Siemens MD740 1 User Manual

User Manual
!
General: The product SINAUT MD740-1 complies with European standard EN60950, 05.2003, Safety of Information Technology Equipment. Read the installation instructions carefully before usi ng the device. Keep the device away from children, especially small children. The device must not be installed or operated outdoors or at damp locations. Do not operate the device if the connecting leads or the device itself are damaged.
External power supply : Use only an external power supply which complies with IEC/EN60950 chapter 2.5 “Limited power sources” and UL1310 / NEC Class 2 respectively. The output voltage of the external power supply must not exceed 30VDC. The output of the external power supply must be short-circuit proof.
Warning
The power supply unit to supply the SI NAUT MD740-1 must comply with NEC Class 2 circ uits as outlined in the National Electrical Code (ANSI/NFPA 70) only
When connecting to a battery or accumulator, make sure that an all-pole circuit-breaker (main battery switch) with sufficient se lectivity and a fuse with sufficient selectivity are provided bet ween the device and the battery or accumulator.
Please pay regard to section Technic al Data of the installation manual, as well as the ins tallation and utilisation regulations of the respective manufacturers of the power supply, the battery or the accumulator.
Digital gate input: Make sure that the specified input voltage range is observed. Please pay regard to sections Connecting t he device and Technical Data of this documentation.
Digital gate output: Switching voltage and switching current must not exceed the specified maximum values. Please pay regard to sections Connect ing the device and Technical Data of this documentation.
SIM card: To install the SIM card the device must be opened. Before opening the device, disconnect it from the supply voltage. Static charges can damage the device when it is open. Discharge the electric static of your body before opening the devi ce. To do so, touch an earthed surface, e.g. the metal casing of the switch cabinet. Please pay regard to section Inserting or changing the SIM card of the installation manual.
Handling cables: Never pull a cable connector out of a socket by its cable, but pull on the connector itself. Cable connectors with screw fas teners (D-Sub) must always be sc rewed on tightly. Do not lay the cable over sharp c orners and edges without edge protect ion. If necessary, provide sufficient strain relief for the cables.
For safety reasons, make sure that the bending radius of the cables is observed. Failure to observe the bending radius of the antenna cable results in the deterioration of the
system's transmission and reception properti es. The minimum bending radius static must not fall below 5 times the cable diameter and dynamic below 15 times the cable diameter.
Radio device: Never use the device in places where the operation of radio devices is prohibited. The device contains a radio transm itter which c ould in c ertai n ci rcumstanc es impai r the f unctionality of electronic medical devices such as hearing aids or pac emakers. You can obtain advice f rom your physician or the manufacturer of s uch devices. To prevent dat a carriers from bei ng demagnetised, do not keep disks, credit cards or other magnetic data carriers near the device.
Safety precautions
2 von 105 SINAUT MD740-1
Antenna: Use only the antenna of the SINAUT TELECONTROL accessory program being rel eased for the SINAUT MD740-1. Other antennas may cause damages and the device will loose official approvals like FCC.
Installing antennas: The emission limits as recommended by the Commission on Radiological Protection (13/14 September 2001) must be observed.
Installing an external antenna: When installing an antenna outdoors it is essential that the antenna is fitted correctly by a qualified person. Light ni ng Prot ect i on St andard V DE V 0185 Secti ons 1 to 4, in its current version, and further standards must be observed.
Lightning protection category for buildings: For outdoor installation, the antenna may be fi tted only within the lightning protection zones O/ E or 1. These lightning protect ion zones are prescribed by the lightning protection spherical radius.
The EMV lightning protection zone concept is to be observed. To avoid large induction loops a lightning protection equipotential bonding is to be used. If the antenna or antenna cable is installed near to the lightning protection system, the minimum distanc es to the lightni ng protect i on syst em must be observed. If this is not possible, insulated installati on as descri bed i n VDE V 0185 Sections 1 to 4, in its current version, is essential.
FCC Part 15
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected.
Consult the dealer / installer or an experienced radio/TV technician for help.
This device contains 900 MHz GSM and 1800 DCS functions that are not operational in U.S. territories.
