DL manuals
ANTlabs
Gateway
InnGate 3 E-series
Administrator's Manual

ANTlabs InnGate 3 E-series Administrator's Manual

Page of 164

Download

Print this page

Bookmark us

ATE 3

DMINISTRATOR’S

ANUAL

OCUMENT

ELEASE 1.01

1 2 3 4 5 6 7 Next › »

Summary of InnGate 3 E-series

Page 1
I nn g ate 3 a dministrator’s m anual d ocument r elease 1.01.
Page 2
Connectivity made easy page 2 of 164 inngate 3 administrator’s manual this manual provides an in-depth coverage of the setup, configuration and administration of an inngate 3 and is intended for system and network administrators who will be performing these tasks. Copyright © 2002 - 2009 advanced ne...
Page 3
Connectivity made easy page 3 of 164 trademarks and acknowledgements the following trademarks and acknowledgments apply to the following: the inngate system and tru’connect™ technology are products and technologies of advanced network technology laboratories pte ltd, (ant labs ). Windows and microso...
Page 4
Connectivity made easy page 4 of 164 contents chapter 1 ................................................................................................ 9 getting started ............................................................................. 9 1.1 overview .......................................
Page 5
Connectivity made easy page 5 of 164 3.6 device detection setup .......................................................... 75 3.7 arp setup ............................................................................. 76 chapter 4 ........................................................................
Page 6
Connectivity made easy page 6 of 164 8.3 powering up and shutting down the system ........................... 113 8.4 system configuration backup or restore ............................... 114 8.5 applying system patches ...................................................... 115 8.6 setting the date...
Page 7
Connectivity made easy page 7 of 164 appendix d .......................................................................................... 156 uploading custom webpages ..................................................... 156 appendix e .................................................................
Page 8
Connectivity made easy page 8 of 164 preface audience this manual is intended for administrators who will be responsible for the installation and configuration of the inngate 3. This manual will explain how first-time installation and configuration should be done as well as the tasks involved in per...
Page 9: Chapter 1
Connectivity made easy page 9 of 164 chapter 1 getting started 1.1 overview this chapter will illustrate a simple network deployment of the inngate 3 involving the following 3 steps: 1. System setup – configuring the inngate to operate in the network. 2. Network installation – connecting the inngate...
Page 10
Connectivity made easy page 10 of 164 although your own network will likely differ from this, the general principles for installing and configuring the inngate are still applicable. The setup covered in this chapter is suitable for quick demonstrations and small-scale setups. Later chapters will cov...
Page 11
Connectivity made easy page 11 of 164 1. Usb serial console – the left usb port allows direct console access to the inngate. Use the provided usb-to-serial converter to connect a pc with a terminal program to access the console (see section 8.12). 2. Serial console – the m-series serial console allo...
Page 12
Connectivity made easy page 12 of 164 when in operation, the inngate performs network address and port translation (napt) on the wan interface for downstream clients (routing can also be done and is discussed in section 3.2 and section 3.3). Thus when a downstream client wants to send packets to the...
Page 13
Connectivity made easy page 13 of 164 some of these tasks can also be performed through the command line interface (cli) and is discussed separately in the inngate command line reference. 1.3.1 accessing the web-based admin gui this section explains how to access 1 the web-based admin gui to configu...
Page 14
Connectivity made easy page 14 of 164 figure 1-4 ssl warning message the administrator’s login page is presented next (see figure 1-5). Figure 1-5 login prompt login with the default user id “ root ” and default password “ admin ”. It is recommended that you change the default password (see section ...
Page 15
Connectivity made easy page 15 of 164 the various menu options are displayed on the left side of the page and you may return to the main admin page at any time by clicking on the “inngate” logo at the top-left corner of the browser window. 1.3.2 configuring the wan interface the wan interface has to...
Page 16
Connectivity made easy page 16 of 164 figure 1-8 modify wan profile the various fields are described as follows: 1. Ip address – the host ip address for the inngate on the upstream network. The factory default ip address setting is 192.168.0.1 . Change this to a valid routable ip address on your ups...
Page 17
Connectivity made easy page 17 of 164 5. Source nat address range – the inngate will use the pool of ip addresses defined here when performing network address and port translation (napt) on the wan interface for its downstream clients. The wan ip address must be in the same subnet as the source nat ...
Page 18
Connectivity made easy page 18 of 164 the inngate comes with a default entry which we will modify according to your network dns defined. Click on the entry to proceed. The dns configuration page will be displayed (see figure 1-10). Figure 1-10 dns configuration page the fields are described here: 1....
Page 19
Connectivity made easy page 19 of 164 figure 1-11 web proxy configuration the various fields are described as follows: 1. Direct connection – select this if your network allows direct connections to the internet. 2. Use proxy – select this if your network requires the use of a web proxy for browsing...
Page 20
Connectivity made easy page 20 of 164 1.3.5 creating a plan next you need to create the different types of service plans required. This depends on your business needs. To configure the plans: 1. Click on policies. 2. Click on plans. Any existing plans will be shown. Select an existing plan or create...
Page 21
Connectivity made easy page 21 of 164 you need to purchase the stored volume prepaid module in order for this option to be enabled. D. Stored volume – multiple usage periods valid as long as there is balanced volume left. I. Change users to throttled plan after volume is exceeded – if this option is...
Page 22
Connectivity made easy page 22 of 164 figure 1-13 creating a plan click to confirm the changes. 1.3.6 firewall rules the inngate allows you to define firewall-like rules that can be applied to individual user groups for greater control over network access. To configure a firewall rule: 1. Click on p...
