...

Page 42: ... policer rule will be applied IP Destination Address Specify the Destination IP address to which the policer rule will be applied TCP Source Port Specify the TCP Source port from which the policer rule will be applied TCP Destination Port Specify the TCP Source port to which the policer rule will be applied UDP Source Port Specify the UDP Source port from which the policer rule will be applied UDP...

Page 43: ...he protocol for the traffic rule TCP UDP TCP UDP or ICMP Src IP Set the source IP of the traffic to be matched Src Port Set the source port number of the traffic to be matched Dest IP Set the destination IP of the traffic to be matched Dest Port Set the destination port number of the traffic to be matched Min Pkt Size Configures the minimum packet size of the traffic that will be matched Max Pkt S...

Page 44: ...ld 5 Optional For advanced configuration it is also possible log to Syslog and modify the values of refreshing fields so to check periodically the updated IP address DPI DPI stands for Deep Packet Inspection which is an option that allows the GWN7000 to analyze the core of the packet to collect and report information at the Application layer such as traffic volume of an application used by the hos...

Page 45: ...tion settings Table 17 DPI Settings Enable Application Tracking Enables the application tracking By default it s disabled Interface Select the interface on which the application tracking will be performed By default it s WAN Port 1 Note A reboot is required after enabling Depp packet inspection in order for the feature to take effect ...

Page 46: ...add a new static route click on To edit a static route click on To delete a static route click on Refer to the following tables when editing or creating IPv4 IPv6 static routes Table 18 IPv4 Static Routes Name Enter the Name of the static route to be configured Enabled Select whether to enable or disable this static route Interface Choose the LAN network or WAN port which will be using this static...

Page 47: ...twork or WAN port which will be using this static route Target Network Host Enter the Network Host IP address on which to route the traffic to 2001 db8 3c4d 4 64 NextHop Enter the Gateway s IP address fec0 470 28 5b2 1 64 Metric Set the metric value The valid range is 0 255 Default value is 1 To check the routing table of the router go under the Routes tab which displays all routes learned by the ...

Page 48: ...d with a specific iptables rule is marked to be used with a Policy The policy contains a list of members that can be used by the policy These members point to a specific interface and define a metric or weight assigned to them which can be used for determining load balancing and failover behavior The interface can be any outgoing interface WAN or VPN and must be assigned a metric The router then h...

Page 49: ...oad balancing is used this will indicate how much traffic will be routed via this member through the specified interface Default value is 1 Note By default GWN7000 router will generate automatically members for each created configured WAN interface and VPN client tunnel interface After this users need to create policies which lists the members that will be used by each policy from the menu Routing...

Page 50: ...will automatically generate a routing policy in order to allow traffic from the LAN or VPN network to via the select wan interface Along the automatically created routing policy the GWN7000 router will create the corresponding firewall rule which will allow for traffic to pass from the LAN subnet to the WAN ports while respecting the created policy users can check these rules under the menu Firewa...

Page 51: ...ter will distribute the data traffic over the two WAN ports Next the we will see that the router will have already created automatically the load balancing policy and WAN3 only auto policy under Policy tab as shown on the following figure Figure 22 Policies List The next step would be to assign the routing policy in order to send normal data traffic in a load balanced way over wan1 and wan2 and se...

Page 52: ...is will generate the firewall forward rule automatically to allow traffic to pass from LAN to WAN while respecting the load balance policy For the VoIP traffic and in order to route it via the WAN3 users need to go under Firewall Traffic Rules Forward and add a new rule as follow ...

Page 53: ... a g e 53 GWN7000 User Manual Version 1 0 6 28 Figure 24 Configuring Firewall Rule using Route Policy This way the VoIP traffic which uses the TCP or UDP ports 5060 through 5068 will be routed over WAN3 ...

Page 54: ...ss points create and manage Wi Fi Networks For more details about Grandstream GWN76xx Access points refer to http www grandstream com products networking solutions wifi access points Discover and Pair GWN76xx Access Points The GWN76xx are powerful access points which are fully compatible with the GWN7000 and can be added with one click provisioned and managed in an easy and intuitive way Once a GW...

Page 55: ...configuration on selected units 6 Click on to configure client bridge on the selected access point For more details about the client bridge feature please refer to Client Bridge Refer to below table for Device Configuration tabs Table 21 Device Configuration Status Shows the device s status information such as Firmware version IP Address Link Speed Uptime and Users count via different Radio channe...

Page 56: ...nel Width note that wide channel will give better speed throughput and narrow channel will have less interference 20Mhz is suggested in very high density environment 40MHz Channel Location Configure the 40MHz channel location when using 20MHz 40MHz in Channel Width it can be set it to be Secondary Below Primary Primary Below Secondary or Auto Channel Select Auto or a specific channel Default is Au...

