Antlabs Inngate 3 m-series Use and care manual

INNGATE 3

ADMINISTRATOR’S MANUAL

DOCUMENT RELEASE 1.01

Connectivity Made Easy Page 2 of 164

InnGate 3 Administrator’s Manual

This manual provides an in-depth coverage of the setup, configuration and

administration of an InnGate 3 and is intended for system and network

administrators who will be performing these tasks.

Connectivity Made Easy Page 3 of 164

TRADEMARKS AND ACKNOWLEDGEMENTS

The following trademarks and acknowledgments apply to the following:

The InnGate system and Tru’Connect™ technology are products and

technologies of Advanced Network Technology Laboratories Pte Ltd,

(ANT

labs

). Windows and Microsoft are registered trademarks of

Microsoft Corporation. Solaris is a registered trademark of Sun

Microsystems. All other products mentioned in this manual are

trademarks of their respective owners.

DISCLAIMER

No part of this manual may be copied, distributed, transmitted,

transcribed, stored in a retrieval system or translated into any human

or computer language, in any form or by any means, electronic or

otherwise, without the express written permission of ANT

labs

The software and accompanying written materials (including

instructions for use and this document) are provided “as is” without

warranty of any kind.

ANT

labs

does not warrant, guarantee or make any representations

regarding the use, or the results of the use, of the software or written

materials in terms of correctness, accuracy, reliability, trend or

otherwise. ANT

labs

reserves the right to make changes without further

notice to any products described herein to improve reliability, function

or design. This documentation is copyrighted and may not be altered

without written consent from ANT

labs

ANT

labs

reserves the right to prosecute companies or individuals who

make, distribute or use illegal copies of this software system and its

accompanying documentation.

Release Date: 10 July 2009

Document Reference No: IG3-ADM

Connectivity Made Easy Page 4 of 164

CONTENTS

Chapter 1................................................................................................ 9

GETTING STARTED............................................................................. 9

1.1Overview ............................................................................... 9

1.1.1Hardware.........................................................................10

1.1.2Network Operation............................................................11

1.2Recommended Setting...........................................................12

1.3System Setup........................................................................12

1.3.1Accessing the Web-based Admin GUI.................................13

1.3.2Configuring the WAN Interface ..........................................15

1.3.3Configuring the Domain Name Server.................................17

1.3.4Configuring the Web Proxy................................................18

1.3.5Creating a Plan.................................................................20

1.3.6Firewall Rules...................................................................22

1.3.7Creating a Location...........................................................24

1.3.8Creating VLANs ................................................................32

1.3.9Importing and Exporting VLAN Definitions ..........................34

1.4Network Installation...............................................................35

1.4.1VLAN-enabled Networks....................................................36

1.5Testing the Configuration.......................................................36

Chapter 2...............................................................................................38

Authentication ...................................................................................38

2.1Overview ..............................................................................38

2.2Local Accounts ......................................................................38

2.2.1Local Accounts Maintenance..............................................40

2.3PMS......................................................................................40

2.4Account Printers....................................................................43

2.5Credit Card ...........................................................................47

2.6MAC Filter.............................................................................47

2.7Global Settings......................................................................48

Chapter 3...............................................................................................50

LAN NETWORK SETTINGS..................................................................50

3.1Overview ..............................................................................50

3.2DHCP Setup..........................................................................51

3.2.1Configuring DHCP Server Mode..........................................51

3.2.1.1Setting up the Default Scope ........................................53

3.2.1.2Setting up the User Provision Routed Scope...................55

3.2.2Configuring DHCP Relay Mode ...........................................60

3.2.2.1Relay Agent Mappings..................................................61

3.3Routed Network Setup...........................................................62

3.4Walled Garden Setup .............................................................64

3.4.1Define HTTP URLs ............................................................65

3.4.2Define HTTPS Domains .....................................................67

3.4.3Define IP Addresses..........................................................69

3.5Network Devices Setup ..........................................................71