FCC Part 15.19
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
1. this device may not cause harmful interference, and
2. this device must accept any interference received, including interf erence that may cause undesired operation.
FCC Part 15.21
Modifications not expressly approved by this company could void the user's aut hori t y to operat e the equipment.
SINAUT MD740-1 3 von 105
Installation by qualified personnel only
You may only use the SINAUT MD720-3 with an antenna of the SINAUT MD720-3 accessory program.
The installation of the SINAUT MD720-3 and the antenna as well as servicing is to be performed by qualified technical personnel only. When servicing the antenna, or working at distances closer than those listed below, ensure the transmitter has been disabled.
RF Exposure mobile
Warning !
!
This is a class A equipment. This equipment can dist urb other electric equipment in living areas; in this case the operator can be demanded to carry out appropriate measures.
Typically, the antenna connected to the transmitter is an omni-directional antenna with 0dB gain. Using this antenna the total composite power in PCS mode is smaller than 1 watt ERP.
The internal / external antennas used for this mobile transmitter must provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter."
!
Warning !
!
Warning !
Please note that data packets exchanged for setting up connections, reconnecting, connect attem pts (e.g. Server switched off, wrong destination address, etc.) as well as keeping the connection alive are also subject to charge.
Product no. 3155 Doc. no. 3155AD001 Rev. 1.1
4 von 105 SINAUT MD740-1
Contents
Contents
Introduction .........................................................................................................7
1
1.1 To be able to use the SINAUT MD740-1...........................................9
1.2 IP address of the remote site.............................................................9
2 The LEDs of the SINAUT MD740-1...................................................................10
S (Status), Q (Quality), C (Connect)................................................10
DC5V, STAT, LINL, VPN.................................................................11
3 Putting the device into operation.....................................................................12
3.1 Connecting the device.....................................................................12
Switching the device on/off..............................................................13
3.2 Configuring the PIN.........................................................................14
3.3 Inserting or changing the SIM card..................................................15
4 Configuration.....................................................................................................19
Remote configuration.......................................................................19
Prerequisites for local configuration.................................................19
TCP/IP configuration of the network adapter...................................19
Establish configuration connection..................................................20
Perform configuration......................................................................23
4.1 Network menu .................................................................................24
4.2 Firewall menu..................................................................................27
4.3 VPN menu.......................................................................................36
4.4 Services menu.................................................................................54
4.5 Access menu...................................................................................62
4.6 Features menu.................................................................................68
4.7 Support menu..................................................................................72
4.8 System menu...................................................................................75
4.9 CIDR (Classless InterDomain Routing)...........................................79
4.10 Network example diagram...............................................................81
5 Integrated website showing device and connection data..............................83
5.1 Accessing the Web server locally via the service interface..............83
Via dial-up connection:....................................................................83
Installing the modem for access to the service interface .................83
Creating the dial-up connection for the service interface.................84
Making a connection to the SINAUT MD740-1 website...................85
Closing the service connection........................................................85
5.2 Accessing the Web server locally via the application interface
(10/100 BASE-T connector).............................................................86
Prerequisites....................................................................................86
Making a connection to the SINAUT MD740-1 website...................86
5.3 Accessing the Web Server of the SINAUT MD740-1 from a remote
computer via the GPRS network......................................................87
Prerequisites....................................................................................87
Making a connection to the SINAUT MD740-1 website...................87
5.4 The website of the SINAUT MD740-1..............................................88
Device Information page..................................................................89
SINAUT MD740-1 5 von 105
Contents
Session Statistics and Total Statistics pages...................................90
PPP layer (PPP - Point-to-Point-Protocol).......................................90
IP layer (IP - Internet Protocol)........................................................91
Status Information page...................................................................92
6 Firmware update via the integrated FTP server..............................................93
7 Glossary 94
8 Technical Data.................................................................................................103
AES .................................................................................................94
APN (Access Point Name)...............................................................94
Asymmetrical encryption..................................................................95
DynDNS provider.............................................................................95
TCP/IP (Transmission Control Protocol/Internet Protocol)...............96
Service Provider..............................................................................96
Protocol, transmission protocol........................................................97
Client / Server..................................................................................97
PPPoE.............................................................................................97
PPTP...............................................................................................97
VPN (Virtual Private Network) .........................................................97
DES / 3DES.....................................................................................98
Private Key, Public key; Certification (X.509) ..................................98
NAT (Network Address Translation)................................................99
Datagram.........................................................................................99
IPSec.............................................................................................100
Spoofing, anti-spoofing..................................................................100
Symmetrical encryption.................................................................100
Port number...................................................................................100
IP address .....................................................................................101
X.509 Certificate............................................................................102
Pin assignment interface Service...................................................104
Pin assignment interface 10/100 BASE-T......................................104
6 von 105 SINAUT MD740-1
Introduction
1 Introduction
The SINAUT MD740-1 serves the following purpose:
GPRS modem
VPN router
Firewall
VPN features
Firewall features
Other features
The device establishes secure IP data connections by radio
via the GPRS (General Packet Radio Service) of a GSM network (Global System for Mobile Communication = mobile radio network).