Page 57: ... 28 Locating Access Points Note If a GWN76xx is not being paired or the pair icon is grey color make sure that it is not being paired with another GWN7000 Router or GWN Cloud or GWN76xx Access Point acting as Master Controller if yes it needs to be unpaired first or reset to factory default settings to make it available for pairing or delete it from GWN Cloud paired Access Points if the unit is pa...

Page 58: ...e Support Transfer AP Users can easily transfer the AP from local master to the Cloud based Controller account by clicking on When you already have Network WIFI configurations on your cloud account using this feature will let you choose existing Network SSID to adopt your local AP Note Local configurations will not be transferred For more details please refer to GWN Cloud User Guide SSIDs When usi...

Page 59: ...ions Table 22 Wi Fi Field Description Enable SSID Check to enable Wi Fi for the SSID SSID Set or modify the SSID name SSID Band Select the Wi Fi band the GWN will use three options are available Dual Band 2 4GHz 5Ghz SSID Hidden Select to hide SSID SSID will not be visible when scanning for Wi Fi to connect a device to hidden SSID users need to specify SSID name and authentication password manuall...

Page 60: ...t Using a static WEP key The characters can only be 0 9 or A F with a length of 26 or printable ASCII characters with a length of 13 WPA WPA2 Using PSK or 802 1x as WPA Key Mode with AES or AES TKIP Encryption Type WPA2 Using PSK or 802 1x as WPA Key Mode with AES or AES TKIP Encryption Type Recommended configuration for authentication Open No password is required Users will be connected without a...

Page 61: ...ecret password for client authentication with RADIUS accounting server Client Time Policy Select a time policy to be applied to all clients connected to this SSID Use MAC Filtering Choose Blacklist Whitelist to specify MAC addresses to be excluded included from connecting to the zone s Wi Fi Default is Disabled Client Isolation Client isolation feature blocks any TCP IP connection between connecte...

Page 62: ...tandard helps clients to speed up the search for nearby APs that are available as roaming targets by creating an optimized list of channels When the signal strength of the current AP weakens your device will scan for target APs from this list When your client device roams from one AP to another on the same network 802 11r uses a feature called Fast Basic Service Set Transition FT to authenticate m...

Page 63: ... channel based on several factors and choose one or multiple appropriate APs to setup connection In a mesh network access points are categorized to two types CAP Central Access Point this is an access point that has an uplink connection to the wired network RE Range Extender This is an access point that participate on the mesh network topology and has a wireless uplink connection to the central ne...

Page 64: ...t subnet RE may be wirelessly connected to those networks and cannot be discovered and paired by your Master Therefore it is recommended to use the first method of wired pairing and then deploy those REs 3 After that all slave access points have been deployed and paired to the master you can directly manage them to operate the mesh network Mesh service configuration is the same as transitional GWN...

Page 65: ... available Mesh neighbors Mesh Enabled on 2 4G Radio Interface If checked Mesh will work on 2 4GHz band Mesh Enabled on 5G If checked Mesh will work on 5GHz band Wireless cascades Define how many AP can be cascaded wirelessly with the AP The minimum value is 1 and maximum value is 4 For more detailed information about GWN Mesh network feature you may refer to the following technical document Mesh ...

Page 66: ...g all access points at once which will result in all the devices downloading the firmware at the same time and consuming bandwidth or making sequential upgrade which is the recommended option described below Sequential Upgrade If you choose multiple slave devices to upgrade their firmware two options are available All at Once and Sequential All at Once will use the default method all checked slave...

Page 67: ...WN7000 User Manual Version 1 0 6 28 Figure 36 All at Once and Sequential Upgrade Once you choose sequential upgrade the following icon will update you about the number of upgraded slaves out of the selected slaves ...

Page 68: ...s to wired and wireless clients GWN7000 Enterprise Router with its DHCP server enabled on LAN ports level will assign automatically an IP address to the devices connected to its LAN ports like a computer or GWN76xx access points and to wireless clients connected to paired GWN76xx access points Figure 37 Clients Click on under Actions to check a client s status and modify its configuration Click on...

Page 69: ...AC address IP address which Network group does it belong to and to which access point if it is a wireless client as well as Throughput and Aggregate usage Figure 38 Client s Status Edit IP and Name Configuration tab allowing to set a name for a client and set a static IP Figure 39 Client s Configuration ...

Page 70: ...add new item Note Bandwidth rules apply for wireless clients ONLY The following figure shows the settings Figure 40 Client Bandwidth Rules Block a Client To block a client click on under actions this will add automatically the blocked client to Banned Client MAC list under Router Port Global Settings Figure 41 Block a Client To unban a client go to Router Clients Client Access The banned client wi...

