Pepwave MAX User Manual - ican systems international GmbH
Contents
1. User Manual PEPWAVE MAX mobile router 9 WI FI Settings Wi Fi settings can be configured at Advanced gt Wi Fi Settings Wi Fi AP Radio Settings O overauro couv CE cone E ovut poner C Wi Fi WAN Radio Settings Wi Fi AP Advanced Setti AM Wi Fi AP Radio Settings This option allows you to specify whether 802 11b and or 802 11g client association requests will be accepted Available options are 802 11b g Protocol 802 11b Only and 802 11g Only By default 802 11b g is selected Operating Country This option set the country whose regulations the Pepwave MAX follows This option allows you to select which 802 11 RF channel will be utilized Channel Channel 1 2 412 GHz is selected by default This option is for specifying the transmission output power for the Wi Fi AP Output Power By default 23 dBm 200 mW or 20 dBm 100 mW depending on which operating country you have chosen in the previous section is selected Note to US model owner To comply with US FCC regulation the country selection function has been completely removed from all US models The above function is for non US models only Wi Fi WAN Radio Settings Output Power This option is for specifying the transmission output power for the Wi Fi WAN User Manual PEPWAVE MAX mobile router By default 23 dBm 200 mW or 20 dBm 100 mW depending on which operat2. User Manual PEPWAVE MAX mobile router 19 8 Bandwidth This section shows the bandwidth usage statistics located at Status gt Bandwidth Bandwidth usage at the LAN and when the device is switched off are not recorded and not shown 19 8 1 Real Time The Data Transferred since installation shows you how many network traffic has been processed by your device since first boot Click Show Details in the top right hand corner of each table and the details of data transferred will be shown The check box Stacked below the data transferred graph can be checked to show the aggregated transferred rate of both traffic direction Data transferred since installation Tue Oct 12 23 11 14 PST 2010 All WAN Connections 10 63 GB 12 99 GB Data transferred since last reboot Hide Details All WAN Connections Ethernet WAN Express Card PC Card USB1 USB2 Wi Fi WAN Aggregated Transfer 1 95 Mbps HM Dovnload MM Upload 1 46 Mbps 0 98 Mbps 0 49 Mbps Avg 0 01 Mbps 0 02 Mbps Peak 0 18 Mbps 1 80 Mbps Stacked Overall 4 kbps 5 kbps 9 kbps 19 8 2 Daily This page shows the daily bandwidth usage for all and each WAN connection Select the connection in which you want to check its usage from the drop down menu If you have enabled Bandwidth Monitoring feature as shown in section 8 5 the Current Billing Cycle table for that WAN connection will be displayed Click on a date to view the
3. 192 168 50 1 0 D 192 168 1 6 13 08 00 22 11 DC 0D Wi Fi 192 168 1 9 0 01 00 22 CC 00 01 197 166 1 10 0 06 00 22 D0D CC DD m desktop 192 168 1 15 0 00 22 44 11 11 44 Save Cancel Scale kbps Mbps User Manual PEPWAVE MAX mobile router 19 4 WINS Client The WINS client list table is located at Status gt WINS Client It lists WINS client IP addresses and their Names This option will only be available when you have enabled the WINS Server in section 7 1 Name of clients retrieved will be automatically matched into Client List in the previous section Click the button Flush All to flush all WINS client records IP Address 10 9 2 1 10 9 30 1 10 9 2 4 Flush All 19 5 Site to Site VPN This is a page showing the current status of Site to Site VPN located at Status gt Site to Site VPN Details about peers WAN connections would be listed as below Remote Networks mY VPN Connection 1 192 168 0 0 24 192 168 1 0 24 Ethernet WAN On use 103 kbps Tx Drop rate Express Card wot tn use ma Tx Drop rate n PC Card Onot In Use ma f Drop rate USB1 Din Use 16 kbps Tx Drop rate USB Oot In Use Ax n a Drop rate n Wi Fi WAN Din Use 12 kbps Drop rate Total 131 kbps Drop rate User Manual PEPWAVE MAX mobile router 19 6 UPnP NAT PMP The table that shows the forwarded ports under UPnP and NAT PMP protocols is located at Stat
4. This parameter is set to give the likeliness for root switch election By default it is set to 32768 Bridge Priority This parameter specifies the preference to provide the best path from the Ethernet Path Cost switch to the root switch By default it is set to 100 User Manual PEPWAVE MAX mobile router 10 Bandwidth Bonding Site to Site VPN Bonded DSL Cable Leased Line Bonded 3G yZ Y Mobile Internet Office Pepwave Bandwidth Bonding Site to Site VPN functionality securely connects your MAX in different branch to another Pepwave MAX or Peplink device only Peplink Balance 210 310 380 580 710 1350 are available for this function The data voice or video communications between these locations are kept confidential across the public Internet The Bandwidth Bonding Site to Site VPN of the Pepwave MAX is specifically designed for multi WAN environment The Pepwave MAX can aggregate all WAN connections bandwidth for routing Site to Site VPN traffic Unless all the WAN connections of one site are down the Pepwave MAX can still maintain VPN up and running VPN Bandwidth Bonding is supported in firmware 5 1 All available bandwidth will be utilized to establish the VPN tunnel and all traffic will be load balanced at packet level across all links VPN Bandwidth Bonding is enabled by default Tip You can define firewall rules to control access within the VPN netw
5. Head Diameter 6mm Head Thickness 2 4mm Wall Mount Screw Socket User Manual PEPWAVE MAX mobile router 5 4 2 Car Mount Pepwave MAX can be mounted on a flat surface using the included car mounting plate Place the car mount according the label s direction and screw it onto the device After mounting the plate on the back of the device add screw on the plate on the flat surface User Manual PEPWAVE MAX mobile router 6 Connecting to Web Admin Interface 1 Start a web browser on a computer that is connected with Pepwave MAX through LAN 2 Toconnect to Web Admin Interface of Pepwave MAX enter the following LAN IP address in the address field of the web browser http 192 168 50 1 This is the default LAN IP address of Pepwave MAX 3 Enter the following to access the Web Admin Interface PEPWAVE User Name admin Web Admin Password admin Usemame This is the default Username and Password Pexenced of Pepwave MAX The Admin and Read only User Password can be changed at System gt Logn Admin Security of the Web Admin Interface ere Al notte poved 4 After successful login the Dashboard of Web Admin Interface will be displayed It looks similar to the following PEPWAVE Dashboard Network Advanced System Status Web Admin WAN Connection Status Prionty 1 Highest Connected Details Logout will Connected to AccessPoint Wireless Networks Detaile al US
6. If you choose Auto for Load Distribution the weights will be automatically adjusted according to each WAN s Downstream Bandwidth which is specified in the WAN settings page see Section 8 Configuration of WAN Interface s If you choose Custom you can customize the weight of each WAN manually by using the sliders User Manual PEPWAVE MAX mobile router 12 2 3 Algorithm Enforced This setting specifies the WAN connection usage to be applied on the specified IP Protocol amp Port and is applicable only when the Algorithm is set to Enforced Algorithm Enforced e Enforced Connection D VPN VPN Connection 1 i IAN Ethernet WAN AN Express Card AN Wi Fi WAN VPN VPN Connection 1 Matching traffic will be routed through the specified WAN connection regardless of the connection s health check status Starting from firmware 5 2 outbound traffic can be enforced to go through a specified Site to Site VPN connection This applies only to Peplink Balance 210 or above 12 2 4 Algorithm Priority This setting specifies the priority of the WAN connections to be utilized to route the specified network service The highest priority WAN connection available will always be used for routing the specified type of traffic A lower priority WAN connection will be used only when all higher priority connections have become unavailable Algorithm ie Priority Priority Order Highest P
7. 1813 Default 1813 Default e Static WEP Wireless Security Settings shared Key Autenticaton lS Si Access Control Settings Access Control Settings D Accept all except listed Restriction Mode This option allows you to perform access control through MAC address filtering Available options are None Deny all except listed and Accept all except listed User Manual PEPWAVE MAX mobile router 8 Configuration of WAN Interface s The WAN Interface settings are located at Network gt WAN To reorder different WANs priority just drag on the appropriate WAN by holding the left mouse button move it to the desired priority the first one would be the highest priority the second one would be lower priority and so on and drop it by releasing the mouse button Dashboard Network Advanced System Status Web Admin I etremet WAN Details Details Logout S weri wan SS sPol Wireless Networks Disabled To disable a particular WAN connection just drag on the appropriate WAN by holding the left mouse button move it the DISABLED row and drop it by releasing the mouse button You can also do the above priority setting on the Dashboard please refer to Section 6 for information Click the Details button in the corresponding row of connection to modify the connection setting Important Note Connection Details will be changed and become effective right AFTER clicking the
8. Address 5 Destination IP amp 10 ay Address x Save Cancel User Manual PEPWAVE MAX mobile router Inbound Outbound Firewall Settings Rule Name This setting specifies a name for the firewall rule This setting specifies whether the firewall rule should take effect When Yes is selected the firewall rule takes effect If the traffic matches the specified Protocol IP Port actions will be taken by Pepwave MAX based on the Enan other parameters of the rule When No is selected the firewall rule does not take effect Pepwave MAX will disregard the other parameters of the rule This setting is applicable to Inbound Firewall Rules only This setting specifies which WAN connection s the rule applies to e Any applies to all WAN connections e Ethernet WAN e PC Card WAN Connection e Express Card e USB1 e USB2 e Wi Fi WAN A value of Any Ethernet WAN PC Card and Wi Fi WAN specifies that the rule applies to all WAN connections Ethernet WAN PC Card and Wi Fi WAN respectively This setting specifies the protocol to be matched by the rule Via a drop down menu the following protocols can be specified e TCP e UDP e ICMP Protocol e IP Alternatively the Protocol Selection Tool drop down menu can be used to automatically fill in the Protocol and Port number of common Internet services e g HTTP HTTPS etc After selecting an item from the Protocol Selection Tool drop down
9. Addresses Host Names field Leave the field in Unit A blank With such setting site to site VPN connection can be set up and all WAN connections on both sides will be utilized For example see the following diagram Pepwave MAX Router B 212 2 2 2 Non NAT router ee waxeaeege8uae amp SS i NAT router Pepwave MAX O O WL Router A One of the WANs of Router A is non NAT d 212 1 1 1 The rest of the WANs on Router A and all WANs on Router B are NAT d In such case the Peer IP Addresses Host Names field in Router B should be filled with all of the Router A s host names or public IP addresses i e 212 1 1 1 212 2 2 2 and 212 3 3 3 and the field in Router A can be left blank The two NAT routers on WAN1 and WANS of Router A should inbound port forward TCP port 32015 to the Router A so that all WANs would be utilized to establish VPN User Manual PEPWAVE MAX mobile router 10 4 VPN Status VPN Status is shown in the Dashboard The connection status of each connection profile is shown as below benera t Established Branch B O Connecting By clicking the Details button at the top right hand corner of Site to Site VPN table you will be forwarded to Status gt Site to Site VPN You can view the subnet and WAN connection information of each VPN peer Please refer to Section 18 5 for details IP subnets must be unique among VPN peers The entire inter connected Site to Site VPN
10. Mapping rules However if the default inbound rule is set as Deny a corresponding Allow firewall rules will be required User Manual PEPWAVE MAX mobile router Intrusion Detection cL and DoS Prevention Enable The Pepwave MAX supports detecting and preventing intrusions and Denial of Service DoS attacks from the Internet To turn on this feature click E check the box Enable for the Intrusion Detection and DoS Prevention and press the Save button When this feature is enabled the Pepwave MAX will detect and protect the network from the following kinds of intrusions and denial of service attacks e Port Scan O O O O O NMAP FIN URG PSH Xmas Tree Another Xmas Tree Null Scan SYN RST SYN FIN e SYN Flood Prevention e Ping Flood Attack Prevention User Manual PEPWAVE MAX mobile router 17 Miscellaneous Settings The miscellaneous settings include configuration for PPTP Server Service Forwarding and Service Passthrough 17 1 PPTP Server PPTP VPN Pepwave MAX has a built in PPTP Server which enables remote computers to conveniently and securely access the local network PPTP server setting is located at Advanced gt Misc Settings gt PPTP Server Simply check the box to enable the PPTP server function All connected PPTP sessions are displayed on the Client List at Status gt Client List Please refer to section 18 3 for details PPTP Server Ethernet
11. Passthrough Service Passthrough Support E Standard Mode Compatibility Mode v Define custom signal ports i 2 J J Enable vJ Enable Define custom control ports V Enable Define custom ports v Route IPsec Site to Site VPN via Ethernet WAN B Registered trademarks are copyrighted by their respective ovmer Some Internet services required to be specially handled in a multi WAN environment The Pepwave MAX supports handling such services correctly such that Internet applications do not notice it is behind a multi WAN router Settings for Service Passthrough Support are available here Service Passthrough Support Session Initiation Protocol aka SIP is a voice over IP protocol Pepwave MAX can act as a SIP Application Layer Gateway ALG which binds connections for the same SIP session to the same WAN connection and translate IP address in the SIP SIP packets correctly in NAT mode Such passthrough support is always enabled and there are two modes for selection Standard Mode and Compatibility Mode If your SIP server s signal port number is non standard you can check the box Define custom signal ports and input the port numbers to the text boxes With this option enabled protocols that provide audio visual communication sessions oe will be defined on any packet network and passthrough the Balance FTP sessions consist of two TCP connections one for control and one for data In multi WAN s
12. This setting allows you to specify which GSM frequency band to be used GSM1900 is used in United States Canada and many other countries in the User Manual PEPWAVE MAX mobile router WiMAX Settings Americas GSM900 GSM1800 GSM2100 is used in Europe Middle East Africa Asia Oceania and Brazil if All Bands is chosen the appropriate frequency band will be used automatically The default GSM Frequency Band is All Bands This setting is associated with the WiMAX modem that has been detected Currently we support 3G 4G USB modems 250U and U600 that are on Sprint s service You will be required to enter their associated Login ID and Password here User Manual PEPWAVE MAX mobile router 8 3 WI Fi WAN Wireless Networks 10 10 10 1 10 10 10 2 Default Disconnect Host 1 Host 2 Use first two DNS servers as Health Check DNS Servers C Include public DNS servers OQ 5 Vat Wi Fi Connection Profiles Drag and drop to change the profile priority Network Name SSID Security Create Profile Save and Apply Cancel Wi Fi WAN Settings Network Name SSID This is the Wi Fi connection name broadcast from the Wi Fi access point MAC Address BSSID This field shows the MAC address of the device at the Wi Fi access point Signal Strength This field shows the signal strength of the Wi Fi connection User Manual PEPWAVE MAX mobile r
13. WAN 123 123 123 1 Interface IP Llexpress Card PPTP Server Setting This setting is for specifying the WAN connection s and IP address es where the PPTP server should listen on Listen On This setting allows you to define the PPTP User Accounts Click Add to input username and password to create an account After adding the user accounts User Accounts 4 you can click on a username to edit the account password Click the button to delete the account in its corresponding row User Manual PEPWAVE MAX mobile router 17 2 Service Forwarding Service Forwarding settings are located at Advanced gt Misc Settings gt Service Forwarding SMTP Forwarding Setup Enable Web Proxy Forwarding Setup O Enable DNS Forwarding Setup Enable Bese OOOO Service Forwarding When this option is enabled all outgoing SMTP connections destined for any host at SMTP Forwarding TCP port 25 will be intercepted These connections will be redirected to a specified SMTP server and port number SMTP server settings for each WAN can be specified after selecting Enable When this option is enabled all outgoing connections destined for the proxy server specified in Web Proxy Interception Settings will be intercepted These connections Web Proxy Forwarding will be redirected to a specified web proxy server and port number Web Proxy Interception Settings and proxy server settings