Page 23
Connectivity made easy page 23 of 164 the firewall rule definition page will be displayed (see figure 1-15). Figure 1-15 plan firewall the fields are described as follows: 1. Plan – the plan that this firewall rule will apply to. You can also configure firewall rules for the following default groups...
Page 24
Connectivity made easy page 24 of 164 b. No vlan – applies to traffic that has no vlan tag. 4. Protocol – this specifies the type of network traffic that the firewall will pick up. 5. Source network – the firewall will pick up network traffic originating from the specified ip address or network. 6. ...
Page 25
Connectivity made easy page 25 of 164 after making a selection, details about the location is displayed (see figure 1-17). Figure 1-17 location settings creating a location is a multi-step process and the wizard will guide you through the steps. Figure 1-18 pre-login page the pre-login section lets ...
Page 26
Connectivity made easy page 26 of 164 when using a pre-login page, make sure it eventually sends the user to the welcome page to login. Figure 1-19 welcome page the welcome page section lets you configure how the welcome login page will look like. 1. Title – the title of the page shown in the browse...
Page 27
Connectivity made easy page 27 of 164 the next step in the wizard allows you to select the different access options available to users in this location you are creating: 1. Complimentary access – this means the user will not be charged and there is no need to enter a user id and password. Select fro...
Page 28
Connectivity made easy page 28 of 164 figure 1-23 pms authentication a. Display label b. Authentication – when this option is checked the guest based authentication is enabled. Guest is required to specify the room number, guest name, or reservation number. If it is unchecked the room based authenti...
Page 29
Connectivity made easy page 29 of 164 5. Access code authentication – instead of a user id and password system, this only requires an access code to be entered for access. Figure 1-24 access code authentication 6. Authentication display – define the order in the drop-down list of authentication opti...
Page 30
Connectivity made easy page 30 of 164 figure 1-27 success pages these are the fields: 1. Login / logout success message – the messages shown to the user. 2. Display logout button – to show the button for logging out of the session. Useful for time duration based plans. 3. Alert user… – a timer will ...
Page 31
Connectivity made easy page 31 of 164 click to proceed with the next step in the wizard. The next step is to define what is shown to the user if the system encounters an error. Figure 1-28 error page click to proceed with the next step in the wizard. The next step is to define what to name the vario...
Page 32
Connectivity made easy page 32 of 164 figure 1-30 error page at any step in the wizard, you can always click to confirm the changes. 1.3.8 creating vlans within each location, you will now assign vlans to it so that under each vlan you can have network specific controls. To configure the vlan: 1. Cl...
Page 33
Connectivity made easy page 33 of 164 the fields are described as follows: 1. Vlan id – unique vlan identifier. Must correspond to the vlan setup in the switch connected via the trunk port. 2. Location – select the location that this vlan belongs to. 3. Max. Logins/sessions – the maximum number of c...
Page 34
Connectivity made easy page 34 of 164 a default entry treats traffic that is not vlan tagged (“no vlan”) to be assigned to the “default” vlan group. You can change this treatment if required. 1.3.9 importing and exporting vlan definitions to import/export vlan definitions: 1. Click on locations. 2. ...
Page 35
Connectivity made easy page 35 of 164 errors will be highlighted by the system. The csv file must provide these fields enclosed with double quotes, in the following order, separated by commas, and each entry on a separate line: 1. Vlan id 2. Location 3. Max. Logins/sessions 4. Name 5. Description th...
Page 36
Connectivity made easy page 36 of 164 1.4.1 vlan-enabled networks when incorporating the inngate in a vlan-enabled network, the lan interface must connect to an 802.1q-enabled trunk port on the switch. This trunk port should receive all tagged vlan traffic from downstream clients that are to be mana...
Page 37
Connectivity made easy page 37 of 164 figure 1-37 login page if you are unable to surf to the website, check that the instructions in the previous sections were implemented correctly..
Page 38: Chapter 2
Connectivity made easy page 38 of 164 chapter 2 authentication 2.1 overview this chapter explains how to configure the different authentication methods that you can use for the range of services you want to provide. 2.2 local accounts use this to create local user id and password accounts to be give...
Page 39
Connectivity made easy page 39 of 164 the sections are described as follows: 1. Type – select whether you want to create a user id and password based login account or an access code account which only requires the user to enter the code to login. 2. Sharing – select whether more than one device can ...
Page 40
Connectivity made easy page 40 of 164 c. Limit logins to… – here you can further restrict how many logins are allowed before the account is no longer valid. Figure 2-6 advanced subsection click to commit the changes. 2.2.1 local accounts maintenance local accounts maintenance is explained in details...
Page 41
Connectivity made easy page 41 of 164 when you change the pms type you need to re-save location’s pms authentication setting to associate new pms configuration. Next, configure the interface parameters according to the setup of the pms so that the inngate can communicate with the pms for authenticat...
Page 43
Connectivity made easy page 43 of 164 to access the option: 1. Click on authentication. 2. Click on pms. 3. Click on operations. This allows you to generate a check in or check out event. Figure 2-10 pms operation you can also use the diagnostic tool to post pms events. To access the option: 1. Clic...
Page 44
Connectivity made easy page 44 of 164 to access the option: 1. Click on authentication. 2. Click on account printers. Enter the printer’s ip address and click button . Figure 2-12 account printers authentication next step is to configure each button of the account printer. There is a maximum of six ...