3.5.1Port Binding.....................................................................72

Connectivity Made Easy Page 5 of 164

3.6Device Detection Setup..........................................................75

3.7ARP Setup.............................................................................76

Chapter 4...............................................................................................78

WAN NETWORK SETTINGS.................................................................78

4.1Overview ..............................................................................78

4.2WAN Setup ...........................................................................78

4.2.1Defining a Static Route......................................................78

Chapter 5...............................................................................................80

NETWORK SERVICES SETTINGS .........................................................80

5.1Overview ..............................................................................80

5.2Web Server...........................................................................80

5.3Web Proxy............................................................................81

5.4Email Server..........................................................................81

5.5Remote Access......................................................................84

5.5.1Accessing the InnGate via Telnet and FTP ..........................86

Chapter 6...............................................................................................87

SYSTEM MAINTENANCE AND DIAGNOSTICS........................................87

6.1Overview ..............................................................................87

6.2Local Accounts Maintenance...................................................87

6.3Reports Maintenance .............................................................88

6.4PMS Diagnostics....................................................................90

Chapter 7...............................................................................................92

SYSTEM MONITORING AND REPORTING.............................................92

7.1Overview ..............................................................................92

7.2Monitors ...............................................................................92

7.2.1Status Monitor..................................................................92

7.2.2Device Monitor .................................................................94

7.2.3Session Monitor................................................................96

7.2.4Account Monitor ...............................................................97

7.2.5Cookies Monitor................................................................99

7.2.6Email Monitor.................................................................100

7.3Logs...................................................................................101

7.3.1Device Logs....................................................................101

7.3.2Session Logs ..................................................................102

7.3.3PMS Logs.......................................................................103

7.3.4Account Printer Logs.......................................................105

7.3.5Credit Card Logs.............................................................106

7.4Maintenance .......................................................................106

Chapter 8.............................................................................................107

SYSTEM ADMINISTRATION ..............................................................107

8.1Overview ............................................................................107

8.2Setting up Administrator Accounts.........................................107

8.2.1Creating an Administrator Group......................................108

8.2.2Defining Admin Group Permissions...................................109

8.2.3Creating an Administrator Account ...................................110

8.2.4Viewing Audit Log...........................................................112

8.2.5Assigning Admin Access ..................................................112

8.2.6Viewing Sessions ............................................................113

Connectivity Made Easy Page 6 of 164

8.3Powering up and shutting down the system...........................113

8.4System Configuration Backup or Restore ...............................114

8.5Applying System Patches......................................................115

8.6Setting the Date and Time....................................................116

8.7Syslog Configuration............................................................117

8.8SNMP Setup........................................................................118

8.8.1Traps Generated.............................................................120

8.8.2Supported MIBs..............................................................124

8.9View API Information...........................................................124

8.9.1HTTP Setting..................................................................125

8.9.2Browser Setting..............................................................126

8.10High Availability...................................................................128

8.11View License Information.....................................................128

8.12Console Access via Serial Connection.....................................128

8.13Securing the System for Deployment.....................................129

8.13.1Securing Access to the Admin GUI ...................................129

8.13.2Change the Default Admin User Account...........................130

8.13.3Change the FTP Account Password...................................131

8.13.4Change the Telnet and Console Password.........................131

Chapter 9.............................................................................................133

HIGH AVAILABILITY (E-Series) .........................................................133

9.1Overview ............................................................................133

9.2Network Configuration .........................................................133

9.3System Configuration...........................................................134

9.3.1HA Identifier ..................................................................136

9.4HA Leader Election ..............................................................137

9.5HA Failover Behavior............................................................137

9.6HA Synchronization..............................................................138

9.6.1Manual Synchronization...................................................139

Chapter 10...........................................................................................141

HIGH AVAILABILITY (M-Series).........................................................141

10.1Overview ............................................................................141

10.2Network Configuration .........................................................141