14. and is discarded This setting specifies whether or not to log matched firewall events The logged messages are shown on the page Status gt Event Log A sample message Is as follows Aug 13 23 47 44 Denied CONN Ethernet WAN SRC 20 3 2 1 DST 192 168 1 20 LEN 48 PROTO TCP SPT 2260 DPT 80 e CONN The connection where the log entry refers to e SRC Source IP address e DST Destination IP address e LEN Packet length e PROTO Protocol e SPT Source port e DPT Destination port User Manual PEPWAVE MAX mobile router Upon clicking Save after entering required information the following screen appears be Default To create an additional firewall rule click Add Rule and repeat the above steps To reorder a rule s position just drag the rule by holding the left mouse button move it to the desired position and place it by releasing the mouse button Rule Protocol r IF Destination IP Policy Port ach access M E AET Any Any t__________ x ee e To remove a rule click x Rules are matched from top to the bottom If a connection matches any one of the upper rules the matching process will stop If none of the rules is matching the Default rule will be applied By default the Default rule is set as Allow for both outbound and inbound accesses If the default inbound rule is set as Allow for NAT enabled WANs no inbound Allow firewall rules will be required for inbound Port Forwarding and inbound NAT
15. box to enable the VPN By default VPN traffic is encrypted with 256 bit AES standard If the option Off is selected on both sides of a VPN connection no encryption will be applied Pepwave MAX only establishes VPN connection with a remote peer that has a serial number specified here If the remote peer is in high availability setup you can check the box Remote client is set up in high availability mode and enter the second unit s serial number into the second text box This is an optional field which defines the pre shared key used for this particular VPN connection The VPN connection s session key will be further protected by the factor of the pre shared key The connection will be up only if the pre shared keys on each side match When the remote peer is running firmware 5 0 or 5 1 this setting will be ignored Enter the remote peer s WAN IP address es or host name s here Dynamic DNS host names are accepted This field is optional With this field filled the Pepwave MAX will initiate connection to each of the remote IP addresses until success If the field is empty the Pepwave MAX will wait for connection from the remote peer Therefore at least one side of the two VPN peers has to have the field filled Otherwise VPN connection cannot be established Enter one IP address or host name per line User Manual PEPWAVE MAX mobile router WAN Connection Priority You can specify the priority of the WAN connections
16. client bandwidth usage of that specific date This feature is not available if you have selected to view the bandwidth usage of only a particular WAN connection The Scale of the graph can be set to show in Megabyte MB or Gigabyte GB User Manual PEPWAVE MAX mobile router All WAN X 600 MB E Dovnload E Upload 500 MB W Total 400 MB 300 MB 200 MB 100 MB 12 18 12 21 12 24 12 27 12 30 01 02 01 05 01 08 O1 11 01 14 01 17 2011 01 17 2011 01 16 141 MB 18 MB IP Address Download 192 168 50 150 LAN Client 129 60 MB 192 168 50 10 LAN Client 0 43 MB 192 168 1 99 LAN Client 0 01 MB 64 72 MB 0 02 MB 0 01 MB 400 MB E Dovnload 350 MB E Upload E Total 300 MB 250 MB 200 MB 150 MB 100 MB 50 MB 12 18 12 21 12 24 12 27 12 30 01 02 01 05 01 08 0i 11 01 14 01 17 2011 01 17 94 MB 236 MB 2011 01 16 18 MB 16 MB 34 MB 2011 01 15 18 MB 16 MB 34 MB 2011 01 14 28 MB 40 MB 68 MB 2011 01 15 17 MB 15 MB 32 MB 2011 01 12 26 MB 42 MB 68 MB 2011 01 11 21 MB 37 MB 58 MB 2011 01 10 18 MB 17 MB 35 MB 2011 01 09 18 MB 17 MB 35 MB 2011 01 08 59 MB 17 MB 76 MB 2011 01 07 96 MB 17 MB 113 MB 2N11 N1 Ne6 QA MR 20 MR 125 MR Ethernet WAN Daily Bandwidth Usage 1 377 MB 1 024 000 MB 0 User Manual PEPWAVE MAX mobile router 19 8 3 Monthly This page shows the monthly bandwidth usage for each WAN connection If you have en
17. computers Name MAC addresses and fixed IP addresses The field Name an optional field is for you to define a name to represent the device MAC addresses should be in the format of 00 AA BB CC DD EE Press E to create a new record Press LX lio remove a record Reserved clients information can be imported from the Client List located at Status gt Client List For more details please refer to section 18 3 Static Route Settings This table is for defining static routing rules for the LAN segment A static route consists of the network address subnet mask and gateway address The address and subnet mask values are in the format of W X y Z Static Route The local LAN subnet and subnets behind the LAN will be advertised to the VPN Remote routes sent over the VPN will also be accepted Any VPN member will be able to route to the local subnets Press to create a new route Press x to remove a route WINS Server Settings Check the box to enable the WINS Server A list of WINS clients will be displayed Enable at Status gt WINS Clients DNS Proxy Settings Enable A check box to enable to DNS Proxy feature This field is to enable DNS caching on the built in DNS proxy server When the option is enabled queried DNS replies will be cached until the records TTL has DNS Caching been reached This feature can help improve the DNS lookup time However it cannot return the most updated result for those frequently updat
18. for each WAN can be specified after selecting Enable When this option is enabled all outgoing DNS lookups will be intercepted and redirected to the built in DNS name server If any LAN device is using DNS name servers of a WAN connection you may want to enable this option to enhance the DNS availability without modifying the DNS server setting of the clients The built in DNS name server will distribute DNS lookups to corresponding DNS servers of all available WAN connections In this case DNS service will not be interrupted even if any WAN connection is down DNS Forwarding 17 2 1 SMTP Forwarding Some ISPs require their users to send e mails via the ISP s SMTP server All outgoing SMTP connections are blocked except those connecting to the ISP s The Pepwave MAX supports intercepting and redirecting all outgoing SMTP connections destined for TCP port 25 via a WAN connection to the WAN s corresponding SMTP server SMTP Forwarding Setup O E e Ee O Enable SMTP Server SMTP Port Forwarding Emenee i a Ce E a Connection User Manual PEPWAVE MAX mobile router To enable the feature select the Enable check box under SMTP Forwarding Setup Check the box Enable Forwarding for the WAN connection s that needs such forwarding Enter the ISP s e mail server address and TCP port number for each WAN The Pepwave MAX will intercept SMTP connections choose a WAN with reference to the Outbound Policy and t
19. gt Email Notification Email Notification Setup Email notification EERS smtp mycompany com Require authentication se admin mycompany com systemimycompany com stattimycompaeny com Test Email Notification _Save Email Notification Settings This option is for enabling Email Notification If the box Enable is checked Pepwave MAX sends email messages to a System Email Notification Administrator when the WAN status changes or when new firmware is available If the box Enable is not checked Email Notification is disabled and Pepwave MAX will not send email messages This field is for specifying the SMTP server to be used for sending email If the ASETET server requires authentication check the box Require authentication Check the box to enable SMTPS When the box is checked the next field SMTP SSL Encryption Port will be changed to 465 automatically This field is for specifying the SMTP Port number By default this is set to 25 when the SSL Encryption box is checked the SMTP Port default port number will be set to 465 You may customize the port number by editing this field Click the button Default to restore to default This setting specifies the SMTP username and password while sending email These options are shown only if Require authentication check box is checked in SMTP Server setting SMTP User Name Password Confirm SMTP Password This field allows you to verify
20. in any rule above Click on a rule to change its group Subnet IP Address Manager AE x Client Staffa A METR AEO IP Address 192168199 Manager siia Group O Manager F Save Cancel Add Edit User Group From the drop down menu choose whether you are going to define the client s by an IP Address or a Subnet Subnet IP Address f IP Address is selected enter a name defined in DHCP Reservation table or a LAN client s IP address If Subnet is selected enter a subnet address and specify its subnet mask This field is to define which User Group the specified Subnet IP Address Group belongs to Once users have been assigned to a user group their internet traffic will be restricted by rules defined for that particular group Please refer to the following two sections for details User Manual PEPWAVE MAX mobile router 15 2 Bandwidth Control You can define a maximum download speed over all WAN connections and upload speed for each WAN connection that each individual Staff and Guest member can consume No limit can be imposed on individual Manager members By default Download and Upload Bandwidth Limits are set to unlimited set as 0 Enable User Bandwidth Limit Download Upload Manager Unlimited Unlimited Staff 0 Mbps 0 Mbps 0 unlimited Guest 0 Mbps 0 Mbps 0 unlimited User Manual PEPWAVE MAX
21. is referenced as the default weight value when using the custom rule Default Auto the algorithm Least Used or the algorithm Persistence Auto in Outbound Policy with Managed by Custom Rules chosen see Section 11 2 Health Check _ This setting specifies the health check method for the WAN connection The value Method of method can be configured as Disabled Ping or DNS Lookup User Manual PEPWAVE MAX mobile router Dynamic DNS Bandwidth Allowance Monitor Port Speed MTU MSS MAC Address Clone The default method is Disabled See Section 8 4 for configuration details This setting specifies the dynamic DNS service provider to be used for the WAN based on supported dynamic DNS service providers e changeip com e dyndns org e no ip org e tzo com Select Disabled to disable this feature See Section 8 1 4 for configuration details This option allows you to enable bandwidth usage monitoring on this WAN connection for each billing cycle When this is not enabled bandwidth usage of each month is still being tracked but no action will be taken See Section 8 5 for configuration details This setting specifies port speed and duplex configurations of the WAN Port By default Auto is selected and the appropriate data speed is automatically detected by Pepwave MAX In the event of negotiation issues the port speed can be manually specified to circumvent the issues You can also choose whether or no
22. menu the Protocol and Port number remains manually modifiable This specifies the source IP address es and port number s to be matched for a firewall rule A single address or a network can be specified as the Source IP amp Port setting as indicated with the following screenshots Single Address IP Source IP amp Port Single Port Port rt Mask 255 255 25 0 Fot Range Port In addition a single port or a range of ports can be specified for the Source IP amp Port setting User Manual PEPWAVE MAX mobile router Destination IP amp Port Action Event Logging This specifies the destination IP address es and port number s to be matched for a firewall rule A single address or a network can be specified as the Source IP amp Port setting as indicated with the following screenshots TP Port Network Mask 255 255 255 0 w Port In addition a single port or a range of ports can be specified for the Source IP amp Port setting This setting specifies the action to be taken by Pepwave MAX upon encountering traffic that matches the both of the following e Source IP amp Port e Destination IP amp Port With the value of Allow for the Action setting the matching traffic passes through Pepwave MAX to be routed to the destination If the value of the Action setting is set to Deny the matching traffic does not pass through Pepwave MAX
23. mobile router 15 3 Application 15 3 1 Application Prioritization You can choose whether to apply the same Prioritization settings to all user groups or customize the settings for each group Application Prioritization Apply same settings to all users Customize Three priority levels can be set for application prioritization 1 High Normal and Four types of applications are predefined Their priority for each user group can be selected from their corresponding drop down menu Traffic types not defined in the table are assigned with normal priority Application 15 3 2 Prioritization for Custom Application Click the Add button to define a custom application Click the button in the Action column to delete the custom application in the corresponding row Single Port 12345 OK Cancel Application Prioritization PPTP and IPSec VPN When enabled any PPTP and IPSec traffic will be prioritized SIP Vonage When enabled any SIP and Vonage voice traffic will be prioritized Skype Google Talk When enabled voice and video traffic of Skype Google Talk RealVideo RealVideo and ve ncow gt and Windows Streaming Media will be prioritized Streaming Media Secure Web HTTPS When enabled HTTPS TCP port 443 traffic will be prioritized User Manual PEPWAVE MAX mobile router 15 3 3 DSL Cable Optimization DSL cable based WAN connection has its upload bandwidth lower
24. network is one single non NAT IP network No two subnets in two sites shall be duplicated Otherwise connectivity problems will be experienced in accessing those subnets User Manual PEPWAVE MAX mobile router 11 IPsec VPN Available on all Peplink Balance devices Peplink Balance IPsec VPN functionality securely connects one or more branch offices to your company s main headquarters or to other branches The data voice or video communications between these locations are thus kept safe and confidential across the public Internet The IPsec VPN of the Peplink Balance is especially designed for a multi WAN environment For instance a user sets up multiple IPsec profiles for his multi WAN1 WAN3 environment if WAN1 is connected and its health check turns up good the IPsec traffic will go through this link However should unforeseen problems e g physically unplugged or ISP problems arise and cause WAN1 to go down our IPsec implementation will make use of WAN2 and WANS accordingly as failover purposes 11 1 IPsec VPN Settings All of our Peplink products can make multiple IPsec VPN connections with Peplink as well as Cisco or Juniper Routers Note that all LAN subnet and subnets behind it have to be unique Otherwise VPN members will not be able to access each other All data can be routed over the VPN with a selection of encryption standards such as 3DES AES 128 and AES 256 To configure navigate to Net
25. priority will be selected By default Stronger Signal Strength is selected This option is to specify whether the Wi Fi WAN will connect to any open mode access point it finds By default this is disabled If this field is disabled the WAN connection will not respond to ICMP PING requests By default this is enabled User Manual PEPWAVE MAX mobile router 8 3 1 Create Wi Fi Connection Profile You can manually create a profile to connect to a Wi Fi connection It is useful for creating a profile for connecting to hidden SSID access points Click on the link Create Profile and the following window will be displayed Create Wi Fi Connection Profile Wi Fi Connection Wi Fi Hotspot Open Obtain an IP address automatically Static Cancel Create Wi Fi Connection Profile Settings menor NAME This field is for defining a name to represent this Wi Fi connection SSID This option allows you to select which security policy is used for this wireless network Available options e Open e WEP p V Hide Characters Security e WPA WPA2 Personal WPA WPA2 Personal W Hide Characters e WPA WPA2 Enterprise The settings to be displayed under this row will vary depending on the selected security policy User Manual PEPWAVE MAX mobile router 8 4 WAN Health Check To ensure traffic is routed to healthy WAN connecti
