Westermo MRD-3x0 Bedienungsanleitung

3G Cellular Modem / RouterWeb configuration reference guidewww.westermo.comREV.b  6623-3201  2008-10  Mälartryck AB, Eskilstuna, Sweden©Westermo Telei

10 6623-32011.1.5 Checking the Status of the ConnectionTo check the status of the connection select Status from the top level menu and then select Wir

100 6623-32015.6.4 Editing a Custom NATA custom NAT can be edited by clicking the pencil icon in the Edit column of the filter to be changed. Once cli

1016623-3201To save the changes click the Update button or to lose the changes click Cancel. The main page will again be displayed as shown in Figure

102 6623-32015.6.5 Deleting a Custom NATA custom NAT can be deleted by clicking the bin icon in the Delete column of the NAT to be deleted. A warning 

1036623-3201The custom NAT table will be displayed with the custom NAT removed, as shown in Figure 84. 84.Figure 84: Custom NAT table after deleting a

104 6623-32016 Virtual Private Network (VPN)A virtual private network (VPN) is a communications network tunneled through another network, in the case 

1056623-32016.1 Secure Sockets Layer (SSL) VPN.Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications over a commu

106 6623-32016.1.1 SSL VPN ConfigurationTo access the SSL VPN configuration page, select VPN on the main menu, the SSL VPN configuration page is the f

1076623-3201Basic Configuration optionsEnabled Check the box to enable the SSL VPN.Connection ProtocolDropdown box to select the connection protocol, 

108 6623-3201CertificateSpecify the certificate to use for authentication. For details on how to load certificates refer to Section 6.5 Certificate Ma

1096623-3201Encryption algorithm Specify the encryption algorithm to use from the drop-down list, the options are:DES • Data Encryption Standard.3DES

116623-3201Figure 9: Status alarm page.

110 6623-32016.1.2 Connecting to a VPN ServerAn example of connecting to a VPN server will be described. Figure 86 illustrates the network which will 

1116623-3201Select VPN on the main menu, to display the the SSL VPN con-figuration page. Figure 87 shows the MRD-3xx SSL based VPN configuration with 

112 6623-3201Basic Configuration optionsEnabled: CheckedConnection Protocol: UDPTransport Type: Routed Remote address: 123.123.123.123Remote port: 119

1136623-3201Once the configuration has been completed click the Update button to save the changes. The SSL VPN will now be started and it will attempt

114 6623-3201The MRD-3xx has responded to the ping and the byte counters on the status page have increased as seen in Figure 89.Figure 89: SSL VPN sta

1156623-32016.2 Internet Protocol Security (IPsec) VPNInternet Protocol Security (IPsec) is a suite of standards and  protocols for securing Internet 

116 6623-32016.2.1 General IPsec ConfigurationTo access the MRD-3xx IPsec VPN configuration page click VPN on the main menu then click IPsec VPN on th

1176623-3201General IPsec ConfigurationEnabledCheck the box to enable the IPsec VPN. Default is disdisabled.NAT traversal enabled & keepalive peri

118 6623-32016.2.2 Adding an IPsec TunnelTo add an IPsec tunnel click the Add new tunnel button, this will display the first of 3 pages used to config

1196623-3201Tunnel ConfigurationIPsec Tunnel configuration is the first stage in adding a new IPsec tunnel. The options are as follows:Label Set the l

12 6623-32011.2 Configure the LAN interface and DHCP ServerTo access the configuration page for the LAN interface and DHCP Server, select Network from

120 6623-3201Local nexthop The nexthop gateway IP address for the connection to the public network. If the local interface is set to default this opti

1216623-3201Initiate tunnel Check the box to enable the tunnel initiation. If the wireless IP address is dynamic then this option would normally be en

122 6623-3201Figure 92: IPsec Phase 1 configuration.Phase 1 ConfigurationThe Phase 1 Configuration is used to set the parameters for the first phase o

1236623-3201Pre-shared key This field is used to enter the Pre-Shared Key if this method of authentication was selected. To enter a new key check the 

124 6623-3201IKE proposal A set of parameters for Phase I IPSec negotiations. The param-eters are encryption algorithm, authentication algorithm and t

1256623-3201Figure 93: IPsec Phase 2 configuration.