10.3System Configuration...........................................................142

10.4Billing Configuration.............................................................144

10.5Failover Behavior.................................................................145

Chapter 11...........................................................................................146

System Save & Restoration...............................................................146

11.1Overview ............................................................................146

11.2Save Snapshot ....................................................................146

11.3Restore Firmware ................................................................147

11.4Restore Snapshot ................................................................149

Appendix A...........................................................................................151

REDIRECT LOG................................................................................151

Appendix B...........................................................................................154

PERL REGULAR EXPRESSIONS..........................................................154

Appendix C...........................................................................................155

CSV FILE RESTRICTIONS .................................................................155

Connectivity Made Easy Page 7 of 164

Appendix D ..........................................................................................156

UPLOADING CUSTOM WEBPAGES .....................................................156

Appendix E...........................................................................................157

CUSTOM SSL LOGIN PAGES..............................................................157

Appendix F...........................................................................................161

ERROR PAGES.................................................................................161

Appendix G ..........................................................................................163

CREDIT CARD..................................................................................163

Connectivity Made Easy Page 8 of 164

PREFACE

AUDIENCE

This manual is intended for administrators who will be responsible for the

installation and configuration of the InnGate 3.

This manual will explain how first-time installation and configuration should

be done as well as the tasks involved in performing regular maintenance and

configuration.

Administrators are expected to have a good working knowledge of networks

and TCP/IP. Knowledge of the operating environment and characteristics of

the systems used in the deployed networks are also useful. Basic knowledge

of HTML and HTTP will also allow the administrator to customize the user-

facing web pages.

RELATED DOCUMENTATION

You may refer to the ANT

labs

homepage at http://www.antlabs.com/ for

other related materials and documents released by ANT

labs

FEEDBACK AND COMMENTS

ANT

labs

welcomes all comments and suggestions on the quality and

usefulness of this document. Our users’ feedback is an important component

of the information used for improvement of this document.

Please include in your feedback:

Name

Title

Company

Department

E-Mail

Postal Address

Telephone Number

Document Title & Release No

Document Reference No.



Comments/Feedback

Also, please include the chapter, section and/or page number when referring

to specific portions of the document.

Send your comments via email to [email protected]

Connectivity Made Easy Page 9 of 164

Chapter 1

GETTING STARTED

1.1 Overview

This chapter will illustrate a simple network deployment of the InnGate 3

involving the following 3 steps:

1. System Setup – Configuring the InnGate to operate in the network.

2. Network Installation – Connecting the InnGate to the network.

3. Testing the Configuration – Ensuring that the InnGate operates as

expected.

Figure 1-1 shows a simple network setup which will be used to illustrate the

deployment steps in this chapter.

Figure 1-1 Example Network Diagram

Connectivity Made Easy Page 10 of 164

Although your own network will likely differ from this, the general principles

for installing and configuring the InnGate are still applicable.

The setup covered in this chapter is suitable for quick demonstrations and

small-scale setups. Later chapters will cover details for more complex

deployment scenarios.

1.1.1 Hardware

Front Panel

Back Panel

Figure 1-2 InnGate E Series Front & Back Panels

Front Panel

Back Panel

Figure 1-3 InnGate M Series Front & Back Panels

Some of the switches and connectors shown in Figure 1-2 and Figure 1-3 are

described here:

Connectivity Made Easy Page 11 of 164

1. USB Serial Console – The left USB port allows direct console access

to the InnGate. Use the provided USB-to-serial converter to connect a

PC with a terminal program to access the console (see Section 8.12).

2. Serial Console – The M-series serial console allows direct console

access to the InnGate.

3. LAN – All clients to be managed by the InnGate are placed on the

network which is connected to this port.

4. WAN – This port connects the InnGate to the rest of the network for

client traffic to pass through.

5. OPT1 – Used to connect two InnGates in a High Availability (HA)

setup. Both OPT1 have to be connected to the same HA VLAN. This will

be used for the HA heartbeat signals between the gateways.