Page 71: ...acklist Figure 44 Managing the Global Blacklist A second option is to add custom access lists that will be used as matching mechanism for MAC address filtering option under SSIDs to allow whitelist or disallow blacklist clients access to the WiFi network Click on in order to create new access list then fill it with all MAC addresses to be matched and assign to it a schedule Once this is done this ...

Page 72: ...cess point after which the client will no longer be allowed to connect for a user configurable cool down period The configuration is based on a policy where the administrator can set the amount of time for which clients are allowed to connect to the WiFi and reconnect type and value after which they will be allowed to connect back after they have been disconnected In order to create a new policy g...

Page 73: ...before reconnecting Reset Day If Reset Weekly is selected this is the day the reset will be applied Reset Hour If Reset Weekly or Reset Daily is select this is the hour and day the reset will be applied Note Time tracking shall be accounted for on a per policy basis such that a client connected to any SSID assigned the time tracking policy will accrue a common counter regardless of which SSID they...

Page 74: ...ents certificates GWN7000 certificates can be managed from WebGUI System Settings Cert Manager Generate Self Issued Certificate Authority CA A certificate authority CA is a trusted entity that issues electronic documents that verify a digital entity s identity on the Internet The electronic documents a k a digital certificates are an essential part of secure communication and play an important par...

Page 75: ...mmon Name Enter the common name for the CA It could be any name to identify this certificate Example CATest Key Length Choose the key length for generating the CA certificate Following values are available 1024 1024 bit keys are no longer sufficient to protect against attacks 2048 2048 bit keys are a good minimum Recommended ...

Page 76: ...is a one way function it cannot be decrypted back Lifetime days Enter the validity date for the CA certificate in days In our example set to 120 Country Code Select a country code from the dropdown list Example MA State or Province Enter a state name or province Example Casablanca City Enter a city name Example Casablanca Organization Enter the organization name Example GS Organization Unit Enter ...

Page 77: ...ation between clients and GWN7000 acting as an OpenVPN server Creating Server Certificate To create server certificate follow below steps 1 Navigate to System Settings Cert Manager Certificates 2 Click on button A popup window will appear Refer to below figure showing an example of configuration and below table showing all available options with their respective description ...

Page 78: ...ates Table 26 Server Certificate Field Description Common Name Enter the common name for the server certificate It could be any name to identify this certificate Example ServerCertificate CA Certificate Select CA certificate previously generated from the drop down list Example CATest ...

Page 79: ...s and CPU usage for TLS operations Digest Algorithm Choose the digest algorithm SHA1 This digest algorithm provides a 160 bit fingerprint output based on arbitrary length input SHA 256 This digest algorithm generates an almost unique fixed size 256 bit 32 byte hash Hash is a one way function it cannot be decrypted back Lifetime days Enter the validity date for the server certificate in days In our...

Page 80: ... Notes The server certificates crt and key will be used by the GWN7000 when acting as a server The server certificates crt and key can be exported and used on another OpenVPN server Creating Client Certificate To create client certificate follow below steps 1 Create Users a Navigate to System Settings User Manager b Click on button The following window will pop up Figure 51 User Management c Enter...

Page 81: ...le this option to configure the remote subnet reachable through the PPTP client Client Subnet Enter the Subnet that exists behind the connected PPTP client OpenVPN Subnet Used to indicate which networks are located behind the remote device when the user account is used by an OpenVPN client router to establish a site to site VPN d Repeat above steps for each user 2 Create Client Certificate a Navig...

Page 82: ...ame for the client certificate It could be any name to identify this certificate Example ClientCertificate CA Certificate Select the generated CA certificate from the drop down list Certificate Type Choose the certificate type from the drop down list It can be either a client or server certificate Username Select created user to generate his certificate ...

Page 83: ...rprint output based on arbitrary length input SHA 256 This digest algorithm generates an almost unique fixed size 256 bit 32 byte hash Hash is a one way function it cannot be decrypted back Lifetime days Enter the validity date for the client certificate in days Example 120 Country Code Select a country code from the dropdown list Example MA State or Province Enter a state name or province Example...

Page 84: ...N7000 need to be uploaded to the clients For security improvement each client needs to have his own username and certificate this way even if a user is compromised other users will not be affected Create OpenVPN Server Once client and server certificates are successfully created you can create a new server so that clients can be connected to it by navigating under VPN OpenVPN Server To create a ne...

