Status

When you click the Status menu, the interface on main window will depend on your LTE wireless mode that you set up for Bridge+Router or Bridge only or Router only to display the status of router to make you know about WAN LTE, Bridge/Router, IP Bridge/Router DNS and LAN Ethernet.

Note: please confirm the menu of LTE > Dual APN to configure LTE Net Mode.

Title Bar

Item	Description
RSSI	Received Signal Strength Indicator.
Uptime	The time starting turn on the router until current using.
Language	Choose your language from the drop-down list on the upper right corner of the title bar.
Login/Logout	Click to log in or log out of the web configurator.
?	On-line manual.

Status > WAN LTE

Item	Description
SIM Status	Ready: No PIN code protection or unlock already Unlock: Unlock pin code protection Locked: Locked by pin code Error: SIM operation error Blocked: PUK needed to unlock Not Inserted: No sim card Hardware Error: Unable to enable function Ignore: Ignore Specified SIM in dual sim device
Operator	Operator name.
Modem Access	The router to access protocol type.
IMSI	The IMSI number of the SIM card.
Phone Number	The phone number of the SIM card.
Band	The current connected Band.
EARFCN	Absolute radio-frequency channel number.
PLMN	Public LAN Mobile Network ID.
Roaming	Roaming status.
Uplink Speed Kbps	Uplink Speed in Kbps.
Downlink Speed Kbps	Downlink Speed in Kbps.
Tx/Rx KBytes	Accumulated TX/RX in KBytes.
TX/RX Dropped Packets	TX/RX Dropped Packets.

Status > Bridge IP / Router IP

Item	Description
IPv4 Address	WAN obtain IPv4 Address.
IPv4 Mask	WAN obtain IPv4 Mask.
Default Gateway	WAN IPv4 Default Gateway.
Connected	Yes: Connected; No: Disconnected.
IPv4 Conn Time	WAN IPv4 Connected Time.
Uplink Speed Kbps	Uplink Speed in Kbps.
Downlink Speed Kbps	Downlink Speed in Kbps.
Tx/Rx KBytes	Accumulated TX/RX in KBytes.
TX/RX Dropped Packets	TX/RX Dropped Packets.

Status > Bridge DNS/ Router DNS

Item	Description
IPv4 DNS Server #1	IPv4 DNS Server Address#1.
IPv4 DNS Server #2	IPv4 DNS Server Address#2.
IPv4 DNS Server #3	IPv4 DNS Server Address#3.
IPv6 DNS Server #1	IPv6 DNS Server Address#1.
IPv6 DNS Server #2	IPv6 DNS Server Address#2.
IPv6 DNS Server #3	IPv6 DNS Server Address#3.

Status > Status > LAN Ethernet

Item	Description
IPv4 Address	LAN is assigned IPv4 Address.
IPv4 Mask	LAN is assigned IPv4 Mask.
IPv6 Address	LAN is assigned IPv6 Address.
IPv6 Conn Time	IPv6 Connected Time.
Uplink Speed Kbps	Uplink Speed in Kbps.
Downlink Speed Kbps	Downlink Speed in Kbps.
Tx/Rx KBytes	Accumulated TX/RX in KBytes.
TX/RX Dropped Packets	TX/RX Dropped Packets.

System > Time and Date

This section allows you to set up the time and date of router and NTP server. There are two modes at Time and Date Setup, including Get from Time Server and Manual. The default mode is Get from Time Server.

If the router has GPS function, you can turn on "GPS Time" for sync time from GPS server.

For Time Zone Setup, the Daylight Savings Time allows the device to forward/backward the amount of time from Ahead of standard time setting automatically when the time is at the Daylight Savings duration that you have set up before.

System > Time and Date > Time Zone Setup

Item	Description
Daylight Saving	Turn on/off the Daylight Savings feature. Select from Off or On. The default is Off.
Ahead of standard time	The forward/backward minutes when enter/leave Daylight Savings duration. Default is 60 mins.
Start Date/Start Time	Time to enter Daylight Savings duration. The Month range is 1~12 1- Jan 2 - Feb 3 - Mar 4 - Apr 5 - May 6 - Jun 7 - Jul 8 - Aug 9 - Sep 10 - Oct 11 - Nov 12 - Dec The Week range is 1~5 1 - first week in month. 2 - second week in month 3 - third week in month 4 - fourth week in month 5 - fifth week in month The Day range is 0~6 0 - Sunday(The start day of a week) 1- Monday 2 - Tuesday 3 - Wednesday 4 - Thursday 5 - Friday 6 - Saturday The Hour range is 0~23 The Min range is 0~59
End Date/End Time	Time to leave Daylight Savings duration. Same with Start Date/Start Time.

System > Time and Date > Time Server

The Time server feature allows user to set a time server for LAN side client to get the time through NTP/SNTP protocol.

Item	Description
Server mode	Turn on/off the time server.
Server port	The UDP port listened by time server.

System > Logging

This section allows cellular router to record the data and display the status of data.

Logging > Logging

Logging section provides you to control all logging records.

Users need to select Apply to confirm your settings.

Item	Description
Mode	Turn on/off the logging configuration. Select from Disable or Enable. The default is Enable.
Remote Log	The logging messages send to remote log or not. Select from Disable or Enable. The default is Disable.
Log Server Address	When you choose Enable on Remote Log, you should input IP address to save and receive all logging data. Note: This server should have installed Log software.

Logging > Log

This section displays all data status.

1. You can choose Filter function to quickly search for your data.
2. When you click Clear, all of the data that displays on the interface will be totally cleared without any backup.
3. When you click Refresh, the system will update and display the latest data from your cellular router.
4. When you click Download Logs, the system will download the latest data from your cellular router.

Item	Description
Filter	Filter the required data quickly.
Date	Show the date of log for each logging data.
Group	Show the group of software functions.
Module	Show the module of group of software functions.
Message	Show the messages for each logging data.