6. Power button (for E Series only) – The power button is located to

the left of the front panel, behind the faceplate. The behaviour of the

button depends on the power state:

a. InnGate is powered up – Pressing will shut down the

InnGate.

b. InnGate was shutdown normally – Press to power up.

In the event of a power failure, the InnGate will automatically

power up when the supply from the electrical mains is restored. The

power button does not need to be pressed.

The hardware serial number is usually found on the rear panel of the InnGate

and the licensing serial number is accessible via the Admin GUI (see Section

8.11).

1.1.2 Network Operation

As shown in Figure 1-1, the InnGate separates the network into the

upstream and downstream networks:

1. Downstream Network – The InnGate manages the Authentication,

Authorization and Accounting (AAA) functions and enables the

Tru’Connect Zero-Configuration for client devices on the downstream.

2. Upstream Network – Only successfully authenticated downstream

clients may be authorized to access the upstream network. This is

where the server farm, DMZ and also the gateway to the Internet

normally reside.

Connectivity Made Easy Page 12 of 164

When in operation, the InnGate performs Network Address and Port

Translation (NAPT) on the WAN interface for downstream clients (routing can

also be done and is discussed in Section 3.2 and Section 3.3). Thus when a

downstream client wants to send packets to the upstream, the InnGate will

do so using its WAN IP address.

1.2 Recommended Setting

The recommended settings for InnGate 3 are shown in table below:

M-Series E-Series EX-Series

Recommended Recommended Recommended

User Accounts 1,000 10,000 20,000Total number of accounts* + MAC

filter entries

Log Entries 5,000 50,000 50,000

Total number of log entries in

database

User Licenses 300 1,000 1,000

Total number of detected devices

VLANs 300 1,000 2,000

Total number of configured VLANs

Network Devices 30 100 200

Total number of Network devices

Port Binding Rules 30 100 200

Total number of Port Binding rules

Undelivered Mails 1,000 10,000 20,000

Total number of undelivered mails

Locations 5 15 25

Total number of defined Locations

Plans 10 30 50

Total number of defined Plans

1.3 System Setup

This section explains the basic configuration for a new InnGate to operate in

our network example. These configuration tasks are performed through the

web-based admin GUI (see Section 1.3.1):

1. Configuring the WAN Interface – See Section 1.3.2.

2. Configuring the Domain Name Server – See Section 1.3.3.

3. Configuring the Web Proxy (optional) – See Section 1.3.4.

4. Configuring the Plans – See Section 1.3.5.

5. Configuring the Locations – See Section 1.3.7.

6. Configuring the VLANs – See Section 1.3.8.

Connectivity Made Easy Page 13 of 164

Some of these tasks can also be performed through the Command Line

Interface (CLI) and is discussed separately in the InnGate Command Line

Reference.

1.3.1 Accessing the Web-based Admin GUI

This section explains how to access1the Web-based Admin GUI to configure

the system settings.

Power up the InnGate and connect to either the WAN or LAN port using a

cross-cable. Then follow the instructions to access the Admin GUI:

If ever you are unable to access the InnGate from one of the

interfaces due to possible incorrect configuration settings, you can

always attempt to reconnect via the other interface. In addition, the

Admin GUI can only be accessed via secure-HTTP (HTTPS) and the

forward slash (‘/’) after “admin” should be included.

1. Connecting from the WAN Interface:

The URL to access the Admin GUI is:

https://<WAN IP Address>/admin/

The factory default WAN IP address is 192.168.0.1, with a

subnet mask of 255.255.255.0. When connecting directly,

ensure that the subnet mask setting on your client device

matches the default value. The URL of the Admin GUI for a new

InnGate will therefore be: https://192.168.0.1/admin/

2. Connecting from the LAN Interface:

The URL to access the Admin GUI is:

https://ezxcess.antlabs.com/admin/

The “ezxcess.antlabs.com” domain is only valid on the LAN

network (assuming that LAN access to the Admin GUI is not

blocked) and is not a valid domain on the public Internet.