Page 85: ...enVPN Server Table 28 OpenVPN Server Field Description Enable Click on the checkbox in order to enable the OpenVPN server feature VPN Name Enter a name for the OpenVPN server Server Mode Choose the server mode the OpenVPN server will operate with 4 modes are available ...

Page 86: ...certificates Useful if the clients should not have individual certificates Less secure as it relies on a shared TLS key plus only something the user knows Username password SSL User Auth Requires both certificate and username password Each user has a unique client configuration that includes their personal certificate and key Most secure as there are multiple factors of authentication TLS Key and ...

Page 87: ... the same certificate but cannot be used for site to site VPN Certificate Authority Select a generated CA from the drop down list Server Certificate Select a generated Server Certificate from the drop down list IPv4 Tunnel Network Enter the network range that the GWN7000 will be serving from to the OpenVPN client Note The network format should be the following 10 0 10 0 16 The mask should be at le...

Page 88: ...8 Figure 54 OpenVPN OpenVPN Client configuration The GWN7000 act as both an OpenVPN client and server once users and client certificate created navigate under VPN OpenVPN Client and follow steps below 1 Click on and the following window will pop up ...

Page 89: ...P a g e 89 GWN7000 User Manual Version 1 0 6 28 Figure 55 OpenVPN Client ...

Page 90: ...s for the client Remote TUN IP address Configures statically the local VPN tunnel IP address for the remote server Auth Mode Choose the server mode the OpenVPN server will operate with 4 modes are available PSK used to establish a point to point OpenVPN configuration A VPN tunnel will be created with a server endpoint of a specified IP and a client endpoint of specified IP Encrypted communication ...

Page 91: ...TLS channel by requiring that incoming packets have a valid signature generated using the PSK key TLS Pre Shared Key Enter the generated TLS Pre Shared Key when using TLS Authentication Routes This feature allows specifying and adding custom routes Don t Pull Routes If enabled client will ignore routes pushed by the server IP Masquerading This feature is a form of network address translation NAT w...

Page 92: ...penVPN Client L2TP IPSEC Configuration Layer 2 Tunneling Protocol L2TP is a tunneling protocol used to support virtual private networks VPNs or as part of the delivery of services by ISPs It does not provide any encryption or confidentiality by itself Rather it relies on an encryption protocol that it passes within the tunnel to provide privacy GWN7000 L2TP IPSec Client Configuration To configure ...

Page 93: ... L2TP Configuration Field Description Enable Click on the checkbox in order to enable the L2TP client feature VPN Name Enter a name for the L2TP client WAN Port Select which WAN port is connected to the uplink either WAN1 or WAN2 Remote L2TP Server Enter the IP Domain of the remote L2TP Server ...

Page 94: ...ture is a form of network address translation NAT which allows internal computers with no known address outside their network to communicate to the outside It allows one machine to act on behalf of other machines Masq Source This option allows the user to configure the local subnets that needs to be masqueraded Use DNS from Server Enable this option to retrieve DNS from the VPN server Keepalive Sp...

Page 95: ...hat enables network traffic to be encapsulated and routed over an unsecured public network such as the Internet Point to Point Tunneling Protocol PPTP allows the creation of virtual private networks VPNs which tunnel TCP IP traffic through the Internet GWN7000 Client Configuration To configure PPTP client on the GWN7000 navigate under VPN PPTP and set the following 1 Click on and the following win...

Page 96: ...cription Enable Click on the checkbox to enable the PPTP VPN client feature VPN Name Enter a name for the PPTP client Remote PPTP Server Enter the IP Domain of the remote PPTP Server Username Enter the Username for authentication against the VPN Server Password Enter the Password for authentication against the VPN Server ...

Page 97: ...etwork to communicate to the outside It allows one machine to act on behalf of other machines Use DNS from Server Enable this option to retrieve DNS from the VPN server Number of Attempts to Reconnect Configures the number of attempts to reconnect the PPTP client if this number is exceeded the client will be disconnected from the PPTP Server Use Built in IPv6 management Enable the IPv6 management ...

Page 98: ...Enter a name for the PPTP Server PPTP Server Address Configure the PPTP server local address ex 192 168 1 1 Client Start Address Configure the remote client IP start address Note this address should be in the same subnet as the end address and PPTP server address Client End Address Configure the remote client IP end address Note this address should be in the same subnet as the start address and PP...

Page 99: ...tomatically a forwarding rule under the menu Firewall Traffic Rules Forward PPP Keep Alive Interval sec Interval in seconds for LCP echo request frames to be sent PPP Keep Alive Failure Threshold The PPTP server will consider a peer to be dead if N Echo request frames aren t replied to The connection will be then terminated A setting of 0 disables this function PPP Adaptive Keep Alive If the PPP k...