System > Alarm

• If you select [SMS] in Alarm input/output, you need to add the trust phone number into [Contracts/ On Duty].
• If you select [SNMP trap] in Alarm output, you need to set up SNMP trap configuration from Service SNMP.
• If you select [E-Mail] in Alarm output, you need to set up SMTP configuration from Service SMTP.
• If you select [TR069] in Alarm output, you need to set up TR069 configuration from Service TR069.

Item	Description
Mode	Turn on/off the Alarm configuration. Select from Disable or Enable. The default is Disable.
Alarm Input	SMS: It means on duty team members on [Contacts / On Duty] can send SMS to the phone number of using SIM card to trigger alarm. VPN disconnect: All tunnels get disconnected then trigger alarm. WAN disconnect: WAN connections get disconnected then trigger alarm. LAN disconnect: LAN connection get disconnected then trigger alarm. Reboot: Reboot then trigger alarm.
Alarm Output	Select from SMS, SNMP trap, E-mail and TR069 as alarm output.
SMS/E-mail	Write your messages and the messages limit 80 pure English characters or 20 characters for other languages to deliver.

System > Ethernet Ports

This section allows you to configure the Ethernet.

For Flow Control, it allows you to configure the Ethernet and solve unstable throughput under heavy loading. Sending 64 Bytes with bandwidth 100M bps traffic to LAN and WAN at the same time, the throughput may drop to zero at either side. When the system is very busy or buffer is exhausted, the flow control packet will be sent out to indicate the link party that it should stop to send the packet to system. The flow control packet will be sent out again once the system goes back to normal to indicate the link party that it can send packet again.

Note: The LAN port of Ethernet has different layout based on which router model you use.

Item	Description
Ethernet Ports Status	Show the connectivity status of LAN and WAN.
Ethernet Ports Configurations	Select from Auto, 100M Full, 100M Half, 10M Full, 10M Half and Disable.
WAN Ethernet	MTU is the Maximum Transmission Unit that can be sent over the WAN Ethernet interface. It allows users to adjust the MTU size to fit into their existing network environment.
Flow Control	Allow user to control the traffic ingress from Ethernet LAN or WAN.

System > Client List

This section allows you to understand how many devices have been connected and their status from the router.

There are two types, one is DHCP Client and the other is Online.

The default is both types to show all status when the router is on DHCP Client and Online.

Item	Description
List Type	DHCP Client: List all clients’ information when it is via DHCP. Online: List the information when it is online.

WAN > IPv6 DNS

This section allows you to set up IPv6 DNS Server Configuration.

For IPv6 DNS Server, it provides three options to set up and each option has provided with "From ISP", "User Defined" and "None" to configure.

For APN1,APN2 DNS Server configuration, please check LTE->Dual APN->LTE Net Mode.

Item	Description
IPv6 DNS Server #1 IPv6 DNS Server #2 IPv6 DNS Server #3	Each setting DNS Server has three options, including From ISP, User Defined and None. When you select From ISP,the IPv6 DNS server IP is obtained from ISP. When you select User Defined, the IPv6 DNS server IP is input by user.

LTE > LTE Config

LTE Config > LTE Config

Item	Description
Auto	Automatically connect the possible band.
4G Only	Connect to 4G network only.
3G Only	Connect to 3G network only.
2G Only	Connect to 2G network only.

LTE Config > MTU

MTU is the Maximum Transmission Unit that can be sent over the LTE interface. It allows user to adjust the MTU size to fit into their existing network environment.

LTE Config > LTE Ping Health

For LTE connection, you can enable “LTE Ping Health” to keep alive to avoid base station kicking out the device in idle time.

Item	Description
LTE Ping Health	Select from Disable or Enable.
Interval	Input the interval seconds of ping.
IPv4 Host 1	Input the address of IPv4 Host 1.
IPv4 Host 2	Input the address of IPv4 Host 2.
IPv6 Host 1	Input the address of IPv6 Host 1.
IPv6 Host 2	Input the address of IPv6 Host 2.

LTE > Dual APN

Dual APN > Connect Policy

Item	Description
Connect Action	Disconnect: Disconnect both APN connections Connect: Connect both APN connections
Disable Roaming	NO: make connection even device is in roaming mode. YES: Not to make connection when device is in roaming.
LTE Net Mode	Bridge + Router: APN1 act as bridge for internet access. APN2 act as router for management from WAN site which like TR069, ssh... Bridge Only: APN1 act as bridge for internet access. Router Only: APN1 act as router for internet access. Router + Router: APN1 act as router for internet access. APN2 act as router for management from WAN site which like TR069, ssh…
Reboot when APN1 has continuous link down for xx times	Select: Enable Reboot when APN1 continuous link down for specified times Specified times: 3 ~ 15 times

Dual APN > SIM Configuration

Item	Description
Status	Display SIM card status.
SIM PIN enable	Enable to display SIM PIN setting. Disable to hide SIM PIN setting.
SIM PIN	a password personal identification number (PIN) for ordinary use to protect your SIM card.
Confirmed SIM PIN.	Double confirm SIM PIN password.
SIM PUK	If user input the wrong SIM PIN more than 3 times, the user needs another password personal unblocking code (PUK) for PIN unlocking. Please check your operator for forgotten PUK number.
Confirmed SIM PUK	Double confirm SIM PUK password.
Change SIM PIN	If you want to change SIM PIN code, you can click Change button and type old SIM PIN code and new SIM PIN code. Please aware not to exceed the retry number (PIN remaining number and PUN remaining number).
Old PIN	Please input the current SIM PIN code.
New PIN	Please input the newly update SIM PIN code.
PIN remaining number	Display the allowed remaining PIN code retry number.
PUK remaining number	Display the allowed remaining PUK code retry number.

