Mako 6500 Setup & Configuration Instructions Manual
Management
Home
Company
Search
•
•
MN_CMS0001_MK_A4
Page 2 of 45 Central Management System
Glossary Contents
Central Management System Page 3 of 45
1 Introduction 5
2 Registration & Login 7
3 Home 9
3.1 Anatomy of the Left Main Menu 9
3.2 Status Icons 9
3.3 'Click' Convention 9
3.4 Anatomy of the Header Bar 10
4 Selection 11
4.1 Selection >Search 11
4.2 Selection >My Makos 11
4.3 Selection >My Client's Makos 11
4.4 List Filtering 12
4.5 Seeing a CPE's Information Window 12
5 Configure 13
5.1 Configure > Internet >ISP Setup 13
5.2 Configure >Internet > Secondary ISP Setup >Cellular Failover 16
5.3 Configure > Internet >Alerts 17
5.4 Configure > Internet >IP Range 18
5.5 Configure > Network >LAN 1 18
5.6 Configure > Network >Port Setup 21
5.7 Configure > Network >VLAN Setup 22
5.8 Configure > Network > WiFi LAN >Basic 22
5.9 Configure > Network > WiFi LAN >Advanced 23
5.10 Configure > Network >DHCP Leases 24
5.11 Configure > Network >Static Routes 24
5.12 Configure >Firewall 25
5.13 Configure > Firewall >Inbound, Outbound, Intranet, VPNs 25
6 VPN 29
6.1 VPN > ... >Manage Access 29
6.2 VPN > ... > Invitation >Send Invitation 30
6.3 VPN > ... > Invitation >Send Invitation 30
6.4 VPN > ... >Add Third Party Device 31
6.5 VPN > ... >Delete Third Party Device 31
6.6 VPN > Remote Access >Manage Access 31
6.7 VPN > Remote Access >Add VPN User 32
6.8 VPN > Remote Access >PPTP Settings 32
7 Services 33
7.1 Services > QoS >Basic 33
7.2 Services > QoS >Advanced 33
7.3 Services >PCI DSS 34
7.4 Services >Mako Guardian 34
7.5 Services >Mako Failover 34
7.6 Services >Dynamic DNS 34
7.7 Configure >Location 35
7.8 Configure > Access >Access 35
7.9 Configure > Access >Email Settings 36
8 Management 37
8.1 Management >Home 37
8.2 Management > Company >Search 37
8.3 Management > Company >New Company 37
8.4 Management > Company >Manage [Your Company] 37
8.5 Management > Company > Manage [Your Company] >Licences 38
8.6 Management > ... > Manage [Your Company] ... >Email Settings 38
8.7 Management > ... Manage [Your Company] > ... >Customise Reports 38
8.8 Management > ... Manage [Your Company] > ... >Manage Images 38
8.9 Management > User >Search 38
8.10 Management > User >New User 38
8.11 Management > User >[User Name] 38
8.12 Management > User > [User Name] >Events 39
9 Help 40
9.1 Help >Help Contacts 40
9.2 Help >Documentation 40
10 Troubleshooting 41
A ISP Plan Request 42
B Overview 43
C Glossary 46
D MakoScope 52
E Connectivity information 54
11 Warranty 55
Contents
Should Someone Else Be Reading This?What's wrong with this IP address: 202.12.324.4?
Page 4 of 45 Central Management System
Glossary Contents
Central Management System Page 5 of 45
1 Introduction
Congratulations on choosing the Mako System. The Mako System oers a cloud-managed, turnkey
solution to create and manage broadband networks for small sites. With anytime, anywhere access, the
Mako System oers real-time management, reporting and proactive security in one solution.
The Mako System is focused on providing businesses with a standard of information security that meets
the Payment Card Industry Data Security Standard (PCI DSS).
This manual will complement your chosen Mako appliance, also known as the Customer Premise
Equipment (CPE).
Your CPE is managed remotely by Mako via a web server, using your standard Internet connection and
the Central Management System (CMS). The CMS uses a web browser for personal conguration and
reporting.
The CMS is always used with a CPE to provide reporting and conguration options via the hosted
servers. Your CPE, CMS and the hosted management servers are referred to as the Mako System.
Internet
Your CPE
Mako
CMS
Your Mako
PCI LAN
Your Mako
Public LAN
System Overview
Your CPE checks in with the
Central Management Server/
System (CMS) every 2 minutes.
It sends its raw datalogs for
processing, and receives any
required updates.
Your CPE applies these updates to
congure your network: rewalls,
lters, email, users, VPNs, etc.