To do so, the device combines the following functions:
GPRS modem for flexible data communication via GPRS
VPN router for secure data transfer via public networks (IPSec
protocol, 3DES data encryption, AES encryption)
Firewall for protection against unauthorised access. T he dynamic packet filter inspects data packets using the source and destination address (stateful packet inspection) and blocks
).
unwanted data traffic (anti-spoofing
The device is configured simply using a Web browser.
Protocol: IPsec (tunnel and transport mode)
IPsec DES encryption at 56 Bit
IPsec 3DES encryption at 168 Bit
IPsec AES encryption at 128, 192 and 256 Bit
Packet authentication: MD5, SHA-1
Internet Key Exchange (IKE) with Main and Quick Mode
Authentication: Pre-Shared Key (PSK), X.509v3 certificates
DynDNS
NAT-T
Dead Peer Detection (DPD)
Stateful Packet Inspection
Anti-spoofing
NAT (IP Masquerading)
Port Forwarding
DNS Cache
DHCP Server
NTP
Remote Logging
SINAUT MD740-1 7 von 105
Introduction
A
A
Scenario 1:
Dedicated line to GPRS or Internet (with fixed, known IP address)
GPRS
Internet
pplication
TAINY GMOD-V2-IO
IPSec tunnel
Firewall
Router with Firewall
Server in company network
The application is connected local ly
direct to the SINAUT MD740-1: e.g. statement printer, notebook or PC. This application uses the SINAUT MD740-1 in order to have secure access to a remote LAN as if it were connected direct to the LAN.
The remote
site is a computer in a corporate network. The network, protected by a VPN router with firewall, is connected to the GPRS network or the Internet and has a known or definable IP address.
Scenario 2:
GPRS
pplication
TAINY GMOD-V2-IO
IPSec tunnel
TAINY GMOD-V2-IO
Server in company
The remote site is another SINAUT MD740-1.
The direct connection of two GPRS end devices is not technically supported in
!
all GSM/GPRS networks.
LAN
LAN
8 von 105 SINAUT MD740-1
Introduction
1.1 To be able to use the SINAUT MD740-1...
you require...
a subscriber contract with a GSM network operator (e.g. TD1, Vodafone, E-Plus, O2) that supports GPRS
release of the GPRS for the user in question by the network operator
1.2 IP address of the remote site
In order that a SINAUT MD740-1 can actively establish a VPN connection the remote site must have a fixed IP address (an IP address consists of a maximum of 4 numbers, separated by dots, which can each have up to three digits, e.g. 255.122.201.005). With many Internet Service Providers (ISPs), however, the IP addresses are assigned dynamically, i.e. the IP addresses of the computers or networks which have access to the Internet change. There are 3 ways of obtaining a fixed IP address:
Fixed IP address via dedicated line to GPRS
Fixed IP address via Internet service provider
Fixed IP address via DynDNS service
The communication partner is connected to the GPRS network via a leased dedicated line. In this case it has normally been assigned a fixed IP address by the network operator.
The communication partner can be accessed via the Internet and has been assigned a fixed IP address by the Internet service provider (the address can be applied for from some Internet service providers).