Page 45
Connectivity made easy page 45 of 164 figure 2-2-14 account type if the account type is user id & password the credentials setting will be shown in figure 2-15. Figure 2-15 user id & password’s credentials if the account type is access code the credentials setting will be shown in figure 2-16. Figur...
Page 46
Connectivity made easy page 46 of 164 figure 2-17 account configuration enter the header and footer text to be printed by account printer. Figure 2-18 header and footer click button to save the configuration. Use audit log to view the accounts created. Figure 2-19 audit log.
Page 47
Connectivity made easy page 47 of 164 2.5 credit card use this to allow users to pay for service via credit card. To access the option: 1. Click on authentication. 2. Click on credit card. Select the correct payment gateway service provider from the drop down list. Figure 2-20 credit card payment ga...
Page 48
Connectivity made easy page 48 of 164 to access the option: 1. Click on authentication. 2. Click on mac filter. You can now select the blocked mac addresses tab to add devices that you want to block. Error pages are explained in details in appendix f . Figure 2-21 blocked mac conversely, select the ...
Page 49
Connectivity made easy page 49 of 164 figure 2-22 auto-logout.
Page 50: Chapter 3
Connectivity made easy page 50 of 164 chapter 3 lan network settings 3.1 overview figure 3-1 example network setup this chapter covers the basic lan network settings that allow you to configure how the inngate will manage the downstream network:.
Page 51
Connectivity made easy page 51 of 164 1. Dhcp setup – see section 3.2 2. Routed network setup – see section 3.3. 3. Walled garden setup – see section 3.4. 4. Network devices setup – see section 3.5. 5. Device detection setup – see section 3.6. 6. Arp setup – see section 3.7. 3.2 dhcp setup the innga...
Page 52
Connectivity made easy page 52 of 164 select the dhcp server option. Figure 3-2 dhcp mode figure 3-3 shows the configuration settings for the default scope. The fields are described as follows: 1. Default lease – the amount of time before a lease on an ip address expires and is applied when the clie...
Page 53
Connectivity made easy page 53 of 164 next we proceed to define the ip addresses for the different scopes: 1. Setting up the default scope – see section 3.2.1.1. 2. Setting up the user provision routed scope – see section 3.2.1.2. When the client first connects on the downstream lan, the inngate wil...
Page 54
Connectivity made easy page 54 of 164 figure 3-6 shows the default scope configuration page. Figure 3-6 defining an ip address pool the fields are explained as follows: 1. Network address – the network from which ip host addresses will be assigned to downstream clients. 2. Subnet mask – subnet mask ...
Page 55
Connectivity made easy page 55 of 164 may or may not get a routed ip address as the inngate will assign these addresses in no particular order. 7. Options – figure 3-7 shows the interface for configuring the dhcp options that are sent to the client. Figure 3-7 adding dhcp options select the dhcp opt...
Page 56
Connectivity made easy page 56 of 164 it is quite common for the user provision routed scope to be configured as set of public ip addresses although private addresses are also accepted. Section 3.2.1.2 discusses the common scenarios where public ip addresses may be needed by the lan clients. For cli...
Page 57
Connectivity made easy page 57 of 164 subject to napt but instead routed on the upstream and therefore “vpn friendly”. 2. Video conferencing and other applications – another common use of public ip is when a client on the downstream sets up a video conferencing server to conduct a video conference. ...
Page 58
Connectivity made easy page 58 of 164 figure 3-11 user provision routed scope the fields are described as follows: 1. Network ip address – the network from which ip host addresses will be assigned to downstream clients. 2. Subnet mask – subnet mask for the network ip address. 3. Default gateway – cl...
Page 59
Connectivity made easy page 59 of 164 figure 3-13 dhcp options to delete any option from the list, select the entry and click . To commit the user provision routed scope entry, click on the button (or for modifications). The inngate will perform a proxy arp on the upstream when it encounters user pr...
Page 60
Connectivity made easy page 60 of 164 2. Reserved ip addresses – used to map an ip address to a particular mac address. When the system detects that a dhcp client's mac address is in this list, it will assign the corresponding ip address to it. Figure 3-14 additional dhcp configuration options 3.2.2...
Page 61
Connectivity made easy page 61 of 164 figure 3-15 dhcp mode figure 3-16 shows the configuration settings for the dhcp relay. The fields are described as follows: 1. Primary server – the primary dhcp server that the inngate will relay to. 2. Secondary server – alternate dhcp server. The inngate will ...
Page 62
Connectivity made easy page 62 of 164 figure 3-17 dhcp relay agent mapping this feature allows different ip address pools to be allocated to clients belonging to different vlans when in dhcp relay mode. For example, an administrator may wish to allocate the ip addresses in the subnet 192.168.123.0/2...
Page 63
Connectivity made easy page 63 of 164 this case, inngate must not perform napt for these clients and therefore the dhcp range is defined in the routed network. 2. The inngate may be required to route packets from downstream clients to resources on the upstream that are within the intranet (such as i...
Page 64
Connectivity made easy page 64 of 164 figure 3-19 shows the interface for defining a routed network: 1. Network address – the network within which the ip addresses will be routed. 2. Subnet mask – the subnet mask for the network ip address. To define a specific host ip address, use 255.255.255.255 f...
Page 65
Connectivity made easy page 65 of 164 3.4.1 define http urls you can define a whitelist of urls that the inngate will allow non-logged in users to access. To define http urls in the walled garden: 1. Click on lan. 2. Click on walled garden. Select the http urls tab as shown in figure 3-20. Any exist...