Figure 1-4 shows the SSL warning message you will see when connecting via

HTTPS. Click the Yes button to continue.

1You will need a version 4.0 or better MS IE/Netscape web browser to access the Admin GUI.

The web browser should also have cookies and Javascript enabled and must support frames.

Connectivity Made Easy Page 14 of 164

Figure 1-4 SSL Warning Message

The administrator’s login page is presented next (see Figure 1-5).

Figure 1-5 Login Prompt

root

” and default password “

admin

”.

It is recommended that you change the default password (see Section

8.3.2) to prevent unauthorized access.

Upon successful login, the main Admin Page will be displayed (Figure 1-6

shows a portion of the actual page), which is a status summary.

Figure 1-6 Admin Page

Connectivity Made Easy Page 15 of 164

The various menu options are displayed on the left side of the page and you

may return to the main Admin page at any time by clicking on the “InnGate”

logo at the top-left corner of the browser window.

1.3.2 Configuring the WAN Interface

The WAN interface has to be properly configured with a routable IP address,

valid subnet mask and gateway in order for the InnGate to function correctly

in your network.

To configure the WAN Interface:

1. Click on WAN.

A list of WAN profiles will be displayed (see Figure 1-7).

Figure 1-7 WAN Profiles

The InnGate comes preconfigured with a single default WAN profile. In our

example, we will go ahead and modify this profile by clicking on the entry.

The settings of the selected WAN Profile will be displayed (see Figure 1-8).

Connectivity Made Easy Page 16 of 164

Figure 1-8 Modify WAN Profile

The various fields are described as follows:

1. IP Address – The host IP address for the InnGate on the upstream

network.

The factory default IP address setting is

192.168.0.1

. Change this to

a valid routable IP address on your upstream network.

2. Subnet Mask – The subnet mask of the upstream network that the

InnGate is connected to.

The factory default subnet mask setting is

255.255.255.0

. Change

this to the mask used on your upstream network segment.

3. Gateway – The address of the router or gateway for the InnGate to

send network traffic to for the next-hop.

4. Bandwidth – Bandwidth options are available with an optional module

which may be purchased separately.

a. Download Limit – The maximum bandwidth allocated for the

WAN Interface for incoming packets.

b. Upload Limit – The maximum bandwidth allocated for the

WAN Interface for outgoing packets.

Connectivity Made Easy Page 17 of 164

5. Source NAT Address Range – The InnGate will use the pool of IP

addresses defined here when performing network address and port

translation (NAPT) on the WAN interface for its downstream clients.

The WAN IP address must be in the same subnet as the source

NAT address range

6. Description – A description of this profile.

Click to confirm the changes. The system will then display a summary of

the WAN profile.

If you are accessing the Admin GUI via the WAN interface and your web

browser appears to have stalled, it is because the browser is trying to access

the InnGate using the previous IP address. If that happens, close ALL

currently opened browser sessions, start a new browser session and login to

the admin page again.

1.3.3 Configuring the Domain Name Server

A DNS is required by the InnGate to resolve domain names. If you do not

configure this parameter, hosts will only be addressable via their IP

addresses.

If you have your own DNS within your network for name resolutions, you

can likewise configure the InnGate to use it. This DNS should be able to

resolve both internal and external domains. Alternatively, you can configure

the InnGate to use your ISP’s DNS for name resolutions. The InnGate also

allows more than one DNS entry to be specified.

To configure the DNS settings:

1. Click on WAN.

2. Click on DNS.

A list of DNS entries will be displayed (see Figure 1-9), sorted in order of

priority.

Figure 1-9 DNS Settings

Connectivity Made Easy Page 18 of 164

The InnGate comes with a default entry which we will modify according to

your network DNS defined. Click on the entry to proceed.

The DNS configuration page will be displayed (see Figure 1-10).