Page 100: ...gorithm and mode traffic encryption key and parameters for the network data to be sent over the connection Currently there are two IKE versions available IKEv1 and IKEv2 IKE works in two phases Phase 1 ISAKMP operations will be performed after a secure channel is established between two network entities Phase 2 Security Associations will be negotiated between two network entities IKE operates in t...

Page 101: ...ct to Headquarters office via an IPSec tunnel on each side we have a GWN7000 router Users can configure the two devices as following The branch office router runs a LAN subnet 192 168 1 0 24 and the HQ router runs a LAN subnet 192 168 3 0 the public IP of the branch office router is 1 1 1 1 and the IP of the HQ router is 2 2 2 2 Configuration of Branch office router Go under VPN IPSec then click o...

Page 102: ...P a g e 102 GWN7000 User Manual Version 1 0 6 28 ...

Page 103: ...e side of the tunnel Interface Select from which interface the router will try to build the VPN connection IKE Version Allows the use to choose between using IKE version 1 or 2 Default value IKEv1 IKE Lifetime Specifies in seconds the lifetime of the keying channel Default 3600 seconds Key Exchange mode Select which mode to use for key exchange during the stage of channel establishment Main mode o...

Page 104: ...SHA2_512 SHA2_384 DH group Select the Diffie Hellman group to be used for the session MODP1024 MODP1536 MODP2048 MODP3072 MODP4096 MODP6144 MODP8192 DH19 DH20 DH21 DH23 DH24 Rekey This allows the user to decide whether a connection should be renegotiated when it is about to expire if disabled it is necessary to make sure the other end also agrees on it Otherwise it is ineffective Keying tries This...

Page 105: ...s to perform if the peer is considered to be dead hold all routes will be put on hold clear routes and SA will be cleared restart all SA s to the dead peer will be renegotiated Press Save then go to phase2 tab in order to configure the phase 2 parameters as folllow Figure 63 Branch Router IPSec Phase 2 Configuration After this is done press save and apply the settings then configure same settings ...

Page 106: ...affic through the tunnel back and from the branch office to HQ network For reference the table below gives the descriptions of the parameters used for phase 2 settings Table 34 IPSec Phase 2 Parameters Field Description Local Subnet Configure the local subnet that will be included on the connection Local Source IP Configures the source IP to be used when transmitting a packet to the other end of t...

Page 107: ...time of a set of encryption auth keys for a packet Encryption algorithm Select the crypto to be used for data confidentiality AES_CBC_256 AES_CBC_192 AES_CBC_128 3DES_192 Hash algorithm Select the hash to be used data integrity MD5 SHA1 SHA2_256 PFS group Select the Diffie Hellman group to be used for the session MODP1024 MODP1536 MODP2048 MODP3072 MODP4096 MODP6144 MODP8192 DH23 DH24 The default ...

Page 108: ...s General Settings SYN Flood Protection is used to avoid DOS attacks SYN Flood Protection is enabled by default on GWN7000 you can edit the SYN Flood Rate Limit SYN Flood Burst Limit and whether to drop or no the invalid packets as shown in the below screenshot Figure 65 Basic General Settings Flush Connection Reload When this option is enabled and a firewall configuration change is made existing ...

Page 109: ... click on Figure 66 Port Forward Refer to following table for Port Forwarding option when editing or creating a port forwarding rule Table 35 Port Forward Name Specify a name for the port forward rule Enabled Check to enable this port forward rule Protocol Select a protocol users can select TCP UDP or TCP UDP Source Group Select the WAN Interface Source Port Set the Source Port number Destination ...

Page 110: ...MZ entry Enabled Check to enable this DMZ entry Source Group Select the WAN interface Destination Group Select the LAN group Destination IP Set the destination IP address UPnP GWN7000 supports UPnP that enables programs running on a host to configure automatically port forwarding UPnP allows a program to make the GWN7000 to open necessary ports without any intervention from the user without making...

Page 111: ...2048 Upload Speed Set the Upload speed value in KB s Default is 1024 Users can check the UPnP status under the menu Firewall Basic UPnP Traffic Rules Settings GWN7000 offers the possibility to fully control incoming outgoing traffic for different protocols in customized scheduled times and taking actions for specified rules such as Accept Reject and Drop Following actions are available to configur...

Page 112: ...rule Click on To edit a rule Click on To delete a rule Click on The following example rejects incoming ICMP request to WAN port 1 this means that whenever the GWN7000 receives and incoming ICMP request on WAN port 1 the destination IP address will receive a message stating that the destination IP address is unreachable Below screenshot shows configuration example Figure 68 INPUT Rule Sample ...

