Pepwave MAX Series: MAX 600 / 700 / HD2 / BR1 Pepwave MAX Firmware 5.4 September 2012 COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. Copyright © 2012 Pepwave Ltd. All Rights Reserved. Pepwave and the Pepwave logo are trademarks of Pepwave Ltd. Other brands or products mentioned may be trademarks or registered trademarks of their respective owners.
Table of Contents 1 INTRODUCTION AND SCOPE ............................................................................................. 5 2 GLOSSARY........................................................................................................................ 6 3 PRODUCT FEATURES ........................................................................................................ 7 3.1 3.2 4 PEPWAVE MAX MOBILE ROUTER OVERVIEW ..............................................................
12.1 12.2 OUTBOUND POLICY ..............................................................................................................................64 CUSTOM RULES FOR OUTBOUND POLICY ..................................................................................................65 13 PORT FORWARDING ...................................................................................................... 75 13.1 13.2 PORT FORWARDING SERVICE .............................................................
APPENDIX A. RESTORATION OF FACTORY DEFAULTS ......................................................120 APPENDIX B. DECLARATION ..........................................................................................121 http://www.pepwave.
1 Introduction and Scope The Pepwave MAX Mobile Router provides link aggregation and load balancing across multiple WAN connections, allowing a combination of technologies like 3G HSDPA, EVDO, 4G LTE, Wi-Fi, external WiMAX dongle, and Satellite to be utilized to connect to the Internet. This manual presents how to set up the Pepwave MAX Mobile Router and provides an introduction to the features and usage of Pepwave MAX Mobile Router.
2 Glossary The following terms, acronyms, and abbreviations are frequently used in this manual: Term Definition 3G 3rd Generation standards for wireless communications (e.g. HSDPA) 4G 4th Generation standards for wireless communications (e.g.
3 Product Features Pepwave MAX enables all LAN users to share broadband Internet connections, and provide advanced features to enhance Internet access. The following is the list of supported features on Pepwave MAX Mobile Router: 3.1 Supported Network Features 3.1.
Intrusion detection and prevention Specification of NAT mappings Outbound firewall rules can be defined by destination domain name 3.1.5 Outbound Policy Link load distribution per TCP/UDP service Persistent routing for specified source and/or destination IP addresses per TCP/UDP service Traffic Prioritization and DSL optimization Prioritize and route traffic to VPN tunnels with Priority and Enforced algorithms 3.1.6 QoS 3.
4 Pepwave MAX Mobile Router Overview 4.1 MAX 600 4.1.1 Front Panel Appearance PC Card Slot Wi-Fi WAN Connector Express Card Slot USB Ports Ethernet WAN Port Wi-Fi LAN Connector Wi-Fi AP LED LAN Ports Wi-Fi WAN LED Status LED Power LED Reset Button 4.1.
LAN and Ethernet WAN Ports Green LED Orange LED Port Type ON 100 Mbps OFF 10 Mbps Solid Port is connected without traffic Blinking Data is transferring OFF Port is not connected Auto MDI/MDI-X ports 4.1.3 Rear Panel Appearance Power Connector Terminal Block http://www.pepwave.
4.2 MAX 700 Status LED 4.2.1 Front Panel Appearance Ethernet WAN Port Wi-Fi LAN Connector USB Port Power LED Terminal Block Reset Button LAN Ports Wi-Fi WAN Connector Wi-Fi AP LED Wi-Fi WAN LED 4.2.
LAN and Ethernet WAN Ports Green LED ON 10 / 100/ 1000 Mbps Blinking Data is transferring OFF No data is being transferred or port is not connected Orange LED Port Type Auto MDI/MDI-X ports 4.2.3 Rear Panel Appearance Power Connector USB Ports Kensington Lock http://www.pepwave.
4.3 MAX HD2 4.3.1 Front Panel Appearance Ethernet WAN Port Wi-Fi AP Connector USB Port Cellular WAN LED Terminal Block Reset Button LAN Ports Status LED Wi-Fi WAN LED Wi-Fi WAN Connector 4.3.
4.3.3 Rear Panel Appearance Power Connector Cellular Antenna Connectors Kensington Lock 4.4 Cellular SIM Slots MAX BR1 4.4.1 Front Appearance 4.4.2 Top Panel Appearance (MAX-BR1 Version) SMA Cellular Antenna Connector SMA GPS Antenna Connector http://www.pepwave.
(MAX-BR1-LTE Version) Redundant Cellular SIM Slots Redundant Cellular SIM Slots RP-SMA Wi-Fi Antenna Connector SMA GPS Antenna Connector 4.4.3 Rear Panel Appearance 10/100 Ethernet WAN 10 -30V DC Terminal Block Dual 10/100 Ethernet LAN http://www.pepwave.
5 Installation Connecting the Network with Pepwave MAX Mobile Router: 5.1 Preparation Before installing Pepwave MAX Mobile Router, please prepare the following: At least one Internet/WAN access account and/or Wi-Fi access information. For each network connection, 5.
5.3 Configuring the Network Environment To ensure that Pepwave MAX works properly in the LAN environment and can access the Internet via the WAN connections, please refer to the following setup procedures: LAN Configuration For basic configuration, refer to Section 6, Connecting to Web Admin Interface. For advanced configuration, go to Section 7, Configuration of LAN Interface(s). WAN Configuration For basic configuration, refer to Section 6, Connecting to Web Admin Interface.