PCIDSS trac goes to your secure
network.
PCIDSS trac does NOT go to
your public network, but your
System allows you to lter access
to your public network, should
you require it.
1.0.1 What Isn't Covered
This is a guideline for using the CMS to congure and manage your CPE in a standard environment. This
manual doesn't cover the reporting aspects of the CMS and connected devices, deployment, nor certain
services such as Mako Guardian or Mako Mail. These options are covered in dierent manuals.
Are You Overpaid?What is the weight of the Earth?
Page 6 of 45 Central Management System
1.0.2 Manual Conventions
For navigation, we use this format: Main Tab > Sub-tab > ... > ... >Function. This is shorthand, asking
you to click on the rst level menu level and click on successive levels until you nd the appropriate
page.
An explanatory note. Usually not critical for the normal operation of the system.
A settings note. The note requires your attention, but due to the dierence in browsers or
conguration might not apply for the operation or conguration of the system.
A warning note. The note requires your attention and will aect the way you and other
approved users will use your system.
A danger note. The note requires your full attention and may signicantly aect your system's
integrity, cause electrical damage, data corruption or even a health and safety-related injury.
1.0.3 CMS Conventions
The CMS uses a number of user feedback and help tools to assist you in managing your network:
Hover Help ( ) Hovering over these icons provide extra info on that specic option.
Error/Warning Area If an error or warning is generated by a conguration option, the page
you've attempted to save settings on re-appears with a highlighted
message above the main body of the page.
Save when nished The interface uses a mix of dynamic data entry (for example, automatically
updated input when you click a radio button) and non-dynamic data
entry (for example, text eld entry will not be updated until you click a
Save or Add button). Some pages may have Save buttons scrolled o your
screen.
When you enter text in data elds you will not be automatically prompted
to save changes. This means navigating away from a screen without
saving changes will result in no change to your system.
Save buttons are generally in the bottom right of a page, and may also be
called Add [...], Update [...] or some other relevant call-to-action.
1.0.4 Who is this Document For?
This is the eternal question for a manual: What level of detail is comfortable for you? Too little, and this
manual might as well not exist, or you might feel inadequate to the task. Too much, and attention wanes
from important details, or you may feel we're insulting your intelligence.
The line we drew separates Action from Knowledge, or, things we want you to do, and things we
want you to know. The main body of this manual is all about what you should do to operate the CMS
safely and competently. It tells you where to nd operations or settings, and even briey expands
the enormous number of acronyms used in the Network IT industry. But it does NOT give you best
practice advice, in-depth troubleshooting, or many worked examples on how to deploy ideal or specic
congurations for your network.
There are two reasons for this.
1) Providing specic examples is a security risk to your system. Even if we recommend or indicate
ways to do specic operations (how to create a password, what to name your devices, examples of usual
IP address settings, etc.) we would be subconsciously (or even explicitly) imposing patterns on you that
hackers and other unethical types can take advantage of.
However, we do provide some examples that are fairly basic that everyone in the IT Industry knows or
should know.
2) Use the Glossary. A glossary is about as close as we can come to economically explain what many
terms in this manual mean. If background information was placed behind every option available to you
you'd never get through a site conguration.
Glossary Contents
Central Management System Page 7 of 45
2 Registration & Login
When your account is set up, the CMS emails you your accounts details, along with a link to log you into
your network.
The CMS has been tested against several versions of the popular browser software products. It's likely
that, due to dierent browser products, versions and settings, your view of the interface may vary
slightly from the ones illustrated in this guide.
While accessing the CMS, your browser will use a secure communication protocol, known as SSL (Secure
Socket Layer) https://, in which trac between the browser and the Central Management Servers is
encrypted.
Your browser must accept cookies and must have JavaScript enabled to access the CMS
website. These properties are set in your browser preferences and are normally enabled
by default.
2.0.1 Registration
Registration is a one-time process that activates the account created for you by your reseller on the CMS.
You'll be sent an email with a link. New user registration is done when you follow the link, either by
clicking it or pasting the link into your web browser's address window.
Home >New User Registration
n Enter the appropriate details.
You will be asked to read and acknowledge the End User License Agreement (EULA)
before you can start using your system.
Did You Google This?The top-left section dies on a common 7-part LED digit. What numbers can still be made?
Page 8 of 45 Central Management System
2.0.2 Login
n Click the link, or open your Web browser and navigate to your Mako Management CMS.
n Click the Customer Login button, top right of the window. If you're operating in a PCI environment you
will need to provide the reCAPTCHA login details.
n If your login is incorrect you'll be asked to re-enter your information.