126 6623-3201Phase 2 ConfigurationPhase 2 establishes the IPsec Security Associations (SA) parameters in order to establish an IPsec tunnel. Phase 2 h

1276623-3201Perfect forward secrecy & group In an authenticated key-agreement protocol using public key cryptography, such as Diffie-Hellman key e

128 6623-3201Tunnel NetworksThe second section on this page is used to configure the IPsec tunnel networks. Up to 3 tunnel definitions can be configur

1296623-3201AddressesFor host connections enter an IP address, for network con-nections enter an network IP address including netmask, for example 10.

136623-3201to serve IP addresses in the range 192.168.2.210 through 192.168.2.240, and the Default and Maximum lease times have been set to 1440 minut

130 6623-32016.2.3 IPsec Configuration ExampleThe following example demonstrates how to add an IPsec tunnel to the MRD-3xx, Figure 94 illustrates the 

1316623-3201Figure 95: IPsec tunnel configuration.To configure the tunnel as describe the following parameters are entered:Label: TestEnabled: On (Che

132 6623-3201Once entered click the Next button to continue to Phase 1 configuration.Phase 1 ConfigurationThe Phase 1 Configuration page is shown in F

1336623-3201To achieve the configuration described the following param-eters are entered:Authentication method: Pre-shared key Pre-shared key:   New: 

134 6623-3201Figure 97: IPsec phase 2 and tunnel configuration.The configuration described requires the following parameters to be entered:ESP proposa

1356623-3201Tunnel Network SettingsThe local tunnel will be configured as a virtual host with the IP address 11.22.33.44 and the remote connection wil

136 6623-3201Enable IPsecTo complete the configuration in the General IPsec Configuration enable IPsec by checking the enabled check-box, and as the t

1376623-3201Figure 100: IPsec connection status.Figure 101: IPsec connection status detail.

138 6623-32016.3 PPTP and L2TP6.3.1 Point-to-Point-Tunneling-ProtocolThe Point-to-Point-Tunneling-Protocol (PPTP) is used for establishing Virtual Pri

1396623-32016.3.2 Layer 2 Tunnel ProtocolThe Layer 2 Tunnel Protocol (L2TP) is an Internet Engineering Task Force (IETF) standard which combines the b

14 6623-32011.3 Configure clients to use the MRD-3xxThe MRD-3xx will act as a gateway for connections destined over the wireless interface. The defaul

140 6623-32016.3.3 PPTP and L2TP ConfigurationTo access the PPTP & L2TP configuration page click VPN on the main menu then PPTP & L2TP on the 

1416623-32016.3.4 Add a PPTP or L2TP TunnelTo add a new PPTP or L2TP tunnel click the Add new tunnel button, the Add new tunnel page will be displayed

142 6623-3201Remote host Specify the IP address or fully qualified domain name of the remote host.Domain Specify the Windows network domain. (Optional

1436623-32016.3.5 PPTP Configuration ExampleThe following is an example of connecting a PPTP tunnel to a PPTP VPN server, Figure 104 illustrates the n

144 6623-3201To access the PPTP & L2TP configuration page click VPN on the main menu then PPTP & L2TP on the sub-menu. The PPTP & L2TP pag

1456623-3201The following settings are used to configured the tunnel as described:Label: TestEnabled: On (Checked)Type: PPTPRemote host: 123.123.123.1

146 6623-3201To check the status of the page click Status on the main menu and then VPN on the sub-menu, the VPN status page will then be displayed. F

1476623-32016.4 Multiple VPN TunnelsThe MRD-3xx allows multiple VPN tunnels to operate simul-taneously. One SSL VPN, up to 3 IPsec tunnels and up to 3