Dual APN > APN1 / APN2

Item	Description
APN	The Access Point Name (APN) is the name for the settings to set up a connection to the gateway between your carrier's cellular network and the Public Internet. Leave it empty will search internally database automatically by SIM card for connection; however please notice APN1 and APN2 must be manually configured different setting while concurrently use.
Username	Username for authentication. The username can be input by user or the system will search from internal database if the APN setting is empty.
Password	Password for authentication. The password can be input by user or the system will search from internal database if the APN setting is empty.
Confirm Password	Double confirm password.
Auth: (None/PAP/CHAP)	If Auth mode is not None, most servers require username and password above.

LTE > APN1 / APN2 Usage

Real Time > Used MB in 10 Seconds

It displays real-time Download/Upload/Total MB for 10 seconds period.

Hourly

It displays Download/Upload/Total MB per hour in one day for current using SIM card and the view window size is 24 hours.

Daily

It displays Download/Upload/Total MB per day in one month for current using SIM card and the view window size is 31 days.

Weekly

It displays Download/Upload/Total MB per day in one week for current using SIM card and the view window size is 7 days.

Monthly

It displays Download/Upload/Total MB per month in one year for current using SIM card and the view window size is 12 months.

LTE > SMS

SMS > SMS Action

When enabling SMS Action, it allows trust phone number which in [Contacts/On Duty] list by sending key words SMS to trigger device setting/action/query status.

SMS > View SMS

This section allows you to review the information of SMS that you have received, including the state, phone and date and time. You can click [Refresh] button to review all messages. Please [Clear] clear button to clear all read messages

LTE > Serving Cell

Item	Description
RSRP	Reference Signal Received Power.
RSRQ	Reference Signal Received Quality.
SINR	Loarithmic value of SINR.
RSCP	The Received Signal Code Power Level of the cell that was scanned.
ECIO	Carrier to noise ratio in dB = measured Ec/lo value in dB.
Cell Identity	eNB ID (20 Bits) + Cell ID (8 Bits).
eNB ID	eNB ID.
Cell ID	Cell ID.
PCI ID	Physical Cell ID.
EARFCN	The E-UTRA-ARFCN of the cell that was scanned.
UL Bandwidth	Up Link Bandwidth.
DL Bandwidth	Down Link Bandwidth.
state	Connection State.

LTE > DNS

This section allows you to setup LTE specific DNS setting.

For APN1,APN2 DNS Server configuration, please check LTE->Dual APN->LTE Net Mode.

Item	Description
IPv4 DNS Server #1 IPv4 DNS Server #2 IPv4 DNS Server #3	Each setting DNS Server has three options, including From ISP, User Defined and None. When you select From ISP,the IPv4 DNS server IP is obtained from ISP. When you select User Defined, the IPv4 DNS server IP is input by user.

LAN > IPv4

Item	Description
LAN IPv4	IP Address:192.168.1.1 IP Mask:255.255.255.0 Both of them are default, you can change them according to your local IP Address and IP Mask.
DHCP Server	Turn on/off DHCP Server Configuration. Enable to make router can lease IP address to DHCP clients which connect to LAN.
IP Address Pool	Define the beginning and the end of the pool of IP addresses which will lease to DHCP clients.
Anti-Spoofing	According the Static IP Addresses to identify and drop packets that have a false source address.
Strict Bind	Only allow the Statis IP Addresses to access the internet network.
Gateway	The IP address of gateway which will assigned to the DHCP clients. Default: Will use the NET IP address.
Lease Time	Time in minutes that will be assigned to a lease for DHCP client's address.
Manual DNS	Manual DNS setting for DHCP client. If not set then the server will assign the device LAN IP as DNS server.
Static IP Addresses	DHCP server support static IP address assigment. The static IP address can be added by clicking the +Add Static IP Address button. Each static IP consist of mode(on/off), MAC and IP address. Mode: Turn on/off the static IP address MAC: The MAC address of target host or PC IP: The desired IP address for target host or PC

LAN > IPv6

Select your type of IPv6, which shows Delegate Prefix from WAN or Static, and then set up DHCP Server Configuration, including Address Assign, DNS Assign and DNS Server.

Item	Description
LAN IPv6	This section provides two types, including Delegate Prefix from WAN and Static. Static Address: You need to input the static address when you select the static type.
Delegate Prefix from WAN	Select this option to automatically obtain an IPv6 network prefix from the service provider or an uplink router.
Static	Select this option to configure a fixed IPv6 address for the cellular router’s LAN IPv6 address.
Address Assign Setup	Stateless: The cellular router uses IPv6 stateless auto configuration. RADVD (Router Advertisement Daemon) is enabled to have the cellular router send IPv6 prefix information in router advertisements periodically and in response to router solicitations. Stateful: The cellular router uses IPv6 stateful auto configuration. The LAN IPv6 clients can obtain IPv6 addresses through DHCPv6.

LAN > VLAN

This section allows you to set up VLAN that provides a network segmentation system to distinguish the LAN clients and separate them into different LAN subnet for enhancing security and controlling traffic.

When VLAN Mode is set to Tag Base,the VLAN setting window will appear.

For each row, the settings can be enabled or disabled by checkbox and select the Subnet and the VLAN ID (VID).The Subnet sets up the IP address and IP mask for the router so this router can communicate with the third party by this IP address and IP mask on this VLAN.(Note: The NET1 can't remove it and fixes in the first row.)

Furthermore, the Subnet provides DHCP Server function to allow the third party for the same VLAN to get IP address and IP mask. Therefore, you do not need to configure manually.

(Note: The subnet information will show the Subnet window from the LAN catalogue.)

Item	Description
Mode	The VLAN mode is Off or Tag Base (802.1p VLAN).
Enable	The assigned row of setting are enabled.
Subnet	The subnet provides IP address and IP mask for the router.
VID	The VLAN ID range is from 1 to 4094.
Name	The Interface name and LAN feature.

LAN > Subnet

This section allows you to get the information of IP Address and IP Mask and edit for the VLAN Subnets from DHCP Server Configuration.