26. 010 12 01 to 2010 12 31 2 291 MB 2 103 MB 4394 MB 2010 11 01 to 2010 11 30 2 261 MB 2 896 MB 5 157 MB 2N1N 1N N1 tm 27N1N 1N 31 471 MR 3 ARA MR 32955 MR Ethernet WAN Daily Bandwidth Usage Tip By default the scale of data size is in MB 1GB equals to 1024MB User Manual PEPWAVE MAX mobile router Appendix A Restoration of Factory Defaults To restore the factory default settings on a Pepwave MAX unit follow the steps below 1 Locate the reset button on the front panel of Pepwave MAX unit 2 With a paper clip press the reset button and hold it for at least 10 seconds until the unit reboots itself After Pepwave MAX finishes rebooting the factory default settings will be restored Important Note All previous configurations and bandwidth usage data will be lost after restoring the factory default settings Regular backup of configuration settings is strongly recommended User Manual PEPWAVE MAX mobile router Appendix B Declaration 1 The device supports time division technology 2 Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and u
27. 42 USB2 O amp Wi Fi WAN 192 168 1 110 4147 123 123 123 1 443 H WAN1 00 00 02 192 168 1 110 60 60 60 1 WAN1 00 00 02 192 168 1 110 2423 123 123 123 1 443 HTTP WAN1 00 00 13 192 168 1 110 1144 123 123 123 123 5222 XMPP Client WAN2 00 00 19 192 168 1 110 1156 65 65 65 1 1863 WAN1 00 00 22 192 168 1 110 62817 90 123 90 1 123 NTP WAN2 00 00 29 10 10 10 112 1024 192 168 1 110 514 Syslog WA 00 00 20 This Active Sessions section displays the active inbound outbound and UDP TCP sessions of each WAN connection on Pepwave MAX A filter is available to help sort out the active session information Enter a keyword in the field or check one of the WAN connection boxes for filtering 19 3 Client List The client list table is located at Status gt Client List It lists DHCP client IP addresses their Names retrieved from DHCP reservation table or defined by users current Download and Upload rate and MAC addresses that the Pepwave MAX has offered IP addresses to since it is powered up Network Name SSID and Signal refers to the information about Wi Fi AP which is the name of the Network and its signal strength Clients can be imported into DHCP Reservation table by clicking the _i_ button on the right most column Further update the record after the import by going to Network gt LAN If PPTP Server in section 16 1 is enabled you may see the corresponding connection name would be listed in the field of Name Client List Network Signal
28. 9 5 METO Ire VIN aanecebcinna cae idan e aE E A E asdsenonanstecmOanemennaseee 100 19 6 UP NPAT P IMAP erain E tole caes soterdeimsontexeteneeadelns cea Sorclacedaegeutesoieasea dene sesaserdaaeceraeutee 101 19 7 BE II OG ioc a E E clases ctiods snaae se nmcatin E A A E A E 101 198 BANDWIDTH a co csersenncugtings ninsoarea a N T aE A 102 APPENDIX A RESTORATION OF FACTORY DEFAULTS cssececcecsccccsccccececcecescecesoees 106 APPENDIX B DECLARATION wisiicacicsssssicassantssanedasinonsandecedentesiwassindeansaeddssenreataspavscayaeasnesoasssuals 107 User Manual PEPWAVE MAX mobile router 1 Introduction and Scope The Pepwave MAX Mobile Router provides link aggregation and load balancing across six WAN connections allowing a combination of technologies like 3G HSDPA EVDO Wi Fi external WiMAX dongle and Satellite to be utilized to connect to the Internet This manual presents how to set up the Pepwave MAX Mobile Router and provides an introduction to the features and usage of Pepwave MAX Mobile Router Want to know more about Pepwave MAX Visit our YouTube Channel for a video introduction http youtu be UCkVOThLKO4 User Manual PEPWAVE MAX mobile router 2 Glossary The following terms acronyms and abbreviations are frequently used in this manual Term Definition 3G 3rd Generation standards for wireless communications e g HSDPA 4G 4th Generation s
29. Configurable web administration port and administrator password Firmware upgrades configuration backups Ping and Traceroute via Web Admin Interface Remote web based configuration via WAN and LAN interfaces Time server synchronization SNMP Email notification Read only user for Web Admin Authentication and Accounting by RADIUS server for Web Admin Built in WINS Servers Syslog SIP passthrough PPTP packet passthrough Event Log Active Sessions Client List WINS Client List UPnP NAT PMP Real Time Daily and Monthly Bandwidth Usage reports and charts User Manual PEPWAVE MAX mobile router 4 Pepwave MAX Mobile Router Overview 4 1 MAX 600 4 1 1 Front Panel Appearance PC Card Slot Express Card Slot Wi Fi WAN Connector Ethernet WAN Port USB Ports Wi Fi LAN Connector z is WAN uss 1 2 sase E pn ee PeP wave MAX mobile router Wi Fi AP LED LAN Ports in Wi Fi WAN LED Status LED Power LED Reset Button 4 1 2 LED Indicators The statuses indicated by the Front Panel LEDs are as follows Power and Status Indicators OFF Power off Power Green Power on OFF System initializing Status Red Booting up or busy Green Ready state Wi Fi AP and Wi Fi WAN Indicators OFF Disabled Intermittent Blinking Trying to connect but not connected to any wireless network Wi Fi WAN ON Connected to wireless network s without traffic Continuous Blinking Transferring data OFF Disabl
30. DIUS server local accounts will be enabled again for emergency access Authentication options will be available once this box is checked This specifies the authentication protocol used Available options are MS CHAP v2 and PAP This specifies the access address of the external RADIUS server This is the secret for accessing the RADIUS server This option specifies the time value for authentication timeout This specifies the access address of the external Accounting server This is the secret for accessing the Accounting server This option is for specifying the network connection which will be used for authentication connection Users can choose from LAN WAN and VPN connections This option is for specifying the protocol s through which the Web Admin Interface can be accessible HTTP HTTPS HTTP HTTPS These fields are for specifying the port number at which the Web Admin Interface can be accessible This option is for specifying the network interfaces through which the Web Admin Interface can be accessible LAN only LAN WAN If LAN WAN is chosen a WAN Connection Access Settings form will be displayed User Manual PEPWAVE MAX mobile router WAN Connection Access Settings This field allows you to restrict web admin access only from defined IP subnets e Any Allow web admin accesses to be from anywhere without IP address restriction e Allow access from the following IP subnets only Restrict web a
31. E 83 18 1 AONNE ECHR a ne ee ee ee en ee at eee eee ees A 83 18 2 FIRMWARE UPGRADE scececececececececececccecccccecececececececececececscececececesecacesscececesececeseteceseseeeseseseceseeeeeseats 87 18 3 TOI sree ecg eareeeseer aaa atest ecg nie pncevee trig ea eer ENE E EE 88 18 4 EAE NOTIFICATION ospzsta ca tepaateceani eareareaeiesantesaiewlaceangnte pacuiaceweaciotian E ETE 89 18 5 REMOTE A A Cae eno ee eee 91 18 6 Oo hd ee ee ee ee ee ee ee ere 92 18 7 CONFIGURATION escccnesscssersiacwoiscaswarotavwreseasnesvatore tnowconvvvrmsspgrbacwe sasw arolavwre easteivalore daswvoivavomGpgtasws sain avolowe easeoivalore Saiwcuvuwreigtbiawre saiwiaelawrlgwionulorianien 94 18 8 REBOOT irr oterezecocnccn aie rcnacv tnciercnes rules frumucntn oaeraiecreea sore tissaayaruelessaea naman oa creda sorte tie aruilaaeaiemsanieaa ea imeenas ern ciesawnminasateumcned 95 18 9 PUIG ESI a E wasters escigntawa pew EAE A E E E A ny sae E OA EER 96 18 10 TRACEROUTE TEST seccrsesccareuticetesaralecosaransuaatirtanis etewaea tu atsarleacvnaanaatsaat teraa eee EEA EEEE 97 St WP INO IES Ty esctetnceasug ac a E O E E N 97 User Manual PEPWAVE MAX mobile router 19 STATUS noirin a 98 19 1 DEVIC A A E E A E A E 98 OA T ATE ON E et ene ee E A E eee te 99 T3 O10 21 gc eee eee ee ee ee 99 19 4 WINS COUENT tis este gen stenecatuernanncvaateananeqaesstnanamaaneunnenestioanauanoenatvasnampeusansnsnuaynemedasqunpuncacouncucaeeaeneeuweste 100 1
32. E MONITOR cccececscscscccccccccscccscecscscscscscscacacevsvavsvevscevevavsvavevsversvsvevavavavevevevers 42 9 WiFI SETTINGS sdccaSiwataecaitsa cad acas a anes saan ausvenweaseecaeedeseasdeencesnseaens 43 9 1 STP SPANNING TREE PROTOCOL sii ccs vcsiananiidnasdnastaonnnseidonsadSbnacigns ai eai a iE a 46 10 BANDWIDTH BONDING SITE TO SITE VPN cccccccccccccccccccccccccccccccccccccccccccccccecs 47 10 1 CONFIGURING A SITE TO SITE VPN PROFILE cccececececececscccecesscscscscccccscsvecseeeetscaeecseaeseavavaeevevavavsvevnaees 47 10 2 LINK FF RE DETECHON accesses ets a a A EN EEE 49 10 3 PEPWAVE MAX BEHIND NAT ROUTER cccecscscecscccccscccecevscscscscsccvsvsvavevsvsvevscevsvevstsvvavavsvevsvevevsveveverers 51 10 4 VPN STA TS arara a a EAA EE EE E T E A ETE ES E E E T 52 User Manual PEPWAVE MAX mobile router 11 12 13 14 15 16 17 18 IPFC PN desonra 53 11 1 IPSEC VPN SETTINGS sirrtesieriastearistorrstorncsane nrn s ene A ENN EE EAEE E EA EAEE ENESA 53 11 2 PE AT ee eee EE E E EE S 55 MANAGEMENT OF OUTBOUND TRAFFIC TO WAN ccccccccccccccccccccccccccccccccecs 56 12 1 OUTBOUND POLICY aarre nor in aaaccosnenae oamenacas E ancain eiacas anes tancaasgtiaoat EES 57 12 2 CUSTOM RULES FOR OUTBOUND POLICY cccccsccsasseneysnseieossawns aya pianvestisieasesn bueivesoanianeyanieisesseverncpiauribessisuanees 58 PORT FORWARDING sssesssecsssccsoseccos
33. E Standby Details Fronty 3 Router IP Address 192 168 50 1 gh ON Details Model Pepwave MAX 600 Firmware 5 2 build 1194 Uptime 3 days 16 hours 46 minutes CPU Load A TH Throughput 8 0 0 Mbps 0 0 Mbps copyright Pepwave All nghts reserved User Manual PEPWAVE MAX mobile router Dashboard shows the current WAN LAN Wi Fi AP settings and statuses You can simply change priority of WAN connections and switch on off Wi Fi AP in here For further information about how to set up these connections please refer to Section 7 and 8 Device Information shows the details about the device including Model name Firmware version and Uptime For further information please refer to Section 18 Important Note Configuration changes e g WAN LAN Admin settings etc will only take effect after clicking the Save button at the bottom of each page The Apply Changes button causes the changes to be saved and applied User Manual PEPWAVE MAX mobile router 7 Configuration of LAN Interface s 7 1 Basic Settings The LAN Interface settings are located in Network gt LAN gt Basic Settings IP Settings Hours 0 Mins 0 Seconds ie Assign WINS server Built in External Static Route Settings WINS Server Settings DNS Proxy Settings oe UF mae IP Address T T Save Required User Manual PEPWAVE MAX mobile ro
34. IP is changed after a DHCP IP refresh reconnection etc Due to dynamic DNS service providers policy a dynamic DNS host will automatically expire if the host record has not been updated for a long time Therefore Pepwave MAX performs an update every 23 days even if a WAN s IP address has not changed User Manual PEPWAVE MAX mobile router 8 2 E Express Card E PC Card 1 USB1 4 Express Card PC Card USB1 USB2 Wireless adaptor gt SIM card 1st P lt 3 10 10 10 11 a tS 10 10 12 FUSBWAN OOOO Defa O WAN Default Remain connected Disconnected meoo dhee vi Hide Characters 5 seconal fo eo Mentor wore _Save and Apply Cancel Login ID loginidhere Password passwordhere Express Card PC Card USB Settings This is the International Mobile Subscriber Identity which uniquely identifies the SIM SIM Card IMs card This is applicable to 3G modems only This field shows the name of the carrier who issues the SIM card for 3G or the Carrier modem for EVDO Country Region This is the country region of the carrier who issues the EVDO modem Signal Strength This field shows the signal strength of the connection IP Address This information is obtained from the carrier automatically User Manual PEPWAVE MAX mobile router DNS Servers WAN Connection Name Standby State Operator Settings APN Login Password Dial Number
35. N connection are used as the Health Check DNS Servers Health Check Method SmartCheck FJ SmartCheck SmartCheck monitors the link status and is optimized for mobile networks with high traffic latency Other Health Check Settings 5 second s a CSCS This setting specifies the timeout in seconds for ping DNS lookup requests Default Timeout is set to 5 second Health Check interval EE Timeout Health Check This setting specifies the time interval in seconds between ping or DNS lookup Interval requests Default Health Check Interval is 5 seconds This setting specifies the number of consecutive ping DNS lookup timeouts after which Pepwave MAX is to treat the corresponding WAN connection as down Default Health Retries is set to 3 For example with the default Health Retries setting of 3 after consecutive 3 timeouts the corresponding WAN connection will be treated as down Health Check Retries This setting specifies the number of consecutive successful ping DNS lookup responses that must be received before Pepwave MAX treats a previously down WAN connection to be up again By default Recover Times is set to 3 For example a WAN connection that is treated as down will be considered to be up again upon receiving 3 consecutive successful ping DNS lookup responses Recovery Retries Automatic Public DNS Server Check on DNS Test Failure In case the health check method is set to DNS Lookup and checks
36. PEPWAVE Broadband Possibilities AX mobile router User Manual Pepwave MAX Senes MAX 600 700 HD2 Pepwave MAX Firmware 5 3 November 2011 COPYRIGHT amp TRADEMARKS Specifications are subject to change without notice Copyright 2011 Pepwave Ltd All Rights Reserved Pepwave and the Pepwave logo are trademarks of Pepwave Ltd Other brands or products mentioned may be trademarks or registered trademarks of their respective owners User Manual PEPWAVE MAX mobile router Table of Contents TABLE OF CONTENTS saauscncevsuvsecscnescuscusucamciearisccensecumcieneiexecusuenmuwnpiseceusacamcieneiesseususmuaeiescneees 2 1 INTRODUCTION AND SCOPE ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccceccccccccsoecs 5 2 GLOSSAR wa csa sie aicucees sans doshas dco aarstw bantignuno usenet owe hues caeh ensue ad gncusuGeasynedwredersacehansenersactonss 6 3 PRODUCT FEA FOURES erie en ea Oe SN oO a are ee ee 7 3 1 SUPPORTED NETWORK FEATURES scccccaccadchsndcvassasenend a aa aa ae aaia eiaa beai 7 3 2 OTRER SUPPORTED F EATOUNES ierasta ane A E 8 4 PEPWAVE MAX MOBILE ROUTER OVERVIEW cccccccccccccccccccccccccccccccccccccccccceccs 9 4 1 I rig grate oasctst across toe bay cries E aaeenecian 9 4 2 De DG saccharate rete ce ek scl AAEE eat ete eien IEAA EEA EN 11 4 3 MAX AD aac cate ts itp ats cra tates cie sm rissa eicosanoid E 13 5 INSTALLA ION oc cawscnsdasuccnseenssaneacedenneseassan
37. SIM PIN Heath Checking Settings Bandwidth Allowance Monitor Modem Specific Settings Network Type GSM Frequency Band Each carrier may provide a set of DNS servers for DNS lookups This field specifies the DNS Domain Name System Servers are currently effective when a DNS lookup is routed through this connection This information is obtained from the carrier automatically or can be entered manually by users This field is for defining a name to represent this WAN connection This option allows you to choose whether to remain the connection connected or disconnected when this WAN connection is no longer in the highest priority and has entered the standby state When Remain connected is chosen upon bringing up this WAN connection to active it will be immediately available for use This setting applies to 3G EDGE GPRS modem only It does not apply to EVDO EVDO Rev A modem This allows you to configure the APN settings of your connection If Auto is selected the mobile operator should be detected automatically The connected device will be configured and connection will be made automatically afterwards If there is any difficulty in making connection you may select Custom to enter your carriers APN Login Password and Dial Number settings manually The correct values can be obtained from your carrier The default and recommended Operator Settings is Auto When Auto is selected the information in these fields will
38. Save and Apply button User Manual PEPWAVE MAX mobile router 8 1 U Ethernet WAN WAN 1 Default DHCP x V Obtain DNS server address automatically 10 9 1 1 Use the following DNS server address es DNS Server 1 DNS Server 2 Use custom hostname State K Remain connected Disconnect KERON 100 Mbps x tr S 100 Mbps x W Use first two DNS servers as Health Check DNS Servers Include public DNS servers men ER Heat check Reties EE a y User Manual PEPWAVE MAX mobile router J Auto Custom Value 1440 Default Delete Save and Apply Cancel Ethernet WAN Settings WAN Connection This field is for defining a name to represent this WAN connection Name There are three possible connection methods for Ethernet WAN e DHCP n F e Static IP onnection Method aoe The connection method and details are determined by and can be obtained from the ISP See the Sections 8 1 1 8 1 2 and 8 1 3 for details of each connection method This setting specifies the state of the WAN connection The available options are Standby State Remain connected and Disconnect The default state is Remain Connected Upstream This setting specifies the data bandwidth in the outbound direction from the LAN Bandwidth through the WAN interface This setting specifies the data bandwidth in the inbound direction from the WAN interface to the LAN Downstream l l Bandwidth This value