To solve the problem of dynamic IP address assignment, DynDNS services can be used. With this kind of service, the SINAUT MD740-1, for example, or the remote computer, regardless of the dynamic IP address it currently possesses, is accessible via a fixed domain name. Each time the IP address changes, the SINAUT MD740-1 or the remote computer reports the new IP address to the DynDNS server, so that the current IP address is always assigned to the domain name on the DNS server - see glossary, page 95.
The use of a DynDNS service requires a contract with the provider concerned, e.g. DynDNS.org or DNS4BIZ.com.
SINAUT MD740-1 9 von 105
The LEDs of the SINAUT MD740-1
2 The LEDs of the SINAUT MD740-1
LEDs
S (Status) Q (Quality) C (Connect)
LEDs
Power Status LAN VPN
S (Status), Q (Quality), C (Connect)
LED Status Meaning S, Q, C
in sequence
S (Status)
Q (Quality)
C (Connect)
* When updating the communication firmware, at first the LEDs are slowly blinking in sequence.
Further in the process only the LED S is On.
** Shortly after booking into the GSM network, the quality LED blinks once, thus signalling the field
strength as not sufficient or unknown. Cause: At this stage the device can only register availability
Fast lighting in sequence Slowly lighting in sequence Synchronous fast blinking Blinks slowly Blinks fast OFF ON Blinks slowly 1 x intermittent blinking 2 x intermittent blinking 3 x intermittent blinking ON always OFF OFF ON
Boot procedure Update* Error Device waiting for PIN input PIN error / SIM error No GPRS attach GPRS attach Booking into the GPRS network Field strength not sufficient or unknown** Field strength sufficient Field strength medium Field strength high Waiting for PIN input No connection Connection to server/remote station
GPRS: Authentication on and IP allocation from network successful
10 von 105 SINAUT MD740-1
The LEDs of the SINAUT MD740-1
of signal, but not the signal quality. The field strength is then requested in a next check, 15 seconds later.
DC5V, STAT, LINL, VPN
LED Colour Status Meaning
DC5V
Green ON Device switched on, operating voltage is on OFF Device switched off, no operating voltage
STAT
Yellow Blinking IOVPN board operational
LINK
Yellow ON Ethernet connection to local PC / LAN
established
OFF No Ethernet connection to local PC / LAN
VPN
Yellow ON VPN tunnel established* OFF VPN-Tunnel not established
* Shortly after switching on of the SINAUT MD740-1, the LED VPN is set to on for a short period of
time although the VPN tunnel has not yet been established. Cause: self-test of the components during starting procedure of the device.
SINAUT MD740-1 11 von 105
Putting the device into operation
3 Putting the device into operation
To put the device into operation, perform the following steps in the order given:
. 50 Ohm
Page
)
1.
Connect the device 12
2.
Configure the PIN 14
3.
Insert or change the SIM card 15
4.
Perform further configuration 19
!
First tell the device the PIN of the SIM card. Then insert the SIM card.
!
The device also supports SIM cards without a PIN. If your SIM card has no PIN you
can also insert the SIM card before performing configuration.
!
The device must be switched off when you insert or remove the SIM card.
3.1 Connecting the device
Current supply: The screw terminals on top of the device for connecting of the current
supply: 24 V DC voltage (nominal), max. 600mA
+ 24 V + 24 V
0 V 0 V
Both terminal screws to the left (24 V) are connected.
Both terminal screws to the right (0 V) are connected.
Service interface. Optional: For the connection of a PC to display device, status and connection information. To connect, use a V.24 cable.
Digital gate input I1+ I1-
Digital gate output O1a
O1b
Antenna (approx
Application interface. Connect the
application device here.
When connecting to the network card of a computer use a cross­over Ethernet cable.
When connecting to the network use a UTP cable (CAT 5).
12 von 105 SINAUT MD740-1
Putting the device into operation
Switching the device on/off
The SINAUT MD740-1 switches on as soon as the operating voltage is supplied (see Connecting the device, page 12).
The devices switches off when disconnected from the supply voltage.
When switching on
When the device is switched on the POWER LED comes on first. If the device has a valid configuration and the SIM card is inserted the device automatically books into the GPRS network. When the CONNECT LED comes on a GPRS connection has been established.
The device is designed in such a way that it can be left switched on permanently.