This Subnet setting is the same with LAN>IPv4 setting and follows with Tag Base Mode of VLAN to enable the function.

IP Routing > Default Gateway

This section allows cellular router to setup the default gateway.

Item	Description
IPv4 Default Gateway	Disable or Enable the IPv4 default dateway
IPv6 Default Gateway	Disable or Enable the IPv6 default dateway

IP Routing > Static Route

Item	Description
Mode	The setting is for full network. Select from Off or On.
Settings
Mode	The setting is for the specific network. Select from Off or On.
Name	Set up each name for your running host or network.
Destination	Fill in the destination of a specific subnet or IP from network.
Gateway	Fill in the gateway address of your router.
Interface	Select the interface from LAN or Ethernet.

IP Routing > BGP

This section allows you to set up BGP with 4 NAVs, including General, Neighbors, Networks and Status.

IP Routing > BGP > General

Item	Description
Mode	Off：BGP function is off On：BGP function is on.
Number	number of the autonomous system (1 ~ 4294967295)
Redistribute local routes	Off：Not redistribute local routes from the device's own routing table On：Redistribute local routes from the device's own routing table
Redistribute connected routes	Off：Not redistribute connected routes to networks which are directly connected to the device On：Redistribute connected routes to networks which are directly connected to the device

IP Routing > BGP > Neighbor

The neighbors sub configuration is used to configure all the BGP routers to peer with and the maximum neighbors is 16.

Item	Description
Mode	Select from Off or On to enable the neighbor setting
IP Address	Set IP address of the peer router
AS Number	Autonomous system number of the peer router
Multihop	Allow multiple hops between this router and the peer router
Update Source Mode	Whether to specify the source address to this neighbor
Update Source Address	The source address to this neighbor

IP Routing > BGP > Networks

The networks sub configuration allows to add IP network prefixes that shall be distributed via BGP in addition to the networks that are redistributed from other sources as defined on the general sub configuration and the maximum neighbors is 16.

Item	Description
Mode	Prefix of the network
Prefix	Length of the prefix

IP Routing > BGP > Status

The status nav is used to show the status of each enabled BGP neighbors.

Item	Description
Neighbor	IP address of the neibgbor
AS	Autonomous system number of the neighbor
MsgRcvd	The number of BGP message received
MsgSent	The number of BGP message sent
Uptime	Uptime of the connection with the neighbor
State	The state of the connection with the neighbor

IP Routing > BGP > Route

The route nav is used to show the learned routes.

VPN > IPSec

Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data sent over an IPv4 network.

The router provide the basic control items to control the IPsec overall behavior.

Item	Description
Mode	Running the IPsec VPN or not. Select from Disable or Enable. The default is Disable.

Overviews

There have four sub settings to setup the IPsec VPN.

1. Connections
2. Authentication IDs
3. X.509 Certificates
4. CA Certificates

For the IPsec connection which be authenticated by pre-shared key, it only need to setup the Connections and Authentication IDs

For the IPsec connection which be authenticated by RSA or TLS, the settings must cover the four parts.

Connections

This section provides the information of the IPsec connections.

Each connection will show the State, IKE information and Tunnel information.

In the default setting, the list of connections is empty.

You can create the new connection by click + Add Connection button.

For the edit, you can click the Phase 1 and Phase 2 buttons to edit IPsec phase 1 and phase 2 setting respectively.

For the advance settings (like Dead peer detection, a.k.a DPD), you can click the ... button to edit it.

IPsec Phase 1 Setting

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
Name	Short name or description
Protocol	Select from IKEv1 or IKEv2. The default is IKEv1.
Aggressive mode	Select from Disable or Enable. The default is Disable. When this option be enabled, the connection will running on IKEv1 Aggreesive mode. Note: This option only work on IKEv1
Auth Type	Select from PSK (default), RSA, EAP-TLS. Note: The EAP-TLS is for IKEv2 only.
Encryption	The encyrption algorithm. Select from AES128 (default), AES192, AES256 or 3DES.
Hash	The integrity algorithm. Select from MD5, SHA1 (default) or SHA256.
DH Group	The Diffie Hellman Group. Select from 1(768 bit), 2(1024 bit), 5(1536 bit) (default), 14(2048 bit), 15(3072 bit), 16(4096 bit), 17(6144 bit) or 18(8192 bit).
Lifetime	How long the keying channel of a connection. Select from 30 minutes, 1 hour, 2 hours, 3 hours, 6 hours, 12 hours or 24 hours.
Local Host	The IP address of the router's public network interface. If this value is blank, the connection will automatically detect the correct IP address.
Local ID	The identification for authentication on local peer. Select from the created authentication IDs or empty.
Remote Host	The IP address of the peer gateway's public network interface. If this value is blank, the connection will act the server role to wait the incomming request.
Remote ID	The identification for authentication on remote peer. Select from the created authentication IDs or empty.

IPsec Phase 2 Setting

Item	Description
Protocol	Only support ESP.
Encryption	The encyrption algorithm. Select from AES128 (default), AES192, AES256 or 3DES.
Hash	The integrity algorithm. Select from MD5, SHA1 (default) or SHA256.
DH Group	The Diffie Hellman Group. Select from 1(768 bit), 2(1024 bit), 5(1536 bit) (default), 14(2048 bit), 15(3072 bit), 16(4096 bit), 17(6144 bit) or 18(8192 bit).
Lifetime	How long a particular instance of a connection. Select from 30 minutes, 1 hour, 2 hours, 3 hours, 6 hours, 12 hours or 24 hours.
Local Subnet	The private subnet behind the router. The available formats are A.B.C.D, A.B.C.D/M, A.B::C.D or A.B::C.D/M If this value is blank, the connection will set it as the `Local Host` of Phase 1 setting. Note: This option will be omitted when the service option is L2TP. (for host-to-host connection only)
Remote Subnet	The private subnet behind the peer gateway. The available formats are A.B.C.D, A.B.C.D/M, A.B::C.D or A.B::C.D/M If this value is blank, the connection will set it as the `Remote Host` of Phase 1 setting. Note: This option will be omitted when the service option is L2TP. (for host-to-host connection only)
Service	Restrict the VPN traffic to the particular protocol only. Select from the Any, TCP, UDP or L2TP.