39. Status gt Device System Information Pepwave MAX 600 2830 2345 C65B Download Interface MAC Address Pe oonrzssea OOOO Pe i ponza Eo i bonas E i i ponasa C i i ponasa C onmens O O oO o Pe e sfe Legal System Information This is the name specified in the field Router Name located in System gt Admin Security Router Name Model This shows the model name and number of this device Hardware Revision This shows the hardware version of this device Serial Number This shows the serial number of this device Firmware This shows the firmware version that this device is currently running Uptime This shows the length of time since the device is rebooted System Time This shows the current system time A Download button is for exporting a diagnostic report file required for system Diagnostic Report investigation The second table shows the MAC address of each LAN WAN interface connected Important Note If you encounter issues and would like to contact Peplink Support Team http Awww peplink com contact please download the diagnostic report file and attach it along with a description of your encountered issue In firmware 5 1 or before Diagnostic Report file can be obtain at System gt Reboot User Manual PEPWAVE MAX mobile router 19 2 Active Sessions Information on Active Sessions is at Status gt Active Sessions Filter i Ethernet WAN C H Express Card CO H Pc Card 1 USB1 E
40. abled Bandwidth Monitoring feature as shown in section 8 5 you can choose a particular connection to check its usage and select to show the monthly usage period in Billing Cycle or Calendar Month Click the first or second row to view the client bandwidth usage of the current month This feature is not available if you have chosen to view the bandwidth usage of only a particular WAN connection The Scale of the graph can be set to show in Megabyte MB or Gigabyte GB All WAN Hl Dovnload HB Upload E Total 20000 MB 15000 MB 10000 MB 5000 MB 0 eS 2010 05 2010 06 2010 07 2010 08 2010 09 2010 10 2010 11 2010 12 2011 01 1 081 MB 3 408 MB 4952 MB 1 367 MB 4059 MB 4792 MB 2011 01 01 to now 2010 12 01 to 2010 12 31 2010 11 01 to 2010 11 30 Download 1 54 MB 490 46 MB 1 412 51 MB 20 87 MB LAN Client LAN Client 10 10 10 103 192 168 50 150 59 115 100 40 LAN Client 0 00 MB 141 63 MB 203 186 47 43 LAN Client 0 00 MB 131 22 MB a1 12009 17N ILAN Aliant nnn MR sa NA MR SA NA MRA All WAN Daily Bandwidth Usage User Manual PEPWAVE MAX mobile router Ethernet WAN Billing Cycle Calendar Month MB GB 6000 MB HB Dovnload BH Upload 5000 MB W Total 4000 MB 3000 MB 2000 MB 1000 MB 2010 05 2010 06 2010 07 2010 08 2010 09 2010 10 2010 11 2010 12 2011 01 2011 01 01 to now 784 MB 595 MB 1379 MB 2
41. and confirm the new administrator password User Manual PEPWAVE MAX mobile router Sender s Email Address Recipient s Email Address This setting specifies the sender email address reported by the email messages sent by Pepwave MAX This setting specifies the email addresses to which Pepwave MAX should send the email messages to You may enter multiple recipients email addresses in this field After you have completed the settings you can click the Test Email Notification button to test the settings before saving it After it is clicked you will see this screen to confirm the settings SMTP Server smtp mycompany com SMTP Port SMTP User Name Sender s Email Address admin mycompany com pe n eel eee system Emycompany cam staff mycompany com Send Test Notification Cancel Click Yes to confirm Wait a few seconds and you will see a return message and the detailed test result Tes email sent Email notification settings ar Save button Test Result INFO Try email through connection 3 lal lt 220 ESTP gt EHLO balance lt 250 smtp Hello balance 210 210 210 210 a2 U el2E 1OO000000 200 BITHIME a0U PIPELINING 22 U0 AUTH PLAIN LOGIN 220 8 TARTTLS ne mmm UMT User Manual PEPWAVE MAX mobile router 18 5 Remote Syslog The Remote Syslog functionality of Pepwave MAX enables event logging at a specified remot
42. be filled automatically Select the option Custom and you may customize these parameters The parameters values are determined by and can be obtained from the ISP This setting allows you to specify the health check method for the WAN connection The as available options are Disabled and SmartCheck The default method is SmartCheck See Section 8 4 for configuration details This option allows you to enable bandwidth usage monitoring on this WAN connection for each billing cycle When this is not enabled bandwidth usage of each month is still being tracked but no action will be taken See Section 8 5 for configuration details The settings under this category may or may not be available depending on the model of the connected device This setting allows you to define your preference of using the 4G 3G and or 2G networks 4G networks include WIMAX 3G networks include HSPA UMTS 2G networks include EDGE GPRS If 3G only or 2G only is chosen only the HSPA UMTS or EDGE GPRS network will be used respectively If the chosen network is not available no other network will be used regardless of its availability The modem connection will remain offline If 3G preferred or 2G preferred is chosen the chosen network will be used when it is available If the chosen network is not available the other network will be used whenever available The default Network Type is 3G preferred and the example shown above is fora Huawei 3G modem
43. c DNS Settings Pepwave MAX provides the functionality to register the domain name relationships to dynamic DNS service providers Through registration with dynamic DNS service provider s the default public Internet IP address of each WAN connection can be associated with a host name Either upon a change in IP address or every 23 days without link reconnection Pepwave MAX will connect to the dynamic DNS service provider to perform an IP address update within the provider s records Dynamic DNS Settings This setting specifies the dynamic DNS service provider to be used for the WAN based on supported dynamic DNS service providers e changeip com Dynamic DNS e dyndns org e no ip org e tzo com Select Disabled to disable this feature Account Name Email Address This setting specifies the registered user name for the dynamic DNS service Password TZO Key This setting specifies the password for the dynamic DNS service This field allows you to specify a list of host names or domains to be associated with the public Internet IP address of the WAN connection If you need to enter more than one host you can use a carriage return to separate them Hosts Domain Important Note In order to use dynamic DNS services appropriate host name registration s as well as a valid account with a supported dynamic DNS service provider are required A dynamic DNS update is performed whenever a WAN s IP address changes E g
44. canned by Wi Fi clients When Yes is selected this virtual AP is enabled Select No to disable it By default it is enabled Enable You can also choose to enable or disable this virtual AP on the Dashboard Connection Status of Wi Fi AP please refer to section 6 for information When the box Enable is checked this SSID can be scanned by Wi Fi clients Broadcast SSID By default it is enabled When the box Enable is checked multicast network traffic to the wireless SSID Multicast Filter will be filtered By default it is disabled This field allows you to specify the transmit rate to be used for sending multicast Multicast Rate network traffic By default Multicast Rate is set to 1M Wireless Security Settings This setting specifies which security policy will be used for this wireless network Available options Security Policy User Manual PEPWAVE MAX mobile router e Open No Encryption Wireless Security Settings O e WPA WPA2 Personal Wireless Security Settings O Eeo wnscae SSCS v Hide Characters e WPA WPA2 Enterprise Wireless Security Settings SEE onscor SOS RADIUS Server Settings Primary Server Secondary Server authentication eot 1512 _pefaur e Defaul fet a 1613 _veraur 1313 Default J Wireless Security Settings O RADIUS Server Settings Primary Server Secondary Server Authentication Port 1812 Default 1812 Default Accounting Port
45. ccesses you should still choose default here then customize the outbound access rule in the Outbound Policy section Note 2 WAN connections in drop in or IP forwarding mode are not shown here Click Save to save the settings when configuration has been completed Important Note Inbound firewall rules override the Inbound Mapping settings User Manual PEPWAVE MAX mobile router 15 QoS 15 1 User Groups LAN and PPTP clients can be categorized into three user groups Manager Staff and Guest This table allows you to define rules and assign client IP addresses or subnets to a user group You can apply different bandwidth and traffic prioritization policies on each user group in the Bandwidth Control and Application sections The table is automatically sorted and the table order signifies the rules precedence The smaller and more specific subnets are put towards the top of the table and have higher precedence larger and less specific subnets are placed towards the bottom Click the Add button to define clients and their user group Click the x button to remove the defined rule Two default rules are pre defined and put at the bottommost They are All DHCP reservation clients and Everyone and they cannot be removed All DHCP reservation clients represents the LAN clients defined in the DHCP Reservation table in the LAN settings page Everyone represents all clients that are not defined
46. ck on the Check again button to use online upgrade With online upgrade Pepwave MAX checks online for new firmware If a new firmware is available the firmware will be automatically downloaded by Pepwave MAX The upgrade process will subsequently be automatically initiated You may also download a firmware image from the Pepwave web site http www pepwave com and update the unit manually Click Browse to select the firmware file from the local computer and then click Upgrade to send the firmware to Pepwave MAX Pepwave MAX will then automatically initiate the firmware upgrade process Please note that all Pepwave devices are equipped to be able to store two different firmware version in two different partitions A firmware upgrade preformed will always replace the inactive partition If you want to keep the inactive firmware you can simply reboot your device with the inactive firmware and then perform the firmware upgrade Firmware Upgrade Status Status LED Information during firmware upgrade e OFF Firmware upgrade in progress DO NOT disconnect power e Red Unit is rebooting e Green Firmware upgrade successfully completed Important Note The firmware upgrade process may not necessarily preserve the previous configuration and the behavior varies on a case by case basis Consult the Release Notes for the particular firmware version Do not disconnect the power during firmware upgrade process Do not attempt to uploa
47. connections over which communication actually takes place As a result a LAN client computer behind Pepwave MAX may communicate using multiple Internet IP addresses For example a LAN client computer behind a Pepwave MAX with three WAN connections may communicate on the Internet using three different IP addresses With the algorithm Persistence of Pepwave MAX rules can be configured to enable client computers to persistently utilize the same WAN connections for e banking and other secure websites As a result a client computer will communicate with the other end using one IP address and eliminate the issues Algorithm D Persistence Persistence Mode By Source By Destination Load Distribution Auto Custom Load Distribution O Weight There are two modes for Persistence By Source and By Destination The same WAN connection will be used for traffic matching the rule and originating By Source from the same machine regardless of its destination This option will provide the highest level of application compatibility Eana The same WAN connection will be used for traffic matching the rule originating By Destination from the same machine and going to the same destination This option can better distribute load to WAN connections when there are only a few client machines The default mode is By Source When there are multiple client requests they can be distributed persistently to WAN connections with a weight
48. d a non firmware file or a firmware file that is not qualified or not supported by Pepwave Upgrading a Pepwave MAX Mobile Router with an invalid firmware file will damage the unit and may void the warranty Important Note If the firmware is rolled back from 5 x to 4 x the configurations will be lost User Manual PEPWAVE MAX mobile router 18 3 Time The Time Server functionality enables the system clock of Pepwave MAX to be synchronized with a specified Time Server The settings for Time Server configuration are located at System gt Time Time Zone O Show all Time Server time nistgov Default Save Time Server Settings This specifies the time zone along with the corresponding Daylight Savings Time scheme in which Pepwave MAX operates Time Zone The Time Zone value affects the time stamps in the Event Log of Pepwave MAX and E mail notifications Checked the box Show all to show all available time zone options This setting specifies the NTP network time server to be utilized by Pepwave MAX Time Server User Manual PEPWAVE MAX mobile router 18 4 Email Notification The Email Notification functionality of Pepwave MAX provides a System Administrator with up to date information on network status The settings for configuring Email Notification are found at System
49. d to wireless network Continuous Blinking Transferring data to wireless network User Manual PEPWAVE MAX mobile router LAN and Ethernet WAN Ports ON 1000 Mbps Green LED OFF 10 100 Mbps Solid Port is connected without traffic Yellow LED Blinking Data is transferring OFF Port is not connected Port Type Auto MDI MDI X ports 4 2 3 Rear Panel Appearance Power Connector USB Ports Kensington Lock User Manual PEPWAVE MAX mobile router 4 3 MAX HD2 4 3 1 Front Panel Appearance Wi Fi AP Connector Ethernet WAN Port Cellular WAN LED USB Port Terminal Block Coo nA MeeR ARa KI 6 A PEN PEP WAV E MAX mobile router AN ee 4 gt S ik T AEE NIS Cellular Cellular A 1 2 Ss WAN1 WAN 2 O ws Mi 4 Reset Button LAN Ports Status LED 4 3 2 LED Indicators The statuses indicated by the Front Panel LEDs are as follows 3 Status Indicators OFF System initializing Status Red Booting up or busy Green Ready state Wi Fi AP and Wi Fi WAN Indicators OFF Disabled Intermittent a Nee Blinking Trying to connect but not connected to any wireless network ellular Cellular 2 ON Connected to wireless network s without traffic Continuous Blinking Transferring data LAN and Ethernet WAN Ports ON 1000 Mbps Green LED OFF 10 100 Mbps Solid Port is connect
50. de 12 2 7 Algorithm Lowest Latency Lowest Latency Wa Note Use of Lowest Latency will incur additional network usage Ethernet WAN Express Card PC Card USB1 USB2 Wi Fi WAN The traffic matching this rule will be routed through the healthy WAN connection that is selected in the field Connection and has the lowest latency Latency checking packets are issued periodically to a nearby router of each WAN connection to determine its latency value The latency of a WAN is the packet round trip time of the WAN connection Additional network usage may be incurred as a result User Manual PEPWAVE MAX mobile router Tip The round trip time of a 6M down 640k up link can be higher than that of a 2M down 2M up link It is because the overall round trip time is lengthened by its lower upstream bandwidth despite of its higher downlink speed Therefore this algorithm is good for two scenarios e All WAN connections are symmetric or e A latency sensitive application requires to be routed through the lowest latency WAN regardless the WAN s available bandwidth 12 2 8 Expert Mode Expert Mode is also available for advance users Click the help test balloon and click the link turn on Expert Mode to switch on the feature Under Expert Mode a special rule Site to Site VPN Routes is displayed on the Custom Rules table It represents all Site to Site VPN routes learned from remote VPN peers By defau
51. dmin access only from the defined IP subnets When this is chosen a text input area will be displayed beneath Allowed Source IP Subnets O Any Allow access from the following IP subnets only Allowed Source IP Subnets The allowed IP subnet addresses should be entered into this text area Each IP subnet must be in form of w x y z m where W X Y Z is an IP address e g 192 168 0 0 and m is the subnet mask in CIDR format which is between 0 and 32 inclusively For example 192 168 0 0 24 To define multiple subnets separate each IP subnet one in a line For example 192 168 0 0 24 10 8 0 0 16 This is to choose which WAN IP address es the web server should listen on Allowed WAN IP Address es es Ethernet WAN 210 10 10 2 Interface IP Allowed WAN IP Address es H usgB2 C wi Fi WAN User Manual PEPWAVE MAX mobile router 18 2 Firmware Upgrade The firmware of Pepwave MAX is upgradeable through Web Admin Interface Firmware upgrade functionality is located at System gt Firmware Firmware Upgrade Current firmware version 5 2 0 No firmware upgrade available at this moment Check Again Manual Firmware Upgrade D Manual Upgrade There are two ways to upgrade the unit The first method is online firmware upgrade The system can Check Download and Upgrade over the Internet The second method is to upload a firmware file manually Cli
