Optimizer Voice
Advanced User's Guide
for Installers/Network Administrators
RedPort Router:
wXa-153 (Optimizer Voice)
Page 2 of 131
Table of Contents
1.0 About this guide . . . . . . . . . 07
2.0 Introduction to RedPort Optimizer Crew . . . . . 08
2.1 Key Features . . . . . . . . . 08
2.2 Services Included . . . . . . . . 09
2.3 Premium Services Available . . . . . . . 09
3.0 Important Things to Know Before Getting Started. . . . . 10
3.1 More Than Just a Router . . . . . . . 10
3.2 Designed Use of the Optimizer Voice . . . . . 10
3.2.1 Single User Environment . . . . . . 10
3.2.2 Multi-User Environment . . . . . . . 11
3.3 How It Works At First Launch (out of the box) . . . . 11
3.4 How Data Flows Through the Router . .. . . . 12
3.4.1 Default Configuration . . . . . . . 12
3.4.2 Captive Portal Disabled . . . . . . . 13
3.4.3 Captive Portal Enabled . . . . . . . 15
3.5 Navigating the User Interface . . .. . . . 16
4.0 Getting Started - User Interface Access . . . . . 17
4.1 Access the Home Page . . . . . . . 17
4.1.1 Onsite Administrator Login (Admin). . . . . . 18
4.1.2 Installer/Technician Login (Superadmin) . . . . 18
4.2 How to Use with Default Setup . . . . . . 21
4.2.1 Email and Web Browsing . . . . . . 21
4.2.2 Voice Calls . . . . . . . . 22
4.2.3 SMS Messaging . . . . . . . . 22
Page 3 of 131
5.0 Services . . . . . . . . . . 23
5.1 Crew Internet Services (Captive Portal) . . . . . 23
5.1.1 Captive Portal Settings . . . . . . . 24
5.1.1.1 General Settings . . . . . . 24
5.1.1.2 Advanced Settings . . . . . . 25
5.1.1.3 Allowed Hosts . . . . . . . 26
5.1.1.4 WPAD . . . . . . . 27
5.1.2 Allowing Individuals Access to the Internet . . . . 28
5.1.2.1 Users with Username and Password . . . . 28
5.1.2.2 Pass-Through MAC . . . . . . 29
5.1.2.3 PIN-Codes . . . . . . . 30
5.1.3 CDRs (Call Data Records) . . . . . . 31
5.1.4 Tools . . . . . . . . . 32
5.1.4.1 Admin Password . . . . . . 32
5.1.4.2 Reset Database to Factory Defaults . . . . 32
5.1.4.3 Purge Expired PIN-Codes . . . . . 33
5.1.4.4 Purge Unused PIN-Codes . . . . . 33
5.1.4.5 Manage PIN-Codes . . . . . . 33
5.2 Web Compression and Filtering . . . . . . 35
5.2.1 Settings . . . . . . . . . 35
5.2.1.1 Compression . . . . . . . 35
5.2.1.2 General Settings . . . . . . 37
5.2.1.3 Advanced Settings . . . . . . 38
5.2.2 Filters . . . . . . . . . 40
5.2.3 Log . . . . . . . . . 42
5.2.4 Help . . . . . . . . . 42
5.3 RedPort Email . . . . . . . . 43
5.3.1 Enable and Configure RedPort Email . . . . . 44
5.3.2 Primary Accounts . . . . . . . 46
Page 4 of 131
5.4 SMS Messaging . . . . . . . . 47
5.4.1 SMS Settings . . . . . . . . 47
5.4.2 Configure SIP Extensions to Receive SMS . . . . 48
5.4.3 How to Send/Receive SMS Messages . . . . . 49
5.4.4 SMS Management . . . . . . . 50
5.5 GPS Tracking . . . . . . . . . 51
5.5.1 Tracking Powered by RedPort with GSatTrack. . . . 51
5.5.2 Tracking via SMS . . . . . . . 53
5.6 WiFi Extender . . . . . . . . . 54
5.7 GPS/NMEA Repeater . . . . . . . . 55
5.7.1 Equipment Setup . . . . . . . 56
5.7.1.1 Broadband Satellite Terminal with Integrated GPS . . 56
5.7.1.2 Handheld Satellite Phone with Integrated GPS . . 57
5.7.1.3 USB NMEA Device . . . . . . 58
5.7.1.4 RS-232 NMEA Device . . . . . 59
5.7.1.5 Connecting Multiple NMEA Devices . . . . 60
5.7.2 GPS/NMEA Repeater Parameters Configuration . . . 61
5.8 VOICE PBX . . . . . . . . . 63
5.8.1 Setup Extensions . .. . . . . . 64
5.8.1.1 How to Make Receive Voice Calls .. . . . 65
5.8.2 CDR (Call Data Records) . . . . . . 66
5.8.3 Logs . . . . . . . . . 67
5.8.4 Multi-VoIP Activation . . . . . . . 68
5.8.5 Sailor FBB . . . . . . . . 70
Page 5 of 131
5.9 PPP . . . . . . . . . . 71
5.9.1 PPP Configuration for Use w/USB Connected Satellite Device . 72
5.9.2 Signal Monitor . . . . . . . . 73
5.9.3 GSM . . . . . . . . . 74
5.9.3.1 GSM Configuration in Optimizer . . . . 74
5.9.3.2 Using GSM . . . . . . . 77
5.9.3.3 Changing from GSM Service to Satellite Service . . 78
6.0 Status . . . . . . . . . . 79
7.0 System . . . . . . . . . . 80
7.1 Change Router Password . . . . . . . 80
7.2 Profiles . . . . . . . . . 81
7.2.1 Add a Profile . . . . . . . . 81
7.2.2 Change to Another Saved Profile . . . . . 82
7.2.3 Export a Profile . . . . . . . . 83
7.2.4 Import a Profile . . . . . . . . 84
7.3 Backup/Flash Firmware . . . . . . . 85
7.4 Reboot . . . . . . . . . 86
8.0 Network . . . . . . . . . . 87
8.1 Rename the Wireless Network . . . . . . 87
8.2 Restrict Wireless Network Access . . . . . . 89
8.3 Firewall . . . . . . . . . 91
8.4 Diagnostics . . . . . . . . . 95
9.0 Statistics . . . . . . . . . . 96
Appendix A - RedPort Optimizer Crew Installation Guide . . . . 98
Appendix B - Installation Checklist for Installers . . . . . 116
Appendix C - IsatHub iSavi Addendum . . . . . . 117
Appendix D - Table of Login Access . . . . . . . 130
Page 6 of 131
Revision History
Date
Revision
Author
July 15, 2015
Initial Release
D. Brickhouse
Page 7 of 131
1.0 About this Guide
This guide is intended for installers and network administrators of the RedPort Optimizer Voice
wXa-153 routers. It features only those sections of the user interface that require configuration
for a specific service or may need to be accessed to perform a specific function.
During normal daily operation, there is no need to access the full user interface that you see
here. A separate document is designed for use by the onsite administrator that includes the
login to the Home Page for access to the common tasks that will be used locally: generate
PIN-Codes, create users, and look at call data records for the Captive Portal, create and
manage crew email accounts, etc. See the Optimizer Crew Basic User Guide for details.
For information regarding the installation of the hardware, please see the RedPort Optimizer
Voice QuickStart Guide in Appendix A of this document.
wXa refers to the webXaccelerator by RedPort, a trademark of Global Marine Networks, LLC.
Page 8 of 131
2.0 Introduction to Optimizer Voice
Global Marine Networks (GMN), the leaders in advancing satellite data speeds and services,
helps Fixed and Mobile Satellite Services providers and their customers by offering the
industry’s fastest, most reliable and easy-to-use email, web, VoIP and other hardware and
software services to maritime, oil and gas, first responder and business continuity users. The
company’s products include XGate high-speed satellite email, WeatherNet weather and
oceanographic data software, and vessel tracking systems.
Ship to shore network management solutions are sold by GMN under the RedPort Global
brand name at www.redportglobal.com and as white-label solutions for the world’s premier
satellite data service service providers.
Optimizer Voice is a satellite WiFi router that provides all you need for multi-person networking
on most satellite broadband installations and lets you easily share and control access to your
satellite broadband data service via its WiFi or Ethernet network. It is more than just a router; it
has some enhanced proxy services plus some basic routing capabilities. It also has voice
capability, smartphones to use your satellite link for telephone calls and sms messaging. With
the optional RedPort VoIP service up to four people can be on calls or messaging
simultaneously.
2.1 Key Features
Designed specifically for use with satellite broadband terminals:
• Compatible with virtually any IP-based satellite broadband terminal.
• Replaces a standard router that is typically added to any satellite broadband
installation.
• Powerful firewall accommodates virtually any common installation scenario, with
features including block or allow any range of port, IP address and protocols.
• Proxy Server enables HTTP filtering: whitelist/blacklist of URL’s, domains, and
rudimentary content filtering.
• Logging/Reporting to keep track of usage.
• Wi-Fi hotspot makes setup and use easy for crew with compatible computers and
tablets.