IPsec Advance Setting

Item	Description
DPD interval	The period time interval to detect dead peers. The default is 30 seconds.
DPD retry	The max number of retry of dead peer detection. The default is 5 times.

Authentication IDs

This section provides the authenticaion ID set to authenticate the IPsec connections.

In the default setting, the list of authentication ID is empty.

You can create the new authentication ID by click + Add Authentication ID button.

Note: Please apply the changes before edit the connection settings.

Item	Description
ID	The identification for authentication. It only work on PSK type.
Type	Select from PSK or RSA. The default is PSK. PSK: Use the pre-shared key to authenticate the connection. RSA: Use the certificate to authenticate the connection.
Pre-shared Key / X.509 Certificate	The X.509 certificate for authentication. The certificate could be generated or imported by X.509 Certificates section.

According the above options, there have some combination to authenticate the IPsec connection.

#	ID	Type	Pre-shared Key / X.509 Certificate	Comment
1		PSK	password	The default password for the PSK connections.
2	remote.ipsec	PSK	2wsx#EDC	The password only for the PSK connection with remote.ipsec ID. Normally, this case will be used to authenticate peer gateway.
3	local.ipsec	PSK		The identification for the connection. Normally, this case will be used to announe the ID of the router.
4	test	RSA	created X.509	The ID field will be omitted, and use the common name(CN) of X.509 as the ID field.

X.509 Certificates

This section provides the certificates set which could be used by IPsec authentication ID.

Each certificate will show the State and Subject information.

And providing the controlling buttons to let user could import, download or edit the certificate/key files.

Note: Please apply the changes before editing the Authentication IDs settings.

CA Certificates

This section provides the CA certificates set which could check the X.509 certificate valid or not.

There have one self-signed CA (generated by the router).

And it support the user import the self-signed CAs to the router.

The self-signed CA will help the router to verify the self-signed X.509 certificate which be imported on X.509 Certificates section.

Each CA certificate will show the State and Subject information.

And providing the controlling buttons to let user could download or edit the certificate/key files.

IPsec Certificate

Certificate Generation

There have two kinds of certificate could generated by router, one is self-signed CA, the other one is X.509.

To generate the self-signed CA certificate:

1. Navigate to CA Certificates tab.
2. Click the Edit button to navigate the Certificate Setting page.
3. Fill up the information of the CA certificate.
4. Click the Generate Certificate button and Save.
5. Click the Apply button to apply the changes.

To generate the X.509 certificate:

1. Make sure the self-signed CA certificate generated.
2. Navigate to X.509 Certificates tab.
3. Add the new X.509 certificate by + Add X.509 button. (if not existed)
4. Click the Edit button to navigate the Certificate Setting page.
5. Fill up the information of the X.509 certificate.
6. Click the Generate Certificate button and Save.
7. Click the Apply button to apply the changes.

Certificate Setting

Item	Description
Country Name	The 2-letter country code. e.g. US This option is required for certificate generation.
State	The state name. e.g. Some-State
Location	The location name. e.g. city-name
Orgnization Name	The orgnization name. e.g. company-name This option is required for certificate generation.
Orgnization Unit Name	The orgnization unit name.
Common Name	The host name associated with the certificate. e.g. example.com This option is required for certificate generation.
E-mail	The maintainer's E-mail.

Certificate Importing

Same as the Certificate Generation, the router support the CA and X.509 certificate importing.

To import the CA certificate:

1. Navigate to CA Certificates tab.
2. Click the + Add CA certificate button.
3. Select the CA certificate file from browser window.
4. When the file be selected and everything all right, the newly CA certificate will shown the CA certificate list with Imported state.

To import the X.509 certificate:

1. Navigate to X.509 Certificates tab.
2. Click the + Add X.509 button. The list will pop up the balnk X.509 entry.
3. Click the Cert Import button.
4. Select the X.509 certificate file from browser window.
5. When the file be selected and everything all right, the state should be Cert or Key is missed.
6. Click the Key Import button.
7. Select the X.509 key file from browser window.
8. When the state shown Imported, the importing procedure is completed.

How to download the certificate

If the certificate be generated or imported. There have the download button to download each certificate and key file.

Note: When the connection is authenticated by RSA or EAP-TLS, the user must to download the X.509 certificate, key and CA certificate, and import the files to the remote gateway.

VPN > GRE

This section allows you to set GRE configuration. The default mode is off.

Generic Routing Encapsulation (GRE) is one of the available tunneling mechanisms which uses IP as the transport protocol and can be used for arrying many different passenger protocols. The tunnels behave as virtual point-to-point links that have two endpoints identified by the tunnel source and tunnel destination addresses at each endpoint.

Item	Description
Mode	Select from Off or On to enable GRE.
Local Address	Set local address of the GRE tunnel.
Remote Address	Set remote address of the GRE tunnel.
Tunnel Device Address	Set IP address of this GRE tunnel device.
Tunnel Device Address Prefix	Set Prefix of the Tunnel Device Address.

VPN > PPTP Server

This section provides 2 sub configurations, including General Configuration and Clients Configuration.

VPN > PPTP Server > General

Item	Description
Mode	Select from Off or On to enable PPTP Server.
Server Address	IP addresses to be used at the local end of the tunneled PPP links between the server and the client.
Client Address Range	A list of IP addresses to assign to remote PPTP clients.

VPN > PPTP Server > Clients

Item	Description
Mode	Select from Off or On to set the client setting.
Username	The username of this client.
Password	The password of this client.