Logins and passwords are your last line of protection for ensuring your system remains
robust. Never give you login or password out to anyone else.
If your system has a PCI template, it has the ability to handle 2 sets of internet trac: PCI-compliant
(usually for credit card transactions), and non-PCI-compliant (for general internet trac).
If you don't have a PCI template, you have two still have two separate trac routes with our entry-level
appliances. For example, one could be used for a public, general access pipe (often called a DMZ) for a
web server. Our higher capacity appliances provide up to 4 LANs simultaneously.
While you may run separate LANs, each CPE runs on only one CMS. Only one login/
password is assigned to a user, but one user may be set up to manage several CPEs.
PCI-compliant trac requires you to change your password every 90 days. If you have
congured a non-PCI network then security is more forgiving, allowing you to maintain
or change your password as you see t.
2.0.3 Forgotten/Expired Passwords
If you forget your password, or your password has expired:
n In the Customer Login window click Forgotten/Expired password?
n Your email notication or reseller will supply you with the necessary steps to re-enter your system.
Glossary Contents
Central Management System Page 9 of 45
3 Home
The Home window is the starting point for administration and monitoring of your CPEs and users.
3.1 Anatomy of the Left Main Menu
n Reveal triangles ( ) show more options are within that
menu. Dark triangles indicate collapsed options, coloured
triangles indicate revealed options.
n Dotted menu options indicate no submenus are within
this option.
n Lighter buttons sit at the topmost level. As you drill down
into the submenus the shade gets darker and the options
get indented slightly on the left.
n The highlighted menu item is the open option. Once
selected, the menu item on the left highlights, reveals the
submenu items or content in the main screen (right).
3.2 Status Icons
Your system uses a small set of status icons to present
instruction and data consistently:
Help
Information hovertext
Warning/Important
Allow trac/Active
H
Deny Trac
N
Default Mode
Edit DHCP settings
Awaiting Connection
3.3 'Click' Convention
Navigation through menu screens uses this convention:
Main Menu Item > Submenu >Function
means 'Click the Main Menu button, then the Submenu
Button, to nd this page of options'.
Are You Prepared?You're lost in dense bush. As dark approaches, you have only one match to light a kerosene lamp, kindling and a signal are. What should you light rst?
Page 10 of 45 Central Management System
3.4 Anatomy of the Header Bar
The header gives you an immediate overview of your account, access history and general info.
The top line gives you the user access details, time and company you're operating under for this session.
Also here is:
"Head Oce" The name of the selected CPE.
Information. Click this for this CPE's conguration prole.
Access History The list of CPEs recently accessed for conguration or use. Also, you
can search for other CPEs using their ID and section numbers, or get
information details on the CPEs in this list with their respective buttons.
Glossary Contents
Central Management System Page 11 of 45
4 Selection
The Selection menu allows you to select an individual CPE in your network and interrogate it.
Large sections of the CMS are inoperable if you don't have an appliance selected.
Let's get a list of CPEs to choose from.
4.1 Selection >Search
n Enter a company and/or name location eld
Search when nished.
n Click your target CPE's radio button from this list.
The default selection will be the topmost CPE.
4.1.1 Advanced Search
Your network can be searched using each CPE's ID text.
n Advanced Search > Enter your ID
Search when nished.
4.2 Selection >My Makos
n Select a CPE's radio button. Within 5 seconds the Header should update.
4.3 Selection >My Client's Makos
If you're managing or monitoring several networks:
n Select a Client... from the dropdown menu.
n Select a CPE's radio button.
Following any one of the methods above, you should have a selection of CPEs to choose from.
Are you a Problem Solver or Problem Starter?You have a shotgun. 9 ducks sit on a fence, 10 m away. You shoot 1. How many are left?
Page 12 of 45 Central Management System
Once you've clicked a CPE's radio button, several details appear for your attention:
n At the top of the page, your login, location, time and CPE details appear in the Header bar.
n The CPE's Status, Info and History shortcuts also appear in the Header bar.
n 2 features, Reports and Congure, appear in the main menu (if your user prole has been given access
to these sections). The Report section is covered in a dierent manual.
In your use of the Mako CMS, you'll nd other ways to select a CPE. Always remember:
The CPE you are working with is listed in the Header bar of each page.
4.4 List Filtering
To lter your results by Online, Oine or Awaiting Connection status categories:
n In the CPE Status Summary above the list, click , or to lter the results by connection status.