• Supports Captive Portal Service for Crew Internet Access
• Supports RedPort Email Service
• Supports Shared Web Compression
• GSM Compatibility with optional GSM modem and your own SIM card.
• GPS NMEA Repeater reads the built-in GPS in any satellite broadband terminal and
rebroadcasts via WiFi.
• Supports voice calling and SMS messages using smartphones connected to the local
network.
Page 9 of 131
2.2 Services Included
The following services are included:
• Captive Portal for Crew Internet Access – generate PIN codes that can be given away
or sold to crew and/or passengers to control web access. See Chapter 5.1.
• GPS NMEA Repeater – allows other devices onboard/on-site to read your GPS
location. For example, a navigation program running on an iPad could be used on your
boat, or you could get weather information tailored to your location. See Chapter 5.7.
• SMS Messaging - allows smartphones to send sms messages to others on the local
area network for free, or over the satellite link at stardard satellite airtime rates.
Requires a supported satellite terminal. See Chapter 5.4.
• Voice PBX - allows smartphones to send/receive calls to others on the local area
network for free, or over the satellite link at standard satellite airtime rates. Requires a
supported satellite terminal. See Chapter 5.8.
2.3 Premium Services Available
The following additional services are available. Contact your RedPort dealer to purchase.
RedPort Email – is a multi-user satellite email service. Crew and/or passengers can access
their RedPort Email account via smartphones, tablets or computers. See the RedPort Email
Administrator’s Guide for more information about this service. See Chapter 5.3 and the
RedPort Email Administrator’s Guide for more information.
Shared Web Compression – routes all web traffic through a proxy service that works with an
onshore server to deliver 3-5 times average web compression, along with virus detection and
ad blocking. See Chapter 5.2 and the RedPort Optimizer Voice QuickStart Guide for more
information.
GPS Tracking - Using a GPS-enabled device, submit position reports to a central database for
viewing on the tracking website. See Chapter 5.5.
RedPort VoIP Service - Transform your satellite device into a multi-user unit. Up to four users
can send/receive phone calls and/or SMS (text) messages simultaneously. Experience
significant price reduction in outbound calls when using VoIP in lieu of standard satellite airtime
rates. Requires a supported satellite terminal. See Chapter 5.8.
Page 10 of 131
3.0 Important Things to Know Before Getting
Started
3.1 More Than Just a Router
The Optimizer Voice is more than just a router. It has some enhanced proxy services in
addition to basic routing capabilities. There are three major data components:
1. Captive Portal - when enabled, it blocks access to the Internet without
authentication. Authentication can be via username and password or Pin-Code or Mac address
of a specific PC. The Captive Portal is disabled by default.
2. Proxy Server(s) - when Transparent proxy is enabled, all traffic on port 80 (http port)
is redirected through the internal proxy server. This allows URL and DNS filtering (whitelist and
blacklist sites), some content filtering (i.e. remove flash video) and you can turn on http logging
to see what URLs are being accessed by the users. You also have the option to communicate
upstream to a compression proxy server.
3. Firewall - A full-featured firewall is included. Block or allow IP address/ranges, port
ranges, different protocols. Rules can be applied to any path in and out of the router.
3.2 Designed Use of the Optimizer Voice
This router is suitable for two distinctly different audiences:
3.2.1 Single User Environment
For the single user that wants the convenience of BYOD (bring your own device) for email, web
browsing, SMS and phone calls. All that is required is a RedPort-certified compression email
account like XGate and/or compression web-browsing service like XWeb. By adding the XGate
Phone app, a smartphone can be used to place and receive voice calls and/or SMS messages
over the satellite network. With the optional RedPort VoIP service, the costs of those voice
calls can be kept to a minimum.
Page 11 of 131
3.2.2 Multi-User Environment
This is a single-user router that can be configured for use in a multi-user environment. The idea
is that you, as the installer or network administrator, will configure the router, using these
guidelines, before installing it at its ultimate destination.
Once installed, the onsite administrator will log in and land on the Home page. The Home page
has the common tasks that will be used locally: generate PIN-Codes, create users, look at call
data records for the Captive Portal, create and manage crew email accounts, etc.
The onsite administrator does not have access to the full user interface and therefore does not
have the ability to re-configure the router. There is a separate user guide for the onsite
administrator: Optimizer Crew Basic User Guide.
3.3 How It Works At First Launch (Out Of The Box)
We ship the router ready for use with a RedPort-certified compression email and/or web
browsing account; Voice and SMS are enabled for use with compatible satellite devices.
This default setup allows anyone with a RedPort-certified email or web account (with a Primary
Account username and password) to use the router, as is, to send and receive email and to
browse the Internet. With a compatible satellite device, voice calls and sms messages can
pass using standard satellite airtime.
This out-of-the-box configuration works well for single broadband users. This configuration is
also suitable for the multi-user environment where each person has a separate primary email
and/or web browsing account.
While you have the benefit of email and web compression on each primary account, all users
have unlimited access to the Internet. If you are in a multi-user environment and want to
control access to the Internet, we recommend enabling the Captive Portal for crew Internet
access (see Section 5.1). For savings on Voice calls consider RedPort VoIP service (see
Section 5.8). You may realize further savings by enabling shared web compression (see
Section 5.2). See Section 3.4, How Data Flows Through the Router to determine the
customization required to best meet your needs.
Best Practice is to have a knowledgeable technician (someone who knows about proxy servers
and routers) go through and generate a custom configuration, enable the firewall to block
unwanted traffic, configure the internal proxy server to tune things, and enable the upstream
proxy so for the benefit and cost savings of compression. In a fleet environment, this custom
configuration can be recorded and used on other Optimizer Voice routers within the
organization.
Page 12 of 131
3.4 How Data Flows Through the Router
It is important to understand how data flows through the router so you can customize your
configuration.
3.4.1 Default Configuration
The default configuration is:
Captive Portal (Crew Internet Access) - disabled
Internal Transparent Proxy for http URL and content filtering - disabled
Web Compression - disabled
Firewall - closed, allows Internet access only via RedPort-certified email or web account
DNS - closed
RedPort Email - disabled
SMS - enabled, for compatible satellite devices
GPS Tracking - disabled
Voice Capability - enabled, for compatible satellite devices
RedPort VoIP - disabled
In its default state, without any modifications, one
primary account holder at-a-time can connect to
send/receive email or web browse using a RedPortcertified email service like XGate or web browsing
service like XWeb.
All email requests go directly to the upstream email
server. The mail is downloaded to the end-users
computer/device and then the mail is purged from the
server. Limited mail filtering is possible thru the
RedPort-certified email service program.
All web browsing requests go directly to the upstream
compression server. Compressed webpages are
returned to the end-user, whenever compression is
possible. The end-user can set the compression level
thru the RedPort-certified web service program. However, it is not possible to create any filters
for content, to whitelist or blacklists hosts or URLs, or to designate sites to bypass content
filters. Nor is it possible to set limits on usage.
The default state is designed for the single user that uses services like XGate and XWeb for
email and web browsing and use the XGate Phone app on their smartphone for making voice
calls.
See below for how to use the router for web browsing without XWeb service.
Page 13 of 131
3.4.2 Captive Portal (Crew Internet Access) Disabled
In order to use the router for web browsing without XWeb service, you must first
modify the firewall to allow traffic. See Section 8.3 for details.
With the firewall open
and both the Captive
Portal and Transparent
Proxy disabled by
default, any user on
the local network can
browse the web
without restrictions,
limits, or, compression.
All traffic goes straight
to the Internet without
any filtering.
If you ENABLE
Transparent Proxy you
can apply some
filtering of content and
whitelist or blacklist
domains and URLs.
With Transparent
Proxy ENABLED, data
can then take one of
three paths:
1. Non-http traffic
bypasses the internal
proxy server and goes
straight to the Internet:
https, dns lookups, ftp,
ping, scp, etc. Since
the firewall rules are totally open there is nothing blocking full access to the Internet. You can
limit a user's access by Enabling the Captive Portal. See Chapter 5.1.2 for details.
2. Traffic to a Whitelisted Host (See Section 5.2.2), including http, goes straight to the Internet,
bypassing the internal proxy server. If you whitelist a webserver, that traffic goes straight to the
Internet, bypassing the internal proxy server, so there is no filtering. Typically you would not
want to whitelist a webserver; however, you may want to whitelist a mail server, or a vpn. See
Chapter 5.1.1.3 for details.
Page 14 of 131
3. All http traffic (on port 80) that is not Whitelisted, and only http traffic (not https or secure
traffic) is intercepted and redirected to the internal proxy server (Transparent Proxy). The
internal proxy server does URL blocking and domain blocking. Also, the internal proxy server
can speak to an upstream proxy server to provide compression (premium service--fees apply).
Traffic through the internal proxy server can take one of several paths, dependent upon
whether or not compression is enabled.
• If compression is DISABLED, http traffic goes straight to the Internet.