5.4.2 Car Mount Pepwave MAX can be mounted on a flat surface using the included car mounting plate. Place the car mount according the label’s direction, and screw it onto the device. Mounting Plate Screw Holes After mounting the plate on the back of the device, add screw on the plate on the flat surface. http://www.pepwave.
6 Connecting to Web Admin Interface 1. Start a web browser on a computer that is connected with Pepwave MAX through LAN. 2. To connect to Web Admin Interface of Pepwave MAX, enter the following LAN IP address in the address field of the web browser: http://192.168.50.1 (This is the default LAN IP address of Pepwave MAX.) 3. Enter the following to access the Web Admin Interface. Username: admin Password: admin (This is the default Username and Password of Pepwave MAX.
4. After successful login, the Dashboard of Web Admin Interface will be displayed. It looks similar to the following: Dashboard shows the current WAN, LAN, Wi-Fi AP settings and statuses. You can simply change priority of WAN connections and switch on / off Wi-Fi AP in here. For further information about how-to set up these connections, please refer to Section 7.2 and 8. A map with real-time GPS data is shown on the Dashboard when GPS signal is received.
7 Configuration of LAN Interface(s) 7.1 Basic Settings The LAN Interface settings are located in Network > LAN > Basic Settings http://www.pepwave.
IP Settings IP Address & Subnet Mask Speed The IP address of Pepwave MAX on LAN. This setting specifies the speed of the LAN Ethernet Port. By default, Auto is selected and the appropriate data speed is automatically detected by Pepwave MAX. In the event of negotiation issues, the port speed can be manually specified to circumvent the issues. You can also choose whether or not to advertise the speed to the peer by selecting the Advertise Speed checkbox.
Reserved clients information can be imported from the Client List, located at Status > Client List. For more details, please refer to section 19.3. Static Route Settings Static Route This table is for defining static routing rules for the LAN segment. A static route consists of the network address, subnet mask, and gateway address. The address and subnet mask values are in the format of w.x.y.z The local LAN subnet and subnets behind the LAN will be advertised to the VPN.
If a SpeedFusion address(es). TM peer is selected, you may enter the VPN peer’s DNS resolver IP Queries will be forwarded to the selected connections’ resolvers. If all of the selected connections are down, queries will be forwarded to all resolvers on healthy WAN connections. http://www.pepwave.
7.2 Wi-Fi AP The Wi-Fi LAN settings can be configured in Network > LAN > Wi-Fi AP: Wi-Fi AP can also be switched on / off on the Dashboard. Click Add button to create a new SSID. Wireless Network Settings Network Name (SSID) This setting allows you to specify a name to represent the virtual AP to be scanned by WiFi clients. When Yes is selected, this virtual AP is enabled. Select No to disable it. Enable By default, it is enabled.
Wireless Security Settings This setting specifies which security policy will be used for this wireless network. Available options: Open (No Encryption) WPA/WPA2 – Personal WPA/WPA2 – Enterprise 802.1X Static WEP Security Policy Access Control Settings Restriction Mode This option allows you to perform access control through MAC address filtering. Available options are None, Deny all except listed, and Accept all except listed. http://www.pepwave.
8 Configuration of WAN Interface(s) The WAN Interface settings are located at: Network > WAN To reorder different WANs’ priority, just drag on the appropriate WAN by holding the left mouse button, move it to the desired priority (the first one would be the highest priority, the second one would be lower priority and so on) and drop it by releasing the mouse button.
8.1 Ethernet WAN Network > WAN > Click on WAN Details This will open a screen similar to shown below http://www.pepwave.
http://www.pepwave.
Ethernet WAN Settings WAN Connection Name This field is for defining a name to represent this WAN connection. There are three possible connection methods for Ethernet WAN: Connection Method DHCP Static IP PPPoE The connection method and details are determined by, and can be obtained from, the ISP. See the Sections 8.1.1, 8.1.2, and 8.1.3 for details of each connection method. Standby State This setting specifies the state of the WAN connection.
Pepwave MAX. In the event of negotiation issues, the port speed can be manually specified to circumvent the issues. You can also choose whether or not to advertise the speed to the peer by selecting the Advertise Speed checkbox. This setting specifies the Maximum Transmission Unit. By default, MTU is set to Custom 1440. MTU MSS You may adjust the MTU value by editing the text field. Click Default to restore the default MTU value. Select Auto and the appropriate MTU value will be automatically detected.
8.1.1 DHCP Connection The DHCP connection method is suitable if the ISP provides an IP address automatically by DHCP (e.g. Satellite Modem, WiMAX Modem, Cable, Metro Ethernet, etc.). There are three possible connection methods: 1. 2. 3. DHCP Static IP PPPoE DHCP Settings Routing Mode IP Address/ Subnet Mask/ Default Gateway DNS Servers Hostname (Optional) http://www.pepwave.
8.1.2 Static IP Connection This Static IP connection method is suitable if ISP provides a static IP address to connect directly. Static IP Settings Routing Mode IP Address / Subnet Mask / Default Gateway DNS Servers http://www.pepwave.com This is to substitute the real address in a packet with a mapped address that is routable on the destination network These settings allow you to specify the information required in order to communicate on the Internet via a fixed Internet IP address.