148 6623-32016.5 Certificate ManagementDigital certificates are a form of digital identification used for authentication. A digital certificate contai

1496623-32016.5.1 Add a CertificateTo add a certificate click the Browse button, then navigate to the certificate and select it. In the example shown 

156623-32012 System AdministrationThe System Administration functions are accessed by selecting the System tab of the main menu.2.1 AdministrationTo a

150 6623-3201To upload the certificate to the MRD-3xx click the Upload to MRD-3xx button the page will be updated and the certificate will be added to

1516623-32016.5.2 Checking the Certificate DetailsOnce uploaded the details of a certificate can be displayed by clicking view located in the detail c

152 6623-32016.5.3 Adding Further CertificatesAdditional certificates can be uploaded to the MRD-3xx, the process is the same as adding the first cert

1536623-3201An example of adding a second certificate is shown in Figure 113. In this example the file demoClient2.p12 is selected, this file contains

154 6623-32016.5.4 Deleting a CertificateA certificate can be deleted by clicking the bin icon in the Delete column of the certificate to be deleted. 

1556623-3201The certificate table will be displayed with certificate removed, as shown in Figure 116.Figure 116: VPN Certificate list with the second

156 6623-32017 Serial ServerThe serial server is used to transfer data between a physical serial port and an IP connection. The IP connection can be v

1576623-3201DNP3 IP-Serial Gateway The serial server will act as a DNP3 outstation to be polled by a SCADA master. The outstation mode is configurable

158 6623-32017.2 Common configuration options7.2.1 Serial port settingsRegardless of the selected port function, each port needs to be configured to m

1596623-3201NoneNo flow control is enabled.Hardware The port will use the RTS and CTS handshake lines to control the flow of data.Software The port wi

16 6623-3201The options available are:Hostname • Set the required hostname for the MRD-3xx.• Check time with NTP Server • Set to Yes to synchronise th

160 6623-32017.2.2 Packet framer settingsThe packet framer is available for all port functions that carry raw data (these settings are not available f

1616623-3201Timeout before sendingThe timeout allows data accumulated by the framer to be sent after a specified period of serial receive inactivity. 

162 6623-32017.3 Raw TCP Client/Server7.3.1 DescriptionThe serial server will create a transparent pipe between the serial port and a TCP network conn

1636623-32017.3.3 Configuring the port functionOnce the port function has been selected, click the pencil icon in the Edit column to change the config

164 6623-3201As shown in Figure 120, the following options can be set for the Raw TCP Client/Server:Network type The Raw TCP serial server can be conf

1656623-3201Failed connects before giving up For Accept and Connect network modes, the serial server will attempt to establish a connection for the nu

166 6623-32017.4 Raw UDP7.4.1 DescriptionThis function is similar to Raw TCP Client/Server mode, but uses UDP as the network transport. UDP has lower 

1676623-32017.4.3 Configuring the port functionOnce the port function has been selected, click the pencil icon in the Edit column to change the config

168 6623-3201As shown in Figure: 122, the following options can be set for Raw UDP mode:Send address This is the address the serial server will send U

1696623-32017.5 Unit Emulator7.5.1 DescriptionThe serial server provides an AT command interface at the serial port that simulates a traditional dial-

176623-32012.2 System InformationThe MRD-3xx System Information is accessed by selecting the System Information tab from the System sub-menu. An examp

170 6623-32017.5.3 Configuring the port functionOnce the port function has been selected, click the pencil icon in the Edit column to change the confi

1716623-3201As shown in Figure 124, the following options can be set for the Unit Emulator:Dial out destination address This field determines how the 

172 6623-3201Accept port This is the TCP port number that the server will listen for connections on.On-answer signaling When set, the emulator will be

1736623-3201DTR function This field determines the default response of the unit to changes in the Data Terminal Ready (DTR) handshaking line. The foll

174 6623-32017.6 DNP3 IP-Serial Gateway7.6.1 DescriptionThe DNP3 IP-Serial Gateway carries out translation between DNP3 Serial and DNP3 TCP protocols.