VPN > L2TP

VPN> L2TP > Server Mode

Item	Description
Mode	Select from Off or On to set the client setting.
Auth	The authentication method for L2TP connection. Available options: PAP, CHAP, MS-CHAP, MS-CHAPv2
Local IP	The virtual IP for L2TP server.
Remote begin IP	The begin address of L2TP client's IP pool.
Remote end IP	The end address of L2TP client's IP pool.
Username	The L2TP client's username. Could be used to add the newly client or update existed client.
Password	The L2TP client's password. Could be used to add the newly client or update existed client.

VPN> L2TP > Client Mode

Item	Description
Mode	Turn on/off this L2TP connection
Server	The L2TP server address or hostname.
Auth	The authentication method for L2TP connection. Should same as L2TP server's auth type.
Username	The username for L2TP authentication.
Password	The password for L2TP authentication.
NAT	Turn on to translate the LAN subnet IP to L2TP virtual IP.
Default route	Turn on to redirect all traffic to L2TP tunnel.

Firewall > Basic Rules

This section allows you to set the Basic Rules configuration.

Item	Description
Interface	Choose which interface you want to allow the ping.
Access Control	Allow All: Any client who own the IPv4v6 Address can reach system is able to connect system. Allow specified IPv4v6 Address below: Only those configured IPv4v6 Address client are allowed to connect system.

Firewall > Port Forwarding

This section allows you to set up Port Forwarding and click edit button to configure.

Item	Description
Mode	Turn on/off Port Forwarding to select Disable or Enable. The default is Disable.
Description	Descript the name of Port Forwarding.
Protocol	Select from UDP or TCP Client which depends on the application.
Source Port Begin	Fill in the beginning of source port.
Source Port End	Fill in the end of source port.
Destination IP	Fill in the current private destination IP.
Destination Port Begin	Fill in the beginning of private destination port.
Destination Port End	Fill in the end of private destination port.

Firewall > DMZ

This section allows you to set the DMZ configuration.

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
Host IP Address	Fill in your Host IP Address.

Firewall > IP Filter

This section allows you to configure IP Filter. After clicking edit button, you can edit your IP protocol, source/port and destination/port.

1. The default is Disable Mode.

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
Protocol	Select from All, ICMP, TCP or UDP.
Source IP	Fill in your source IP address.
Source Port	Fill in your source port.
Destination IP	Fill in your destination IP address.
Destination Port	Fill in your destination port.

2. When selecting Enable Mode, the protocol is TCP. The source IP has IPv4 and IPv6 setting formats.
3. For Source IP, there are three types to input your source IP that depends on your requirement, including single IP, IP with Mask or giving a range of IP. The following table provides some examples.

IP Format	Single IP	IP with Mask	Ranged IP
IPv4	192.168.0.123	192.168.1.0/24 192.168.1.0/255.255.255.	192.168.1.1-192.168.1.123
IPv6	2607:f0d0:1002:51::4	2607:f0d0:1002:51::0/64	2607:f0d0:1002:51::4- 2607:f0d0:1002:51::aaaa
Note: Setting up a range of IP, please use "-" hyphen symbol to mark your ranged IP.

4. For Source Port, there are two types to input your source port that depends on your requirement, including single port (e.g.1234) or giving a range of ports (e.g.1234:5678).

Note: Setting up a range of source ports, please use ":" colon symbol to mark your ranged ports.

Firewall > MAC Filter

This section allows you to set up MAC Filter. After clicking edit button, you can edit your MAC address.

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
MAC Address	Fill in your MAC address.

Note: Setting up MAC address, please use ":" colon symbol (e.g. xx : xx : xx : xx) or "-" hyphen symbol to mark (e.g. xx - xx - xx - xx).

Firewall > URL Filter

This section allows you to set up URL Filter. After clicking edit button, you can edit the type of filter and information.

The default List is Black.When set as Black List,the specific URL in rule will be blocked.When set as White List,the specific URL in rule will be accepted.

Note: Please not include "https://" for the URL address in the Full Filter.

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
Filter	Select from Key or Full. The default is Key.
Key/Full	Fill in your Key/Full information.

Firewall > NAT

This section allows you to set NAT configuration.

When NAT is on, the router will replace the source private IP address by its Internet public address for outgoing packets, and replace the destination Internet public address by private IP address for incoming packets.

When NAT is off, the router will send the source LAN private IP address for outgoing packets and allow to receive the destination LAN private IP address for incoming packets.

Firewall > IPS

This section allows you to set IPS configuration. IPS prevents the system from being attacked by the Internet.

The system allows to limit the max incoming connection number from WAN per source IP address to prevent system resource exhausted. Also, the system allows to limit the max incoming connection retry number during a specific time period from WAN per source IP address to prevent too many unexpected connections retry event from causing system busy.

Item	Description
Mode	Turn on/off IPS function (default: Off)
Checkbox	Select from Enable or Disable (default).
Total allow incoming connection number	The default number is 10.
Checkbox	Select from Enable or Disable (default).
Max incoming connection retry number	The default number is 20.
Duration time	The default time is 120 seconds.

Service > SNMP

Service > SNMP > Community

Item	Description
Mode	Select from Disable or Enable to configure SNMP.
Community	Configure community setting with three options, including # 1, # 2 and #3.
Mode	Select from Disable or Enable.
Name	Name each community.
Access	Select from Read-Only or Read-Write.

Service > SNMP > SNMP v3 User configuration

Item	Description
Mode	Select from Disable or Enable to configure SNMP. The default is Disable.
Name	Fill in your name.
Auth Mode	Select from Authentication or Privacy.
Authentication Password	Fill in your authentication password.
Authentication Protocol	Select from MD5 or SHA.
Privacy Password	Fill in your privacy password.
Privacy Protocol	Select from DES or AES.
Access	Select from Read-Only or Read-Write.

Service > SNMP > SNMP trap configuration

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
Community Name	Fill in your community name.
Destination	The destination (domain name/IP) of remote SNMP trap server.