8.1.3 PPPoE Connection This connection method is suitable if ISP provides login ID/ password to connect via PPPoE. PPPoE Settings Routing Mode This is to substitute the real address in a packet with a mapped address that is routable on the destination network IP Address / Subnet Mask / Default Gateway This information is obtained from the ISP automatically. PPPoE User Name / Password Enter the required information in these fields in order to connect via PPPoE to the ISP.
8.1.4 Dynamic DNS Settings Pepwave MAX provides the functionality to register the domain name relationships to dynamic DNS service providers. Through registration with dynamic DNS service provider(s), the default public Internet IP address of each WAN connection can be associated with a host name. With Dynamic DNS service enabled for a WAN connection, you can connect to your WAN's IP address from the external even if its IP address is dynamic.
Important Note In order to use dynamic DNS services, appropriate host name registration(s) as well as a valid account with a supported dynamic DNS service provider are required. A dynamic DNS update is performed whenever a WAN’s IP address changes. E.g. IP is changed after a DHCP IP refresh, reconnection, etc. Due to dynamic DNS service providers’ policy; a dynamic DNS host will automatically expire if the host record has not been updated for a long time.
8.2 Cellular 1 / Cellular 2 Network > WAN > Click on Detail (Available on Pepwave MAX HD2 only) http://www.pepwave.
http://www.pepwave.
Cellular 1 / Cellular 2 SIM Card IMSI This is the International Mobile Subscriber Identity which uniquely identifies the SIM card. This is applicable to 3G modems only. MEID HEX The Pepwave MAX supports both HSPA and EV-DO. For Sprint or Verizon Wireless EV-DO users, a unique MEID identifier code (in hexadecimal format) is used by the carrier to associate the EV-DO device with the user. MEID DEC This is the equivalent of the MEID HEX but in decimal format.
8.3 Wi-Fi WAN Network > WAN > Click on Wi-Fi WAN http://www.pepwave.
Wi-Fi WAN Settings WAN Connection Name This field is for defining a name to represent this WAN connection. Standby State This setting specifies the state of the WAN connection while in standby. The available options are Remain Connected (hot standby) and Disconnect (cold standby). Health Check Method This setting allows you to specify the health check method for the WAN connection. The available options are Disabled, Ping, and DNS Lookup. The default method is Disabled. http://www.pepwave.
See Section 8.4 for configuration details. This setting specifies the dynamic DNS service provider to be used for the WAN based on supported dynamic DNS service providers: Dynamic DNS Bandwidth Allowance Monitor changeip.com dyndns.org no-ip.org tzo.com DNS-O-Matic Select Disabled to disable this feature. This option allows you to enable bandwidth usage monitoring on this WAN connection for each billing cycle.
8.3.1 Create Wi-Fi Connection Profile You can manually create a profile to connect to a Wi-Fi connection. It is useful for creating a profile for connecting to hidden-SSID access points. Click on the link Create Profile… and the following window will be displayed. Network > WAN > Click on Detail Click on Create Profile…. This will open a window similar to the shown below http://www.pepwave.
Create Wi-Fi Connection Profile Settings Network Name (SSID) This field is for defining a name to represent this Wi-Fi connection. This option allows you to select which security policy is used for this wireless network. Available options: Open WEP WPA/WPA2 – Personal WPA/WPA2 – Enterprise Security The settings to be displayed under this row will vary depending on the selected security policy. http://www.pepwave.
8.4 WAN Health Check To ensure traffic is routed to healthy WAN connections only, Pepwave MAX provides the functionality to periodically check the health of each WAN connection. The Health Check settings for each WAN connection can be independently configured via Network > WAN > Details: Enable the Health Check Settings by drop down to PING, DNS Lookup and HTTP http://www.pepwave.
Health Check Settings Method This setting specifies the health check method for the WAN connection. The value of Method can be configured as Disabled, Ping or DNS Lookup. The default method is DNS Lookup. For Mobile Internet connection, the value of Method can be configured as Disabled or SmartCheck. Health Check Disabled When Disabled is chosen in the Method field, the WAN connection will always be considered as up. The connection will not be treated as down in the event of IP routing errors.
WAN connection will be treated as down only if there is also no response received from the public DNS servers. Connections will be considered up if DNS responses are received from any one of the health check DNS servers, regardless of a positive or negative result. By default, the first two DNS servers of the WAN connection are used as the Health Check DNS Servers. Health Check Method: HTTP HTTP connections will be issued to test the connectivity with configurable URLs and strings to match.
Other Health Check Settings This setting specifies the timeout, in seconds, for ping/DNS lookup requests. Default Timeout is set to 5 second. Timeout Health Check Interval This setting specifies the time interval, in seconds, between ping or DNS lookup requests. Default Health Check Interval is 5 seconds. This setting specifies the number of consecutive ping/DNS lookup timeouts after which Pepwave MAX is to treat the corresponding WAN connection as down. Default Health Retries is set to 3.
8.5 Bandwidth Allowance Monitor Bandwidth Allowance Monitor helps keep track of your network usage. Enable Bandwidth Allowance Monitor Bandwidth Allowance Monitor Action Start Day Monthly Allowance http://www.pepwave.com If the feature Email Notification is enabled, you will be notified through email when usage hits 75% and 95% of the monthly allowance.