4.5 Seeing a CPE's Information Window
Either:
n Click on the icon in the header bar
OR:
n Click on any individual status icon of a CPE on
the right of the list ( , or )
CPE is operating
CPE is oine
CPE is awaiting connection
If you click the Show More Detail link at the
bottom of the Status column you will also see
the amount of data that CPE has handled in the
last month [Usage], and the CPE's internet [IP]
address.
The Information Window also contains shortcut
links ( ) to change various parameters within
the main menu. These parameters are explained
in dierent sections of this manual.
Glossary Contents
Central Management System Page 13 of 45
5 Configure
The default settings, pre-congured by your reseller, will usually be ne for your network. But from time
to time you may require new features and functionality. Your reseller can advise on the appropriate
changes as your requirements change.
Most ISP plans have been pre-congured and the only entry required is selecting the appropriate plan.
Be aware that re-conguring these functions can disable critical operations of your
Mako appliance — care should be taken to ensure that conguration changes do not
compromise your oce network security or its access to the Internet. If a conguration
option is missing, this will be highlighted by .
Once you've selected a CPE in the Selection menu, you may change its parameters.
Your ability to congure CPEs may be restricted. Please consult your reseller if you
encounter any diculties.
The over-arcing process behind setting up a CPE follows 7 general areas, shown in the navigation strip:
Selection, Reports, Congure, Management, Sales, System, Help/Docs. These areas may or may not
have visibility due to an individual user's prole.
The options that appear within these areas may change depending on your CPE model, method of
connectivity, level of access and use. The following covers all options you might encounter, but it's
unlikely you'll see, or even need to change, all of them.
5.1 Configure > Internet >ISP Setup
This section congures your CPE to connect to your ISP.
Connection Type: Options are dependent on:
n the CPE model you've selected
n the connect type–PPP, IP, Bridged Ethernet, ADSL, Cellular
n and your ISP plan.
Checked Your Electrics?If a simple DC circuit uses 6 V at 2 mA, what's its resistance?
Page 14 of 45 Central Management System
Bridged Ethernet should only be used if required by your ISP. It's used when Ethernet
frames are to be sent and received directly over the DSL connection.
If either IP or Bridged Ethernet are selected, the DHCP, WAN IP, Network Mask and
Default Gateways must be congured.
IP is only available on Ethernet-connected CPEs, and conguration follows 'DHCP
Settings'.
Internet Service Provider: The CMS provides you with a list of ISPs and common plans. If your ISP and/
or plan aren't listed, click the ISP Plan Request to choose the connection
type (connection types are limited to the selected CPE).
Plan: Your plan is normally tied to your ISP, but you can re-assign it here.
5.1.1 Cellular Settings
The following options apply if you are using a cellular network for connectivity, or your CPE allows for a
cellular failover solution.
If 'Cellular' is chosen as the primary connection, WAN/Internet failover is not available.
SIM Card PIN: Enter your PIN.
SIM Card PIN Again: It's important you re-type this manually, rather than attempt to copy and
paste this eld. This check helps reveal discrepancies.
Access Point Name: Enter your APN (your ISP plan selection may have lled this in for you). It
tells your carrier what type of network gateway your system should use.
5.1.2 PPP Account Settings
The following options apply if your CPE is connected via PPP. PPP is used for an ADSL conguration, and
mainly used to establish a direct connection between two networking nodes.
Username: Enter your username.
Password: Enter your password.
Conrm Password: It's important you re-type this manually, rather than attempt to copy and
paste this eld. This check helps reveal discrepancies.
5.1.3 DHCP Settings
If your WAN IP address is dynamically allocated via DHCP, check the DHCP checkbox.
DHCP Client Hostname: This should be provided by your reseller and rarely needs to change. When
installing new CPEs on the network, this hostname stays the same.
Mako WAN IP: With an Ethernet model conguration, this IP address is the external
address allocated to the CPE.
Network Mask: If DHCP is disabled, enter the Network Mask here. A network mask identies
which part of an address is to be used for an operation, such as making a
TCP/IP connection.
Default Gateway: If DHCP is disabled, enter the Default Gateway address here. The Gateway
Address (or Default Gateway) is a router interface connected to the local
network used to send packets out of the local network. Often the default
gateway is a reserved range of IP numbers, such as 10.1.x.x, or 192.168.x.x
5.1.4 DNS Settings
The following options congure a gateway to resolve domain name addresses like www.address.com to
numerical IP addresses.
Glossary Contents
Central Management System Page 15 of 45
Congure DNS: Check to change your DNS addresses.
Primary DNS Server: Enter the address of your primary DNS server.