Figure 1-10 DNS Configuration Page

The fields are described here:

1. Parent DNS Server – IP address of the Domain Name Server that

can be contacted for name resolution. Click to add more entries.

Click to confirm the changes.

The InnGate will switch to another DNS server in the list for subsequent

name resolution attempts if a previous attempt was unanswered.

1.3.4 Configuring the Web Proxy

The InnGate can be configured to forward HTTP requests to a web proxy

server if necessary. This is optional, depending on whether your network

allows direct connections to the Internet or requires the use of a proxy.

To configure the Web Proxy settings:

1. Click on Services.

2. Click on Web Proxy.

The Web Proxy configuration page will be displayed (see Figure 1-11).

Connectivity Made Easy Page 19 of 164

Figure 1-11 Web Proxy Configuration

The various fields are described as follows:

1. Direct Connection – Select this if your network allows direct

connections to the Internet.

2. Use Proxy – Select this if your network requires the use of a web

proxy for browsing.

3. IP Address / Name – A proxy server entry that the InnGate can use

for downstream web traffic.

4. Port – The port number for accessing the proxy server.

5. Display Email – This is the email address that is displayed in error

pages generated when users attempt to access an invalid or

inaccessible URL.

You may add and remove proxy server entries by clicking or .

Click to confirm the entries.

Configuring the web proxy for the InnGate does not mean that the

downstream clients have to set their browser’s proxy setting. Downstream

clients will continue to enjoy Zero-Configuration. However, it is important to

note that a downstream client that has an existing browser proxy setting (e.g.

company laptop with corporate web proxy setting) should not change it after

logging in.

Connectivity Made Easy Page 20 of 164

1.3.5 Creating a Plan

Next you need to create the different types of service plans required. This

depends on your business needs.

To configure the Plans:

1. Click on Policies.

2. Click on Plans.

Any existing plans will be shown. Select an existing plan or create a new one.

Figure 1-12 Plans

Figure 1-13 shows the plan creation page. These are the fields:

1. Plan Name – Name of the plan. Best to give a meaningful name.

2. Price – The units to charge for usage. The definition of a unit depends

on what is defined in your PMS system.

3. Duration & Volume Limit – Select if you want to charge by duration

or data volume usage. The user will need to repurchase once the plan

is used up. The 4 different types of duration and volume plans

supported are:

a. Unlimited duration and volume

b. Fixed Duration / Single Duration – single fixed usage period

valid from the first time of use for the duration specified

c. Stored Duration – multiple usage period valid as long as there

is balanced time left

This manual suits for next models

Table of contents

Popular Gateway manuals by other brands

WELLTECH

WELLTECH 2540 FXO user guide

Next Level Security Systems

Next Level Security Systems NLSS 4000 Specifications

Honeywell

Honeywell SMX quick start guide

Dialogic

Dialogic 2000 Series Installation and configuration note

Arris

Arris SURFboard SBG6700-AC user guide

Huawei

Huawei HG630 quick start

AudioCodes

AudioCodes Gateway & Session Border Controller Series Hardware installation manual

Moxa Technologies

Moxa Technologies CCG-1500 Series user manual

Lantronix

Lantronix EDS-MD Series Command reference

Ubiquiti

Ubiquiti UniFi Security Gateway XG-8 quick start guide

ZyXEL Communications

ZyXEL Communications P-660HW-Tx v3 Series Support notes

iPECS

iPECS iPECS-LIK Installer's guide

RTA

RTA 460PSWI-NNA1 Product user guide

Etross

Etross ET-360 user manual

Rath

Rath 2100-GSM4 Data Sheet / Manual

Patton electronics

Patton electronics 1400 Series Specification sheet

RTA

RTA 460PSSC-NNA1 Product user guide

Advantech

Advantech WISE-6610 Series user manual

ANTlabs InnGate 3 M-series Use and care manual

Popular Gateway manuals by other brands