Service > TR069

This section allows you to set up TR069 client configuration.

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
ACS URL	Fill in the URL address of ACS(Auto-Configuration Server).
ACS Username	Fill in the ACS username to authenticate the CPE (this router) when connecting to the ACS.
ACS Password	Fill in the ACS password to authenticate the CPE (this router) when connecting to the ACS.
Periodic Inform	Select from Disable or Enable. The default is Disable. The CPE reports the status to the ACS when enabling a period of time set.
Periodic Inform Interval(Sec)	Fill in the periodic time. The CPE reports to ACS the status according to your duration in seconds of the interval set.
Connection Request Username	Fill in the connection request username to authenticate the ACS if the ACS attempts to communicate with the CPE.
Connection Request Password	Fill in the connection request password to authenticate the ACS if the ACS attempts to communicate with the CPE.
Connection Request Port	Fill in the connection request port to authenticate the ACS if the ACS attempts to communicate with the CPE.

Service > VRRP

This section allows you to configure VRRP.

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
Group ID	Specify which VRRP group of this router belong to (1-255). The default is 1.
Priority	Enter the priority value from 1 to 254. The larger value has higher priority. The default is 100.
Virtual IP	Each router in the same VRRP group must have the same virtual IP address. The default is 0.0.0.0. This virtual IP address must belong to the same address range as the real IP address of the interface.

Service > SMTP

Item	Description
Mode	Select from Disable or Enable. The default is Disable.
Server	The email will be sent through the server.
Port	There are three ports for SMTP communication between mail servers. Port 25: Use TCP port 25 without encryption. Port 465: SMTP connections secured by SSL. Port 587: SMTP connections secured by TLS.
Username/Password	Fill in your username and password as the same your server.

Service > IP Alias

This section allows you to set IP Alias configuration.

IP Alias is associating more than one IP address to a network interface. With IP Alias, one node on a network can have multiple connections to a network, each serving a different purpose.

IP Alias can be used to provide multiple network addresses on a single physical interface.

Item	Description
Mode	Select from Off or On to enable the IP Alias.
Entries	The setting can be edited or deleted the existed entries.
Add/Edit IP Alias Entry	Mode: select from Off or On to use or not use this entry. Interface: the interface you want to provide the additional address. Addr: the IP address. Mask: the network mask.

Service > QoS

QoS (Quality of Service) refers to a network ability to achieve maximum bandwidth and allow minimum bandwidth. It guarantees the minimum and limit the maximum bandwidth for certain class of traffic. The QoS configuration has three parts, including ISP bandwidth, QoS and Status.

• ISP bandwidth allows user to configure the max bandwidth for upstream and downstream of specific WAN interface. Upstream means from LAN to WAN. Downstream means WAN to LAN.
• QoS configuration allows user to classify the traffic. Once classified, the traffic will have the guarantee minimum and limit maximum bandwidth.
• Status allows user to monitor the dynamic bandwidth usage.

QoS > ISP Bandwidth

User can assign the Upstream and Downstream Bandwidth for each interface. The Bandwidth unit is kilobits per second.

To prevent guaranteed traffic loss, the assigned bandwidth is better not to exceed the real bandwidth because the allowable traffic quantity may exceed the real bandwidth.

QoS > QoS

You can select QoS tab and show a overall view for QoS configuration.

At right side of window, there are three buttons.

Edit button allows you to edit QoS Entry and configure QoS settings.

Up/Down arrow button allow you to adjust priority of the QoS entry. The first QoS entry is the highest priority.

The QoS entry configuration page has three parts for classify traffic, assign bandwidth, and group IP address bandwidth.

• Classify traffic by following items:

Item	Description
Mode	Select from Disable or Enable QoS.
Name	The setting can be edited or deleted the existed entries.
Interface	The interface of QoS entry is either WAN Ethernet or LTE and both options.
Direction	When selecting Upstream for LAN to WAN traffic, the Port Begin/End is for public server. When selecting Downstream for WAN to LAN traffic, the Port Begin/End is for public server. When selecting Upstream (LAN server) for WAN to LAN traffic, the Port Begin/End is for LAN server. When selecting Downstream (LAN server) for LAN to WAN traffic, the Port Begin/End is for LAN server. Downstream (LAN server) is for LAN to WAN traffic, and the Port Begin/End is for LAN server.
IPv4v6 Address	Choose four types to set address format, including All, Single, Subnet, and Range. All is for none. Single is for single IP address. Subnet is for IP address with subnet mask bit. Range is for the specified range between two IP addresses. Hint: When [RANGE] is selected, compare the difference from left to right octet and find out different octet for setting the specified range of IP address. All other parts after different octet would be ignored.
Protocol	All is for none. UDP is for User Datagram Protocol. TCP is for Transmission Control Protocol.
Port Begin/Port End	the TCP/UDP service port
VLAN follow vid of	NONE. NET1 - NET8. Note:For NET1 to NET8, make sure the related subnet is enabled at VLAN->Tag Base. The VLAN ID, vid, will be the VID field of the related Subnet at VLAN->Tag Base.
COS (Class of Service or 802.1q)	NONE or 0~7. It is class of service for VLAN.

• Assign bandwidth by following items:

Min Rate/Max Rate: The unit is kilobits per second. Min Rate guarantee the minimum bandwidth and Max Rate is the limit bandwidth.

• Assign group IP bandwidth by following items:

Bandwidth divided for each IP Address: When this feature is selected, the bandwidth assigned by Min Rate/Max Rate will be divided by the number of IP addresses. The available IP type is Subnet and Range. User needs to calculate the Min Rate and Max Rate for those IP addresses.

The subnet mask bit in IP Type Subnet is octet boundary and the number of IP addresses is one octet too, 256, from subnet mask bit to subnet mask plus eight bit.