Page 66
Connectivity made easy page 66 of 164 the fields are described as follows: 1. Http url – condition value to match match result begins with http://ftp.  http://ftp.Antlabs.Com  http://ftpezxcess.Com.Sg is http://www.Antlabs.Com  http://www.Antlabs.Com http://www.Antlabs.Com. Sg ends with .Com  ht...
Page 67
Connectivity made easy page 67 of 164 figure 3-22 advanced options in the http urls walled garden the fields are described as follows: 1. Redirect to – redirect the user to the url defined here if the http url condition matches 2. Add zero-config variables to redirect url – select any of the variabl...
Page 68
Connectivity made easy page 68 of 164 if the client is not using a proxy server, define the domain under ip addresses instead. However, if client proxy settings are not deterministic, then you will need to create both entries. To define http domains in the walled garden: 1. Click on lan. 2. Click on...
Page 69
Connectivity made easy page 69 of 164 figure 3-24 https domain definition 3.4.3 define ip addresses this feature allows you to filter packets that downstream clients are allowed to send before they are logged in. To define ip addresses in the walled garden: 1. Click on lan. 2. Click on walled garden...
Page 70
Connectivity made easy page 70 of 164 figure 3-26 define ip packets allowed before login the fields are described as follows: 1. Vlan – packets from this vlan is allowed. 2. Protocol – specify the protocol allowed. 3. Source network – packets whose source field matches the criteria here are allowed....
Page 71
Connectivity made easy page 71 of 164 if you are creating this ip address walled garden entry as part of the https domain requirements (see section 3.4.2) then the port number here should be 443. This is the standard port for https traffic. 7. Description – a description for the entry. Click to conf...
Page 72
Connectivity made easy page 72 of 164 1. Mac address – mac address of the device to be registered. The format of the mac address is “xx:xx:xx:xx:xx:xx”. 2. Ip address – ip address of the device to be registered. 3. Vlan – vlan that the device to be registered is on. Figure 3-28 network device config...
Page 73
Connectivity made easy page 73 of 164 to access the option: 1. Click on lan. 2. Click on network devices. 3. Click on port binding. Figure 3-29 shows the port binding rules setting page. This gui is used to setup a port on the inngate’s wan interface that upstream clients can connect to in order to ...
Page 74
Connectivity made easy page 74 of 164 5. Network interface – specify if the traffic should be forwarded to a specific vlan on the downstream where the host resides. Click to confirm the entry. After configuring the proxy rule, you can further restrict access by creating access control rules that det...
Page 75
Connectivity made easy page 75 of 164 figure 3-31 port binding setting the fields are described as follows: 1. Tcp connection timeout – timeout for tcp connection attempts. 2. Udp session timeout – timeout for udp connection attempts. 3. Max tcp session – maximum number of tcp sessions allowed. 4. M...
Page 76
Connectivity made easy page 76 of 164 figure 3-32 device detection settings the fields are described as follows: 1. Probe each user’s presence… – interval between probes. 2. Disconnect user after… – specify the number of unacknowledged probes before the user is disconnected. 3. Probe a maximum of… –...
Page 77
Connectivity made easy page 77 of 164 the fields are described as follows: 1. Source ip address of arp probe: a. Use default gateway – uses the ip address of the default gateway defined under the wan profile (see section 4.2) as the source address of the arp probes that it sends out. B. Ip address –...
Page 78: Chapter 4
Connectivity made easy page 78 of 164 chapter 4 wan network settings 4.1 overview you can configure the following under the wan settings: 1. Wan setup – see section 4.2. 2. Dns setup – this was previously covered in chapter 1: getting started under section 1.3.3: configuring the domain name server ....
Page 79
Connectivity made easy page 79 of 164 figure 4-2 defining static routes figure 4-2 shows the interface for defining a static route to a previously defined service provider: 1. Network address – specify the network address for this static route 2. Subnet mask – subnet mask for the network address 3. ...
Page 80: Chapter 5
Connectivity made easy page 80 of 164 chapter 5 network services settings 5.1 overview you can configure the following under the services option: 1. Web server – see section 5.2. 2. Web proxy – see section 5.3. 3. Email server – see section 5.4. 4. Remote access – see section 5.5. 5.2 web server thi...
Page 81
Connectivity made easy page 81 of 164 5.3 web proxy to configure the smtp settings: 1. Click on services. 2. Click on web proxy. 5.4 email server you can configure how the inngate will treat smtp traffic from downstream clients. To configure the smtp settings: 1. Click on services. 2. Click on email...
Page 82
Connectivity made easy page 82 of 164 b. Bypass – this option allow users to use their own smtp server. However, if the user’s smtp server is not resolvable, the defined smtp server in the inngate will be used. C. Disable – selecting this option will disable inngate’s smtp setting and all email will...
Page 83
Connectivity made easy page 83 of 164 figure 5-3 smtp settings figure 5-4 shows the interface for configuring the thresholds and checks performed on smtp traffic. Figure 5-4 smtp traffic filters the fields are described as follows: 1. Verify domain name of sender’s email address – when enabled, the ...
Page 84
Connectivity made easy page 84 of 164 4. Limit the size of each outgoing email – this setting limits the size of each email that can be sent out. Some malicious software attempt to overload the network resources such as by sending large emails, usually concurrently and to multiple recipients. 5. Lim...