9 Wi-Fi Settings Wi-Fi settings can be configured at Advanced > Wi-Fi Settings Wi-Fi AP Radio Settings Protocol This option allows you to specify whether 802.11b and/or 802.11g client association requests will be accepted. Available options are 802.11b/g, 802.11b Only, and 802.11g Only. By default, 802.11b/g is selected. Operating Country This option set the country whose regulations the Pepwave MAX follows. Channel This option allows you to select which 802.11 RF channel will be utilized.
output power will be bound by the regulatory limits of the selected country. By default, 23 dBm (200 mW) or 20 dBm (100 mW) (depending on which operating country you have chosen in the previous section) is selected. Important Note Per FCC regulation, the country selection is not available on all models marketed in US. All US models are fixed to US channel only. Wi-Fi WAN Radio Settings Channel Width Bit Rate Output Power Options Auto (20/40 MHz) and 20 MHz are available.
The default value is set to 1 ms. Slot Time ACK Timeout Channel Bonding Frame Aggregation Guard Interval This field is for specifying the unit wait time before it transmits a packet. By default, this field is set to 9 µs. This field is for setting the wait time to receive an acknowledgement packet before performing a retransmission. By default, this field is set to 48 µs. There are 3 selections available in this setting. The first is 20 where the channel bonding is off and the channel width is 20 MHz.
10 Bandwidth Bonding SpeedFusionTM TM Pepwave Bandwidth Bonding SpeedFusion functionality securely connects your MAX indifferent branch to another Pepwave MAX or Peplink device (only Peplink Balance 210/310/380/580/710/1350 are available for this function). The data, voice, or video communications between these locations are kept confidential across the public Internet. TM The Bandwidth Bonding SpeedFusion of the Pepwave MAX is specifically designed for multi-WAN environment.
10.1 SpeedFusionTM Pepwave MAX supports making two SpeedFusion Peplink Balance 210/310/380/580/710/1350. TM connections with a remote Pepwave MAX unit or a The local LAN subnet and subnets behind the LAN (defined under Static Route in the LAN settings page) will be advertised to the VPN. All VPN members (branch offices and headquarters) will be able to route to the local subnets. Note that all LAN subnet and subnets behind it have to be unique.
A list of defined VPN Connection profiles and Link Failure Detection Time option will be shown. Click the New Profile button to create a new VPN connection profile for making VPN connection to a remote Peplink Balance/Pepwave MAX via the available WAN connections. Each profile is for making VPN connection with one remote Peplink Balance/Pepwave MAX. You can check the status of the connection from: Status > SpeedFusion TM http://www.pepwave.
VPN Settings Active Check this box to enable the VPN. Encryption By default, VPN traffic is encrypted with 256-bit AES standard. If the option Off is selected on both sides of a VPN connection, no encryption will be applied. Remote ID Pepwave MAX establishes VPN connection with a remote peer that has a serial number or a remote ID here. Pre-shared Key This is an optional field which defines the pre-shared key used for this particular VPN connection.
Layer 2 Bridging When this check box is unchecked, traffic between local and remote networks will be IP forwarded. To bridge the Ethernet network of an Ethernet port on a local and remote network, select this check box. When this check box is selected, the two networks will become a single LAN, and any broadcast (e.g., ARP requests) or multicast traffic (e.g., Bonjour) will be sent over the VPN. The L2 bridging feature is hidden from the user interface by default.
10.2 Link Failure Detection Link Failure Detection TM Link Failure Detection Time The bonded SpeedFusion can detect routing failures on the path between two sites over each WAN connection. Failed WAN connections will not be used to route VPN traffic. Health check packets are sent to the remote unit to detect any failure. The more frequent checks it sends, the shorter detection time, but the higher bandwidth overhead will be consumed.
10.3 Pepwave MAX Behind NAT Router The Pepwave MAX supports establishing SpeedFusion (Network Address Translation) router. TM over WAN connections which are behind a NAT To be able for a WAN connection behind a NAT router to accept VPN connections, you can configure the NAT router in front of the WAN connection to forward TCP port 32015 to it.
10.4 SpeedFusionTM Status TM VPN Status is shown in the Status > SpeedFusion . The connection status of each connection profile is shown as below: TM By clicking the Details button at the top-right hand corner of SpeedFusion table, you will be forwarded TM to Status > SpeedFusion . You can view the subnet and WAN connection information of each VPN peer. Please refer to Section 19.5 for details.
11 IPsec VPN Pepwave MAX IPsec VPN functionality securely connects one or more branch offices to your company's main headquarters or to other branches. The data, voice, or video communications between these locations are thus kept safe and confidential across the public Internet. The IPsec VPN of the Pepwave MAX is especially designed for a multi-WAN environment.
IPsec VPN Settings Name This field is for specifying a local name to represent this connection profile. Active When this box is checked, this IPsec VPN connection profile will be enabled. Otherwise, it will be disabled. Remote Gateway IP Address Local Networks Enter the remote peer’s public IP address. For Aggressive Mode, this is optional.. Enter the local LAN subnets here. If you have defined “static routes”, they will be shown here too.