1756623-32017.6.2 Selecting the port functionThe serial server configuration is accessed by selecting Serial Server from the main menu and Port Setup 

176 6623-32017.6.3 Configuring the port functionOnce the port function has been selected, click the pencil icon in the Edit column to change the confi

1776623-3201As shown in Figure 126 the following options can be set for the DNP3 Serial-IP Gateway:Station typeThe DNP3 IP-Serial Gateway can be confi

178 6623-3201Only accept data from master IP address When set, this field will cause the serial server to only accept data sourced from the address se

1796623-3201Master address and port Packets transmitted over network will always be sent to the address specified in the Master address and Master por

18 6623-32012.3 Configuration Backup & RestoreThe configuration of the MRD-3xx can be saved as a file to a PC. This file can then be used to resto

180 6623-32017.7 Modbus IP-Serial Gateway7.7.1 DescriptionThe Modbus IP-Serial Gateway carries out translation between Modbus/TCP and Modbus/RTU or Mo

1816623-32017.7.3 Configuring the port functionOnce the port function has been selected, click the pencil icon in the Edit column to change the config

182 6623-3201Connection timeout When this field is set to a value greater than 0, the serial serv-er will close connections that have had no network r

1836623-32017.8 Telnet (RFC 2217) Server7.8.1 DescriptionTelnet server mode is ideal for connecting serial terminal equipment, as a standard Telnet cl

184 6623-32017.8.2 Selecting the port functionThe serial server configuration is accessed by selecting Serial Server from the main menu and Port Setup

1856623-32017.8.3 Configuring the port functionOnce the port function has been selected, click the pencil icon in the Edit colum to change the configu

186 6623-3201As shown in Figure 130, the following options can be set for the Telnet Server:Accept port This field determines the TCP port number that

1876623-32017.9 Phone Book7.9.1 DescriptionThe Phone Book works in conjunction with the Unit Emulator to provide a translation table from traditional 

188 6623-32017.9.2 Phone Book OptionsTo access the phone book options click the Add new phone book entry button on the main Phone Boook page. Figure 1

1896623-32017.9.3 Adding a new phone book entryFrom the main phone book page click the Add new phone book entry button. An example of adding a new ent

196623-3201To restore a configuration, click the Browse button in the sec-tion titled Restore a saved configuration select the configuration file, whi

190 6623-3201Click Update to save the new entry. The phone book table will be updated to include the new entry as shown in Figure 134.Figure 134: The

1916623-3201To commit the new phone book entry to the table, click the Update button. The main page will again be shown with the new entry added, as s

192 6623-32017.9.4 Editing a phone book entryA phone book entry can be editied by clicking the pencil icon in the Edit column of the entry to be chang

1936623-3201Figure 138: Main phone book page with revised entry7.9.5 Deleting a phone book entryA phone book entry can be deleted by clicking the bin

194 6623-3201Figure 139: Deleting a phone book entryThe phone book table will be displyed with the entry removed, as shown in Figure 140.Figure 140: P

1956623-32018. AT Command SetThis section lists the AT Commands support by the MRD-3x0 Modem/Router. The commands are accessed via the serial port whe

196 6623-3201Extended Command SetCommand  Description  Usage&C Data Carrier Detect (DCD) modeAT&C0 – DCD always onAT&C1 – DCD on while in 

1976623-3201Configuration RegistersRegister Description  UsageS0 Rings until incoming call is automatically answeredNo auto answer: ATS0=0Answer after

198 6623-3201Wireless Network-Specific CommandsCommand  Description  Usage+CREG Query the current network registration stateAT+CREG=? If registered wi

REV.b  6623-3201  2008-10  Mälartryck AB, Eskilstuna, SwedenWestermo Teleindustri AB • SE-640 40 Stora Sundby, SwedenPhone +46 16 42 80 00  Fax +46 16

2 6623-32011   Basic Configuration ... 41.1   Configure the 3G Wireless interface .. 41.1.1  Network Configuration ...