• If compression is ENABLED:
o all http traffic goes to the upstream compression proxy server and returns a
compressed page. Ads are stripped out, text is compressed, images are
resampled and more. On average, you will experience 3-5x compression on http
traffic, thereby increasing the speed of your connection and your effective per
Mb cost of your connection.
o Whitelisted Hosts or URLs bypass the upstream compression proxy server and
go straight to the Internet, bypassing compression.
• Blacklisted Hosts or URLs have no Internet access, regardless of compression status.
See Chapter 5.2.2 for details.
Page 15 of 131
3.4.3 Captive Portal (Crew Internet Access) Enabled
When you ENABLE the Captive Portal (Crew Internet Access), the firewall is automatically
modified to allow data traffic through the router and users must 'authenticate' in order to
access the Internet. You have several methods available for conrolling user access to the
Internet: you can whitelist and/or blacklist hosts and urls; you can modify the firewall and you
can require the use of PIN-Codes. When generating PIN-Codes you can set the amount of data
the user can download, you can limit access to certain hours of the day, and you can limit the
speed of their connection.
Once a user logs in to
the Captive Portal,
data can take one of
three paths:
1. Non-http traffic goes
straight to the Internet:
https, dns lookups, ftp,
ping, scp, etc. The
firewall rules are totally
open so there is
nothing blocking full
access to the Internet.
You can limit access
thru the Captive Portal.
See Chapter 5.1.2 for
details.
2. Traffic to a
Whitelisted Host in the
Captive Portal,
including http, goes
straight to the Internet,
bypassing the internal
proxy server. If you
whitelist a webserver,
that traffic goes
straight to the Internet,
bypassing the internal
proxy server, so there
is no filtering. Typically
you would not want to
whitelist a webserver;
however, you may
want to whitelist a mail server, or a vpn. See Chapter 5.1.1.3 for details.
Page 16 of 131
3. All http traffic (on port 80), that is not Whitelisted, and only http (not https or secure traffic) is
intercepted and redirected to the internal proxy server. This is known as transparent proxy. The
internal proxy server does URL blocking and domain blocking. Also, the internal proxy server
can speak to an upstream proxy server to provide compression (premium service--fees apply).
Traffic through the internal proxy server can take one of several paths, dependent upon
whether or not compression is enabled.
• If compression is disabled all traffic goes straight to the Internet.
• With compression enabled, all http traffic goes to the upstream compression proxy
server and returns a compressed page. Ads are stripped out, text is compressed,
images are resampled and more. On average, you will experience 3-5x compression on
http traffic, thereby increasing the speed of your connection and your effective per Mb
cost of your connection.
• With compression enabled, Whitelisted Hosts or URLs bypass the upstream
compression proxy server and go straight to the Internet, bypassing compression.
• Blacklisted Hosts or URLs have no Internet access, regardless of compression status.
See Chapter 5.2.2 for details.
3.5 Navigating the User Interface
Access to the user interface depends upon how you login to the router. There are two logins
available: admin and superadmin. See Chapter 4.1.
The user interface is divided into sections; use the tabs to access the required service or
information.
On most pages in the user interface you will see three buttons in the lower right corner:
Reset: returns the page to its previous saved state.
Save: saves the changes, but does not yet apply the changes.
Save & Apply: saves the changes and applies them to the router configuration. In some cases,
the router must reboot to apply the change. If reboot is required, it will be noted on the page.
Page 17 of 131
4.0 Getting Started - User Interface Access
In a typical situation, the Optimizer Voice router arrives to you with the following services
enabled:
• SMS Messaging using smartphones
• GPS/NMEA Repeater
• Voice Capability using smartphones
There are also services available that are disabled:
• Captive Portal for Crew Internet Access
• Internal Transparent Proxy for Web Filtering
• Web Compression (additional fees may apply)
• RedPort Email (additional fees may apply)
• GPS Tracking (additional fees may apply)
• RedPort VoIP for multi-user calls and SMS (additional fees may apply)
This guide is designed to help you understand how the router works so you can customize the
configuration to meet your needs.
4.1 Access the Home page
To access the router’s Home page you must login to the router. This can be accomplished in
several ways however the most popular method is to:
1. Connect to the WiFi Hotspot created by the router using a PC. Connect to the WiFi Hotspot
just like you would any other WiFi connection:
On a Windows PC, go to: Windows Start > Control Panel > Network Connections
On a MAC, go to: Apple > System Preferences > Network
You will notice that there are two WiFi network names in the list.
There are two transmitters in the Optimizer Voice with frequencies at 2.54 Ghz and one
at 5.2 Ghz.
The Network Name will look something like: ‘wxa-153-XXXX-frequency’ where ‘XXXX’ is the
last four digits of the Optimizer Voice’s Mac address and ‘frequency’ is the transmission
frequency of the transmitter. Select one of these wireless networks.
Page 18 of 131
For alternative Home Page access methods, see the RedPort Optimizer Voice Installation
Guide.
2. Open any web browser on the computer and enter one of the following URL's:
If Captive Portal is disabled (default): http://192.168.10.1
If Captive Portal is enabled: http://10.1.5.1
3. The Optimizer Voice ships with two existing accounts:
• Admin - for normal day-to-day operation
• Superadmin - for configuration and maintenance
4.1.1 Onsite Administrator Login (Admin)
Onsite Administrator: username=admin, password=webxaccess
This login gives the onsite administrator access to portions of the user interface and the
ability to perform common tasks such as:
• generate PIN-Codes (if captive portal is enabled)
• send/receive email (if email is enabled)
• manage crew email accounts (if email is enabled)
• monitor the system status
• reboot the router, if necessary
• change the router password for the admin account, if necessary
See the Optimizer Crew Basic User Guide for information in administering the most-
used features of the Optimizer Voice.
4.1.2 Installer/Network Administrator Login (Superadmin)
Technician: username=superadmin, password=webxaccess
This login provides full access to the user interface for configuration and maintenance
of the router.
Once logged in, you will see the router’s Home page.
Page 19 of 131
This Home Page is the onsite administrator's gateway to the most used features. See the
Optimizer Crew Basic User Guide for Home Page details and use.
Page 20 of 131
From the Home Page you have access to the remaining sections of the user interface.
Services: allows access to all the services available on the router.
Each service is contained in its own tab under the Services section. This is where you will
enable/disable the services and configure them for use.
Status: displays how much memory the router is using, who is connected via wifi and other
information you may find useful.
The System Log contains detailed information of the router's performance. It will report error
messages and can be useful when troubleshooting connection issues. Realtime Graphs report
how much data is being using by the different interfaces. All Status information is Read Only.
System: contains some of the router's basic settings for you to configure plus a few
maintenance functions.
Use this section to set your time zone, change the 'admin' and/or 'superadmin' password,
flash new firmware to the router, reboot the router if necessary. Profiles is a way to 'clone' the
router configuration for use on another Optimizer Crew router.
Network: contains access to the network interfaces and the firewall.
Use this section to configure network interfaces, run diagnostics, or modify the firewall.
Page 21 of 131
Statistics: contains information about resource usage.
4.2 How to Use with Default Setup
We ship the router ready for use with a RedPort-certified compression email and/or web
browsing account; Voice and SMS are enabled for use with compatible satellite devices using
standard satellite airtime.
This out-of-the-box configuration works well for single broadband users. This configuration is
also suitable for the multi-user environment where each person has a separate primary email
and/or web browsing account.
While you have the benefit of email and web compression on each primary account, all users
have unlimited access to the Internet. If you are in a multi-user environment and want to
control access to the Internet, we recommend enabling the Captive Portal for crew Internet
access (see Section 5.1). For savings on Voice calls consider RedPort VoIP service (see
Section 5.8). You may realize further savings by enabling shared web compression (see
Section 5.2).
4.2.1 Email and Web Browsing
This default setup allows anyone with a RedPort-certified email account (such as XGate) or
web account (such as XWeb), with a Primary Account username and password, to use the
router, as is, to send and receive email and to browse the Internet.
Here are the basic instructions:
1. Power the Optimizer ON.
2. Turn your satellite phone ON.
3. Connect the Optimizer to your satphone with the appropriate cable.
4. On your computer, iOS or Android device, connect to the wireless network created by the
Optimizer. The name of the wireless network will be something like: wxa-153-xxxx, where xxxx
may represent the last four digits of the Mac address of the Optimizer.
5. Once connected to the wireless network, open the RedPort-certified email program (such as
XGate) and go to Settings > Connection > and set the Connection Type to "Optimizer xxxxxx"
where xxxxxx represents your satphone connection. Click [OK].
6. Wait for a strong satphone signal.
7. Start an email or a web browsing session.
Page 22 of 131
4.2.2 Voice Calls
Voice is enabled for use with compatible satellite devices using standard satellite airtime. See
Section 5.8 for details on configuration and use of the Voice service.
4.2.3 SMS Messaging
SMS is enabled for use with compatible satellite devices using standard satellite airtime. See
Section 5.4 for details on configuration and use of the SMS Messaging service.