Under Main Mode, this field can be left blank. Local ID Under Aggressive Mode, if Remote Gateway IP Address field is filled on this end and the peer end, this field can be left blank. Otherwise, this field is typically a U-FQDN. Under Main Mode, this field can be left blank. Remote ID Phase 1 (IKE) Proposal Under Aggressive Mode, if Remote Gateway IP Address field is filled on this end and the peer end, this field can be left blank. Otherwise, this field is typically a U-FQDN.
11.2 IPsec Status IPsec Status shows the current connection status of each connection profile and is displayed in Status > IPsec. 12 Management of Outbound Traffic to WAN Pepwave MAX provides the functionality to flexibly manage and load balance outbound traffic among the WAN connections. Important Note Outbound Policy is applied only when more than one WAN connection is active .
Outbound Policy Settings High Application Compatibility With the selection of this policy, outbound traffic from a source LAN device is routed through the same WAN connection regardless of the destination Internet IP address and protocol. This provides the highest application compatibility.
You may drag and drop a row to rearrange the priority of outbound rules. http://www.pepwave.
By default, Auto is selected for the option Default Rule. You can select Custom in order to change the Algorithm to be used. Please refer to the upcoming sections for the details of the available algorithms. To create a custom rule, click Add Rule following window will be displayed: at the bottom of the table, and the If Domain Name is chosen and a domain name, such as foobar.com, is entered, any outgoing accesses to foobar.com and *.foobar.com will match this criterion. You may enter a wildcard (.
New Custom Rule Settings Service Name This setting specifies the name of the custom rule. Enable This setting specifies whether the outbound traffic rule takes effect. With an Enable value of Yes, the rule takes effect: traffic is matched, and actions are taken, by Pepwave MAX based on the other parameters of the rule. With an Enable value of No, the rule does not take effect Pepwave MAX disregards the other parameters of the rule.
This setting specifies the behavior of Pepwave MAX for the custom rule. One of the following values can be selected: Algorithm Weighted Balance Persistence Enforced Priority Overflow Least Used Lowest Latency The upcoming sections present the details of the listed algorithms. Terminate Sessions on Link Recovery This setting specifies whether to terminate existing IP sessions on a less preferred WAN connection in the event that a more preferred WAN connection is recovered.
Total weight is 60 = (10 + 10 + 10 + 10 + 10 + 10) Matching traffic distributed to Ethernet WAN1 is 16.7% = (10 / 60 x 100% Matching traffic distributed to Ethernet WAN2 is 16.7% = (10 / 60) x 100% Matching traffic distributed to Wi-Fi WAN is 16.7% = (10 / 60) x 100% Matching traffic distributed to Cellular 1 is 16.7% = (10 / 60) x 100% Matching traffic distributed to Cellular 2 is 16.7% = (10 / 60) x 100% Matching traffic distributed to USB is 16.7% = (10 / 60) x 100% http://www.pepwave.
12.2.2 Algorithm: Persistence The configuration of using Persistence for algorithm is the solution to the few situations where link load distribution for Internet services is undesirable. For example, many e-banking and other secure websites, for security reasons, terminate the session when the client computer’s Internet IP address changes during the session. In general, different Internet IP addresses represent different computers.
12.2.3 Algorithm: Enforced This setting specifies the WAN connection usage to be applied on the specified IP Protocol & Port, and is applicable only when the Algorithm is set to Enforced. Matching traffic will be routed through the specified WAN connection regardless of the connection’s health check status. Starting from firmware 5.2, outbound traffic can be enforced to go through a specified SpeedFusion connection. TM 12.2.
12.2.5 Algorithm: Overflow The traffic matching this rule will be routed through the healthy WAN connection that has the highest priority and is not in full load. When this connection gets saturated, new sessions will be routed to the next healthy WAN connection that is not in full load. Drag and drop to specify the order of WAN connections to be used for routing traffic. Only the highest priority healthy connection that is not in full load will be utilized. 12.2.
The traffic matching this rule will be routed through the healthy WAN connection that is selected in the field Connection and has the lowest latency. Latency checking packets are issued periodically to a nearby router of each WAN connection to determine its latency value. The latency of a WAN is the packet round trip time of the WAN connection. Additional network usage may be incurred as a result. Tip The round trip time of a “6M down / 640k up” link can be higher than that of a “2M down / 2M up” link.
13 Port Forwarding 13.1 Port Forwarding Service Pepwave MAX can act as a firewall that blocks, by default, all inbound access from the Internet. By using Port Forwarding, Internet users can access the servers behind Pepwave MAX.
HTTPS, etc.). After selecting an item from the Protocol Selection Tool drop-down menu, the Protocol and Port number remains manually modifiable. The Port setting specifies the port(s) that correspond to the service, and can be configured to behave in one of the following manners: Any Port, Single Port, Port Range and Port Map Any Port: All traffic that is received by Pepwave MAX via the specified protocol is forwarded to the servers specified by the Servers setting.
13.2 UPnP / NAT-PMP Settings UPnP and NAT-PMP are network protocols which allow a computer on the LAN to automatically configure the router to allow parties on the WAN to connect to itself. In this way, the process of inbound port forwarding is automated. When a computer creates a rule using these protocols, the specified TCP/UDP port of all WAN connections' default IP address will be forwarded. Check the corresponding box(es) to enable UPnP and/or NAT-PMP.