Page 85
Connectivity made easy page 85 of 164 to set the remote access settings: 1. Click on services. 2. Click on remote access. Select the appropriate services required as shown in figure 5-6. Click to confirm the changes. Figure 5-6 remote access settings.
Page 86
Connectivity made easy page 86 of 164 5.5.1 accessing the inngate via telnet and ftp telnet and ftp services are available on the inngate and accessible from both the downstream and the upstream. The default user id and passwords are as follows: service unix command to connect to inngate default use...
Page 87: Chapter 6
Connectivity made easy page 87 of 164 chapter 6 system maintenance and diagnostics 6.1 overview this chapter explains the system maintenance and diagnostics functions of the inngate. 1. Local accounts maintenance – see section 6.2. 2. Reports maintenance – see section 6.3. 3. Pms diagnostics – see s...
Page 88
Connectivity made easy page 88 of 164 1. Delete expired accounts after … days – this option enables deletion of accounts which have been expired for specified duration. The deletion can be scheduled daily, weekly, monthly. 2. Email a list of deleted accounts – to email the list of deleted accounts t...
Page 89
Connectivity made easy page 89 of 164 4. Compress attachment using zip – to compress the selected reports using zip to be attached in the email. 5. Back-up selected reports to … - to back up the selected reports in /backup/reports ftp directory. 6. Perform selected task(s) on record … - specify how ...
Page 90
Connectivity made easy page 90 of 164 figure 6-5 maintenance advanced setting click to confirm the changes. Click to perform the maintenance immediately after the schedule is saved. If both delete selected reports and e-mail selected reports are selected, the reports are mailed to the recipient befo...
Page 91
Connectivity made easy page 91 of 164 figure 6-7 test posting log click button to clear the log..
Page 92: Chapter 7
Connectivity made easy page 92 of 164 chapter 7 system monitoring and reporting 7.1 overview this chapter explains the system monitoring and reporting functions of the inngate. These logs and reports can be used for troubleshooting and also for analysis purposes. You can also configure the presentat...
Page 93
Connectivity made easy page 93 of 164 2. Network information – shows lan and wan packet statistics. Figure 7-2 network information 3. Appliance information – shows the system uptime, load, memory usage, etc. Figure 7-3 appliance information under normal operating conditions, the appliance status sho...
Page 94
Connectivity made easy page 94 of 164 4. Memory – it is common for the memory used to be above 90% as the system maximizes the use of memory to cache commonly used data to improve system performance. 4. Firmware information – shows the product, version, license information and serial numbers. Figure...
Page 95
Connectivity made easy page 95 of 164 the following columns in the device monitors are further explained here: 1. Mac address 2. Ip address 3. Gateway address 4. Vlan – the name of the vlan on which this device is detected. 5. Vlan used – the vlan id. 6. Connected – 7. Reconnected 8. Last url reques...
Page 96
Connectivity made easy page 96 of 164 7.2.3 session monitor view real-time information about users currently logged in. Users who have logged out will be found in the session logs. To view the session monitor: 1. Click on monitors. 2. Click on session. Any active sessions will be listed as shown in ...
Page 97
Connectivity made easy page 97 of 164 figure 7-7 list of active sessions click to run a search of the entries as shown in figure 7-8. You can click on the button to add more search conditions or to remove. Figure 7-8 search session entries click to retrieve the entries with the search conditions app...
Page 98
Connectivity made easy page 98 of 164 to view the account monitor: 1. Click on monitors. 2. Click on account. Any unexpired accounts will be listed as shown in figure 7-9. The following column in the account monitor is further explained here: 1. User id – the user id of the user. 2. Access code – th...
Page 99
Connectivity made easy page 99 of 164 the values shown in accounts monitor is not updated in real time. The mac address is updated when user is using the account. The start time, end time, duration are updated only when user is not in the system. 7.2.5 cookies monitor view cookies information of all...
Page 100
Connectivity made easy page 100 of 164 figure 7-10 list of cookies 7.2.6 email monitor this function shows the number of undelivered emails as well as the amount of disk space used to store emails that have yet to be sent out. To view the email monitor: 1. Click on monitors. 2. Click on email. The e...
Page 101
Connectivity made easy page 101 of 164 7.3 logs logs shows past activity of downstream devices, sessions, pms (when available), account printer and credit card (when available). 7.3.1 device logs view past activity of downstream devices that are now disconnected. Devices that are still detected on t...
Page 102
Connectivity made easy page 102 of 164 figure 7-13 search device log entries click to retrieve the log entries with the search conditions applied. Click to store the filter for future use. 7.3.2 session logs view the log of past user sessions. Currently active sessions are displayed in session monit...
Page 103
Connectivity made easy page 103 of 164 figure 7-15 search session log entries click to retrieve the log entries with the search conditions applied. Click to store the filter for future use. 7.3.3 pms logs view the log of pms billing, room status, and guest status. To view the pms logs: 3. Click on l...
Page 104
Connectivity made easy page 104 of 164 9. Status 10. Mac address 11. Description – description of the billing. Figure 7-13 pms billing log click ”csv: ” to export the existing log entries into a comma- separated-values file. Click on room status tab to view the log of room status as shown in figure ...
Page 105
Connectivity made easy page 105 of 164 figure 7-17 pms guest status log 7.3.4 account printer logs view the log of accounts created by account printers. To view the account printer logs: 1. Click on logs. 2. Click on account printers. Figure 7-18 shows the list of accounts created by account printer...
Page 106
Connectivity made easy page 106 of 164 click button to delete selected entries or click button to delete all the logs. Click button to download selected entries in comma- separated-values format or click button to download all the logs in comma-separated values format. 7.3.5 credit card logs view th...