SINAUT MD740-1 13 von 105
Putting the device into operation
3.2 Configuring the PIN
In order for the SINAUT MD740-1 to be able to communicate via the GPRS network of your network operator you must tell the device the PIN (Personal Identification Number) of the SIM card. Then you can insert the SIM card into the device.
The device also supports SIM cards without a PIN. If your SIM card has no PIN it is not necessary to configure the PIN. You can then insert the SIM card immediately.
To configure the PIN, proceed as follows:
1. Using your Web browser (e.g. MS Internet Explorer), establish a configuration connection with the SINAUT MD740-1.
To do this, follow the description in section 4 Configuration, page 19 to 23.
2. When the Administrator website of the SINAUT MD740-1 appears, select Network #### GPRS.
Enter PIN (in both fields)
3. You can close the connection by closing the Web browser.
14 von 105 SINAUT MD740-1
In the PIN field, enter the PIN of the SIM card that you then want to insert into the device.
!
Enter the same PIN in both fields. Then click on OK or Apply. Once the PIN is set, the message "Not configured yet" is no
longer displayed.
Putting the device into operation
3.3 Inserting or changing the SIM card
!
SINAUT MD740-1 must be switched off when you insert or change the SIM card
!
A plug-in SIM card (3 Volt) is used.
1. Make sure that the device is disconnected from the supply voltage.
2. The SINAUT MD740-1 must be opened to insert the SIM card.
The housing is fastened with clamps, two each on top of the housing and on the bottom side.
Clamps
3. Release the two clamps on the housing part with antenna socket.
For this purpose, press the clamps cautiously with a suitable object (see picture) so that catch opens.
4. Cautiously pull the unlocked housing part so that the housing opens.
!
The boards in both front housing
parts are connected by an IO cable. When opening the housing make sure that the cable connection is not loosened or damaged. If necessary, unlock both front housing parts and cautiously pull them out together.
Clamps
SINAUT MD740-1 15 von 105
Putting the device into operation
5. The SIM card holder is visible on the motherboard.
SIM card holder
6. With a suitable object open the flap of the SIM card holder by moving it cautiously about 2mm to the left – in the direction of the arrow (see red arrow in the illustration) so that it can be raised.
7. Raise the flap of the SIM card holder so that you can insert the SIM card.
In the illustration below, the compartment into which you can insert the SIM card is emphasized in white.
16 von 105 SINAUT MD740-1
Putting the device into operation
8. Slide the SIM card into the flap of the SIM card holder, with the gold­coloured microchip pointing down. The flap has a groove for this purpose. The notched corner of the SIM card has to point towards the front of the device (see illustration).
9. Slide the SIM card down into the flap as far as possible.
10. Lower the flap paying attention to the notched corner of the SIM card (see illustration).
SINAUT MD740-1 17 von 105
Putting the device into operation
11. With your fingernail or a suitable object move the flap about 2 mm to the right (in the direction of the arrow) until you can feel it click into place.
12. Now the SIM card holder is locked into position.
13. Check the connection of the internal IO connection cable.
Finally re-attach both housing parts: Slide the motherboard into the rails on top and bottom inside the rear section of the housing. Close the housing by slightly pressing the housing parts together so that the clamps on the upper and lower parts of the housing engage.
The housing is locked when all clamps have clicked shut.
18 von 105 SINAUT MD740-1
Configuration
4 Configuration
Remote configuration
Prerequisites for local configuration
TCP/IP configuration of the network adapter under Windows XP:
TCP/IP configuration of the network
! Remote configuration is possible only if the SINAUT MD740-1 is
configured for remote access (see page 64). In this case, proceed exactly as described as from section Establish configuration connection, page 20.
The computer with which you are performing the configuration must either
-
be connected direct to the Ethernet socket of the SINAUT MD740-1 via cross-over network cable
-
or it must have direct access via LAN to the SINAUT MD740-1.
The SINAUT MD740-1 must be switched on.