Page 113: ...without any notice to the remote side Following actions are available to configure Output rules on the GWN7000 under Firewall Traffic Rules Output for configured protocols To add new rule Click on To edit a rule Click on To delete a rule Click on The following example will reject every outgoing ICMP request from GWN7000 to network Group1 this means that whenever the GWN7000 receives an ICMP echo r...

Page 114: ...oups and WAN interfaces to allow inter group traffic between the selected members This will either use firewall rules or policy based routing rules if the action select is ACCEPT DROP or REJECT then the firewall rule will apply otherwise if users want to trigger the policy based routing then the action should be set to MATCH in order to match the traffic and apply the routing policy For further de...

Page 115: ...for Source Group or select All Protocol Select one of the protocols from dropdown list or All available options are UDP TCP TCP UCP UDP Lite ICMP AH SCTP IGMP and All Source IP Address Set the Source IP address it can be an IPv4 or IPv6 address Source Port s Set the source port number Or port range Source MAC address Set the Source MAC address Destination IP Set the destination IP address it can b...

Page 116: ...enable IP Masquerading this will allow internal computers with no known address outside their network to communicate to the outside It allows one machine to act on behalf of other machines MSS Clamping Check to enable MSS Clamping This will provide a method to prevent fragmentation when the MTU value on the communication path is lower than the MSS value Log Dropped and Reject Traffic to Syslog Che...

Page 117: ... on icon to schedule a start date for this SNAT entry to be applied Schedule End Date Click on icon to schedule an end date for this SNAT entry to end Schedule Start Time Click on icon to schedule a start time for this SNAT entry to be applied Schedule End Time Click on icon to schedule an end time for this SNAT entry to end Schedule Weekdays List of Weekdays Select the days on which the SNAT entr...

Page 118: ...tion IP Set the Destination IP address Schedule Start Date Click on icon to schedule a start date for this DNAT entry to be applied Schedule End Date Click on icon to schedule an end date for this DNAT entry to end Schedule Start Time Click on icon to schedule a start time for this DNAT entry to be applied Schedule End Time Click on icon to schedule an end time for this DNAT entry to end Schedule ...

Page 119: ... to a GWN7610 GWN7600 GWN7600LR AP Wi Fi clients will be forced to view and interact with that landing page before Internet access is granted The Captive Portal feature can be configured from the GWN7000 Web page under Captive Portal The page contains three tabs Policy Files and Clients Policy Users can customize a portal policy in this page Figure 71 Captive Portal Policy Click on to edit the pol...

Page 120: ...the Captive Portal policy Expiration Configures the period of validity after the valid period the client will be re authenticated again Authentication Type Three types of authentication are available No Authentication when choosing this option the landing page feature will not provide any type of authentication instead it will prompt users to accept the license agreement to gain access to internet...

Page 121: ...ation Shop ID Fill in the Shop ID that offers WeChat Authentication APP ID Fill in the APP ID provided by the WeChat in its web registration page Secret Key Set the key for the portal once clients want to connect to the WiFi they should enter this key Facebook Authentication Check to enable disable Facebook Authentication Facebook App ID Fill in the Facebook App ID Facebook APP Key Set the key for...

Page 122: ...users can set rules to match traffic that will be allowed for connected WiFi users before authentication process This can be needed for example to setup Facebook authentication where some traffic should be allowed to Facebook server s to process the user s authentication Or simply to be used to allow some type of traffic for unauthenticated users Post Authentication Rules On the other hand post au...

Page 123: ...rtal_pass html provides textboxes for authentication Wired or Wi Fi clients will be redirected to one of these pages before accessing Internet The following figure shows portal_default html page Figure 74 Captive Portal Files User can add folder in corresponding folder by selecting the folder and click on Click on to upload a file from local device Click on to download the files in Captive Portal ...

Page 124: ...P a g e 124 GWN7000 User Manual Version 1 0 6 28 Clients This section lists the clients connected or trying to connect to Wi Fi Figure 75 Captive Portal Clients ...

Page 125: ...nternet connection available fiber DSL or cable etc to avoid connection congestion and slowness of the service Each created voucher can be printed and served to the customers for usage and the limit is 1000 vouchers The usage of voucher feature needs to be combined with captive portal that is explained after this section in order to have the portal page requesting clients to enter voucher code for...

Page 126: ...sion 1 0 6 28 Figure 76 Add Voucher Sample The below figure shows the status of the vouchers after GWN randomly generates the code for each one Figure 77 Vouchers List Users can click on buttons and to delete and print multiple vouchers ...