Page 23 of 131
5.0 Services
5.1 Crew Internet Services (Captive Portal)
The Optimizer Voice is shipped with Captive Portal disabled. When enabled, it blocks access
to the Internet without authentication. Authentication can be via username and password or
PIN-Code or Mac address of a specific PC.
To enable the Crew Internet Service (Captive Portal) check the box "Enable/Disable captive
portal." Then select <Save & Apply>.
This allows controlled access to the Internet by requiring users to enter PIN-Codes before
being granted permission. In addition, the speed of access can be restricted and/or the
duration or timing of the session. User sessions are logged in Call Data Records (CDR) for
tracking the amount of time on the service and the amount of data transferred. See the
Optimizer Crew Basic User Guide for information on how the onsite administrator manages
Captive Portal use.
Page 24 of 131
5.1.1 Captive Portal Settings
5.1.1.1 General Settings
With the Captive Portal enabled, all users trying to use the Internet will be redirected to a
screen where they will be required to enter a PIN-Code or a username and password before
they will be allowed to browse the Internet. CAUTION: With Captive Portal enabled, the
firewall is wide open to all traffic; so, it is important to configure a firewall and/or have
internal Transparent Proxy enabled with filtering configured, to control usage.
Internal Transparent Proxy is enabled which means that all http traffic that is not whiltelisted is
redirected to the router's internal proxy server. This internal proxy server can be configured for
url blocking and domain blocking. CAUTION: If you Disable Transparent Proxy then all http
traffic goes straight to the Internet without any filtering. See Section 5.2.2 for how to
configure for url and domain blocking.
HotSpot Name is the name on the page that is presented to the user when they log in. RedPort
HotSpot is the default name. Customize the HotSpot Name by entering the text you prefer.
Page 25 of 131
5.1.1.2 Advanced Settings
In general, there are only two items on this page that may require modification, Idle Timeout
and Session Timeout.
Idle Timeout - The default is set to 300 seconds (5 minutes). If no traffic is detected for the idle
timeout period, the user will be automatically logged out. They must log in again to continue.
Session Timeout - The default is set to 3600 seconds (60 minutes). The user will be
automatically logged out at the end of the session timeout period. They must log in again to
continue.
Both of these timers can be set to '0' for unlimited time period; however, that is NOT
recommended. Using Idle Timeout and Session Timeout minimizes the consumption of data
without the user's knowledge. For instance, using the default settings as an example, if a user
is logged in and has Skype open, and then walks away from the computer, because Skype is
running in the background, the Idle Timeout period will never be reached because traffic is
Page 26 of 131
detected. However, after 60 minutes, the Session Timeout period will expire. The user must log
back in to use the Internet when they return to the computer regardless of the length of time
they've been gone, 61 minutes or two days. By having a Session Timeout period, background
data is stopped. If there is no background data running the user is logged out at the end of the
Idle Timeout period.
5.1.1.3 Allowed Hosts
This is the whitelist for the Captive Portal. These are the hosts that can be accessed without
having to login thru the captive portal.
By default, there are a number of hosts there. They are all GMN hosts for our services (email,
VOIP, etc.) If you don't want them you can delete them. (NOTE: If you are using an email
service that is not RedPort or XGate, this is where you would add the email servers of
your chosen service.)
Page 27 of 131
5.1.1.4 WPAD
WPAD is a special feature for auto configuring the proxy settings on the client's web browser
for tighter control over access to the Internet.
Page 28 of 131
5.1.2 Allowing Individuals Access to the Internet
There are three ways to manage access to the Internet via the Captive Portal:
5.1.2.1 Users with Username and Password
Create Users with a username and password with the Users Tab. Use this section to restrict
access in lieu of using PIN-Codes. Typically reserved for the onsite administrator and select
crew who need continuing access over a long period of time.
This portion of the user interface is available to both the 'admin' and the 'superadmin' login.
See the Optimizer Crew Basic User Guide for information on creating accounts in the Users
Tab.
NOTE: By default, there is one Captive Portal user that is not visible in the UI. It is
username=admin, password=webxaccess. It is recommended that you change the
password for this admin user. See section 5.1.4.1 for details.
Page 29 of 131
5.1.2.2 Pass-Through MAC
Allow specific devices on the local network to immediately access the Captive Portal without
having to login, by adding the MAC address of the device. (Not Recommended)
Access to this portion of the user interface requires the 'superadmin' login.
Page 30 of 131
5.1.2.3 PIN-Codes
Generate PIN-Codes to limit Internet access. Sell them or give them to transient crew,
passengers, or visitors.
This portion of the user interface is available to both the 'admin' and the 'superadmin' login.
See the Optimizer Crew Basic User Guide for information on creating PIN-Codes.
Page 31 of 131
5.1.3 CDRs (Call Data Records)
Call Data Records (CDRs) are usage logs. They are the accounting for the Captive Portal
system. Usage quotas, time restrictions and resets all use the CDRs. Anyone that logs into the
Captive Portal will have a CDR. They can be generated for any PIN-Code or any username or
any MAC address.
This portion of the user interface is available to both the 'admin' and the 'superadmin' login.
See the Optimizer Crew Basic User Guide for information on generating CDRs.
Page 32 of 131
5.1.4 Tools
This section can be used to change the Admin password for the Captive Portal and for a bit of
Captive Portal clean up.
Access to Tools requires the 'superadmin' login.
5.1.4.1 Admin password
This can be used to change the admin password for the Captive Portal. This is NOT the admin
password to the router itself. By default, the Captive Portal login is: username=admin,
password=webxaccess. You will notice that it happens to be the same as the admin password
for the router. Best Practice: Create a new password for the Captive Portal 'admin' login.
To change the password, enter the new password in the text box and select <Set Password>.
5.1.4.2 Reset Database to Factory Defaults
This wipes out the entire database and sets the Captive Portal back to the factory defaults.
CAUTION: This action CANNOT be undone.
Page 33 of 131
5.1.4.3 Purge Expired PIN-Codes
Over time, as the database builds, you may want to purge expired PIN-Codes to free up space.
5.1.4.4 Purge Unused PIN-Codes
Use this to purge unused PIN-Codes from the system.
5.1.4.5 Manage PIN-Codes
This will show a summary of all the PIN-Codes, all the usernames, and all the MAC addresses
that are active in the Captive Portal. Each one appears as a separate line item in the PINCodes table.
Using the top section of this screen you can:
• Remove CDRs for one or more 'PIN-Codes'.
• Delete one or more 'PIN-Codes'.
• Download the table to a .csv file.
Page 34 of 131
In addition, using the buttons in the PIN-Codes table, you can:
• Reset the Quota of an individual PIN-Code.
• Delete the PIN-Code from the system, including the CDRs.
• Edit the parameters of the PIN-Code.
In the example above, we have elected to edit the PIN-Code for the user 'test'. See the
Optimizer Crew Basic User Guide for information on PIN-Code parameters.
Page 35 of 131
5.2 Web Compression and Filtering
This section is used to:
• configure filters for the internal proxy server when compression is not enabled
• enable compression so that traffic is passed to the upstream proxy server
• configure filters for the proxy server (internal or upstream)
• view traffic logs
5.2.1 Settings
5.2.1.1 Compression
By default, the router is shipped with web compression disabled. Web compression is a
premium service that carries an additional charge. Contact your service provider for details and
pricing.
Enable Compression: If you have purchased Web Compression service, select the checkbox
to Enable compression. The page will expand; see With Compression Enabled below.
Page 36 of 131
Username: Enter the Username given to you by your service provider. This username is
specific to the compression service.
Password: Enter the Password given to you by your service provider. This password is
specific to the compression service.
Bypass Regex Domain: This is the 'whitelist' of sites that should not be compressed. To add
a site, select the Add icon . Proper syntax must be used to successfully bypass
compression. See the Help tab for guidance and examples of using regular expressions.
With Compression Enabled, the page expands to reveal Proxy Authentication by Client,
Server, and Compression Level.
Proxy Authentication by Client: By default this is unchecked as it does not work with the
Captive Portal enabled. In this state, unchecked, the upstream proxy server will login on your
behalf. If this is checked, then the authentication happens at the user end, which means that
when a user goes to any webpage they will be prompted for a username and password.
Page 37 of 131
Server: Do not change this unless instructed to do so by your service provider.
Compression Level: Set the level of compression that meets your needs. Those on entry level
plans should selet "Maximum". Those on high data plans may prefer "Standard" or "Minimum".
5.2.1.2 General Settings
These are the general settings for the internal proxy service when the Captive Portal is
disabled. You can still use the internal proxy server and enable transparent proxy to redirect all
http traffic for filtering.
If the Captive Portal is enabled, there is no need to change anything on this page. In fact, when
the Captive Portal is enabled, the features on this page will automatically be disabled to
prevent conflicts.
Page 38 of 131
5.2.1.3 Advanced Settings
Under normal operating conditions there is little to change here.
Some items of interest include:
Default Filtering Scheme: This setting affects the amount of content filtering that is applied to
a webpage, by removing elements, before presenting it to the end user. It determines the
amount of filtering to be done to the page. "Light" has the least impact and is not
recommended for those on low data plans. "Aggressive" has the most impact and is
suggested for the best bandwidth utilization. This blocks YouTube, flash, etc.