20 6623-32012.4 Firmware UpgradeThe MRD-3xx firmware can be upgraded via the web inter-face. To access the firmware upgrade page select Backup & U

216623-3201To upload the file to the MRD-3xx click the Upload button. The file will now be uploaded to the MRD-3xx  and, when it is complete, informat

22 6623-32012.5 SNMPThe MRD-3xx supports SNMP for network management of the unit. The SNMP configuration page can be accessed by selecting the SNMP ta

236623-32012.6 GPIO (MRD-330 only)The MRD-330 has two general purpose digital inputs and two general purpose digital outputs, the options for these ca

24 6623-32013 Wireless Interface ConfigurationThis section describes the 3G Wireless interface options of the MRD-3xx. The MRD-3xx supports two modes 

256623-32013.1 Network ConfigurationThe Wireless Network options are used to set the operat-ing mode, select the frequency band of operation and set t

26 6623-32013.1.1 Wireless Operating ModeThe MRD-3xx support two modes of operation, packet mode and Circuit Switched Data (CSD) mode. In packet mode 

276623-32013.1.2 Operating Frequency BandThe MRD-3xx is capable of operating on several frequencies and using the GSM or UMTS (3G) protocols. By defau

28 6623-3201Set the field marked Enter when requested to Yes and enter the PIN in the New PIN and Confirm PIN entry boxes. Then click the Set button t

296623-32013.2 Packet Mode ConfigurationThe packet mode options are described in this section.3.2.1 Adding a Network Connection ProfileTo access the w

36623-32015.4.4  Editing a Custom Filter ...795.4.5  Deleting a Custom Filter...815.5   Port Forwarding ...

30 6623-3201The 3G network provider will provide the items listed below which should be entered into the appropriate fields in the Add new profile sec

316623-3201Figure 30: Profile added and selected.Additional profiles can be added using the same procedure, to a maximum of five profiles. This is ill

32 6623-32013.2.2 Deleting a ProfileA profile can be deleted by clicking the Bin icon located in the Delete column, for the profile to be deleted. For

336623-32013.2.3 Editing a ProfileTo edit an existing profile click on the Edit icon for the profile you wish to edit. For example to edit profile 1 i

34 6623-32013.2.4 Enable the Wireless ConnectionTo complete the configuration of the wireless connection, the connection needs to be enabled. There ar

356623-32013.2.5 Checking the Status of the ConnectionTo check the status of the connection select the Status tab from the main menu and then select t

36 6623-3201The section titeld Network Status details the quality of the service available from the 3G network.The SIM Card field will only be shown i

376623-3201Figure 38: Wireless Status page showing a SIM fault.If the Status item doesn't show • Connected, verify the fol-lowing:Operation is •

38 6623-3201Once all errors have been resolved and the MRD-3xx is con-nected to a wireless network, the Status Alarms page should have no faults liste

396623-32013.3 Connection ManagementThe MRD-3xx has numerous options for managing the wire-less network connection, these option cover two main areas,

4 6623-32011 Basic ConfigurationThe three sections below detail the steps needed to config-ure the MRD-3xx for basic packet mode functionality. For de

40 6623-32013.3.1 Connection EstablishmentThe connection establishment options are used to set the parameters for initial connection to a providers wi

416623-3201Time to spend in CSD: Specify a time in minutes to remain in CSD mode before reverting to packet mode and attempting to establish a con-nec

42 6623-32013.3.2 Connection MaintenanceThe connection maintenance refers to the tests employed by the MRD-3xx to determine that a valid network conne

436623-32013.3.3 Remote Poll SetupThe remote poll setup is used to specify the poll type to use and the address of the server to poll. A primary and s

44 6623-32013.3.4 Miscellaneous OptionsAutomatically obtain DNS: If set to Yes the DNS server address passed when a connec-tion is established will be