Secondary DNS Server: Enter the address of your secondary DNS server.
5.1.5 Billing Settings
The following options concern your billing cycle and monthly trac thresholds.
This facility is not available where your ISP Connection Plan does not impose a traccharging threshold. Threshold alerts are not visible until an ISP Plan has been selected
for your CPE.
Billing Cycle Start Date: Day of the month your ISP's bills are due.
Warning Threshold: A percentage of your bandwidth allowance for the month – useful when on
a limited bandwidth ISP plan.
Absolute Threshold: A percentage of your bandwidth allowance for the month. (This is often
higher than the plan arranged with your ISP to handle high trac.)
An Absolute Threshold is necessary if your ISP has imposed trac limits on your
account. If this is selected, and the threshold is reached your Internet connection will be
cut o when this threshold is reached. It can be reactivated with manual intervention
but your connection will remain disabled until then.
5.1.6 Saving ISP Setup Changes
Save and Setup Alerts, or Save, when nished.
5.1.7 Considerations
n If you wish to change your ISP Password you must be sure to also change it with your ISP. Take special
care to ensure that the password is entered exactly the same at both places (your reseller and your ISP).
n Don't forget to click Save to save your changes before exiting this page.
n Select a plan similar to the one you have, or if your plan doesn't match the ISP oerings, click on the
ISP Plan Request link next to the Internet Service Provider drop menu. This form provides various
conguration options for this plan. It isn't necessary to provide all the details, as this is a suggestion
request, not an actual conguration. It's better to provide as many known details as possible to ensure
that the requested plan meets the requirements of your ISP oering.
You'll nd a full explanation of the ISP Plan Request in the Appendices.
When did PCI REALLY Start?What form of modern nancial service did the Knights Templar of the 12th Century create?
Page 16 of 45 Central Management System
5.2 Configure >Internet > Secondary ISP Setup >Cellular Failover
Failover is a network 'safety net'. If your main network connection (PPTP, Ethernet, etc) is interrupted,
cellular-capable Mako systems are able to switch to a cellular network for continued operation. Naturally,
this option is only available if you're using cellular-capable CPEs. If cellular failover is required, ensure
that the CPE has an active SIM card inserted into the slot and is within your provider's coverage area.
We recommend testing this failover ability occasionally outside of your business hours.
To congure cellular failover for your CPE, 'Cellular' cannot be used as the primary ISP
mode.
n Check the Enable Cellular Failover box.
Once enabled, the CMS presents the following options.
Internet Service Provider: Your cellular carrier (this might not be the same as your primary provider).
Plan: Your cellular plan type.
SIM Card PIN: Enter the SIM card details. This is optional, since not all SIM cards are
secured this way. Note that these elds are not a facility for assigning a PIN
to your SIM; this can be congured on most mobile phones.
SIM Card PIN Again: Conrm the SIM PIN.
Access Point Name (APN): This should already be populated from the ISP selection. This can be
changed if instructed by your cellular provider.
Save, or Save and Setup Alerts, when nished.
Glossary Contents
Central Management System Page 17 of 45
5.3 Configure > Internet >Alerts
The Mako system monitors daily trac thresholds, detects potential network attacks, or overheating:
basically, the general health of your CPE. Be aware that links in the text take you directly to that
conguration item.
5. 3.1 Extraordinary Usage Alerts
Over time, the Mako System builds a prole for the usual trac patterns of your Internet connection.
Extraordinary usage is outside the norm for your CPE's internet connection. You can set threshold alerts
to trigger when the volume of extraordinary trac is attained.
Alert when over (%): A percentage of your bandwidth allowance for the day. Useful when on a
limited bandwidth ISP plan.
This threshold alert helps manage your DAILY trac, while the ISP Setup page will
contain MONTHLY threshold warnings.
5.3.2 Worm Alerts
Your CPE automatically detects PCs on your network that are infected with worms (self-replicating
malware computer programs) and stops the infected PCs from accessing the Internet. Choose your level
of detection sensitivity.
n Worm Detection Threshold: Aggressive | Moderate | Lenient
5.3.3 Firewall Alerts
Your CPE detects unapproved probes scanning your network for vulnerable or open IP ports. Choose
your level of detection sensitivity.
n Portscan Detection Threshold: Aggressive | Moderate | Lenient
Alert threshold levels relate to the number of connections detected per 10-minute
period. The scores for Aggressive, Moderate and Lenient are 1000, 1800 and 3000
connections respectively. More intense threshold levels may impact on your CPE's
connection speeds.
Loading...