Page 39 of 131
Debug Level: The settings here determine what will show on the Web Compression and
Filtering 'Log' page. Adding the debug level of "1", all URLs will be logged and will appear on
the Log page, one line per URL.
CAUTION: Utilization of debug level 1 is not recommended for normal operation. The Log
files are kept in RAM and with debug level 1 activated you run the risk of RAM filling up,
the Swap Partition filling up and the router will crash.
BEST PRACTICE: Activate debug level 1 for testing that your setup is working as you
intend, i.e. the proxy server working as expected, whitelists and blacklists are working.
Deactivate debug level 1 when testing is complete.
Page 40 of 131
5.2.2 Filters
By default you have control over what sites are ALLOWED (whitelist) and what sites are
BLOCKED (blacklist) and some control over content filtering without having to enable
compression.
Page 41 of 131
Filters respond to POSIX Regular Expressions
There are three filter categories:
Fragile Sites: list sites that you want the content kept intact without any modification.
Sites Blocked: the blacklist; users are prevented from viewing these sites.
Sites Allowed: the whitelist; these sites are allowed for viewing. This list overrides the
blocked list.
Filters respond to POSIX Regular Expressions (see section 5.2.4 for details).
Example: If you place a slash ( / ) in Sites Blocked then the entire Internet is blocked
(blacklist). Enter the whitelist in the Sites Allowed section. If any of the allowed sites
should be accessed without any content filtering, enter that site in the Fragile sites
section as well.
Page 42 of 131
5.2.3 Log
The Log shows activity on the router. How much activity is logged is determined by the entry in
Web Compression and Filtering > Settings > Advanced > Debug Level. Descriptions of debug
levels can be found in the Help tab (see Section 5.2.4 below).
Log files are kept in RAM and are rotated weekly, by default. You can change the Log Rotation
schedule in Web Compression and Filtering > Settings > Advanced > Log Rotation.
Log files can be downloaded to a .csv file if history must be maintained.
5.2.4 Help
For your convenience the Help page includes:
• A list of Debug Levels and their description.
• A brief explanation and some examples of the POSIX Regular Expressions that must be
used for the Domain and/or Path Syntax when creating Filters.
If you are unfamilliar with POSIX regular expressons, a web search should reveal more detailed
explanations and tutorials.
Page 43 of 131
5.3 RedPort Email
This is a full-featured Crew solution that runs on the router. RedPort email is designed
specifically for use over satellite connections. It uses block compression, mid-file restart,
bigmail quarantine and more to maximize data transfers.
Access to Services > RedPort Email requires the 'superadmin' login.
Once enabled, the onsite administrator can manage email for the entire crew. The users can
login to a webmail program to view their email so they do not need special software on their
computer or device. The Optimizer Voice is a POP and SMTP server as well so users can
access email using their preferred email client instead of webmail access, if desired.
Contact your service provider for details and pricing.
The onsite administrator using the 'admin' login to the user interface does not have access to
the RedPort Email Settings.
Page 44 of 131
5.3.1 Enable and Configure RedPort Email
In the RedPort Email General Settings:
1. Enable Email Server: click the checkbox to enable email.
2. Main Identity Userid: Enter the username assigned to the Main Identity Primary Account
for email, as given to you by your service provider.
3. Main Identity Password: Enter the password assigned to the Main Identity Primary
Account, as given to you by your service provider.
4. Update Interval: This is how often (expressed in minutes) the mail program will
automatically login to the satellite device to send any pending email and to receive any
email pending. The default is set to 60 minutes, but can be modified to fit business needs.
(See Appendix A of the RedPort Email Guide for information on email block compression
and its impact on Update intervals.)
5. Click <Save>.
Note: Typicially the Main Identity is the onsite email administrator. The Main Identity
must be a Primary Account. There must be at least one primary account present on
the system before sub/crew accounts can be created. See section 5.3.2 for more
information regarding primary accounts.
6. Go to the Connection tab:
Page 45 of 131
7. Click on <Network Connection> to open up the drop-
down menu.
8. Select the appropriate setting for your satellite
connection method. This tells the router which satellite
device you are using and instructs the router to bring up
the connection prior to attempting to send email.
Otherwise, it will attempt to send email before the
connection is up and because it cannot open the socket
to the server it will fail due to a timeout error.
The router supports both Managed and Unmanaged
connections for broadband terminals.
9. Select <Save & Apply> to apply the change.
For more information about RedPort Email setup and
use, please see the separate document, RedPort Email
Guide.
Page 46 of 131
5.3.2 Primary Accounts
The Main Identity must be a Primary Account. There must be at least one primary
account present on the system. The username and password are assigned to you by
your service provider.
Typically there is only one Primary Account, however RedPort Email allows access to
multiple primary accounts if needed. For example, a fleet manager that travels from
vessel to vessel would have a primary account and would need access to that account
from each vessel in the fleet.
Primary accounts have access to email whether on or off the vessel as the account
exists on the GMN mail servers.
Primary accounts also have access to Filters to customize settings to meet the account
needs. These filters include:
• Mail Management including BigMail (See Chapters 6.0 and 8.0 of the RedPort Email
Guide for details)
• Inbound Mail Filter (See Chapter 7.0 of the RedPort Email Guide for details)
• Outbound Mail Filter (See Chapter 7.0 of the RedPort Email Guide for details)
The Primary Account receives all Email system messages.
The email address of the primary account will be: username@redportglobal.com. See
Appendix A of the RedPort Email Guide for information on using a custom domain name for the
email address.
BEST PRACTICE: The Main Identity Primary Account is reserved for the Email
Administrator. The Email Administrator does NOT have a sub account. With this
arrangement, the Email Administrator will receive the system messages that cannot be
viewed via a sub account.
Once the Primary Account is setup, the onsite administrator can setup and manage the
sub/crew accounts.
Please see the RedPort Email Guide for comprehensive information on the use of RedPort
Email service.
Page 47 of 131
5.4 SMS Messaging
If using a compatible satellite device, it is possible to send and receive SMS messages directly
from the Optimizer Voice router and to route incoming SMS messages to one or more
smartphones connected to the local wireless network.
Access to Services > SMS requires the 'superadmin' login.
5.4.1 SMS Settings
Use Settings to enable and configure the SMS parameters.
1. Select the checkbox to enable SMS.
2. Select the appropriate Satellite device
from the drop down menu.
3. Select <Save & Apply>.
Page 48 of 131
5.4.2 Configure SIP Extensions to Receive SMS Messages
With SMS enabled, select <Redirect> (see SMS Settings screen above) to configure which
extensions are to receive incoming SMS messages.
To enable an extension to receive SMS messages, use the checkbox in the SMS column. For
more information on configuring SIP Extensions see VOIP PBX in this guide.
Page 49 of 131
5.4.3 How to Send/Receive SMS Messages
To use a smartphone or tablet to send/receive SMS messages requires XGate Phone App
installed on the smartphone or tablet. The XGate Phone App can be found in Apple iTunes App
Store for iOS devices and the Google Playstore for Android devices.
Using the smartphone or tablet Settings, connect to the Optimizer Voice wireless network
'wxa-153-xxxx'.
Open the XGate Phone App. Select <Chat> to
send a SMS message or to view a SMS
message received.
Only one SMS message can be sent at a
time. Standard SMS message rates apply.
(Multi-user Voice and SMS is possible with
the optional RedPort VoIP service. Contact
your service provider for details.)
Page 50 of 131
5.4.4 SMS Management
With SMS enabled you can send SMS messages directly from the Optimizer Voice user
interface and you can manage SMS messages that have been sent and received.
Using the <Select> checkbox you can specify which messages to delete or you can delete all
messages.
Page 51 of 131
5.5 GPS Tracking
If you wish to have tracking service using your satellite device, the Optimizer offers GPS
Tracking service powered by GSatTrack or Tracking service via SMS message.
Access to Services > GPS Tracking requires the 'superadmin' login.
5.5.1 Tracking powered by RedPort with GSatTrack
Using a GPS-enabled satellite device, the Optimizer can be configured to submit position
reports to a central database for viewing on the tracking website.
To enable this service, select Services > GPS Tracking > Tracking.
This tracking service must be purchased separately. See your satellite service provider for
details.
Page 52 of 131
Step 1. Enter the Tracking Interval in minutes; the default is set to hourly reporting (60
minutes). This means that every 60 minutes a position report will be transmitted over the
satellite link. Keep in mind that standard airtime charges will apply to each postition report.
Adjust the Tracking Interval to meet your needs.
Step 2. Select the satellite terminal you are using. Note: a valid NMEA/GPS feed is required
when using some satellite devices.
Step 3. Select <Save & Apply>.
Page 53 of 131
5.5.2 Tracking via SMS
If using certain satellite devices, GPS information can be sent to an email address using your
satellite provider's SMS service. Standard SMS charges may apply; check with your satellite
airtime provider for details.