Page 107: Chapter 8
Connectivity made easy page 107 of 164 chapter 8 system administration 8.1 overview this chapter covers some of the common system configuration options and maintenance tasks: 1. Setting up administrator accounts – see section 8.2. 2. Powering up and shutting down the system – see section 8.3. 3. Sys...
Page 108
Connectivity made easy page 108 of 164 4. Viewing audit log – see section 8.2.4. 5. Assigning admin access – see section 8.2.5. 6. Viewing sessions - see section 8.2.6. 8.2.1 creating an administrator group in this step, you will define the administrator groups for different sets of administrator ac...
Page 109
Connectivity made easy page 109 of 164 4. Description – a description for this entry. Figure 8-2 admin group configuration click to confirm the entry (or for modifications). 8.2.2 defining admin group permissions in this step, you will define the permissions for the admin group created. To define ad...
Page 110
Connectivity made easy page 110 of 164 figure 8-3 list of admin groups and permissions figure 8-4 shows the list of permissions that can be configured for the selected admin group. Select the checkboxes for the permissions you wish to give to the group. Figure 8-4 admin group permissions click to co...
Page 111
Connectivity made easy page 111 of 164 figure 8-6 shows the interface for configuring the admin account: 1. Enabled – select to activate the account. 2. Id – login user id. 3. Name – the name given to the account. 4. Password / re-type password – login password. 5. Admin group – select the admin gro...
Page 112
Connectivity made easy page 112 of 164 8.2.4 viewing audit log to access the option: 1. Click on admin accounts. 2. Click on audit log. Figure 8-7 shows the existing list of audit log: 1. Date & time – the date and time when the admin account logged in. 2. Id – the admin account used for login. 3. S...
Page 113
Connectivity made easy page 113 of 164 8.2.6 viewing sessions to access the option: 1. Click on admin accounts. 2. Click on sessions. Figure 8-8 shows the existing admin account sessions: 1. Id 2. Name 3. Admin group 4. Login time 5. Current session figure 8-8 admin account sessions 8.3 powering up ...
Page 114
Connectivity made easy page 114 of 164 figure 8-9 power options 8.4 system configuration backup or restore to access the backup/restore options: 1. Click on maintenance. Figure 8-10 shows the interface for performing a backup or restore of the system configuration: 1. System configuration backup – c...
Page 115
Connectivity made easy page 115 of 164 after you have made a backup of the system configuration, you should also make a backup of the directories containing any customized web pages such as login scripts: 1. Access the inngate via ftp (see section 5.5.1). 2. Browse the directories using “ls –l” and ...
Page 116
Connectivity made easy page 116 of 164 figure 8-11 patch application interface click to select the patch file. Then click to apply the selected patch file. Patches must be applied in the exact sequence of release, earlier patches first followed by later patches. And no patch should be skipped. Failu...
Page 117
Connectivity made easy page 117 of 164 figure 8-12 date and time settings click to confirm the changes. 8.7 syslog configuration system logs can be sent to a remote syslog server. Syslog is a standard protocol for sending log information over tcp/ip, usually using udp port 514. To configure syslog: ...
Page 118
Connectivity made easy page 118 of 164 figure 8-13 syslog settings click to confirm the changes. Figure 8-14 shows the sample output on a typical syslog daemon/server. Figure 8-14 syslog server output some syslog servers may require you to specify the sender’s ip address as a security measure. In su...
Page 119
Connectivity made easy page 119 of 164 to configure snmp: 1. Click on settings. 2. Click on snmp. Figure shows the interface for setting the community string for authentication purposes. Figure 8-15 snmp community string figure 8-16 shows the interface for configuring snmp traps: 1. Destination host...
Page 120
Connectivity made easy page 120 of 164 figure 8-17 denial of service trap suppressor configuration figure 8-18 shows the snmp system information configuration. Figure 8-18 system information click to confirm the changes. 8.8.1 traps generated the following are the process information snmp traps sent...
Page 121
Connectivity made easy page 121 of 164 httpdup web service restored .1.3.6.1.4.1.12902.1.1.3.2.14.0 mysqldup database service restored .1.3.6.1.4.1.12902.1.1.3.2.15.0 squidup web proxy service restored .1.3.6.1.4.1.12902.1.1.3.2.16.0 dhcpdup dhcpd service restored .1.3.6.1.4.1.12902.1.1.3.2.17.0 nam...
Page 122
Connectivity made easy page 122 of 164 assignment failure dhcpdreleasepublicipfail dhcpd public ip release failure 1.3.6.1.4.1.12902.1.1.4.2.1.4.4 httpdup web service restored 1.3.6.1.4.1.12902.1.1.4.2.1.5.1 httpddown web service down 1.3.6.1.4.1.12902.1.1.4.2.1.5.2 antmgrup antmgr service restored ...
Page 123
Connectivity made easy page 123 of 164 down heartbeatfailover heartbeat failover 1.3.6.1.4.1.12902.1.1.4.2.1.13.3 heartbeatfailback heartbeat failback 1.3.6.1.4.1.12902.1.1.4.2.1.13.4 pfmgrup pfmgr service restored 1.3.6.1.4.1.12902.1.1.4.2.1.14.1 pfmgrdown pfmgr service down 1.3.6.1.4.1.12902.1.1.4...