14 NAT Mappings The configuration of NAT Mappings allows the IP address mapping of all inbound and outbound NAT’d traffic to and from an internal client IP address. The settings to configure NAT Mappings are located at Advanced > NAT Mappings: To add a rule for NAT Mappings, click Add NAT Rule following screen will be displayed: Click Save , upon which the to save the settings when configuration has been completed. http://www.pepwave.
NAT Mapping Settings LAN Client(s) Address Range Network Inbound Mappings Outbound Mappings NAT Mapping rules can be defined for a single LAN IP Address, an IP Range, or an IP Network. This refers to the LAN host’s private IP address. The system maps this address to a number of public IP addresses, specified below, in order to facilitate inbound and outbound traffic. This option is only available when IP Address is selected.
15 QoS 15.1 User Groups LAN and PPTP clients can be categorized into three user groups - Manager, Staff, and Guest. This table allows you to define rules and assign client IP addresses or subnets to a user group. You can apply different bandwidth and traffic prioritization policies on each user group in the Bandwidth Control and Application sections. The table is automatically sorted, and the table order signifies the rules' precedence.
15.2 Bandwidth Control You can define a maximum download speed (over all WAN connections) and upload speed (for each WAN connection) that each individual Staff and Guest member can consume. No limit can be imposed on individual Manager members. By default, Download and Upload Bandwidth Limits are set to unlimited (set as 0). http://www.pepwave.
15.3 Application 15.3.1 Application Prioritization You can choose whether to apply the same Prioritization settings to all user groups or customize the settings for each group. Three priority levels can be set for application prioritization: ↑High, ━ Normal, and↓Low. Four types of applications are predefined. Their priority for each user group can be selected from their corresponding drop down menu. Traffic types not defined in the table is assigned with normal priority. 15.3.
15.3.3 DSL/Cable Optimization DSL/cable-based WAN connection has its upload bandwidth lower than the download bandwidth. When this option is enabled, the download bandwidth of the WAN can be fully utilized in any situation. When a DSL/cable circuit's uplink is congested, the download bandwidth will be affected. Users will not be able to download data in full speed until the uplink becomes less congested. The DSL/Cable Optimization can relieve such issue.
16 Firewall A firewall is a mechanism that selectively filters data traffic between the WAN side (the Internet) and the LAN side of the network. It can protect the local network from potential hacker attacks, offensive Web sites, and/or other inappropriate uses.
Once you click on Add Rule the following window will appear. Rules are matched from top to the bottom. If a connection matches any one of the upper rules, the matching process will stop. If none of the rules is matching, the Default rule will be applied. By default, the Default rule is set as Allow for both outbound and inbound accesses. Inbound / Outbound Firewall Settings Rule Name This setting specifies a name for the firewall rule.
Alternatively, the Protocol Selection Tool drop-down menu can be used to automatically fill in the Protocol and Port number of common Internet services (e.g. HTTP, HTTPS, etc.) After selecting an item from the Protocol Selection Tool drop-down menu, the Protocol and Port number remains manually modifiable. This specifies the source IP address(es) and port number(s) to be matched for a firewall rule.
Tip If the default inbound rule is set as Allow for NAT enabled WANs, no inbound Allow firewall rules will be required for inbound Port Forwarding and inbound NAT Mapping rules. However, if the default inbound rule is set as Deny, a corresponding Allow firewall rules will be required. http://www.pepwave.
16.2 Intrusion Detection and DoS Prevention The Pepwave MAX supports detecting and preventing intrusions and Denial-of-Service (DoS) attacks from the Internet. To turn on this feature, click and DoS Prevention and press the Save button. , check the box Enable for the Intrusion Detection When this feature is enabled, the Pepwave MAX will detect and protect the network from the following kinds of intrusions and denial-of-service attacks.
17 Miscellaneous Settings The miscellaneous settings include configuration for PPTP Server, Service Forwarding, and Service Passthrough. 17.1 PPTP Server Pepwave MAX has a built-in PPTP Server, which enables remote computers to conveniently and securely access the local network. PPTP server setting is located at Advanced > Misc. Settings > PPTP Server. Simply check the box to enable the PPTP server function. All connected PPTP sessions are displayed on the Client List at Status > Client List.
17.2 Service Forwarding Service Forwarding settings are located at Advanced > Misc. Settings > Service Forwarding: Service Forwarding SMTP Forwarding Web Proxy Forwarding When this option is enabled, all outgoing SMTP connections destined for any host at TCP port 25 will be intercepted. These connections will be redirected to a specified SMTP server and port number. SMTP server settings for each WAN can be specified after selecting Enable.
To enable the feature, select the Enable check box under SMTP Forwarding Setup. Check the box Enable Forwarding? For the WAN connection(s) that needs such forwarding. Enter the ISP’s e-mail server address and TCP port number for each WAN. The Pepwave MAX will intercept SMTP connections, choose a WAN with reference to the Outbound Policy, and then forward the connection to the forwarded SMTP server if the chosen WAN has enabled forwarding.