52. dress will be offered This option allows you to specify the Windows Internet Name Service WINS server You may choose to use the built in WINS server or external WINS servers When this unit is Site to Site VPN connected other VPN peers can share this unit s built in WINS server by entering this unit s LAN IP address in their DHCP WINS Servers setting Therefore all PC clients in the VPN can resolve the NetBIOS names of other clients in remote peers If you have enabled this option a list of WINS clients will be displayed at Status gt WINS Clients In addition to standard DHCP options e g DNS server address gateway address subnet mask you can specify the value of additional Extended DHCP Options defined in RFC 2132 In this case you can pass additional configuration information to LAN hosts To define an Extended DHCP Option click the Add button choose the option that you want to define and enter its value For values that are in IP address list format you can enter one IP address per line in the provided text area input control Each option is allowed to be defined once only This setting reserves the assignment of fixed IP addresses for a list of computers on the LAN The computers to be assigned fixed IP addresses on the LAN are User Manual PEPWAVE MAX mobile router identified by their MAC addresses The fixed IP address assignment is displayed as a cross reference list between the
53. e Syslog server The settings for configuring Remote System Log are found at System gt Remote Syslog Remote Syslog Enable Remote Syslog Host Port 514 Save Remote Syslog Settings This setting specifies whether or not to log events at the specified remote Syslog server Remote Syslog Remote Syslog Host This setting specifies the IP address or host name of the remote Syslog server This setting specifies the port number of the remote Syslog service By default the Port setting has value is 514 Port User Manual PEPWAVE MAX mobile router 18 6 SNMP SNMP or Simple Network Management Protocol is an open standard that can be used to collect information from the Pepwave MAX Mobile Router SNMP configuration is located at System gt SNMP SNMP Settings Community Name Allowed Source Network Access Mode Add SNMP Community SNMPv3 User Name Authentication Privacy Access Mode Add SNMP User SNMP Settings SNMP Device This field shows the router name defined in System gt Admin Security Name SNMP Port This option specifies the port which SNMP used The default port is set as 161 SNMPv1 This option allows you to enable SNMP version 1 SNMPv2 This option allows you to enable SNMP version 2 SNMPv3 This option allows you to enable SNMP version 3 To add a community for either SNMPv1 or SNMPv2 click the Add SNMP Community button in the Community Name table
54. ecsosecsosessesessssossesossesosssscsosessosecsosessosecsesesseseso 65 13 1 PORT FORWARDING SERVICE scassracsaassaavqantsaaeiassaacdensdaateaassaargenssaacahaosaasdensdeatunassaarGuatsaageharsaardenntaatunassante 65 13 2 UPNP 7 NAT PIVIP SETTINGS 6eccessiccsctwcscencendasdnsdateasnsetnbeclec wtaneaskanrosindednecedavsandaddssacencbedncdnedwiendasetbeadecweet 67 NAT MAPPINGS crcr a 68 OOS a niasndncienmernvaunad aus tepenviedanaseeneuaiannstntadineienai since 70 15 1 LE RS E EEA EE E E EE E IE ENEE EETA 70 15 2 BARD Vy UDA ONTROL eA E E 71 15 3 APPICCATI eaae E EE AEEA EAO EAE EA ETET EAE A EET 72 FIRE ALL rener E 74 16 1 OUTBOUND AND INBOUND FIREWALL ccceccecececececcccececececececececececsccscecececeaceceeececcececsesaeaceceeeeeaeeceeeeeass 74 16 2 INTRUSION DETECTION AND DOS PREVENTION ccceccecececececcccscecececcecececececcececececeecececeacacececeeeacececeeeaeaces 78 MISCELLANEOUS SEL TIN GS wicccwscndccececcccescdasdecosedaxccessasdsdetesensasndestccnsecasacessasuscacssansenes 79 17 1 PPIP ERU R essere a scsi eects E tev baveep cs eves nsteng pete E eneceds 79 17 2 SERVICE FORWARDING ccecececececececececececececececececececececececececececececececececececececececececececececececececececececeaeaaes 80 17 3 SERVICE PASSTH ROUGH ccanscwasacnsw scan batewansnnaidieasaabaewadacpaaw saan batowanadnaidnaaanbaewadacnnew sean balwanainadentanbaeeaiaannewseanbaoes 82 SITEN IN CS acs crs cascacacva case sons caccieneuncumeuaaaneccwaneecias
55. ed DNS records By default it is disabled Check the box to enable this option and the Pepwave MAX will automatically use Use Google DNS Google DNS Server as a backup DNS server The DNS proxy server will forward Server as DNS requests to in the case if all WAN connections Backup DNS servers become unavailable By default it is disabled This table is for defining custom local DNS records A static local DNS record consists of a Host Name and an IP Address When Local DNS looking up the Host Name from the LAN to LAN IP of Pepwave MAX the Records corresponding IP Address will be returned Press E to create a new record Press X lio remove a record User Manual PEPWAVE MAX mobile router 7 2 Wi Fi AP The Wi Fi LAN settings can be configured in Network gt LAN gt Wi Fi AP Wi Fi AP can also be switched on off on the Dashboard PEPWAVE Dashboard Network Advanced System Status LAN m Basic O Wi Fi Access Point has been turned OFF To turn it ON please go to Dashboard gt LAN Settings Interface and select ON from the dropdown menu Wi Fi AP Network Name SSID Security Policy MAC Address BSSID WAN SEES wawa persona loo aa oo an 2z ce X Click Add button to create a new SSID PEPWAVE Enable ie C Enable Wireless Network Settings Wireless Network Settings Network Name This setting allows you to specify a name to represent the virtual AP to be SSID s
56. ed Intermittent Blinking Enabled but no client associated Wi Fi AP ON Client s associated to wireless network Continuous Blinking Transferring data to wireless network User Manual PEPWAVE MAX mobile router LAN and Ethernet WAN Ports ON 100 Mbps Green LED OFF 10 Mbps Solid Port is connected without traffic Yellow LED Blinking Data is transferring OFF Port is not connected Port Type Auto MDI MDI X ports 4 1 3 Rear Panel Appearance Power Connector Terminal Block User Manual PEPWAVE MAX mobile router 4 2 MAX 700 4 2 1 Front Panel Appearance a Wi Fi LAN Connector PRAA Power LED USB Port Terminal Block NN f MAX mobile router s K WA MR aa Es ip Ayay Status Pow Reset Button LAN Ports Wi Fi AP LED Wi Fi WAN Connector Wi Fi WAN LED 4 2 2 LED Indicators The statuses indicated by the Front Panel LEDs are as follows Status Indicators OFF System initializing Status Red Booting up or busy Green Ready state Wi Fi AP and Wi Fi WAN Indicators OFF Disabled Intermittent E Blinking Trying to connect but not connected to any wireless network Wi Fi WAN j i l ON Connected to wireless network s without traffic Continuous Blinking Transferring data OFF Disabled Intermittent Ea Blinking Enabled but no client associated Wi Fi AP l l l ON Client s associate
57. ed secret over an insecure communications channel The larger the group number the higher the security Group 2 1024 bit is the default value Group 5 1536 bit is the alternative option This setting specifies the lifetime limit of this Phase 1 Security Association By default it is set at 3600 seconds Under Main Mode this allows the setting of up to 6 encryption standards in descending order of priority to be used for the IP data that is being transferred For Aggressive Mode only one selection is permitted The Perfect Forward Secrecy PFS ensures that if a key was compromised the attacker will be able to access only the data protected by that key but not any other data None Do not request for PFS when initiating connection However since there is no valid reason to refuse PFS the system will allow the connection to use PFS if requested by the remote peer This is the default value Group 2 1024 bit Diffie Hellman group The larger the group number the higher the security Group 5 1536 bit is the third option This setting specifies the lifetime limit of this Phase 2 Security Association By default it is set at 28800 seconds 11 2 IPsec Status IPsec Status shows the current connection status of each connection profile and is displayed in Status gt IPsec User Manual PEPWAVE MAX mobile router 12 Management of Outbound Traffic to WAN Pepwa
58. ed without traffic Yellow LED Blinking Data is transferring OFF Port is not connected Port Type Auto MDI MDI X ports User Manual PEPWAVE MAX mobile router 4 3 3 Rear Panel Appearance Power Connector RE EO TROY EINE PFET TA LOTR LF INS AB Ve eH eB Rm Ceilular 2 Main Cellular Antenna Connectors 10 30VDC Ce older ham Kensington Lock Cellular SIM Slots 7 User Manual PEPWAVE MAX mobile router 5 installation Connecting the Network with Pepwave MAX Mobile Router 5 1 Preparation Before installing Pepwave MAX Mobile Router please prepare the following e Atleast one Internet WAN access account and or Wi Fi access information e For each network connection e Ethernet WAN A 10 100BaseT UTP cable with RJ45 connector e USB A USB modem e Embedded Modem A SIM Card e Wi Fi WAN A Wi Fi antenna e PC Card Express Card WAN A PC Card Express Card for the corresponding card slot e A computer with TCP IP network protocol and a web browser installed Supported browsers include Microsoft Internet Explorer 7 0 or above Mozilla Firefox 3 0 or above Apple Safari 3 1 1 or above and Google Chrome 2 0 or above 5 2 Constructing the Network At the high level construct the network according to the following steps 1 With an Ethernet cable connect a computer to one of the LAN ports on the Pepwave MAX Repeat with different cables for up to 4 c
59. failed the MAX will automatically perform DNS lookups on some public DNS servers If the tests are success it means the WAN may not be down but rather the target DNS server became malfunctioned You will see the following warning message on the Main page User Manual PEPWAVE MAX mobile router 8 5 Bandwidth Allowance Monitor Bandwidth Allowance Monitor helps keep track of your network usage Bandwidth Allowance Monitor Enable Email notification is currently disabled You can get notified when usage hits 75 95 of monthly allowance by enabling Email Notification Disconnect when usage hits 100 of monthly allowance Start Day w of each month at 00 00 midnight Monthly Allowance q0 a Bandwidth Allowance Monitor If the feature Email Notification is enabled you will be notified through email when usage hits 75 and 95 of the monthly allowance Action If the box Disconnect when usage hits 100 of monthly allowance is checked this WAN connection will be disconnected automatically when the usage hits the monthly allowance It will not resume connection unless this option has been turned off or the usage has been reset when a new billing cycle starts Start Day This option allows you to define which day in the month each billing cycle begins Monthly This field is for defining the maximum bandwidth usage allowed for the WAN Allowance connection each month
60. gh Customizable MTU and MSS values WAN connection health check Dynamic DNS Supported service providers changeip com dyndns org no ip org and tzo com LAN Wi Fi AP Ethernet LAN ports DHCP server on LAN Static routing rules VPN Secure Site to Site VPN VPN load balancing and failover among selected WAN connections Site to Site VPN bandwidth bonding Ability to route Internet traffic to a remote VPN peer Optional pre shared key setting Site to Site VPN Throughput Ping and Traceroute Test PPTP server PPTP and IPsec passthrough Firewall Outbound LAN to WAN firewall rules Inbound WAN to LAN firewall rules per WAN connection Intrusion detection and prevention Specification of NAT mappings User Manual PEPWAVE MAX mobile router 3 1 5 Outbound Policy Link load distribution per TCP UDP service Persistent routing for specified source and or destination IP addresses per TCP UDP service Traffic Prioritization and DSL optimization Prioritize and route traffic to VPN tunnels with Priority and Enforced algorithms QoS Quality of Service for different applications and custom protocols User Group classification for different service levels Bandwidth usage control and monitoring on group and user level Application Prioritization for custom protocols and DSL optimization Other Supported Features User friendly web based administration interface HTTP and HTTPS support for Web Admin Interface
61. h WAN Example With the following weight settings e Ethernet WAN 10 e PC Card O e Express Card 0O e USB1 10 e USB2 O0 e Wi Fi WAN 5 Total weight is 25 10 0 0 10 0 5 Matching traffic distributed to Ethernet WAN is 40 10 25 x 100 Matching traffic distributed to PC Card is 0 0 25 x 100 Matching traffic distributed to Express Card is 0 0 25 x 100 Matching traffic distributed to USB1 is 40 10 25 x 100 Matching traffic distributed to USB2 is 0 0 25 x 100 Matching traffic distributed to Wi Fi WAN is 20 5 25 x 100 User Manual PEPWAVE MAX mobile router 12 2 2 Algorithm Persistence The configuration of using Persistence for algorithm is the solution to the few situations where link load distribution for Internet services is undesirable For example many e banking and other secure websites for security reasons terminate the session when the client computer s Internet IP address changes during the session In general different Internet IP addresses represent different computers The security concern is that an IP address change during a session may be the result of an unauthorized intrusion attempt Therefore to prevent damages from the potential intrusion the session is terminated upon the detection of an IP address change Pepwave MAX can be configured to distribute data traffic across multiple WAN connections Also the Internet IP depends on the WAN
62. hen forward the connection to the forwarded SMTP server if the chosen WAN has enabled forwarding If the forwarding is disabled for a WAN connection SMTP connections for the WAN will be simply forwarded to the connection s original destination If you want to route all SMTP connections only to particular WAN connection s you should create a rule in Outbound Policy see section 11 2 17 2 2 Web Proxy Forwarding Web Proxy Forwarding Setup Web Proxy Interception Settings Peyser G Address 202 43 66 76 Port 8080 Connection Enable Forwarding Proxy Server IP Address Port ws dO CS WF WAN TE When this feature is enabled the Pepwave MAX will intercept all outgoing connections destined for the proxy server specified in Web Proxy Interception Settings choose a WAN connection with reference to the Outbound Policy and then forward them to the specified web proxy server and port number Redirected server settings for each WAN can be set here If forwarding is disabled for a WAN web proxy connections for the WAN will be simply forwarded to the connection s original destination 17 2 3 DNS Forwarding DNS Forwarding Setup When DNS Forwarding is enabled all clients outgoing DNS requests will also be intercepted and forwarded to the built in DNS proxy server User Manual PEPWAVE MAX mobile router 17 3 Service Passthrough Service Passthrough settings can be found in Advanced gt Misc Settings gt Service
63. ile user is a read only account The read only account can only access the device s status information and cannot make any change on the device Papaye MAX HH 5 1 0 bad 1132 S O day O hoar 15 menutes P i h You logged in as a read only user 0 0 Mops 910 1 Mbps Opeth ee AA mmie Copright Pepwave All ngphts reread ght i Papas rights ne Admin Account UI User Account UI A web login session will be logged out automatically when it has been idled for a longer time than the Web Session Timeout The default timeout is 4 hours O minute Before the session expires you may click the Logout button in the Web Admin to exit from the session For security reasons after logging in to the administration interface at the first time changing the administrator password is recommended Configuring the administration interface to be accessible only from the LAN can further improve system security Administrative Settings configuration is located at System gt Admin Security User Manual PEPWAVE MAX mobile router Hours 0 Minutes Enable MS CHAP v2 Default Hide Characters 3 seconds Hide Characters HTTP 80 HTTPS H3 Default HTTP LANAWAN HTTPS LAN Only WAN Connection Access Settings O Any Allow access from the following IP subnets only Connection IP Address es W Ethernet WAN 210 10 10 2 Interface IP L Express Card Ipc Card J