Page 124
Connectivity made easy page 124 of 164 8.8.2 supported mibs the mibs supported by the inngate are as follows: 1. Mib2 (rfc 1213) 2. Host resources (rfc 1514) 3. Mib for snmpv2 (rfc 1450) 4. Ucd davis mibs (oid 1.3.6.1.4.1) (.Iso.Org.Dod.Internet.Private.Enterprises) 5. Ant labs private mibs: a. Numb...
Page 125
Connectivity made easy page 125 of 164 to view the api information: 1. Click on settings. 2. Click on api. Figure 8-19 shows version information of the api and its modules installed in the inngate. Figure 8-19 api information 8.9.1 http setting configure the setting when making api calls via http or...
Page 126
Connectivity made easy page 126 of 164 figure 8-20 allowed ip addresses setting click to confirm the changes. Figure 8-21 shows the settings to change the api’s password which is required when api is called via http or https. Figure 8-21 change api password setting click to confirm the changes. 8.9....
Page 127
Connectivity made easy page 127 of 164 to view the configure browser setting: 1. Click on settings. 2. Click on api. 3. Click on browser. Figure 8-22 shows the existing configuration for browser setting. Figure 8-22 api browser setting click button to add new configuration record..
Page 128
Connectivity made easy page 128 of 164 figure 8-23 adding new api browser setting click button to add the configuration. 8.10 high availability high availability is explained in details in chapter 9 and chapter 10 . 8.11 view license information to view the license information: 1. Click on settings....
Page 129
Connectivity made easy page 129 of 164 are also accessible via telnet. However, as a physical security measure, some potentially destructive commands can only be executed via the console. To connect to the inngate console: 1. Connect the serial cable from your pc to the serial port of the inngate. 2...
Page 130
Connectivity made easy page 130 of 164 to configure the admin access: 1. Click on admin accounts. 2. Click on admin access. Figure 8-25 shows the interface for configuring the admin access settings: 1. Deny users from accessing this admin system via lan – if enabled, access to the admin gui from the...
Page 131
Connectivity made easy page 131 of 164 to modify the default admin user acoount: 1. Click on admin accounts. 2. Any existing entries will be displayed (see figure 8-5). The default admin account goes by the name of “system administrator”. Click on the entry to proceed and change the user id and pass...
Page 132
Connectivity made easy page 132 of 164 figure 8-28 change of telnet/console password.
Page 133: Chapter 9
Connectivity made easy page 133 of 164 chapter 9 high availability (e-series) 9.1 overview the inngate features high availability (ha) failover support capabilities to ensure continued operations in the event of a systems failure. The high availability feature couples two inngate together with one o...
Page 134
Connectivity made easy page 134 of 164 the key points to note when setting up the network for ha operations is summarized follows: 1. Both the live and backup inngate must be connected to the same upstream and downstream networks (overlapping) via their individual wan and lan interfaces respectively...
Page 135
Connectivity made easy page 135 of 164 2. Make the necessary system configurations to inngate alpha. 3. Configure the ha settings (see section 9.3.1). 4. Perform a system backup (optional). 5. Connect the upstream and downstream interfaces of inngate alpha to the network. Do not connect the control ...
Page 136
Connectivity made easy page 136 of 164 9.3.1 ha identifier each of the inngate in a ha setup is identified by a unique ha identifier which is used to differentiate the two gateways. This setting is configured in the admin gui. The id configured for each machine must be different otherwise the gui sy...
Page 137
Connectivity made easy page 137 of 164 9.4 ha leader election whenever one of the inngate in a ha setup boots up, it will attempt to determine whether it should assume the role of live or backup inngate. This process is called the ha leader election. To do this, the rebooted inngate will first attem...
Page 138
Connectivity made easy page 138 of 164 the behavior of the backup inngate is the same for these two triggers. The backup inngate will simulate a downstream client and probe the live inngate to elicit a response. If the live inngate fails to respond, the backup inngate will request for ha leadership ...
Page 139
Connectivity made easy page 139 of 164 1. The (new) live inngate will use the latest synchronized system configuration settings. 2. The (new) live inngate will assume the latest synchronized downstream client state as its current runtime state so that network operations can continue. The following i...
Page 140
Connectivity made easy page 140 of 164 figure 9-3 manual synchronization once completed, you will be presented with a log report of the synchronization process..
Page 141: Chapter 10
Connectivity made easy page 141 of 164 chapter 10 high availability (m-series) 10.1 overview inngate features high availability (ha) failover support to allow a secondary inngate to be installed along with an existing primary inngate to ensure that services continue to be provisioned in the event of...
Page 142
Connectivity made easy page 142 of 164 both the primary and secondary inngate requires: 1. An internet-accessible ip address each, assigned to the wan interface. The wan network and default gateways for both inngates can be through the same link, or separate links for improved redundancy. (if it is ...
Page 143
Connectivity made easy page 143 of 164 figure 10-2 high availability configuration set the gateway as primary or secondary, and click to commit the changes. Reboot the gateway for the setting to take effect. After changing inngate from primary to secondary, do not connect to the lan network until it...
Page 144
Connectivity made easy page 144 of 164 10. Connect the secondary inngate's wan and lan interfaces to the upstream and downstream networks 11. Connect the primary and secondary inngates via the opt interface for the control channel link 12. Power on the secondary inngate. The secondary inngate will s...
Page 145
Connectivity made easy page 145 of 164 10.5 failover behavior the primary inngate will always be the active gateway unless one of the following occurs to trigger a failover to the secondary inngate:  wan gateway is not responding to arp pings  inngate is rebooting or shutting down the secondary in...