The network adapter of the computer with which you are
performing configuration must hav e the follow ing T CP/IP configuration: IP address: 192.168.1.2 Subnet mask: 255.255.255.0 Default gateway: 192.168.1.1 Preferred DNS server: address of the Domain Name Server
Click on Start, Settings, Control Panel, Network
1. Connections: right-click on the icon for LAN adapter and click on Properties in the context menu.
adapter
…under Windows XP
On the General tab in the Properties of LAN
connection local network dialogue box,
select the Internet Protocol (TCP/IP) entry
and then click on the Properties button to make the following dialogue box appear:
SINAUT MD740-1 19 von 105
Configuration
2.
…under Windows 2000
!
Preferred DNS server
Establish configuration connection
2. Make sure that the browser does not automatically dial up a
IP address of the SINAUT MD740-1:
https://192.168.1.1
Enter the following: IP address: 192.168.1.2 Subnet mask: 255.255.255.0 Default gateway: 192.168.1.1 Preferred DNS server: address of the Domain Name Server
Under Windows 2000, proceed accordingly.
If you call up addresses via a domain name (e.g. www.neuhaus.de), a Domain Name Server (DNS) has to look up which IP address belongs to the name. You can determine the following as the Domain Name Server:
the DNS address of the network operator OR
the local IP address of the SINAUT MD740-1, provided that
it is configured to resolve hostnames in IP addresses, see Services menu.
To determine the Domain Name Server in the TCP/IP configuration of your network adapter, proceed as described above.
Proceed as follows:
1. Start a Web browser.
(e.g. MS Internet Explorer from Version 5.0 or Netscape Communicator from Version 4.0; the Web browser must support SSL (i.e. https))
connection when starting. In MS Internet Explorer you make this setting as follows: menu
Tools, Internet Options..., Connections tab: under Dial-up and Virtual Private Network settings, Never dial a connection must
be activated.
3. In the address line of the browser, enter the full address of the SINAUT MD740-1. In accordance with the default setting, this is:
https://192.168.1.1
Consequence: the security alert show n on the nex t page appears.
20 von 105 SINAUT MD740-1
Configuration
r
t
!
the Administrato
website does no
appear...
In case
If the browser still tells you after several attempts that the page
cannot be displayed, try the following:
Check the hardware connection.
To do so on a Windows computer, enter the following command via the DOS prompt (menu Start, Programs, Tools, Command Prompt):
ping 192.168.1.1
If there is no packets within the prescribed time, check the cable, the connections and the network card.
Make sure that the browser does not use a proxy server.
In MS Internet Explorer (Version 6.0) you make this setting as follows: menu Tools, Internet Options..., Connections tab: under LAN Settings click on the Settings button, in the Settings for local area network (LAN) dialogue box make sure that the Use a proxy server for your LAN entry is not activated.
If there are other LAN connections active on the computer,
deactivate them for the duration of configuration. Under Windows menu Start, Settings, Control Panel,
Network Connections / Network and Dial-up Connections right-click on the appropriate icon and select Deactivate in the context menu.
Enter the address of the SINAUT MD740-1 plus slash:
message about the reception of the 4 sent
https://192.168.1.1/
SINAUT MD740-1 21 von 105
Configuration
When the connection is
4. Following the successful estab lishment of the connection the following security alert appears:
successfully established...
Explanation:
As the device can only be administered via encrypted accesses it is supplied with a self-signed certificate.
Acknowledge the security alert with Yes.
5. You are prompted to enter the user name and the password.
The default setting is: User name: admin Password: tainy
Start page of the Administrator website
22 von 105 SINAUT MD740-1
6. Consequence: the Administrator website of the SINAUT MD740-1 appears - see next page.
Configuration
Perform configuration
If a page is not up to date when next displayed because the
!
Depending on how you configure the SINAUT MD740-1, you may then have to adapt the network interface of the connected computer or network accordingly.
!
When entering IP addresses, always enter the IP address sub-numbers without the leading zeros, e.g.: 192.168.0.8.
Please note:
In the following screenshots of the configuration pages of the SINAUT MD740-1 are displayed. The caption of these screenshots refers to another product from SIEMENS A&D. This product basically supports the same features as SINAUT MD740-1 (VPN, Firewall) but has a different housing.
To perform the configuration, proceed as follows:
1. Call up the
required setting area via the menu.
2. Make the required
entries on the page concerned.