17.3 Service Passthrough Service Passthrough settings can be found in Advanced > Misc. Settings > Service Passthrough: Some Internet services required to be specially handled in a multi-WAN environment. The Pepwave MAX supports handling such services correctly such that Internet applications do not notice it is behind a multiWAN router. Settings for Service Passthrough Support are available here. Service Passthrough Support SIP H.323 Session Initiation Protocol, aka SIP, is a voice-over-IP protocol.
18 System Settings 18.1 Admin Security There are two user accounts available for accessing the Web Admin. Usernames are admin and user. They represent two user levels - admin has full administration access, while user is a read-only account. The read-only account can only access the device's status information and cannot make any change on the device. Admin Account UI User Account UI A web login session will be logged out automatically when it has been idle longer than the Web Session Timeout.
http://www.pepwave.
Admin Settings Router Name This field allows you to define a name for this Pepwave MAX unit. By default, Router Name is set as MAX_XXXX, where XXXX refers to the last 4 digits of the serial number of the device. Admin User Name It is set as admin by default and is not customizable. Admin Password This field allows you to specify a new administrator password. Confirm Admin Password This field allows you to verify and confirm the new administrator password.
Interface can be accessible: LAN only LAN/WAN If LAN/WAN is chosen, a WAN Connection Access Settings form will be displayed. WAN Connection Access Settings This field allows you to restrict web admin access only from defined IP subnets. Any - Allow web admin accesses to be from anywhere, without IP address restriction. Allow access from the following IP subnets only - Restrict web admin access only from the defined IP subnets.
18.2 Firmware Upgrade The firmware of Pepwave MAX is upgradeable through Web Admin Interface. Firmware upgrade functionality is located at System > Firmware: There are two ways to upgrade the unit. The first method is online firmware upgrade. The system can Check, Download and Upgrade over the Internet. The second method is to upload a firmware file manually. Click on the Check again button to use online upgrade. With online upgrade, Pepwave MAX checks online for new firmware.
The Time Server functionality enables the system clock of Pepwave MAX to be synchronized with a specified Time Server. The settings for Time Server configuration are located at System > Time: Time Server Settings Time Zone Time Server This specifies the time zone (along with the corresponding Daylight Savings Time scheme) in which Pepwave MAX operates. The Time Zone value affects the time stamps in the Event Log of Pepwave MAX and Email notifications.
Email Notification Settings This option is for enabling Email Notification. Email Notification If the box Enable is checked, Pepwave MAX sends email messages to a System Administrator when the WAN status changes, or when new firmware is available. If the box Enable is not checked, Email Notification is disabled and Pepwave MAX will not send email messages. SMTP Server SSL Encryption This field is for specifying the SMTP server to be used for sending email.
http://www.pepwave.
18.5 Remote Syslog The Remote Syslog functionality of Pepwave MAX enables event logging at a specified remote Syslog server. The settings for configuring Remote System Log are found at System> Remote Syslog: Remote Syslog Settings Remote Syslog This setting specifies whether or not to log events at the specified remote Syslog server. Remote Syslog Host This setting specifies the IP address or host name of the remote Syslog server.
18.6 SNMP SNMP or Simple Network Management Protocol is an open standard that can be used to collect information from the Pepwave MAX Mobile Router. SNMP configuration is located at System > SNMP: SNMP Settings SNMP Device Name SNMP Port This field shows the router name defined in System > Admin Security. This option specifies the port which SNMP used. The default port is set as 161. SNMPv1 This option allows you to enable SNMP version 1. SNMPv2 This option allows you to enable SNMP version 2.
SNMP Community Settings Community Name This setting specifies the SNMP Community Name. Allowed Source Subnet Address This setting specifies a subnet from which access to the SNMP server is allowed. Enter subnet address here (e.g. 192.168.1.0). Allowed Source Subnet Mask This setting specifies the subnet mask that corresponds to the subnet specified via Allowed Source Subnet Address (e.g. 255.255.255.0).
18.7 InControl When this check box is checked, the device’s status information, usage data, and configuration will be sent to Pepwave’s InControl system. You can sign up for an InControl account at https://incontrol.pepwave.com/ . You can register devices under the account, monitor device status and usage reports, and download backed up configuration files. Default: Disabled http://www.pepwave.
18.8 Configuration Backing up the Pepwave MAX settings immediately after successful completion of the initial setup is strongly recommended. The functionality to download and upload Pepwave MAX settings is found at System > Configuration 18.8.1 Restore Configuration to Factory Settings The Restore Factory Settings button is to reset the configuration to the factory default settings. You have to click the Apply Changes button to make the settings effective. 18.8.
18.9 Reboot This page provides a Reboot button for restarting the system. For highest reliability, Pepwave MAX is equipped with two copies of firmware of different version. You can select the firmware version you would like the device to reboot with. The firmware marked with (Running) is the current system boot up firmware. Please note that a firmware upgrade will always replace the inactive firmware partition. http://www.pepwave.
18.10 Ping Test The Ping Test tool in Pepwave MAX performs Pings through a specified Ethernet interface or a TM SpeedFusion connection. You can specify the number of pings in the field Number of times to a maximum of 10 times, and Packet Size can be specified in the field Packet Size to a maximum of 1472 bytes.