456623-32013.3.5 Connect on DemandThe connect on demand settings are only valid if the Wireless connection state has been set to always connect, refer

46 6623-32013.4.1 CSD Single PortThe simplest configuration for Circuit Switched Data (CSD) is single port operation, this means that when a connectio

476623-32013.4.2 CSD MultiplexedThe Circuit Switched Data (CSD) Multiplexed mode allows any one of the available MRD-3xx serial ports to be selected a

48 6623-3201For example if the guard time is set to 2 seconds and the dis-connect character is 3F (? ASCII) then the disconnect sequence would be:<

496623-3201To configure CSD Multiplexed mode complete the following steps:1. Select the Wireless tab from the main menu and then select Circuit switch

56623-32011.1.1 Network ConfigurationThe Network Configuration section contains the settings for the operational mode and the frequency band of the un

50 6623-32013.5 SMS TriggersThe MRD-3xx provides SMS triggers which can be used to change the Wireless operating mode, reboot the unit and request a s

516623-3201Figure 43: SMS Triggers configuration page.

52 6623-32013.5.2 Access ControlThe SMS Access Control allows fine control over the access to the SMS triggers. The default policy can be set to allow

536623-32013.5.2.1 Example: Default policy acceptTo set the SMS Access Control for a default action of allow and to specifically block a number, refer

54 6623-32013.5.2.2 Example: Default policy to DropTo set the SMS Access Control for a default action of drop and to specifically accept a number, ref

556623-3201Figure 46: SMS Triggers number to accept added

56 6623-32014 NetworkThis section describes the confiuration of the Network or LAN settings. This includes setting the IP Address of the MRD-3xx Unit,

576623-3201Figure 47: LAN Interface configuration.Note: Once the IP Address has been changed the new IP address will need to entered into the web brow

58 6623-32014.1.2 Disabling the LAN InterfaceBy default the LAN interface is enabled. The LAN interface can be disabled if the LAN ports are not requi

596623-32014.2 DHCP Server ConfigurationThe DHCP server allows clients on the local network to be automatically allocated IP addresses from the MRD-3x

6 6623-32011.1.3 Adding a Network Connection ProfileTo access the wireless packet mode settings click on the Packet mode tab. The screen shown in Figu

60 6623-32012. Choose a group of available IP addresses on the local network. For example, if the IP address of the MRD-3xx is 192.168.2.200 with a ne

616623-32014.4 Domain Name System (DNS)The Domain Name System (DNS) is used to resolve domain names to IP addresses. When connecting to a wireless net

62 6623-32014.4.2 Manual DNS ConfigurationThe manual DNS configuration is used to select a DNS server other than the one automatically supplied by the

636623-3201Once registration is complete follow the steps below to configure the MRD-310/330, for reference Figure 51 show an example configuration.1.

64 6623-32015 Firewall The MRD-3xx has a Stateful Packet Inspection (SPI) Firewall that controls the connections from the wireless port to the LAN por

656623-32015.1.1 Network Address and Port Translation (NAPT)As connection pass from the LAN network out the wire-less port, the firewall can perform N

66 6623-32015.1.3 Connection tracking optionsThe firewall can be configured to optionally provide connec-tion tracking and NAT support for a number of

676623-32015.2 Access ControlThe Access Control page allows configuration of the firewall to allow or deny access to internal services of the unit fro

68 6623-32015.2.1 Accessing unit services from the wireless port or VPN tunnelsThe External Access table on the Access Control page is shown in Figure

696623-32015.3 DoS FiltersA denial of service attack (DoS attack) is an attempt to render a network device unavailable to intended users. The most com

76623-3201The 3G network provider will provide the items listed below which should be entered into the appropriate fields in the Add new profile secti

70 6623-32015.3.1 Enabling the Denial of Service filtersThe Filter Description table provides a number of DOS filters, as shown in Figure 54. The filt

716623-32015.4 Custom Filters5.4.1 DescriptionCustom Filters allow new rules to be added to the firewall to allow or deny specific packets. Packets ca