64. ing country you have chosen in the previous section is selected Wi Fi AP Advanced Settings This option allows you to enable the Spanning Tree Protocol to prevent path STP redundancy By default it is disabled See Section 9 1 for details This option allows you to choose whether clients on the network should be able to communicate with each other directly If the checkbox Enable is selected clients are allowed to communicate with Layer 2 each other directly and traffic will not be passed to any uplink equipment Communication If this option is disabled clients are not allowed to communicate directly Traffic will be passed to uplink equipments uplink routers before communication can be established among clients By default it is enabled This option allows you to select between V1 or V2 of the 802 1X EAPOL When V1 is selected both V1 and V2 clients are allowed to associate with this Wi Fi AP 802 1X Version When V2 is selected only V2 clients can associate with this Wi Fi AP Most wireless clients support V2 Select the option V1 in case if there are stations that do not support V2 By default V2 is selected This option is for setting the transmit bit rate for sending a beacon By default 1Mbps is selected Beacon Rate This option is for setting the time interval between each beacon Beacon Interval By default 100ms is selected This field allows you to set the frequency for the beacon to include Delive
65. irmware 5 1 requires the same firmware version for all devices in the VPN network Please make sure that both ends of the Pepwave MAX or Peplink devices are running with the same firmware version Important Note Pepwave proprietary Site to Site VPN used TCP and UDP port 32015 for establishing VPN connections If you have a firewall in front of the devices you will need to add firewall rules for these port and protocols which will allow inbound and outbound traffic pass through the firewall User Manual PEPWAVE MAX mobile router Want to know more about VPN Sub Second Session Failover Visit our YouTube Channel for a video tutorial Mi Pe rem me ee eee Le n am i he ise ee http youtu be TLOgdpPSY88 User Manual PEPWAVE MAX mobile router 10 3 Pepwave MAX Behind NAT Router The Pepwave MAX supports establishing Site to Site VPN over WAN connections which are behind a NAT Network Address Translation router To be able for a WAN connection behind a NAT router to accept VPN connections you can configure the NAT router in front of the WAN connection to forward TCP port 32015 to it If one or more WAN connections on Unit A can accept VPN connections by means of port forwarding or not while none of the WAN connections on the peer Unit B can do so you should put all public IP addresses or host names of the Unit A to the Unit B s Peer IP
66. ite here Main Mode Choose this Main Mode if both IPsec peers use static IP addresses Aggressive Mode Choose this Aggressive Mode if one of the IPsec peers use dynamic IP addresses Force UDP For UDP encapsulation to be forced regardless of the NAT Traversal tick this checkbox User Manual PEPWAVE MAX mobile router Encapsulation Pre shared Key Local ID Remote ID Phase 1 IKE Proposal Phase 1 DH Group Phase 1 SA Lifetime Phase 2 ESP Proposal Phase 2 PFS Group Phase 2 SA Lifetime This defines the peer authentication pre shared key to be used to authenticate this VPN connection The connection will be up only if the pre shared keys on each side match Under Main Mode this field can be left blank Under Aggressive Mode if Remote Gateway IP Address field is filled on this end and the peer end this field can be left blank Otherwise this field is typically a U FQDN Under Main Mode this field can be left blank Under Aggressive Mode if Remote Gateway IP Address field is filled on this end and the peer end this field can be left blank Otherwise this field is typically a U FQDN Under Main Mode this allows the setting of up to 6 encryption standards in descending order of priority to be used in the initial connection key negotiations For Aggressive Mode only one selection is permitted This is the Diffie Hellman group used within IKE This allows two parties to establish a shar
67. ituation they have to be binded to the same WAN connection Otherwise problems will arise in transferring files By default the Pepwave MAX FTP monitors TCP control connections on port 21 for any FTP connections and binds TCP connections of the same FTP session to the same WAN If you have an FTP server listening on a port number other than 21 you can check the box Define custom control ports and enter the port numbers to the text boxes The Pepwave MAX monitors outgoing TFTP connections and routes any incoming TFTP TFTP data packets back to the client Select Enable if you want to enable the TFTP Passthrough support This field is for enabling the support of IPsec NAT T Passthrough UDP ports 500 4500 and 10000 are monitored by default You may add more custom data ports that your IPsec system uses by checking the box Define custom ports If the VPN contains IPsec Site to Site VPN traffic you have to check the box Route IPsec Site to Site VPN and choose the WAN connection to route the traffic to IPsec NAT T If you have IPsec Site to Site VPN traffic routed check the Route IPsec Site to Site VPN option and select a WAN to force routing such traffic to the specified WAN User Manual PEPWAVE MAX mobile router 18 System Settings 18 1 Admin Security There are two user accounts available for accessing the Web Admin Usernames are admin and user They represent two user levels admin has full administration access wh
68. l drop down menu This setting specifies the behavior of Pepwave MAX for the custom rule One of the following values can be selected e Weighted Balance e Persistence e Enforced Algorithm ae e Priority e Overflow e Least Used e Lowest Latency The upcoming sections present the details of the listed algorithms User Manual PEPWAVE MAX mobile router This setting specifies whether to terminate existing IP sessions on a less preferred WAN connection in the event that a more preferred WAN connection is recovered This setting is applicable to the Algorithms Weighted Persistence Terminate and Priority Sessions on Link By default this is disabled In this case all existing IP sessions will not be Recovery terminated or affected when any other WAN connection is recovered If it is set to enabled existing IP sessions may be terminated when another WAN connection is recovered such that only the preferred healthy WAN connection s are used at any point in time 12 2 1 Algorithm Weighted Balance This setting specifies the ratio of WAN connection usage to be applied on the specified IP Protocol amp Port and is applicable only when Algorithm is set to Weighted Balance D Weighted Balance Load Distribution D Weight The amount of matching traffic that is distributed to a WAN connection is proportional to the weight of the WAN connection relative to the total weight Use the sliders to change the weight for eac
69. lt this bar is on the top of all custom rules That means traffic for remote VPN subnets will be routed to its corresponding VPN peer You can create custom Priority or Enforced rules and move them above the bar to override the Site to Site VPN Routes Upon disabling the Expert Mode all rules above the bar will be deleted This table allows you to fine tune how the outbound traffic should be wv f Protocol distributed to the WAN Destination Port connections z Click the Add Rule button to add a Persistence Src Any IP Network TCP new rule Click the X button to Auto 192 168 50 0 24 443 remove a rule Drag a rule to Site to Site VPN Routes promote or demote its precedence A higher position of a Lowest Latency rule signifies a higher precedence You may change the default Add Rule outbound policy behavior by clicking the Default link If you require advanced control of 25 VPN traffic tur Wil Expert User Manual PEPWAVE MAX mobile router 13 Port Forwarding 13 1 Port Forwarding Service Pepwave MAX can act as a firewall that blocks by default all inbound access from the Internet By using Port Forwarding Internet users can access the servers behind Pepwave MAX Inbound Port Forwarding rules can be defined at Advanced gt Port Forwarding IP Address es Protocol Action Ethernet WAN default 192 168 1 10 TCP 80 Delete ___ Add Service To define a
70. n This connection method is suitable if ISP provides login ID password to connect via PPPoE Obtain DNS server address automatically 123 123 123 1 210 210 210 1 L Use the following DNS server address es DNS Server 1 DNS Server PPPoE Settings IP Address Subnet Mask Default This information is obtained from the ISP automatically Gateway Enter the required information in these fields in order to connect via PPPoE to the ISP The parameter values are determined by and can be obtained from the ISP PPPoE User Name Password Confirm PPPoE backward Verify your password by entering it again in this field Service Name is provided by the ISP Service Name Note Leave this field blank unless it is provided by your ISP Each ISP may provide a set of DNS servers for DNS lookups This setting specifies the DNS Domain Name System Servers to be used when a DNS lookup is routed through this connection Selecting Obtain DNS server address automatically results in the DNS Servers assigned by the PPPoE server to be used for outbound DNS lookups over the WAN connection The DNS Servers are obtained along with the WAN IP address assigned from the PPPOE server When Use the following DNS server address es is selected you can put custom DNS server addresses for this WAN connection into the DNS server 1 and DNS server 2 fields DNS Servers User Manual PEPWAVE MAX mobile router 8 1 4 Dynami
71. new service click the Add Service button upon which the following appears an f clear Ethernet WAN 123 123 123 1 Interface IP LI wi Fi Hotspot Required Fields _Save_ _ Cancel Port Forwarding Settings This setting specifies whether the inbound service rule takes effect When Yes is selected the inbound service rule takes effect If the inbound traffic matches the specified IP Protocol and Port action will be taken by Pepwave MAX based on the other parameters of the rule When No is selected the inbound service rule does not take effect Pepwave MAX will disregard the other parameters of the rule Enable This setting identifies the service to the System Administrator Service Name Valid values for this setting consist only of alphanumeric and the underscore _ characters User Manual PEPWAVE MAX mobile router IP Protocol Port The IP Protocol setting along with the Port setting specifies the protocol of the service as TCP UDP ICMP or IP Traffic that is received by Pepwave MAX via the specified protocol at the specified port s is forwarded to the LAN hosts specified by the Servers setting Please see below for details on the Port and Servers settings Alternatively the Protocol Selection Tool drop down menu can be used to automatically fill in the Protocol and a single Port number of common Internet services e g HTTP HTTPS etc After selecting an item fr
72. ng box es to enable UPnP and or NAT PMP Enable these features only if you trust the computers on the LAN Enable Enable A table listing all the forwarded ports under these two protocols can be found at Status gt UPnP NAT PMP User Manual PEPWAVE MAX mobile router 14 NAT Mappings The configuration of NAT Mappings allows the IP address mapping of all inbound and outbound NAT ed traffic to and from an internal client IP address The settings to configure NAT Mappings are located at Advanced gt NAT Mappings LAN Host Inbound Mappings Outbound Mappings Action 192 168 1 23 WAN1 29 123 123 13 WAN1 29 123 123 13 Delete 192 168 1 24 WAN2 30 21 21 12 WAN2 30 21 21 12 Delete Add NAT Rule _ To add a rule for NAT Mappings click Add NAT Rule upon which the following screen will be displayed IP Address W Connection Inbound IP Address es WAN 1 WAN 2 Wi Fi WAN Cellular 1 Cellular 2 USB O Connection Outbound IP Address Save Cancel User Manual PEPWAVE MAX mobile router NAT Mapping Settings NAT Mapping rules can be defined for a single LAN IP Address an IP Range or an IP Network LAN Client s This refers to the LAN host s private IP address The system maps this address to a number of public IP addresses specified below in order to facilitate inbound and outbound traffic This option is only available when IP Address is
73. nual PEPWAVE MAX mobile router 18 7 Configuration Backing up the Pepwave MAX settings immediately after successful completion of the initial setup is strongly recommended The functionality to download and upload Pepwave MAX settings is found at System gt Configuration D Configuration File 18 7 1 Restore Configuration to Factory Settings The Restore Factory Settings button is to reset the configuration to the factory default settings You have to click the Apply Changes button to make the settings effective 18 7 2 Downloading Active Configurations The Download button is to backup the current active settings Click Download and save the configuration file 18 7 3 Uploading Configurations To restore or change settings based on a configuration file click Browse to locate the configuration file on the local computer and then click Upload The new settings can then be applied by clicking the Apply Changes button on the page header or discard at the Main page of Web Administration Interface User Manual PEPWAVE MAX mobile router 18 8 Reboot This page provides a Reboot button for restarting the system For highest reliability Pepwave MAX is equipped with two copies of firmware of different version You can select the firmware version you would like the device to reboot with The firmware marked with Running is the current system boot up firmware Please note that a firm
74. om the Protocol Selection Tool drop down menu the Protocol and Port number remains manually modifiable The Port setting specifies the port s that correspond to the service and can be configured to behave in one of the following manners Any Port Single Port Port Range and Port Map Any Port All traffic that is received by Pepwave MAX via the specified protocol is forwarded to the servers specified by the Servers setting For example with IP Protocol set to TCP and Port set to Any Port all TCP traffic is forwarded to the configured servers single Port Service Port Single Port Traffic that is received by Pepwave MAX via the specified protocol at the specified port is forwarded via the same port to the servers specified by the Servers setting For example with IP Protocol set to TCP and Port set to Single Port and Service Port 80 TCP traffic received on Port 80 is forwarded to the configured servers via Port 80 Port Range Service Ports Port Range Traffic that is received by Pepwave MAX via the specified protocol at the specified port range is forwarded via the same respective ports to the LAN hosts specified by the Servers setting For example with IP Protocol set to TCP and Port set to Single Port and Service Port 80 88 TCP traffic received on ports 80 through 88 is forwarded to the configured servers via the respective ports Fort Mapping Service Port Map to Port Por
75. omputers to be connected 2 With another Ethernet cable or a USB modem Wi Fi antenna PC Card Express Card connect it to one of the WAN ports on the Pepwave MAX Repeat the same procedure for other WAN ports 3 Connect the power adapter to the power connector on the rear panel of Pepwave MAX and then plug it into a power outlet The following figure schematically illustrates the configuration that results Embedded 3G Modem Built in 4G na Satellite Wi Fi Receiver DSL Cable 3G Ethernet Modem Wi Fi Built in Wi Fi Access Point 4 Port Gigabit Ethernet Switch User Manual PEPWAVE MAX mobile router 5 3 Configuring the Network Environment To ensure that Pepwave MAX works properly in the LAN environment and can access the Internet via the WAN connections please refer to the following setup procedures e LAN Configuration For basic configuration refer to Section 6 Connecting to Web Admin Interface For advanced configuration go to Section 7 Configuration of LAN Interface s e WAN Configuration For basic configuration refer to Section 6 Connecting to Web Admin Interface For advanced configuration go to Section 8 Configuration of WAN Interface s 5 4 Mounting the Unit 5 4 1 Wall Mount Pepwave MAX can be mounted on the wall by screwing After adding the screw on the wall slide the MAX in the screw hole socket as indicated below Recommeneded Screw Specification M3 5 x 20mm
76. onnection User Manual PEPWAVE MAX mobile router 18 10 Traceroute Test The Traceroute Test tool in Pepwave MAX traces the routing path to the destination through a particular Ethernet interface or a Site to Site VPN connection The Traceroute Test utility is located at System gt Tools gt Traceroute illustrated as follows Traceroute Ethernet WAN pepwave com USB LAN Start _ Stop S2SVPN VPN Connection 1 traceroute te 30 hops max 40 byte packets _ 8 S ee on i 2 36 re 4 5 5 A Tip A System Administrator can use the Traceroute utility to analyze the connection path of a LAN WAN connection 18 11 VPN Test The VPN Test tool can help to test the throughput between different VPN peers You can define the Test Type Direction and Duration of the test and press Go to perform the throughput test The VPN Test utility is located at System gt Tools gt VPN Test illustrated as follows VPN Throughput Test CS o upod Downoad Preparing throughput test Starting throughput test ok 0 0313 MB 1 00 sec 0 2614 Mbps O0 retrans 1750 MRA 7 1 00 ser 1 0485 Mhrs 0 retrans User Manual PEPWAVE MAX mobile router 19 Status This section displays the information of Pepwave MAX on the Device Active Sessions Client List WINS Client List Site to Site VPN UPnP NAT PMP Event Log and Bandwidth 19 1 Device System information is located at