Page 127: ... first user starts using the voucher Expiration Set the validity period of credentials limited to 1 365 integer The unit is day Downstream Set the downstream bandwidth speed limit in Kbps or Mbps Upstream Set the upstream bandwidth speed limit in Kbps or Mbps Notes Notes for the admin when checking the list of vouchers Using Voucher with GWN captive portal In order to successfully use the voucher ...

Page 128: ...g e 128 GWN7000 User Manual Version 1 0 6 28 Figure 78 Captive Portal with Voucher authentication Then go under your SSID configuration page and enable the generated captive portal under Wi Fi settings tab ...

Page 129: ...d on bandwidth utilization from the dropdown list three options are available All Set a bandwidth limitation on the SSID level MAC Set a bandwidth limitation per MAC address IP Address Set a bandwidth limitation per IP address MAC Enter the MAC address of the device to which the limitation will be applied this option appears only when MAC type is selected IP address Enter the IP address of the dev...

Page 130: ...80 Bandwidth Rules Note The same settings for bandwidth management are available from the following menus Per SSID Navigate on the web GUI under SSID Add Edit WiFi and you can set the Upstream and Downstream rate in Mbps Per Client Navigate on the web GUI under Clients Edit Bandwidth Rules where you can set the Upstream and Downstream rate in Mbps ...

Page 131: ...Facebook YouTube etc The administrator is able to apply this feature to any combination of network groups or clients In order to configure website blocking policy follow the next steps Create Blackhole Policy First you need to create blocking policies on which you specify the list of domains to be blocked or allowed or specify URL from which download full list of unwanted bad domains such as malwa...

Page 132: ...ked After this save and apply the changes and the new policy will be displayed along the existing ones Figure 82 Blackhole Policy List Assign Blackhole Policy to Network Groups Now that we have created a policy It s time to assign it to a network group or client To assign a blocking policy to a network group go under System Settings Website Blocking Network Group Blackhole and press add ...

Page 133: ... apply and the changes and now all clients within network group0 are banned protected from malware websites Assign Blackhole Policy to Clients Another possibility it to create client based blackhole s on which the policy will apply to specific client s defined by a CACL Client Access Control List and on this case the admin is left with the choice to either force the network group policy on this cl...

Page 134: ...em Settings Website blocking Blackhole Policy to set Facebook com as bad domain Next go under Clients Client Access to define the list of clients to whom the policy will apply Figure 84 Clients ACL Finally and in order realize the scenario above go under System Settings Website Blocking Client Blackhole and click on ...

Page 135: ...lient Blackhole Configuration On this case we can either force the network group policy that was created for the full group0 along with the new blackhole policy Facebook or ignore it and assign only the Facebook blocking policy to the clients specified on list1 ...

Page 136: ...By default it s disabled Web HTTP Access Enable the web HTTP Access By default it s disabled Web HTTPS Port Specifies the HTTPS port By default is 443 Country Select the country from the drop down list Time Zone Configure time zone for the GWN7000 Please reboot the device to take effect NTP Server Configure the IP address or URL of the NTP server the device will obtain the date and time from the c...

Page 137: ...Reset to restore the GWN7000 as well as all online GWN76xx units to factory default settings Access Table 47 Maintenance Access Current Administrator Password Enter the current administrator password New Administrator Password Change the current password This field is case sensitive with a maximum length of 32 characters Confirm New Administrator Password Enter the new administrator password one m...

Page 138: ...umber of rotates files to keep Default is 56 files Logrotate Mode Choose the time rotation frequency mode default every 3 hours Every X hours 0 23 Every X Minutes 0 59 X hour of day 0 23 X day of week Sunday Saturday X hour of day 0 23 Hours Enter the number of hours period after which trigger file rotation Minutes Enter the number of Minutes period after which trigger file rotation Hour of the da...

Page 139: ... page offers 4 tabs Capture Ping Traceroute Syslog and Connection Table Capture This section is used to capture packet traces from the GWN7000 interfaces WAN ports and network groups for troubleshooting purpose or monitoring It is needed to plug an USB storage device to one of the USB ports on the back of the GWN7000 Click on to start capturing on a certain device plugged to the USB port Click on ...

Page 140: ...vice plugged to USB port to save the capture once started File Size Set a File size that the capture will not exceed Optional field Rotate Count Set a value for rotating captures Optional Field Direction Choose if you want to get all traffic or only outgoing or incoming to the choses interface Source Port Set the Source Port to filter capture traffic coming from the defined source port Destination...

Page 141: ... to GWN7000 WebGUI System Settings Debug and click on Ping Traceroute Figure 88 IP Ping 1 Type in the destination s IP address domain name in Target field 2 Select from which interface to issue the Ping Traceroute from Interface dropdown list 3 Next to Tool choose from the dropdown menu IPv4 Ping for an IPv4 Ping test to Target IPv6 Ping for an IPv6 Ping test to Target IPv4 Traceroute for an IPv4 ...