72 6623-32015.4.2 New Custom Filter OptionsThe custom filter options are shown when the Add new cus-tom filter button on the Custom Filters page is cl

736623-3201The following options can be set for each custom filter:Enabled Set the Enabled check box to have the rule installed in the firewall. A rul

74 6623-3201Source address If selected, either a single address (for example, 172.16.1.132) or a subnet range (for example, 172.16.0.0/24) can be ente

756623-32015.4.3 Adding a new custom filterFrom the main Custom Filters page click the Add new custom filter button. This will select the Add new cust

76 6623-3201To save the new filter click the Update button. The main Custom Filter page will again be shown with the new filter listed, as shown in Fi

776623-3201To add a second filter, again click the Add new custom filter button. In the example shown in Figure 59, a custom filter is created which w

78 6623-3201To add the filter to the filters table click the Update button, the main page will again be shown with the new filter added, as seen in Fi

796623-32015.4.4 Editing a Custom FilterA custom filter can be edited by clicking the pencil icon in the Edit column of the filter to be changed. Once

8 6623-3201Once the data has been entered click the Update button to add the profile. The screen will now change to show the added profile as shown in

80 6623-3201To save the changes click the Update button or to lose any changes click the Cancel button. The main page will again be displayed as shown

816623-32015.4.5 Deleting a Custom FilterA custom filter can be deleted by clicking the bin icon in the Delete column of the filter to be deleted. A w

82 6623-3201The filter table will be displayed with the filter removed, as shown in Figure 64.Figure 64: Custom filter table with filter 2 removed.

836623-32015.5 Port ForwardingPort forwarding rules alter the destination address (and optionally the destination port) of packets received on the wir

84 6623-32015.5.1 Port Forward OptionsTo access the port forward options click the Add new port for-ward button on the main port forwards page. Figure

856623-3201Source address For greater security, the source addresses that the forward will be applied to can be limited. In this field, either a singl

86 6623-32015.5.2 Adding a new port forwardFrom the main port forwards page, click the Add new port forward button. This will select the Add new port 

876623-3201Click Update to save the new port forward. The port forward table will be updated to include the new port forward as shown in Figure 68.Fig

88 6623-3201To add the new port forward to the port forward table click the Update button. The main page will again be shown with the new port forward

896623-32015.5.3 Editing a port forwardA port forward can be edited by clicking the pencil icon in the Edit column of the port forward to be changed. 

96623-32011.1.4 Enable the Wireless ConnectionTo complete the configuration of the wireless connection, set the Connection state to Always connect and

90 6623-3201To save the changes, click the Update button or to lose changes click the Cancel button. The main page will again be displayed as shown in

916623-32015.5.4 Deleting a port forwardA port forward can be deleted by clicking the bin icon in the Delete column of the forward to be deleted. A wa

92 6623-3201The port forward table will be displayed with the port for-ward removed, as shown in Figure 74.Figure 74: Port forward table of deleting a

936623-32015.6 Custom NAT5.6.1 DescriptionCustom NAT allow new rules to be added to the firewall to carry out Network Address Translation (NAT) that i

94 6623-32015.6.2 Custom NAT OptionsTo access the Custom NAT options click the Add new custom N AT button on the main Custom NAT page. Figure 76 shows

956623-3201The following options can be set for each custom NAT:EnabledSet the enabled check box to have the rule installed in the firewall. A rule ca

96 6623-3201Source port or range If selected, packets will be matched based on their TCP or UDP source port. Either an individual port (for example, 4

976623-32015.6.3 Adding a new custom NATFrom the main port forwards page click the Add new custom N AT button. This will select the Add new custom NAT

98 6623-3201Click Update to save the new custom NAT. The custom NAT table will be updated to include the new custom NAT as shown in Figure 78.Figure 7

996623-3201To add a second custom NAT again click the Add new custom N AT button. In the example shown in Figure 79, a destination NAT is created for