77. ons only Pepwave MAX provides the functionality to periodically check the health of each WAN connection The Health Check settings for each WAN connection can be independently configured via Network gt WAN gt Details Health Check Settings This setting specifies the health check method for the WAN connection The value of Method can be configured as Disabled Ping or DNS Lookup The Method default method is DNS Lookup For Mobile Internet connection the value of Method can be configured as Disabled or SmartCheck Health Check Disabled ealth Check iol oes Disabled Health Check disabled Network problem cannot be detected When Disabled is chosen in the Method field the WAN connection will always be considered as up The connection will not be treated as down in the event of IP routing errors Health Check Method PING Qro T i Use first two DNS servers as Ping Hosts The ICMP PING packets will be issued to test the connectivity with a configurable target IP address or host name A WAN connection is considered as up if PING responses are received from either one or both of the PING Hosts This setting specifies IP addresses or host names with which connectivity is to be tested via ICMP Ping If Use first two DNS servers as Ping Hosts is checked the target PING Host will be the first DNS server for the corresponding WAN connection Reliable PING hosts with a high uptime should be considered B
78. ork Outbound traffic can be redirected and go through VPN tunnels with custom outbound policies please refer to section 11 for details 10 1 Configuring a Site to Site VPN Profile PEPWAVE pashboard Network Advanced System Status 10 10 10 152 10 10 10 153 Pepwave MAX supports making two Site to Site VPN connections with a remote Pepwave MAX unit or a Peplink Balance 210 310 380 580 710 1350 The local LAN subnet and subnets behind the LAN defined under Static Route in the LAN settings page will be advertised to the VPN All VPN members branch offices and headquarters will be able to route to the local subnets Note that all LAN subnet and subnets behind it have to be unique Otherwise VPN members will not be able to access each other User Manual PEPWAVE MAX mobile router All data can be routed over the VPN with 256 bit AES encryption standard To configure navigate to Advanced gt Site to Site VPN click the Add VPN Connection button to create a new VPN profile VPN Settings VPN Connection 1 C j B 256 bitAcs Off 1824 1234 5678 C Remote client is set up in high availability mode W Hide Characters 123 123 123 1 6 If this field is empty this field on the peer site must be filled 1 Highest 6 Lowest 1 Highest 1 Highest VPN Settings Active Encryption Peer Serial Number Pre shared Key Peer IP Addresses Host Names Check this
79. outer IP Address Subnet Mask Default Gateway I DNS Servers WAN Connection Name Standby State Health Check Method Bandwidth Allowance Monitor Wi Fi Association Mode Connect to Any Open Mode AP Reply to ICMP PING This information is obtained from the Wi Fi access point automatically This field is for defining a name to represent this WAN connection This setting specifies the state of the WAN connection while in standby The available options are Remain Connected hot standby and Disconnect cold standby This setting allows you to specify the health check method for the WAN connection The available options are Disabled Ping and DNS Lookup The default method is Disabled See Section 8 4 for configuration details This option allows you to enable bandwidth usage monitoring on this WAN connection for each billing cycle When this is not enabled bandwidth usage of each month is still being tracked but no action will be taken See Section 8 5 for configuration details This option is to specify the Wi Fi access point selection criteria during association When Stronger Signal Strength is selected the access point that matches one of the listed Wi Fi Connection Profiles and has the strongest received signal will be selected regardless of its profile priority When Profile Priority is selected the access point that matches one of the listed of Wi Fi Connection Profiles and has the highest
80. riority Not In Use MARN herne WAN PC Card Wi Fi WAN Lowest Priority Starting from firmware 5 2 outbound traffic can be prioritized to go through Site to Site VPN connection s By default VPN connections are not included in the priority list This applies only to Peplink Balance 210 or above Tip Configure multiple distribution rules to accommodate different kinds of services User Manual PEPWAVE MAX mobile router 12 2 5 Algorithm Overflow The traffic matching this rule will be routed through the healthy WAN connection that has the highest priority and is not in full load When this connection gets saturated new sessions will be routed to the next healthy WAN connection that is not in full load Drag and drop to specify the order of WAN connections to be used for routing traffic Only the highest priority healthy connection that is not in full load will be utilized 12 2 6 Algorithm Least Used Ethernet WAN Express Card PC Card USB1 USB2 Wi Fi WAN The traffic matching this rule will be routed through the healthy WAN connection that is selected in the field Connection and has the most available downstream bandwidth The available downstream bandwidth of a WAN connection is calculated from the total downstream bandwidth specified in the WAN settings page and the current downstream usage The available bandwidth and WAN selection is determined every time when an IP session is ma
81. ry DTIM Traffic Indication Message The interval is measured in millisecond The default value is set to 1 ms This field allows you to set the minimum packet size for the unit to send an RTS using the RTS CTS handshake Setting this field to zero will disable this option The default value is set to 0 RTS Threshold This field is for specifying the unit wait time before it transmits a packet By default this field is set to 9 us Slot Time This field is for setting the wait time to receive an acknowledgement packet ACK Timeout before performing a retransmission By default this field is set to 48 us There are 3 selections available in this setting The first is 20 where the channel bonding is off and the channel width is 20 Channel Bonding MHz If 20 40 is selected the AP will automatically choose the channel widths between 20 and 40 MHz User Manual PEPWAVE MAX mobile router a f x r ee If 40 is chosen channel bonding will be enforced and the channel width will just be 40 MHz This option allows you to enable frame aggregation to increase transmission Frame Aggregation throughput This is where you opt for a short or long guard period interval for your transmissions Guard Interval User Manual PEPWAVE MAX mobile router 9 1 STP Spanning Tree Protocol STP i Enable Bridge Priority A 32768 Ethernet Path Cost STP Settings
82. s enabled The IP Address List represents the list of fixed Internet IP addresses assigned by the ISP in the event that more than one Internet IP addresses are assigned to this WAN connection Enter the fixed Internet IP addresses and the corresponding subnet mask and then click the Down Arrow button to populate IP address entries to the IP Address List User Manual PEPWAVE MAX mobile router 8 1 1 DHCP Connection The DHCP connection method is suitable if the ISP provides an IP address automatically by DHCP e g Satellite Modem WiMAX Modem Cable Metro Ethernet etc Connesion Method ESSAI IP Address 10 10 10 123 255 255 0 0 f 10 10 10 1 Obtain DNS server address automatically 100 9 1 1 L Use the followi ng ONS server address es DNS Server 1 DNS Server 2 d Use custom hostname DHCP Settings IP Address Subnet Mask This information is obtained from the ISP automatically Default Gateway Each ISP may provide a set of DNS servers for DNS lookups This setting specifies the DNS Domain Name System Servers to be used when a DNS lookup is routed through this connection Selecting Obtain DNS server address automatically results in the DNS Servers DNS Servers to be assigned by the WAN DHCP Server to be used for outbound DNS lookups over the connection The DNS Servers are obtained along with the WAN IP address assigned from the DHCP server When Use the following DNS server addre
83. scanucanevenssanseatuanneaeaseanidsmiscneuessasiauasusanensaseanes 15 5 1 PREPARATION ec ctetcas scree etens ete sais ce peseectna tele aio area ttn Sane nadie eae sia oie clecs seas eas E emia uaceanaesastenbe ee auueus 15 5 2 CONSTRUCTING THE NETWORK cceccccecscsceccccececececssceeececsseeeeeecessscueeeecesseueececsseseesececesseeeeceeesueeeeceeeses 15 5 3 CONFIGURING THE NETWORK ENVIRONMENT cececececscecscccscscccscccscscscscceccecseaeessceeseseseeeeeaeaeaeaeaeevavenavanes 16 5 4 MOUNTING TAE NIT orreina EEE ert wc acter eres see cious ence asa etme eeied cen E EAS 16 6 CONNECTING TO WEB ADMIN INTERFACE ccccccccccccccccccccccccccccccccccccccsccccccss 18 7 CONFIGURATION OF LAN INTERFACE S csccsceccscscsccsccccsccccsccscccsscccsccccscesccssccees 20 7 1 BASCO ETEN G ae E E E E E E ee 20 7 2 WERA e e A E see 23 8 CONFIGURATION OF WAN INTERFACE S ccscscsscscsccscsccscccssccccscescccsccccsccsccssccees 25 8 1 ff ETE RIED WIN eases Saeco E sw ceecinbnneesacaeacie to E E 26 8 2 el Express Caro El PC CARD YT USB1 4 cocccccccccccsssscssssssssessesessvssestssessssestesssesssseesssvssseaseseeseseeees 34 8 3 E WI FI WAN ccccccccccccecccccceccccccosceccsescstcsecesteseccsseccecssescecssestesesseassuesacessesaesssesaesseeaesusenesacesnecaees 37 8 4 WAN HEALTH CHECK ceccccecececcecccccecececeesceceseeeeeeceseseeeeeecesseeeececesseeeeeecssaueeseseceseueeeeceseseueeeeceeeseuees 40 8 5 BANDWIDTH ALLOWANC
84. sed With the selection of this policy outbound traffic behavior can be managed by Managed by defining custom rules Custom Rules Rules can be defined in a custom rule table A default rule can be defined for connections that cannot be matched with any one of the rules The default policy is Normal Application Compatibility Tip Want to know more about how to create outbound rules Visit our YouTube Channel for a video tutorial Popes baone Aro Amen sy sion meeta A vicoge es http youtu be rKH4AS bOnE User Manual PEPWAVE MAX mobile router 12 2 Custom Rules For Outbound Policy Click La p the Outbound Policy form Choose Managed by Custom Rules and press the Save button The following screen will then be displayed Outbound Policy Managed by Custom Rules Custom Rules Worac and drop rows to wees rule order Segvice Algorithm Source Destination _ Protocol Port __ le aaa TCP 443 b eol Add Rule The bottom most rule is Default Edit this rule to change the device s default way to control outbound traffic for all connections that does not match any rules above it Click on the service name Default to change its settings You may drag and drop a row to rearrange the priority of outbound rules Edit Default Custom Rule Default Rule Ethernet WAN 10 PC Card 10 X X X ss X _ _ _ SsS __ ExpressCard 10 u
85. sed in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio TV technician for help This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment IEEE 802 11b or 802 119 operation of this product in the U S A is firmware limited to channels 1 through 11 IMPORTANT NOTE FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated
86. selected Address The IP range is a contiguous group of private IP addresses used by the LAN host The system maps these addresses to a number of public IP addresses specified below to facilitate outbound traffic This option is only available when IP Range is selected Range The IP network refers to all private IP addresses and ranges managed by the LAN host The system maps these addresses to a number of public IP addresses specified below to facilitate outbound traffic This option is only available when IP Network is selected Network This setting specifies the WAN connections and corresponding WAN specific Internet IP addresses on which the system should bind on Any access to the specified WAN connection s and IP address es will be forwarded to the LAN Host This option is only available when IP Address is selected in LAN Client s field Note 1 Inbound Mapping is not needed for WAN connections in drop in or IP forwarding mode Note 2 Each WAN IP address can be associated to one NAT Mapping only Inbound Mappings This setting specifies the WAN IP addresses should be used when an IP connection is made from a LAN host to the Internet Each LAN host in an IP range or IP network will be evenly mapped to one of each selected WAN s IP addresses for better IP address utilization in a persistent Outbound manner for better application compatibility Mappings Note 1 If you do not want to use a specific WAN for outgoing a
87. ss es is selected you may enter custom DNS server addresses for this WAN connection into the DNS server 1 and DNS server 2 fields Hostname If your service provider s DHCP server requires you to supply a hostname value upon acquiring an IP address you may enter the value here If your service provider does not provide you with the value you can safely bypass this option Optional User Manual PEPWAVE MAX mobile router 8 1 2 Static IP Connection This Static IP connection method is suitable if ISP provides a static IP address to connect directly IP Address Subnet Mask Default Gateway Use the following DNS server address es INS Servers DNS Server 1 DNS Server 2 Static IP Settings IP Address These settings allow you to specify the information required in order to Subnet Mask communicate on the Internet via a fixed Internet IP address Default Gateway The information is typically determined by and can be obtained from the ISP Each ISP may provide a set of DNS servers for DNS lookups This field specifies the DNS Domain Name System Servers to be used when a DNS lookup Is routed through this connection You can input the ISP provided DNS server addresses into the DNS server 1 and DNS server 2 fields If no address is entered here this link will not be used for DNS lookups DNS Servers User Manual PEPWAVE MAX mobile router 8 1 3 PPPoE Connectio
88. ssi io USB2 10 Wi Fi WAN 10 _ _ j J erabe Save Cancel By default Auto is selected for the option Default Rule You can select Custom in order to change the Algorithm to be used Please refer to the upcoming sections for the details of the available algorithms To create a custom rule click Add Rule at the bottom of the table and the following window will be displayed User Manual PEPWAVE MAX mobile router Add a New Custom Rule New Custom Rule EOT mw S 50 a eli 52852550 nom O eee Ethernet WAN 10 Express Card 10 New Custom Rule Settings Service Name This setting specifies the name of the custom rule This setting specifies whether the outbound traffic rule takes effect With an Enable value of Yes the rule takes effect traffic is matched and actions Enable are taken by Pepwave MAX based on the other parameters of the rule With an Enable value of No the rule does not take effect Pepwave MAX disregards the other parameters of the rule This setting specifies the source IP Address IP Network or MAC Address for Source outbound traffic that matches the rule This setting specifies the destination IP Address or IP Network for outbound Destination traffic that matches the rule This setting specifies the IP Protocol and Port of outbound traffic that matches Protocol and Port this rule You may select some common protocol from the Protocol Selection Too
89. t Mapping Traffic that is received by Pepwave MAX via the specified protocol at the specified port is forwarded via a different port to the servers specified by the Servers setting For example with IP Protocol set to TCP and Port set to Port Map Service Port 80 and Map to Port 88 TCP traffic on Port 80 is forwarded to the configured servers via Port 88 Please see below for details on the Servers setting User Manual PEPWAVE MAX mobile router Range Mapping Service Ports Map to Ports Range Mapping traffic that is received by Peplink Balance via the specified protocol at the specified port range is forwarded via a different port to the servers specified by the Servers setting This setting specifies the WAN connections and Internet IP address es from Inbound IP which the service can be accessed Address es It is required to select at least one IP address Server IP This setting specifies the LAN IP address of the server that handles the requests Address for the service 13 2 UPnP NAT PMP Settings UPnP and NAT PMP are network protocols which allow a computer on the LAN to automatically configure the router to allow parties on the WAN to connect to itself In this way the process of inbound port forwarding is automated When a computer creates a rule using these protocols the specified TCP UDP port of all WAN connections default IP address will be forwarded Check the correspondi