18.11 Traceroute Test The Traceroute Test tool in Pepwave MAX traces the routing path to the destination through a particular TM Ethernet interface or SpeedFusion connection. The Traceroute Test utility is located at System > Tools > Traceroute, illustrated as follows: Tip A system administrator can use the Traceroute utility to analyze the connection path of a LAN/WAN connection. 18.12 SpeedFusionTM Test TM The SpeedFusion tool can help to test the throughput between different VPN peers.
18.13 CLI (Command Line Interface Support) The CLI (Command Line Interface) can be accessed via SSH. This field enables CLI support. The below settings specify which TCP port and which interface(s) should accept remote SSH CLI access. The user name and password used for remote SSH CLI access are the same as those used for web admin access. http://www.pepwave.
19 Status This section displays the information of Pepwave MAX on the Device, Active Sessions, Client List, TM WINS Client List, SpeedFusion , UPnP / NAT-PMP, Event Log, and Bandwidth. 19.1 Device System information is located at Status > Device: System Information Router Name Model Hardware Revision Serial Number Firmware Modem Support Version Uptime System Time GPX File (HD2 Only) This is the name specified in the field Router Name located in System > Admin Security.
HD2, please refer to section 19.1.1. Diagnostic Report A Download button is for exporting a diagnostic report file required for system investigation. The second table shows the MAC address of each LAN/WAN interface connected. Important Note If you encounter issues and would like to contact Pepwave Support Team (http://www.pepwave.com/contact/), please download the diagnostic report file and attach it along with a description of your encountered issue. In firmware 5.
19.2 Active Sessions Information on Active Sessions is at Status > Active Sessions > Overview This Active Sessions section displays the active inbound / outbound and UDP / TCP sessions of each WAN connection on Pepwave MAX. A filter is available to help sort out the active session information. Enter a keyword in the field or check one of the WAN connection boxes for filtering. http://www.pepwave.
19.3 Client List The client list table is located at Status > Client List. It lists DHCP client IP addresses, their Names (retrieved from DHCP reservation table or defined by users), current Download and Upload rate and MAC addresses that the Pepwave MAX has offered IP addresses to since it is powered up. Network Name (SSID) and Signal refers to the information about Wi-Fi AP, which is the name of the Network and its signal strength.
19.4 WINS Client The WINS client list table is located at Status > WINS Client. It lists WINS client IP addresses and their Names. This option will only be available when you have enabled the WINS Server in section 7.1. Name of clients retrieved will be automatically matched into Client List in the previous section. Click the button Flush All to flush all WINS client records. 19.
19.6 UPnP / NAT-PMP The table that shows the forwarded ports under UPnP and NAT-PMP protocols is located at Status > UPnP / NAT-PMP: This section appears only if you have enabled the function of UPnP / NAT-PMP as mentioned in Section 13.2. Click the button to delete the single UPnP / NAT-PMP record in its corresponding row. To delete all records, click Delete All on the right-hand side below the table.
19.7 Event Log Event Log information is located at Status > Event Log: The log section displays a list of events that has taken place on the Pepwave MAX unit. Click the Auto Refresh to retrieve log entries again. Click the Clear Log button 100, or all to show the corresponding number of events in the log. http://www.pepwave.com 116 to clear the log.
19.8 Bandwidth This section shows the bandwidth usage statistics, located at: Status > Bandwidth Bandwidth usage at the LAN and when the device is switched off, bandwidth usage is not recorded and not shown. 19.8.1 Real-Time The Data transferred since installation shows you how many network traffic has been processed by your device since first boot. Click Show Details in the top right hand corner of each table and the details of data transferred will be shown.
19.8.2 Hourly This page shows the daily bandwidth usage for all and each WAN connection. Select the connection in which you want to check its usage from the drop down menu 19.8.3 Daily This page shows the daily bandwidth usage for all and each WAN connection. Select the connection in which you want to check its usage from the drop down menu. If you have enabled Bandwidth Monitoring feature as shown in section 8.5, the Current Billing Cycle table for that WAN connection will be displayed.
19.8.4 Monthly This page shows the monthly bandwidth usage for each WAN connection. If you have enabled Bandwidth Monitoring feature as shown in section 8.5, you can choose a particular connection to check its usage and select to show the monthly usage period in Billing Cycle or Calendar Month. Click the first or second row to view the client bandwidth usage of the current month. This feature is not available if you have chosen to view the bandwidth usage of only a particular WAN connection.
Appendix A. Restoration of Factory Defaults To restore the factory default settings on a Pepwave MAX unit, follow the steps below: 1. Locate the reset button on the front panel of Pepwave MAX unit. 2. With a paper clip, press the reset button and hold it for at least 10 seconds until the unit reboots itself. After Pepwave MAX finishes rebooting, the factory default settings will be restored.
Appendix B. Declaration 1. The device supports time division technology 2. Federal Communication Commission Interference Statement for MAX 600 / 700 / HD2 / BR1 This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
What are we doing at the moment? Follow us on Twitter! http://twitter.com/Peplink Want to know more about us? Add us on Facebook! http://www.facebook.com/peplink Difficulties when configuring the device? Visit Our YouTube Channel! http://www.youtube.com/PeplinkChannel Contact Us: Address: Sales United States Office 800 West El Camino Real, Mountain View CA 94040 United States Tel: +1 (650) 450 9669 Fax: +1 (866) 625 4664 http://www.pepwave.com/contact/sales/ Support http://www.pepwave.