Page 146: Chapter 11
Connectivity made easy page 146 of 164 chapter 11 system save & restoration 11.1 overview inngate 3 allows you to do 3 types of system save and restoration: 1. Save snapshot 2. Restore firmware 3. Restore snapshot 11.2 save snapshot saving snapshot will save your current state configuration of the i...
Page 147
Connectivity made easy page 147 of 164 figure 11-2 saving snapshot upon executing this command, the inngate will reboot itself. 11.3 restore firmware restoring firmware will restore the inngate to its factory default state. This action can be done through cli in supervisor mode or through grub. To r...
Page 148
Connectivity made easy page 148 of 164 once the firmware restoration has finished the ip address, subnet mask and default gateway will change into factory default setting. You need to change them appropriately and reboot the inngate after you save the changes. To restore through grub: 1. Connect you...
Page 149
Connectivity made easy page 149 of 164 figure 11-5 system verifies dmi pool data 4. You should see the grub selection menu as shown in figure 11-6. Choose inngate3.00 (factory firmware) to do firmware restoration. Figure 11-6 grub selection menu 11.4 restore snapshot restoring snapshot will restore ...
Page 150
Connectivity made easy page 150 of 164 to restore snapshot through cli: 1. Connect your pc or laptop to inngate’s usb serial console or serial console port using usb-serial cable. 2. Open a hyperterminal session. Login using console account (see section 8.12). 3. Enable supervisor mode by typing ena...
Page 151: Appendix A
Connectivity made easy page 151 of 164 appendix a redirect log this is a sample of a redirect log showing the typical flow beginning with the user’s first attempt to access the internet (with accompanying explanations below each entry or set of entries). The redirect log is useful when diagnosing we...
Page 152
Connectivity made easy page 152 of 164 [fri jun 10 10:34:09 2005] http://ezxcess.Antlabs.Com/www/pub/sample/singleclick-http.Php 10.128.0.1/- - get 192.168.123.50:80 413 00:11:d8:4c:2a:3b result(shopfront): http://127.0.0.1:80/www/pub/sample/singleclick-http.Php the user’s browser is instructed to r...
Page 153
Connectivity made easy page 153 of 164 [thu jun 10 10:34:22 2005] http://www.Google.Com.Sg/images/hp0.Gif 10.128.0.1/- - get 64.233.189.104:80 413 00:11:d8:4c:2a:3b result(charged_internet): http://www.Google.Com.Sg/images/hp0.Gif [thu jun 10 10:34:22 2005] http://www.Google.Com.Sg/images/hp1.Gif 10...
Page 154: Appendix B
Connectivity made easy page 154 of 164 appendix b perl regular expressions some features in the inngate allow you to specify regular expressions for input matching. Here is an illustration of the application of regular expressions where you can use the “^” character to match the start of the url. Re...
Page 155: Appendix C
Connectivity made easy page 155 of 164 appendix c csv file restrictions when importing csv file, the following points need to be taken note of: 1. The comma character (,) is the field separator. Thus if your text contains a comma, such as in a description, you must enclose that field with double quo...
Page 156: Appendix D
Connectivity made easy page 156 of 164 appendix d uploading custom webpages to upload custom webpages: 1. Initiate an ftp session to the inngate as shown in figure d-1. See section 5.5.1 for the default user id and password. Figure d-1 initiate an ftp session 2. Once logged in, you will be in the de...
Page 157: Appendix E
Appendix e custom ssl login pages the inngate supports https-based login using a custom ssl certificate. This section will give step-by-step instructions on how to enable secure https pages on the inngate which is a 4 step process as follows: 1. Step 1 – generate the certificate signing request 2. S...
Page 158
Once the installation has completed, start the ant labs cert generator application. Fill in the csr fields in the certificate generator interface as shown in figure e-2. Figure e-2 cert generator interface compulsory fields are marked with an asterisk “ * ” and are briefly described as follows: 1. C...
Page 159
Step 2 – apply for a ssl server certificate you need to apply for a ssl server certificate from a certificate authority (ca) by submitting the csr you generated to a ca of your choice, e.G. Verisign, thawte etc. Be careful not to submit your private key to the ca. If you generated a self-signed cert...
Page 160
Step 4 – configuring the https login page this is only required if you want to display your login page via https. It is not necessary if you only want to secure the login user id and password information via https. 1. Ensure that the url for the login page specified in your active authentication pol...
Page 161: Appendix F
Appendix f error pages you can create customized error page by putting a html or php file named with these names below to the "messages" ftp directory: 1. Blocked.Ant – this error page is shown when access is blocked by inngate. When this file is not available inngate will show the default error pag...
Page 162
Figure f-3 default config_error.Ant svc_failure.Ant – this error page is shown when there is temporary service error. When this file is not available inngate will show the default error page as shown in figure f-4. Figure f-4 default svc_failure.Ant.
Page 163: Appendix G
Appendix g credit card credit card payment gateways used by inngate are: 1. Worldpay select junior figure g-1 shows the worldpay select junior’s setting page. Figure g-1 worldpay select junior setting for details visit http://www.Worldpay.Com/ . 2. Paypal payflow pro figure g-2 shows the paypal payf...
Page 164
3. Authorize.Net sim figure g-3 shows the authorize.Net sim’s setting page. Figure g-3 authorize.Net sim setting for details visit http://www.Authorize.Net/ 4. Paypal payflow link figure g-4 shows paypal payflow link’s setting page. Figure g-4 paypal payflow link setting for details visit https://ww...