3. Confirm with OK or
Apply, so that the settings are accepted by the device.
browser is loading it from the cache, refresh the page display . To do so, click on the Refresh icon in the browser's icon bar.
SINAUT MD740-1 23 von 105
Configuration
4.1 Network menu
Network #### Local
Local IP address of the SINAUT MD740­1 according to default setting:
192.168.1.1
Internal IPs
An internal IP is the IP address at which the SINAUT MD740-1 can be accessed by devices of the locally connected network.
The default setting for the IP address is as follows:
IP address: 192.168.1.1 Local netmask: 255.255.255.0
You can determine further addresses at which the SINAUT MD740-1 can be accessed by devices of the locally connected network. This is helpful if, for example, the locally connected network is divided into subnets. In this case, several devices from different subnets access the SINAUT MD740-1 at different addresses.
! If you want to determine a further internal IP, click on New.
You can determine any number of internal IPs.
! If you want to delete an internal IP, click on Delete.
(The first IP address in the list cannot be deleted.)
Additional Internal Routes
If further subnets are connected to the locally connected network, you can define additional routes.
See also Network example diagram , page 81. ! If you want to determine a further route to a subnet, click on
New. Enter the following:
- the IP address of the subnet (network), and
- the IP address of the gateway via which the subnet is connected.
You can determine any number of internal routes.
! If you want to delete an internal route, click on Delete.
24 von 105 SINAUT MD740-1
Configuration
Network #### GPRS
User (user name) Password
When the SINAUT MD740-1 logs into the GPRS network it is generally asked for the user name and the password before it is given access to the network.
Some GSM/GPRS network operators dispense with access control via user name and/or password. In this case, enter
visitor in the appropriate field.
INFO: Documentation from your network operator.
!
Enter the password identically in both fields.
Once the password has been set, the message "Not configured yet" is no longer displayed.
APN (Access Point Name) This denotes the gateway
-
to the Internet. In this case the remote site can be reached via
the Internet.
OR
-
to the private network. In this case the remote site is
connected to the GPRS network operator via a leased dedicated line.
INFO:
Internet APN:
You will find the APN in the documentation or at the website of your GSM/GPRS network operator, or you can call the hotline and ask for it there.
Private APN:
You can obtain the access data from your network operator.
SINAUT MD740-1 25 von 105
Configuration
When putting the device into operation:
1. Tell the device the PIN of the SIM card
2. Insert the SIM card
PIN of the SIM card inserted in the device In order for the SINAUT MD740-1 to be able to operate with the
SIM card of your network operator you must tell the device the PIN (Personal Identification Number) of the SIM card, provided that the SIM card has a PIN. Only after this should you insert the SIM card into the switched off(!) device.
To do so, enter the PIN and click on OK or Apply. If a PIN has been set, the message "Not configured yet" is no
longer displayed.
!
Enter the PIN identically in both fields.
!
The entered PIN must tally with the PIN of the SIM card with
which the device is to operate.
!
You cannot change the PIN of the SIM card with this device.
Confirm the entries on this configuration page by clicking on OK or
Apply.
Network #### Status
Display only:
26 von 105 SINAUT MD740-1
Network mode
This indicates whether a GPRS connection has been established (display: "modem connected") or whether the GPRS modem is on standby and ready to establish a GPRS connection (display: "(none)” or “modem (later)").
External IP /GPRS:
The IP address at which the device can be reached from the outside. This IP address is assigned to the device by the operator of the GPRS network for the current connection.
Default gateway via external IP:
IP address of the integrated GPRS module.
Configuration
4.2 Firewall menu
The SINAUT MD740-1 comes with a Stateful Packet Inspection Firewall. The connection data of an active connection are collected in a database (connection tracking). This means that rules are only to be defined for one direction, while data from the other direction of a connection, and only these, are allowed through automatically. A side effect of this is that existing connections are not interrupted as a result of reconfiguration, even if a corresponding new connection should no longer be established.
Default firewall setting:
All incoming connections are rejected (except VPN).
The data packets of all outgoing connections are rejected (except VPN and except
connections to the integrated website which provides information about devices and connection data).
!