Page 142: ...n to a remote server under Web GUI System Settings Maintenance Syslog Enter the syslog server hostname or IP address and select the level for the syslog information Five levels of syslog are available None Debug Info Warning and Error Syslog messages are also displayed in real time under Web GUI System Settings Debug Syslog ...

Page 143: ... Manual Version 1 0 6 28 Figure 90 Syslog Connection Table NAT table is updated dynamically on GWN7000 s WebGUI to check the NAT table go to System Settings Debug Connection Table Users could press button to clear all entries ...

Page 144: ... to activate email notification feature Table 50 Email Setting Filed Description Enabled Enable disable the email settings By default it s disabled Host Configures the SMTP Email Server IP or Domain Name Port Specifies the Port number used by server to send email Username Specifies sender s User ID or account ID in the email system used Password Specifies sender s password of the email account Ema...

Page 145: ... send notification when network groups has been added removed Additional SSID Configures whether to send notification if any additional SSID is enabled Default is disabled Time Zone Change Configures whether to send notification on time zone change Default is disabled Administrator Password Change Configures whether to send notification on admin password change Default is disabled AP Offline Confi...

Page 146: ...r absolute schedule for specific days for example and if both weekly schedule and absolute schedules are configured on the same day then the absolute schedule will take effect and the weekly program will be cancelled for that specific date 4 Once the schedule periods are selected click on Save to save the schedule The list of created schedules will be displayed as shown on the figure below With th...

Page 147: ...ome periods of the day this way with the LED scheduler you can set the timing so that the LEDs are off at night after specific hours and maintain the Wi Fi service for other clients without shutting down the AP To configure LED schedule on the GWN76xx AP WebGUI navigate to System Settings LEDs Following options are available Table 52 LEDs Field Description LEDs Always Off Configure whether to disa...

Page 148: ... GWN7000 has 2 USB ports that can be also used for file sharing to enable file sharing on devices plugged on the USB ports go to System Settings File Sharing Click on to share a directory and its contents on a device connected to one of the USB ports of the GWN7000 the following figure will pop up ...

Page 149: ...the path to share Access to Share Choose whether to allow users to Read Write or Read Only on the shared path Comment Enter a comment for the added shared file Share Accessible by LAN Choose whether to allow All LANs to access the shared path restrict access by selecting only some groups or None Edit a Shared Folder by clicking on or delete it by clicking on Figure 96 File Share Actions ...

Page 150: ...d in network management for network monitoring for collecting information about monitored devices To configure SNMP settings go to GWN7000 Web GUI System Settings SNMP this page has two tabs Basic and Advanced refer to the below tables for each tab Table 54 SNMP Basic Page System Location Set the System Location information for example SNMP Server Lobby GWN System Contact Set the System Contact in...

Page 151: ...anagement System NMS Monitoring Host Port Enter the Monitoring Host s Port Network Management System NMS Trap Community Enter the Trap Community string to authenticate the client against the server Table 55 SNMP Advanced Page SNMP Service Listening on Click on to add an SNMP Service Listening on Set the Transport Type UDPv4 UDPv6 TCPv4 or TCPv6 Choose the IP Address from drop down menu list Set th...

Page 152: ...k this option to enable disable the user account PPTP Server Check this option to enable the user connection to the PPTP server Full Name Enter user full name When using PPTP it defaults to pptpd Username Enter user Username Password Enter user password IPSec Pre Shared Key Set user pre shared key for authentication Enabled PPTP Client Subnet Check this option when using PPTP and enter the client ...

Page 153: ...od TFTP HTTP or HTTPS Firmware Server Define the server path for the firmware server Check Download New Firmware and Config at Boot Allows the device to check if there is a firmware from the configured firmware server at boot Allow DHCP options 66 and 43 override Configure whether to allow DHCP options 66 and 43 to override upgrade and provisioning settings Automatic Upgrade Specify the time to ch...

Page 154: ...lso choose to download a free HTTP server from http httpd apache org or use Microsoft IIS web server Provisioning and backup The GWN7000 configuration can be backed up locally or via network The backup file will be used to restore the configuration on GWN7000 when necessary Download Configuration Download the GWN7000 configurations for restore purpose under Web GUI Router Maintenance Upgrade Click...

Page 155: ...ions If you have purchased our products through a Grandstream Certified Partner or Reseller please contact them directly for immediate support Our technical support staff is trained and ready to answer all of your questions Contact a technical support member or submit a trouble ticket online to receive in depth support Thank you again for purchasing Grandstream GWN7000 Enterprise Multi WAN Gigabit...