Step 1. Enter the Tracking Interval in minutes; the default is set to hourly reporting (60
minutes). This means that every 60 minutes a position report will be transmitted via the SMS
service provided by your satellite provider network. Keep in mind that standard SMS charges
may apply to each postition report. Adjust the Tracking Interval to meet your needs.
Step 2. Select which satellite device you are using. At this time, tracking via SMS is available
with the Inmarsat IsatPhone, Iridium handheld 9575 Extreme, Iridium GO! or an Iridium terminal
such as the Pilot. Note: a valid NMEA/GPS feed is required when using an Iridium terminal.
Step 3. Enter the recipient's email address. The SMS message with the GPS information will be
sent to this email address at the interval entered in Step 1.
Step 4. Select <Save & Apply>.
Page 54 of 131
5.6 WiFi Extender
If you using the Halo WiFi Extender and the Captive Portal is disabled, you can configure the
Optimizer to automatically route all traffic through the Halo and you can disable the Optimizer
firewall.
IMPORTANT: The Halo WiFi Extender must be powered ON and connected to the
Optimizer before turning the Optimizer ON.
Access to Services > WiFi Extender requires the 'superadmin' login.
When using the Halo WiFi Extender it is assumed that you are not using a satellite device for
the Internet connection, therefore, disabling the firewall allows Internet traffic to flow freely.
For Halo Wifi Extender configuration and use details, see the Optimizer Crew Basic User
Guide.
Page 55 of 131
5.7 GPS/NMEA Repeater
The Optimizer supports USB and RS-232 NMEA devices allowing multiple applications to
share the GPS/NMEA data. If you have a NMEA RS-422 device, adding a RS-422 to RS-232
converter to your setup may allow the sharing of data.
The Optimizer does not transmit data but can be configured to receive and repeat GPS/NMEA
data from:
• A broadband satellite terminal with integrated GPS when connected to the Optimizer
via a standard ethernet connection. (As of this writing, supported terminals include:
Iridium Pilot, Inmarsat FBB and Inmarsat BGAN).
• A handheld satellite phone with integrated GPS when connected to the Optimizer with
the satphone's USB-Mini/Micro USB cable. (As of this writing, supported handheld
satphones include: Iridium 9575 Extreme and Inmarsat IsatPhonePro.) WARNING:
IsatPhonePro users! The phone only transmits GPS coordinates about every 10
minutes. It is NOT recommended for navigation or any application that requires
real time data.
• A USB connected GPS or NMEA device.
• A serial port connected GPS or NMEA device
NOTE: If you are using a satellite phone with a serial port (RS-232) that transmits GPS
data (i.e. some fixed phones and fleet phones), it is NOT compatible with the
Optimizer. In order to repeat GPS data, a separate GPS device must be connected.
Page 56 of 131
5.7.1 Equipment Setup
A physical connection is required from the source (satellite terminal or satellite phone that
transmits GPS coordinates, or other GPS/NMEA device) to the Optimizer.
5.7.1.1 Broadband Satellite Terminal with Integrated GPS
When using a supported broadband satellite terminal with integrated GPS, connect the
terminal to the Optimizer Internet port using a standard ethernet cable.
(OPTIONAL: Use a second ethernet cable to connect the computer with the destination
software, like a navigation program, to one of the Optimizer's Ethernet ports.)
The Optimizer will broadcast the GPS signal both over Ethernet and WiFi, so you can connect
your computer either way in order to establish a successful connection with your destination
software.
Page 57 of 131
5.7.1.2 Handheld Satellite Phone with Integrated GPS
When using a supported USB connected satphone with integrated GPS, you must use a 2-port
USB hub (either 1.0 or 2.0) plugged into the Optimizer's USB port to accommodate two USB
devices. Plug the small USB drive that came with the Optimizer into one of the USB Hub ports,
connect the satellite phone to the other port on the USB Hub using the Mini-USB to USB
cable.
(OPTIONAL: Use an ethernet cable to connect the computer with the destination software, like
a navigation program, to one of the Optimizer's Ethernet ports.)
The Optimizer will broadcast the GPS signal both over Ethernet and WiFi, so you can connect
your computer either way in order to establish a successful connection with your destination
software.
Page 58 of 131
5.7.1.3 USB NMEA Device
When using a NMEA device that supports a USB connection, you must use a USB hub (either
1.0 or 2.0) plugged into the Optimizer's USB port to accomodate multiple USB devices.
Plug the small USB drive that came with the Optimizer into one of the USB Hub ports, connect
the NMEA device to the USB Hub with an appropriate USB to NMEA device cable as indicated
by the NMEA device manufacturer.
(OPTIONAL: Use an ethernet cable to connect the computer with the destination software, like
a navigation program, to one of the Optimizer's Ethernet ports.)
The Optimizer will broadcast the GPS signal both over Ethernet and WiFi, so you can connect
your computer either way in order to establish a successful connection with your destination
software.
Page 59 of 131
5.7.1.4 RS-232 NMEA Device
With Serial Port Connector
When using a NMEA device with Serial Port connection, a USB to Serial Adapter (PL-2303HX)
is required. In addiiton, a USB hub (either 1.0 or 2.0) plugged into the Optimizer's USB is
required in order to accomodate multiple USB devices. CAUTION: The PL-2303HX is the only
USB to Serial Adapter that is compatible with the Optimizer.
Plug the small USB drive that came with the Optimizer into one of the USB Hub ports, connect
the NMEA device to the USB Hub with the USB to Serial Adapter (PL-2303HX).
(OPTIONAL: Use an ethernet cable to connect the computer with the destination software, like
a navigation program, to one of the Optimizer's Ethernet ports.)
The Optimizer will broadcast the GPS signal both over Ethernet and WiFi, so you can connect
your computer either way in order to establish a successful connection with your destination
software.
Page 60 of 131
Without Serial Port Connector
Some NMEA devices do not have a serial port; instead they have a group of wires
extending from the back or bottom of the unit. These devices require proper wiring to a
serial port.
As the Optimizer does not transmit, it only repeats the data, you will only need two of
the wires. The Receive (RD) wire goes to pin 2 and the Ground (SG) wire goes to pin 5.
A simple solution is to use a terminal block as shown
here. Simply connect the RD wire to pin2 and the SG
wire to pin 5. Then connect the terminal block to the PL2302HX USB to serial adapter as noted above.
5.7.1.5 Connecting Multiple NMEA Devices
It is possible to connect up to four NMEA devices if you have the
proper hardware. It will require a USB to RS-232 4-port Hub or a
RS-232 4-port terminal block that you would simply plug into the
Optimizer’s USB port.
NOTE: The Optimizer supports RS232. If you have a NMEA RS422 device, adding a properly wired RS-422 to RS-232
converter to your setup may allow the sharing of data.
Page 61 of 131
5.7.2 GPS/NMEA Repeater Parameters Configuration
Access to this section requires 'superadmin' login.
In order for the destination software to properly route the GPS data you must configure the
GPS/NMEA Repeater Parameters in the Optimizer User Interface.
From the Optimizer Home page select Services > GPS/NMEA Repeater tab.
Step 1. Select the source of the GPS/NMEA information (choose only one):
• GPS from broadband satellite: Select this if you are using a broadband satellite
terminal with integrated GPS.
• GPS/NMEA feed from USB: Select this when connecting a GPS or NMEA device via
USB cable.
Step 2. NMEA Baud Rate - Using the drop down menu, select the baud rate required for the
destination software. By default, most NMEA 183 devices (GPS) and applications use 4800
baud for this setting.
Step 3. UDP Listener Port - Enter the UDP port number that the GPS is connected to. The
default is set to the standard UDP Listener Port for NMEA 183 devices of 10101.
Page 62 of 131
Step 4. UDP Port - Enter the UDP port number to broadcast the GPS data to. The default is
set to the standard UDP Port for NMEA 183 devices of 11101. (Note: configure the destination
software to match this port number; or, change this entry to match the requirements of the
destination software.)
Step 5. TCP Port - Enter the TCP port number to broadcast the GPS data to. The default is set
to the standard TCP Port for NMEA 183 devices of 11102. (Note: configure the destination
software to match this port number; or, change this entry to match the requirements of the
destination software.)
The data will be broadcast to both the UDP Port and the TCP Port. It is important to make
sure that these two ports are NOT set to the same port number.
To use the GPS Repeater feature, your computer must be connected to the Optimizer's WiFi
network or directly connected to one of the Optimizer's Ethernet ports.
Page 63 of 131
5.8 VOICE PBX
Users with smartphones can send/receive voice calls and SMS messges over the following
satellite communication setups:
• Sailor FBB terminal - requires XGate Phone app*. (See Section 5.8.5)
• IsatHub iSavi - requires IsatHub Control app and either IsatHub Voice app or XGate
Phone app*. (See Appendix C)
• Any satellite terminal with a RJ-11 port - requires XGate Phone app* AND an ATA
accessory. Contact your satellite service provider for ATA information.
This configuration allows one voice call or one SMS message at a time and standard
satellite voice airtime rates apply.