90. t to advertise the speed to the peer by selecting the Advertise Speed checkbox This setting specifies the Maximum Transmission Unit By default MTU is set to Custom 1440 You may adjust the MTU value by editing the text field Click Default to restore the default MTU value Select Auto and the appropriate MTU value will be automatically detected The auto detection will run each time when the WAN connection establishes This setting should be configured based on the maximum payload size that the local system can handle The MSS Maximum Segment Size is computed from the MTU minus 40 bytes for TCP over IPv4 If MTU is set to Auto the MSS will also be set automatically By default MSS is set to Auto This setting allows you to configure the MAC address Some service providers e g cable providers identify the clients MAC address and require the client to always use the same MAC address to connect to the network In such cases change the WAN interface s MAC address to the original client PC s one via this field The default MAC Address is a unique value assigned at the factory In most cases the default value is sufficient Clicking the Default button restores the MAC Address to the default value User Manual PEPWAVE MAX mobile router Reply to ICMP PING Additional Public IP Address If this field is disabled the WAN connection will not respond to ICMP PING requests By default this i
91. tandards for wireless communications e g WIMAX LTE DHCP Dynamic Host Configuration Protocol DNS Domain Name System EVDO Evolution Data Optimized HSDPA High Speed Downlink Packet Access GRE Generic Routing Encapsulation HTTP Hyper Text Transfer Protocol ICMP Internet Control Message Protocol IP Internet Protocol LAN Local Area Network MAC Address Media Access Control Address MTU Maximum Transmission Unit MSS Maximum Segment Size NAT Network Address Translation PPPOE Point to Point Protocol over Ethernet QoS Quality of Service SNMP Simple Network Management Protocol TCP Transmission Control Protocol UDP User Datagram Protocol VPN Virtual Private Network VRRP Virtual Router Redundancy Protocol WAN Wide Area Network WINS Windows Internet Name Service WLAN Wireless Local Area Network User Manual PEPWAVE MAX mobile router 3 Product Features Pepwave MAX enables all LAN users to share broadband Internet connections and provide advanced features to enhance Internet access The following is the list of Supported features on Pepwave MAX Mobile Router 3 1 3 1 1 Supported Network Features WAN Ethernet WAN Connection in Full Half Duplex USB WAN connections PC Card WAN connection Express Card WAN connection Wi Fi WAN connection Network Address Translation NAT Port Address Translation PAT Inbound and Outbound NAT mapping IPsec NAT T and PPTP packet passthrough MAC address clone and passthrou
92. than the download bandwidth When this option is enabled the download bandwidth of the WAN can be fully utilized in any situation When a DSL cable circuit s uplink is congested the download bandwidth will be affected Users will not be able to download data in full speed until the uplink becomes less congested The DSL Cable Optimization can relieve such issue When it is enabled the download speed will become less affected by the upload traffic By default this feature is enabled User Manual PEPWAVE MAX mobile router 16 Firewall A firewall is a mechanism that selectively filters data traffic between the WAN side the Internet and the LAN side of the network It can protect the local network from potential hacker attacks offensive Web sites and or other inappropriate uses The firewall functionality of Pepwave MAX supports the selective filtering of data traffic in both directions e Outbound LAN to WAN Inbound WAN to LAN e Intrusion Detection and DoS Prevention With Site to Site VPN enabled see Section 10 the firewall rules also apply to VPN tunneled traffic 16 1 Outbound and Inbound Firewall The outbound and inbound firewall settings are located in Advanced gt Firewall i Default aay C B ___AddRule Rule Source IP Port Upon clicking Add Rule the following screen appears New Firewall Rule Protocol 5 Any x Protocol Selection Tool E A E Any
93. to be used for making VPN connections WAN connections set to OFF will never be used Only available WAN connections with the highest priority will be utilized WAN Connection Priority 10 2 Link Failure Detection Link Failure Detection l TO Recommended Approx 15 secs Fast Approx 6 secs Faster Approx 2 secs Extreme Under 1 sec Shorter detection time incurs more health checks and higher bandwidth overhead Link Failure Detection The bonded Site to Site VPN can detect routing failures on the path between two sites over each WAN connection Failed WAN connections will not be used to route VPN traffic Health check packets are sent to the peer to detect any failure The more frequent checks it sends the shorter detection time but the higher bandwidth overhead will be consumed When Recommended is selected a health check packet is sent out every 5 Link Failure seconds and the expected detection time is 15 seconds Detection Time When Fast is selected a health check packet is sent out every 3 seconds and the expected detection time is 6 seconds When Faster is selected a health check packet is sent out every 1 second and the expected detection time is 2 seconds When Extreme is selected a health check packet is sent out every 0 1 second and the expected detection time is under 1 second By default Recommended is selected Important Note to Users Upgrading to Firmware 5 1 The Site to Site VPN in f
94. upon which the following screen will be displayed T E oee OOO SNMP Community Setting 255 255 2550 Save User Manual PEPWAVE MAX mobile router SNMP Community Settings Community Name This setting specifies the SNMP Community Name Allowed Source Subnet Address Allowed Source Subnet Mask This setting specifies a subnet from which access to the SNMP server is allowed Enter subnet address here e g 192 168 1 0 This setting specifies the subnet mask that corresponds to the subnet specified via Allowed Source Subnet Address e g 255 255 255 0 To define a user name for SNMPv3 click Add SNMP User in the SNMPv3 User Name table upon which the following screen is displayed SNMPyv3 User Setting Save SNMPv3 User Settings User Name Authentication Protocol Authentication Password Privacy Protocol Privacy Password This setting specifies a user name to be used in SNMPv3 This setting specifies via a drop down menu the one of the following valid authentication protocols e NONE e MD5 e SHA This setting specifies the authentication password and is applicable only if the MD5 or SHA authentication protocol is selected This setting specifies via a drop down menu the one of the following valid privacy protocols e NONE e DES This setting specifies the privacy password and is applicable only if the DES privacy protocol is selected User Ma
95. us gt UPnP NAT PMP This section appears only if you have enabled the function of UPnP NAT PMP as mentioned in Section 12 2 External amp Internal Internal Address ype Description 3392 192 168 1 100 UPnP Application 031 11265 192 168 1 50 NAT PMP Te NAT PMP 58 3560 1927 166 1 20 UPnP Application 013 236 192 168 1 30 UPnP TE Application 047 192 168 1 70 NAT PMP NAT PMP 97 192 168 1 40 UPnP Ti Application 004 Delete All Click the button CX lio delete the single UPnP NAT PMP record in its corresponding row To delete all records click Delete All on the right hand side below the table Important Note UPnP NAT PMP records would be deleted immediately after clicking the button X or Delete All without the need to click Save or Confirm 19 7 Event Log Event Log information is located at Status gt Event Log Jul 30 19 36 55 Link health check monitor started Jul 30 19 40 31 WAN Priority Changed Priority 1 Ethernet WAN Wi Fi WAN Priority 2 USB1 Jul 30 19 42 43 Health check status changed Ethernet WAN UP Jul 30 19 42 45 Time synchronization successful Jul 31 09 50 38 Wi Fi AP Chent 00 11 22 44 BB CE Associated with wi fi ap The log section displays a list of events that has taken place on the Pepwave MAX unit Click the Refresh button to retrieve log entries again Click the Clear Log button to clear the log Select 50 100 or all to show the corresponding number of events in the log
96. ussi usB2 wi Fi WAN Admin Settings Router Name This field allows you to define a name for this Pepwave MAX unit Admin User Name It is set as admin by default and is not customizable Admin Password This field allows you to specify a new administrator password Confirm Admin This field allows you to verify and confirm the new administrator password Password User Manual PEPWAVE MAX mobile router Read only User Name User Password Confirm User Password Web Session Timeout Authentication by RADIUS Auth Protocol Auth Server Auth Server Secret Auth Timeout Accounting Server Accounting Server Secret Network Connection Security Web Admin Port Web Admin Access It is set as user by default and is not customizable This field allows you to specify a new user password Once the user password is set the feature of read only user will be enabled This field allows you to verify and confirm the new user password This field specifies the number of hours and minutes that a web session can remain idle before the balance terminates its access to Web Admin Interface By default it is set as 4 hours With this box is checked Web Admin will authenticate using an external RADIUS server Authenticated users are treated as admin users with full read write permission Local admin and user accounts will be disabled When the device is not able to communicate with the external RA
97. uter IP Address amp Subnet Mask Speed The IP address of Pepwave MAX on LAN This setting specifies the speed of the LAN Ethernet Port By default Auto is selected and the appropriate data speed is automatically detected by Pepwave MAX In the event of negotiation issues the port speed can be manually specified to circumvent the issues You can also choose whether or not to advertise the speed to the peer by selecting the Advertise Speed checkbox DHCP Server Settings DHCP Server IP Range amp Subnet Mask Lease Time DNS Servers WINS Server Extended DHCP Option DHCP Reservation When this setting is enabled the DHCP server of Pepwave MAX automatically assigns an IP address to each computer that is connected via LAN and is configured to obtain an IP address via DHCP Pepwave MAX s DHCP server can prevent IP address collision on LAN This setting allocates a range of IP address that will be assigned to LAN computers by the DHCP server of Pepwave MAX This setting specifies the length of time throughout which an IP address of a DHCP client remains valid Upon expiration of the Lease Time the assigned IP address will no longer be valid and the renewal of the IP address assignment will be required This option allows you to input the DNS server addresses to be offered to the DHCP clients If Assign DNS server automatically is selected the Pepwave MAX s built in DNS server address i e LAN IP ad
98. ve MAX provides the functionality to flexibly manage and load balance outbound traffic among the WAN connections Important Note Outbound Policy is applied only when more than one WAN connection is active The settings for managing and load balancing outbound traffic are located in Advanced gt Outbound Policy High Application Compatibility Normal Applicaton Compatibili Managed by Custom Rules if Managed by Custom Rules m E User Manual PEPWAVE MAX mobile router 12 1 Outbound Policy There are three main selections for the Outbound Policy for Pepwave MAX e High Application Compatibility e Normal Application Compatibility o Managed by Custom Rules The selections are explained as follows Outbound Policy Settings With the selection of this policy outbound traffic from a source LAN device is High Application routed through the same WAN connection regardless of the destination Internet Compatibility IP address and protocol This provides the highest application compatibility With the selection of this policy outbound traffic from a source LAN device to the Normal same destination Internet IP address will persistently be routed through the same Application WAN connection regardless of protocol Compatibility This provides high compatibility to most applications and users still benefit from WAN link load balancing when multiple Internet servers are acces
99. ware upgrade will always replace the inactive firmware partition Select the firmware you want to use to start up this Pepwave MAX Firmware 1 v5 2 1 build 1223 Running O Firmware 2 v5 2 0 build 1208 User Manual PEPWAVE MAX mobile router 18 9 Ping Test The Ping Test tool in Pepwave MAX performs Pings through a specified Ethernet interface or a Site to Site VPN connection You can specify the number of pings in the field Number of times to a maximum of 10 times and Packet Size can be specified in the field Packet Size to a maximum of 1472 bytes The Ping utility is located at System gt Tools gt Ping illustrated as follows Connection Ten USB Packet Size LAN TT S2SVPN VPN Connection 1 Number of times Start Stop PING 10 10 10 1 10 10 10 1 from 10 10 10 156 56 84 bytes of data 64 bytes from 10 10 10 1 icmp_req 1 ttl 64 t 64 bytes from 10 10 10 1 icmp_reg 2 ttl 64 t ime 1 01 ms i 64 bytes from 10 10 10 1 icmp_reg 3 ttl 64 time 0 830 ms i i me 0 909 ms me 0 781 ms me 0 7 70 ms 64 bytes from 10 10 10 1 icmp_req 4 ttl 64 t 64 bytes from 10 10 10 1 icmp_reg 5 ttl 64 t 10 10 10 1 ping statistics 5 packets transmitted 5 received 0 packet loss time 4016ms rt min avg max mdev 0 770 0 861 1 019 0 099 ms Tip A System Administrator can use the Ping utility to manually check the connectivity of a particular LAN WAN c
100. with minimum distance 20cm between the radiator amp your body This transmitter must not be co located or operating in conjunction with any other antenna or transmitter The availability of some specific channels and or operational frequency bands are country dependent and are firmware programmed at the factory to match the intended destination PEPWAVE Broadband Possibilities esis Yougiir Contact Us Sales http www pepwave com contact sales Support http www pepwave com contact Business Development and Partnerships http www pepwave com partners channel partner program www pepwave com What are we doing at the moment Follow us on Twitter http twitter com Peplink Want to know more about us Add us on Facebook http www facebook com peplink Difficulties when configuring the device Visit Our YouTube Channel http www youtube com PeplinkChannel Address United States Office Hong Kong Office 800 West El Camino Real 17 F Park Building Mountain View oa ae pi cra eun CA 94040 eae are United States Tel 1 650 450 9669 Fax 1 866 625 4664 Tel 852 2990 7600 Fax 852 3007 0588
101. work gt IPsec VPN Enabled fa fiorsceanioe New Connection A NAT Traversal option and list of defined IPsec VPN profiles will be shown The NAT Traversal option should be enabled if your system is behind a NAT router Click the New Connection button to create new IPsec VPN profiles that make VPN connections to remote Peplink Balance Cisco or Juniper Routers via the available WAN connections To edit any of the profiles click on its associated connection name in the leftmost column User Manual PEPWAVE MAX mobile router IPsec VPN Profile x a I I I I 10 0 0 7110 0 0 1 24 a oe Mask es 192 168 11 193 255 255 255 240 28 E Main Mode All WANs need to have Static IP Aggressive Mode Hide Characters 1 3DES amp MD5 W Group 2 MODP 1024 Group 5 MODP 1536 1 3DES amp MD5 X None Group 2 MODP 1024 Group 5 MODP 1536 seconds Default IPsec VPN Settings Name This field is for specifying a local name to represent this connection profile When this box is checked this IPsec VPN connection profile will be enabled Otherwise it GDM ell ne ceas Remote Gateway IP Address Enter the remote peer s public IP address For Aggressive Mode this is optional Enter the local LAN subnets here If you have defined static routes they will be shown here too Local Networks Remote Networks Enter the LAN and subnets that are located at the remote s
102. y default the first two DNS servers of the WAN connection are used as the PING Hosts PING Hosts Health Check Method DNS Lookup Health Check Method A DNS Lookup S Host 1 Host 2 Use first two DNS servers as Health Check DNS Servers C Include public DNS servers DNS lookups will be issued to test the connectivity with target DNS servers The connection will be treated as up if DNS responses are received from either one or both of the servers regardless of whether the result was positive or negative This field allows you to specify two DNS hosts IP address with which connectivity is to be tested via DNS Lookup Health Check DNS Servers If Use first two DNS servers as Health Check DNS Servers is checked the first two DNS servers will be the DNS lookup targets for checking a connection s health If the box is not checked field Host 1 must be filled and field Host 2 is optional User Manual PEPWAVE MAX mobile router If the box Include public DNS servers is selected and no response Is received from all specified DNS servers DNS lookups will also be issued to some public DNS servers A WAN connection will be treated as down only if there is also no response received from the public DNS servers Connections will be considered up if DNS responses are received from any one of the health check DNS servers regardless of a positive or negative result By default the first two DNS servers of the WA
Download Pdf Manuals
Related Search