VPN connections are not subject to the firewall rules determined under this menu
item. You can determine firewall rules for each individual VPN connection under the menu VPN #### Connections.
!
If several firewall rules have been set, they are scanned in the order of the entries
from top to bottom until a suitable rule is found. This rule is then applied. Should there also be rules further down in the list which would be also suitable, they are ignored.
Firewall #### Incoming
SINAUT MD740-1 27 von 105
This lists the fixed firewall rules. These apply to incoming data connections which have been initiated externally.
If no rule has been set, all incoming connections (except VPN) are rejected (= default setting).
Deleting a rule
Click on Delete next to the entry concerned. Then click on OK or Apply.
Configuration
Setting a new rule
If you want to set a new rule, click on New. Set the required rule (see below), then click on OK or Apply. You receive a system message as confirmation. You can make the following possible entries:
Protocol: All means: TCP, UDP, ICMP and others. IP address: 0.0.0.0/0 means all addresses. To denote a range, use
CIDR syntax - see CIDR (Classless InterDomain Routing), page
79.
Port:
(is evaluated only with TCP and UDP protocols) any means any port. startport:endport (e.g. 110:120) denotes the port area. Individual ports can be entered either with the port number or with
the corresponding service name: (e.g. 110 for pop3 or pop3 for
110).
Action:
Accept means that the data packets may pass. Refuse means that the data packets are turned away so that the
sender is informed of the refusal. Reject means that data packets are not allowed to pass. They are "swallowed" so that the sender is not informed of their whereabouts.
Log:
For each individual firewall rule you can determine whether, when the rule is applied,
- the event is to be logged - set Log to Yes
- or not - set Log to No (default setting)
Log entries for unknown connection attempts:
This logs all connection attempts which are not recorded by the prevalent rules.
28 von 105 SINAUT MD740-1
Configuration
Firewall #### Outgoing
This lists the fixed firewall rules. These apply to outgoing data packets which belong to GPRS connections initiated by the SINAUT MD740-1 to communicate with a remote site.
!
If no rule is set, all outgoing connections are prohibited (except
VPN).
!
Default setting: outgoing connections prohibited (except VPN
and connections to the integrated website which provides information about devices and connect ion data) .
Deleting a rule
Click on Delete next to the entry concerned. Then click on OK or Apply.
Setting a new rule
If you want to set a new rule, click on New. Set the required rule (see below), then click on OK or Apply. You receive a system message as confirmation.
You can make the following possible entries:
Protocol: All means: TCP, UDP, ICMP and others. IP address: 0.0.0.0/0 means all addresses. To denote a range, use
CIDR syntax - see CIDR (Classless InterDomain Routing), page
79.
Port:
(is only evaluated with TCP and UDP protocols) any means any port. startport:endport (e.g. 110:120) denotes the port area. Individual ports can be entered either with the port number or with
the corresponding service name: (e.g. 110 for pop3 or pop3 for
110).
Action:
Accept means that the data packets may pass. Refuse means that the data packets are turned away so that the
SINAUT MD740-1 29 von 105
Configuration
sender is informed of the refusal. Reject means that data packets are not allowed to pass. They are swallowed so that the sender is not informed of their whereabouts.
Log:
For each individual firewall rule you can determine whether, when the rule is applied,
- the event is to be logged - set Log to Yes
- or not - set Log to No (default setting)
Log entries for unknown connection attempts:
This logs all connection attempts which are not recorded by the prevalent rules.
Firewall ####Port Forwarding
30 von 105 SINAUT MD740-1
This lists the fixed rules for port forwarding. With port forwarding the following takes place: the header of
incoming data packets from the external network which are intended for the external IP address (or one of the external IP addresses) of the SINAUT MD740-1 and for a particular port of the SINAUT MD740-1 are rewritten in such a way that they are forwarded to the internal network to a particular computer and to a particular port of this computer. That means that the IP address and port number in the headers of incoming data packets are changed.
This method is also called Destinat ion NAT .
!
The rules set here take priority over the settings under Firewall
#
# Incoming.
##
Deleting a rule
Click on Delete next to the entry concerned. Then click on OK or Apply.
Setting a new rule
Loading...
+ 75 hidden pages