Multi-Voice capability is available with the optional RedPort VoIP service on virtually any
satellite terminal. This VoIP service allows you to make calls for considerably less than
standard satellite voice airtime costs and allows up to four users sending/receiving phone calls
and/or SMS messages simultaneously.
As of this writing, Multi-VoIP is compatible with the following:
• FBB
• BGAN
• VSAT
• RedPort Aurora
• Iridium Pilot
• Thuraya IP
• IsatHub iSavi
The Optimizer Voice allows unlimited SIP extensions with free local calling and text messaging
within your local area network using the XGate Phone app*.
*XGate Phone app is available for free in the Apple iTunes App Store and in the Google
PlayStore.
Access to this section of the user interface requires 'superadmin' login.
Page 64 of 131
5.8.1 Setup Extensions
By default, there are 4 extensions enabled. Extension 201 is enabled for inbound and outbound
calling. The remaining extensions are enabled but are configured for outbound calling only.
Incoming calls will ring on those extensions with Ring enabled.
To enable Ring (or SMS) on an extension simply check the box for the service you want
enabled.
When Ring is checked, the smartphone configured with the corresponding Extension will Ring
with every incoming call.
When SMS is checked, that smartphone will receive every incoming SMS message.
To use a smartphone to send/receive phone calls requires the XGate Phone app installed on
the smartphone. The XGate Phone app can be found in Apple iTunes App Store for iOS
devices and the Google Playstore for Android devices.
The smartphone user configures the XGate Phone app with their corresponding SIP Extension.
On this page, you can also:
• change the SIP extension password
• change the outgoing CallerID display
• enter a description for your reference
Page 65 of 131
5.8.1.1 How to Make/Receive Voice Calls
Using the smartphone or tablet Settings, connect to the Optimizer Voice wireless network
'wxa-153-xxxx'.
Open the XGate Phone App to make and receive calls.
Note: Standard voice calling rates apply.
Only one phone call can be active at a time. (Multi-user
Voice and SMS is possible -- up to four consective
sessions -- with the optional RedPort VoIP service. Contact
your service provider for details.)
IMPORTANT: Inmarsat IsatHub (iSavi) users. Please see
Appendix C for the iSavi Quick Start Guide containing
information and instructions for setup and use of the
Optimizer Voice with the iSavi terminal for voice calls and
sms messaging.
Page 66 of 131
5.8.2 CDR (Call Data Records)
It is possible to view and download the Call Data Records. The Call Data Records stored on
the Optimizer are approximate values and should not be used to resolve billing disputes. They
are presented here for your convenience.
On active systems, the call data records can quickly use some memory. It is recommend that
you periodically trim or purge the records from the system.
Page 67 of 131
5.8.3 Logs
Call status can be monitored from the Logs screen.
Page 68 of 131
5.8.4 RedPort VoIP Activation
With optional RedPort VoIP service, up to four users can send/receive phone calls and/or text
messages at the same time. Outbound calls are the typically less expensive VoIP calls instead
of standard circuit switch (PSTN) calls at standard satellite airtime rates.
Contact your satellite service provider to purchase the RedPort VoIP service.
When the service is activated, you will be given a "Key". This key is a long alpha-numeric string
that must be entered into the Optimizer Voice user interface.
Enter the Key and select <Save & Apply>.
With RedPort VoIP service activated, the new RedPort VoIP telephone number is displayed.
Page 69 of 131
Configure the SIP extensions for Ring and/or SMS by selecting the checkbox next to the SIP
extension.
Select the payment method of each SIP extension (prepaid or postpaid). There must be at least
one postpaid line. By default, Line 1 always Postpaid.
On this page, you can also:
• change the SIP extension password
• change the outgoing CallerID display
• enter a desription for your reference
In the example above, when an incoming call arrives, only the phones of the Captain, John,
and Mary will ring. Incoming SMS messages will appear on the phones of the Captain, Mary,
and Bill.
When the configuration of the SIP extensions is complete, select <Save & Apply>
Page 70 of 131
5.8.5 Sailor FBB
Users of Sailor FBB systems can use their smartphone for sending/receiving voice calls at
standard satellite airtime voice rates by configuring this page.
NOTE: You may need to edit the IP Handset configuration in the Sailor FBB user
interface. Settings > IP Handsets > Server Settings on the Sailor FBB must be set to
version 1.8 or newer. (Refer to the Sailor FBB users guide for how to access the Sailor
FBB Settings).
Page 71 of 131
5.9 PPP
Access to this section requires "superadmin" login.
It is possible to use a USB connected satellite device to connect for email and web browsing
(for example: IsatPhone Pro or Iridium handheld). (Please note: web browsing is not
recommended when using a low bandwidth device.)
When using a supported USB connected satphone, you must use a 2-port USB hub (either 1.0
or 2.0) plugged into the Optimizer's USB port to accommodate two USB devices. Plug the
small USB drive that came with the Optimizer into one of the USB Hub ports, connect the
satellite phone to the other port on the USB Hub using the Mini-USB to USB cable.
(OPTIONAL: Use an ethernet cable to connect the computer with the destination software, like
a navigation program, to one of the Optimizer's Ethernet ports.)
The Optimizer will broadcast the GPS signal both over Ethernet and WiFi, so you can connect
your computer either way in order to establish a successful connection with your destination
software.
Page 72 of 131
5.9.1 PPP Configuration for Use with USB Connected Satellite Device
From the Optimizer Home page select Services > PPP > Settings > Network.
1. Using the drop-down menu, select the appropriate
satellite network.
2. Select the Enable checkbox to maintain this setting
during router startup. Otherwise, you must re-configure
for PPP use with each router startup.
3. Select <Save & Apply> to apply the change.
Move to Services > PPP > Status.
Select <Connect>.
Page 73 of 131
5.9.2 Signal Monitor
Signal monitor queries your satellite device to determine if the signal strength is sufficient to
make a successful data connection. Typically, a minimum of 60% signal is required; however,
100% is ideal for the fastest possible data transfer rate.
NOTE: Some older satellite phones (for example, the Iridium 9505a) do not support the
signal monitor feature. For these older satellite phones, the signal monitor MUST be
DISABLED for a successful data connection.
To modify the Signal Monitor, go to: Services > PPP > Settings > Signal Monitor.
From this screen you can enable/disable signal monitor using the "Enable" checkbox.
You can change the level of the Signal Monitor. Keep in mind that 60% is typically the
minimum required for a successful data connection. If you must change the Signal Monitor, we
recommend lowering the Level vs. disabling it. Many IsatPhonePro users have had success by
lowering the level to 40 or 30.
CAUTION: Reducing the signal strength to less than 60% or disabling it altogether may
cause lengthy data connections due to poor signal.
When you are done making changes, click <Save & Apply>.
Page 74 of 131
5.9.3 GSM
The GSM feature is offered for your convenience but we are not able to support it. The
information provided here is general in nature but may not be sufficient to establish a
GSM connection. If you run into any difficulties you must contact your GSM network
provider for support.
If you have a GSM-based cellular phone, it may be possible to use the GSM network, when
available, for Email and Web Browsing data over the Optimizer. You will get the benefits of
compression and a faster data transfer rate than over a satellite phone which typically equates
to cost savings.
Only GSM-based service is supported. LTE-based and CDMA-based service is NOT
supported. If you are unsure of which service you have, contact your cellular provider
before attempting to configure for GSM connection.
5.9.3.1 GSM Configuration in Optimizer
Before you can configure the Optimizer for GSM, you must:
• Obtain a USB data dongle from your cellular provider. Your provider may also require
you to purchase a data plan.
• Activate the USB data dongle with your cellular carrier and test it to make sure it works.
Typically, testing requires only that you plug the USB Data Dongle into your computer
and see if you can get on the Internet. If testing fails, contact your cellular carrier for
support.
• Contact your cellular provider to obtain the information required to connect to their
GSM network. The information may include:
o Access Point Name (APN)
o Username required for access to the APN
o Password required for access to the APN
Page 75 of 131
To configure the Optimizer for GSM service.
Login to the Optimizer and go to: Services > PPP > Settings > GSM.
Step 1. Enter the Access Point Name (APN) as provided to you by your cellular carrier.
Step 2. If you have protected your cellular SIM card with a PIN-Code, enter the PIN-Code here.
Step 3. Click <Save & Apply>
NOTE: As of this writing, some customers have found the APN Wizard helpful in lieu of
entering the information manually; however, it is still under development and may or may
not help with your configuration.
Now go to: Services > PPP > Settings > PPP
Page 76 of 131
Step 4. Enter the username required for access to the APN, if any.
Step 5. Enter the password required for access to the APN, if any.
Step 6. Click <Save & Apply>
Page 77 of 131
5.9.3.2 Using GSM
When you want to use GSM service instead of satellite service you must use a USB hub (either
1.0 or 2.0) plugged into the Optimizer's USB port to accomodate multiple USB devices.
Plug the small USB drive that came with the Optimizer into one of the USB Hub ports.
Plug the USB data dongle you obtained from your cellular provider into the other port in the
USB Hub.