QoS > Status

• Refresher Setting select the showed content of bandwidth usage by following items:
• Refresh rate: how long the browser will update the showed content once.
• Direct: show Upstream or Downstream.
• Show detail bandwidth for each IP address: show the group IP bandwidth usage.
• Apply Refresh Setting button: press this button to take above new setting effect.
• Data part is the content of bandwidth usage.

Management > Identification

Item	Description
Active Image Partition	show the active image patition: a or b
Model Name	show the model name of the device
LAN MAC Address	show the MAC address of LAN interface
WAN MAC Address	show the MAC address of WAN interface
Software Version	show the software version currently running on the device
Firmware Version	show the firmware version currently running on the device
Hardware Version	show the hardware version of the PCBA used at this device
Software MCSV	show the software MCSV of the running firmware
Hardware MCSV	show the harware MCSV of the device
Serial Number	show the serial number of the device
Modem Firmware Version	show the modem firmware version of the device
IMEI	show the IMEI - International Mobile Equipment Identity
Uptime	show the current system uptime
FOTA check time	Show the FOTA check time.
FOTA Software Version	Show the FOTA software version.
FOTA next check time	Show the FOTA next check time.

Management > Administration

Management > Administration > System Setup

This section allows you to set up the name of system and change your new password. For the Session TTL, you can set up what duration of time will be logout. If you don’t need to have this timeout limitation, you can fill in “0“(Zero).

Item	Description
Model Name	the model name of the device
Session TTL	minutes, 0 means no timeout

Management > Administration > Admin Password

Item	Description
New Password	type the password you want to change
Retype to confirm	retype the password you want to change

Management > Contacts / On Duty

Contacts / On Duty

• +Add Group: Please fill out group name.
• +Add User: Please fill out Name/Phone/E-Mail/Groups.

Duty Schedule

Please select duty date for every group. The trust and responsible groups can control/receive alarms and SMS.

Management > SSH

Secure Shell (SSH) allows user to configure system via a secure channel. User can configure system from either public domain or local LAN.

Item	Description
Mode	Select from Disable or Enable SSH function.
Server Port	The port number is where SSH server works on.
Access Control	Allow All: Any client who own the IPv4v6 Address can reach system is able to connect system. Allow specified IPv4v6 Address below: Only those configured IPv4v6 Address client are allowed to connect system.

Management > Web

This section allows user to change the HTTP port via HTTP. As long as pressing Apply, the web daemon will restart the new configuration, and you won’t see the response at the web browser.

Item	Description
Mode	Off: offer nothing HTTP: offer HTTP via LAN HTTPS: offer HTTPS via LAN/WAN Both:: offer HTTP via LAN and offer HTTPS via LAN/WAN
HTTP Port	The TCP port listened by HTTP daemon.
HTTPS Port	The TCP port listened by HTTPS daemon.

After pressing Apply button, the device will apply immediately and give you some hints "Please use new port to access latter". For example, port 3000.

Management > Telnet

This section allows user to choose whether offet the telnet via LAN/WAN.

Item	Description
LAN	whether or not offer the telnet service.
WAN	whether or not offer the telnet service.

Management > Fail2Ban

Fail2Ban is an intrusion prevention feature that protects the device from brute-force login attacks.

Item	Description
Mode	Select from Disable or Enable. The default is Enable.
Retry	The limit for maximun login retries/attempts.
Ban Time(s)	The banned time(s) for user or IP when it exceeded the retry limit.

E.g. Assume the retry is 3 and the ban time is 300 seconds.

If a specified IP has 3 login failures within 5 minutes then it will be banned 300 seconds.

Moreover, if it keeps to attempt a login and still fail then the banned time will be extended automatically.

Time	The count of login failure	The banned time (s)
2019/1/1 12:00:00	0	0
2019/1/1 12:00:01	1	0
2019/1/1 12:00:03	3	300
2019/1/1 12:00:10	4	300
2019/1/1 12:00:30	6	600

Management > Firmware

This section provides you to upgrade the firmware of the device

1. Click Select the firmware to upgrade button to choose your current firmware version in your PC.
2. Select Upgrade button to update.
3. After upgrading successfully, please reboot the device.

Management > Modem Firmware

This section provides you to upgrade the firmware of the modem

Item	Description
Device Version	Current MODEM software version.
NFS Server	Specify the IP of the NFS server.
Path	The path of the software on the NFS server.

Management > Configuration

This section supports you to export or import the configuration file.

• Click Backup the running configurations button to export your current configurations.
• Click Select the configuration file to restore button to import the configuration file.

Management > Load Factory

This section supports you to load the factory default configuration and restart the device immediately. You can click the Load Factory and Restart button.

Management > Restart

This section allows you to click Restart button to restart the device.

Management > Schedule Reboot

The setting allows you to schedule the reboot time regularly.

• Schedule Type – Interval
• Schedule Type - Per Day
• Schedule Type - Per Week
• Schedule Type - Per Month

Management > FOTA

This section allows you to set up the Firmware Over-the-Air.

Firmware Over the Air

Item	Description
Enable	Enable or disable the FOTA function, which is Enabled by default.
Check only the new firmware version (not upgrade)	Only check, not download firmware from the server.
Server URL	Enter custom server URL.

Schedule

Item	Description
	You can choose Auto or Custom, which is Auto by default.
Auto	There are two options for automatic, every day or every week.
Custom	You can choose the time or execute it immediately

Status

Show the status information after running. Update information server, Firmware download server, FOTA check time, FOTA software version, Result, FOTA next check time.

Diagnosis > Ping

Item	Description
Use Interface As Source	use or not use the Interface as source
Use Interface	APN1 / APN2
Host	the host name or the host IP address

Diagnosis > Traceroute

Item	Description
Use Interface As Source	use or not use the Interface as source
Use Interface	APN1 / APN2
Host	the host name or the host IP address

Diagnosis > TTY2TCP

Item	Description
Port number	the port number to issue tty2tcp
Start	start tty2tcp
Stop	stop tty2tcp