IMPORTANT: If your satellite terminal is connected to the Optimizer, unplug the cable
from the Optimizer before attempting a GSM connection.
Configure RedPort Email Connection Settings.
Using the Network Connection drop-down menu, select Optimizer GSM, then <Save & Apply>.
Page 78 of 131
5.9.3.3 Changing from GSM service to satellite service
When you travel beyond GSM range you must:
• Remove the GSM data dongle from the Optimizer's USB port.
• Connect your satellite phone/terminal to the Optimizer (either via USB port or SAT port).
• Change the RedPort Email > Connection Settings > Connection Type back to the
appropriate Optimizer setting.
IMPORTANT: We are not able to support the GSM feature. If you experience any
connection difficulties when using this feature, you must contact your GSM network
provider for support.
Page 79 of 131
6.0 Status
Use the Status tab to display current information of the router's performance.
Some of the information provided here includes:
• How much memory the router is currently using
• Who is currently connected via wifi
• Error messages reported in the System Log and can be useful when troubleshooting
connection issues.
• Realtime Graphs report how much data is being used by the different interfaces.
All Status information is READ ONLY.
Page 80 of 131
7.0 System
This section contains some of the router's basic settings for you to configure plus a few
maintenance functions. This section also contains the Profiles tab so you can clone a
configuration and use it on another router in your organization, saving you setup time.
7.1 Change Router Password (Superadmin or Admin)
The default password to access the Optimizer User Interface for both the "superadmin" login
and the "admin" login are set to: "webxaccess". The onsite administrator using the "admin"
login can change the password from the Home Page. Anyone using the 'superadmin" login can
change the password for both.
Use the top section to change the password for the 'superadmin' user; the bottom section to
change the password for the 'admin' user.
Step 1. Enter the new password in the password text box.
Step 2. Enter the same password again in the Confirmation text box.
Step 3. Click <Save & Apply>
This procedure changes the password for the Superadmin or the Admin login ONLY.
When connecting a computer, iOS or Android device to the wireless network, do NOT
use either of these login passwords. These passwords are used only to access the
Optimizer User Interface.
Page 81 of 131
7.2 Profiles
Profiles is designed for users of multiple satellite devices and integrators of custom
installations.
You can configure the Optimizer for a specific satellite device and save the profile. This is good
for failover situations when using multiple devices. An extreme example would be that you
might have the firewall wide open on a VSAT device but in an emergency must use an Iridium
handheld device where you want the full protection of the Optimizer firewall. Have a profile for
each configuration and select the appropirate one for the satellite device being used.
Once a profile is saved it can be exported for use in another Optimizer Crew router.
7.2.1 Add a Profile
Before adding a Profile, complete the router configuration.
Then access the Profile Manager.
To create and use the new Profile:
1. Select <Add>
Page 82 of 131
2. Enter a Name of the new profile and a description.
3. Select <Save & Apply>.
7.2.2 Change to Another Saved Profile
To change from using one profile to different profile, simply select <Install> for the desired
profille, then <Save & Apply>
Page 83 of 131
7.2.3 Export a Profile
You can export the profiles from the router and use the exported file to 'clone' another
Optimizer Crew router in System > Profiles > Tools.
1. Enter a filename or use the default name.
2. Select <Export> and save the file.
Page 84 of 131
7.2.4 Import a Profile
You can import profiles from another Optimizer Crew router in System > Profiles > Tools.
1. Select <Browse> to locate the saved profiles .tgz file.
2. Select <Import>
Page 85 of 131
7.3 Backup/Flash Firmware
You can create backups of the router configuration and restore the configuration to previous
backup states.
This screen also allows you to upgrade the firmware to the latest version.
Firmware Upgrade
Get the latest Optimizer firmware version from here:
http://www.redportglobal.com/support/technical-downloads/
Save the .bin file to your computer (pc or mac)
BEST PRACTICE: If you have created any Profiles you may want to Export them before
flashing new firmware and Import them when done.
1. Keep Settings: check this box to maintain current settings if you have made changes to the
congifuration. Failure to check this box will revert the Optimizer back to the default settings.
Page 86 of 131
2. <Browse> to where you saved the .bin file and select that file.
3. <Flash Image>
4. Wait for the lights on the front of the Optimizer to begin flashing. When the flashing lights
stop, the firmware update is complete. This typically takes several minutes.
To confirm the firmware upgrade, login to the Optimizer Home Page again. The firmware
version displays in the top banner of the User Interface.
7.4 Reboot
You can reboot the Optimizer from within the user interface in lieu of using the reset button on
the router itself.
Page 87 of 131
8.0 Network
Use this section to configure network interfaces, run diagnostics, or modify the firewall. This
gives you complete control over the router behavior.
8.1 Rename the Wireless Network
It is possible to change the name of your wireless network. This is the name of the wireless
network that you connect to using your computer or iOS or Android device. The default name
is wXa-153-xxxx where the xxxx represents a unique number.
Locate the wXa wifi network and select <Edit>
Page 88 of 131
1. Enter the new wireless network name in ESSID field.
2. Click <Save & Apply>
This procedure changes the name for the WiFi hotspot only. When connecting your computer,
iOS or Android device to the wireless network, this is the network name that will appear in the
wireless network list. This name does not change the router superadmin or admin name when
logging in to access the Optimizer user interface.
Page 89 of 131
8.2 Restrict Wireless Network Access
When in public locations, for example, a busy port, you may want to restrict access to the WiFi
hotspot created by your satellite device and the Optimizer. You can password protect the WiFi
hotspot so others cannot use it.
Locate the wXa wifi network and select <Edit>
Page 90 of 131
1. Select the Encryption mode from the drop down menu.
2. Enter your desired password in the Key field.
3. Click <Save & Apply>
This procedure adds/changes the password for the WiFi hotspot only. When connecting
your computer, iOS or Android device to the wireless network, this is the password you
will use. This password does not change the router superadmin or admin password
when logging in to access the Optimizer user interface.
Page 91 of 131
8.3 Firewall
The Firewall allows you to control network traffic flow, allow port forwarding for remote access,
has a table of pre-defined traffic rules, and allows you to edit existing rules and create new
rules. Most installations do not require any firewall modifications due to the flexibility with the
Captive Portal configuration and the Proxy Filters configuration. Use with caution and at your
own risk!
Traffic Rules Table
The image below is a small section of the firewall traffic rules table.
The table includes all the firewall rules on the router that will allow you to enable and disable
ports and ip address, etc. You can create and add rules. You can delete rules.
By default, the first six rules say DO NOT MODIFY. They are: ALL, Pass DNS, DNS, HTTP,
HTTPS and FTP. These are the rules that the Captive Portal and Proxy Server automatically
enable and disable so the components work without you having to make modifications to the
Page 92 of 131
Traffic Rules Table. When enabled, these rules Allow that particular traffic to pass through the
firewall.
All the rules can easily be enabled (checked) or disabled (unchecked).
The first rule name "ALL", when enabled, means the firewall is totally open and all traffic goes
straight through the firewall. To disable the rule, uncheck it, scroll to the bottom of the page
and hit <Save & Apply>. With the ALL rule disabled, the remaining rules spring into action.
Rules are evaluated from top to bottom. As soon as traffic hits a rule that matches, it will stop.
If there is no match it will continue to the bottom, which is the Reject rule.
For example, if you want to allow all traffic except http traffic:
• Disable (uncheck) the first rule "ALL-DO NOT MODIFY". This forces the remaining rules
to take precedent.
• Disable (uncheck) the rule "HTTP-DO NOT MODIFY". This blocks http traffic from
passing through the firewall.
• When http traffic arrives, it processes down the list of the enabled rules. Because http is
not enabled it continues down the list looking for match. Failing to find a match until it
reachs the last rule "REJECT".
With the ALL rule disabled (unchecked) you can enable/disable the others very quickly. The
next one is DNS. Do you want DNS? Yes (checked), No (unchecked). Do you want http? Yes
(checked), No (unchecked), etc.
You can also create a custom rule.
Scroll down to the bottom of the page to the section "New forward rule"
Page 93 of 131
Select <Add and edit>:
Page 94 of 131
Here you can give the new rule a name, specify the protocol, restrict the rule to a certain zone,
identify the source ip address, the destination ip address, port numbers. etc. This is standard
firewall convention. Once the rule is created, select <Save & Apply>. Place the rule where you
want it on the traffic rule list using the Sort column arrows for up and down. This is a fullfeatured firewall that you can customize to meet your needs.
Page 95 of 131
8.4 Diagnostics
There are several Diagnostic tools available:
Ping: tells you if you have ip connectivity
Traceroute: gives you all the ip addresses in a hop to the final destination.
Page 96 of 131
9.0 Statistics
Similar to the Realtime Graphs in the Status tab, Statistics Graphs shows usage over a specific
timespan.
To modify the timespan use the down arrow next to <Display timespan>, then select <Display
timespan> to view the graph.
Page 97 of 131
Page 98 of 131
APPENDIX A
Page 99 of 131
APPENDIX A
Page 100 of 131
APPENDIX A
Loading...