P. 1
Edge Box User Manual 50

Edge Box User Manual 50

|Views: 129|Likes:
Publicado porvascocorreia

More info:

Published by: vascocorreia on Sep 24, 2010
Direitos Autorais:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

10/01/2013

pdf

text

original

Sections

  • 1 About edgeBOX
  • 2 Initial Configuration
  • 3 Dashboard
  • 4 Network
  • 5 VPN
  • 6 Security
  • 7 Office Servers
  • 8 IP-PBX and VoIP
  • box
  • mail
  • 9 Users
  • 10 System
  • RAID
  • 11 Reporting
  • 12 User Services and Applications
  • 13 Appendices

Dramatically simplifying voice and data networking

USER MANUAL V5.0

Disclaimer
Precautions have been taken to assure accuracy of the information written in this user’s manual. Typographic or pictorial errors that are brought to our attention will be corrected in subsequent issues. Product specifications in this manual are nominal and are provided for the convenience of our customers. They are all correct at the date of publication. Critical Links reserves the right to make product changes from time to time, without prior notification, which may change certain specifications or characteristics shown. We therefore recommend you to check for changes or updates before using for customer projects or further product developments No material will be accepted for return unless Critical Links grants permission in writing. The handling, installation and usage of the edgeBOX are applicable to certain environments and may be required for code compliance. Features of the device will not provide protection against abuse, misuse, improper installation or maintenance. It is important that installation, operation and maintenance are performed in accordance with instructions supplied in the manual. Electricity and electrical devices must always be treated with caution and respect.

Product Support
The edgeBOX software is distributed according to the End User License Agreement EULA included at the end of this User Guide. By using the software you agree to be bound by this EULA. If you do not agree to the terms and limitations of the EULA you should not use the software.

End User License Agreement
For product technical support please visit the following web site http://www.edgebox.com or contact us at the following email address: support@critical-links.com.

Critical Links, Inc
695 Route 46 West Fairfield, NJ 07004 USA Phone: 973.276.9006 Support Hotline: +1 888 433 4326 Website: www.critical-links.com Email: support@critical-links.com

4

edgeBOX 5.0 Help

Table of Contents
1. About edgeBOX 10

..................................................................................................................... 11 1.1. Introducing the award-winning edgeBOX ..................................................................................................................... 12 1.2. edgeBOX's main features 1.3. Unpack ..................................................................................................................... 13 and setup edgeBOX ..................................................................................................................... 14 1.4. Connecting to edgeBOX's web interface ..................................................................................................................... 16 1.5. Understanding edgeBOX's web interface ..................................................................................................................... 19 1.6. Connecting to edgeBOX's console ..................................................................................................................... 20 1.7. Working with edgeBOX's LCD panel ..................................................................................................................... 21 1.8. License, Hardware and Software

2. Initial Configuration 3. Dashboard 4. Network

22 26 29

..................................................................................................................... 30 4.1. Configure the internet connection (WAN interface)
......................................................................................................................................................... 30 through another device such as a cable modem or a router ......................................................................................................................................................... 31 through a DSL/PPPoE connection

4.2. Change..................................................................................................................... 32 the local network properties (LAN) 4.3. Change..................................................................................................................... 33 the DMZ settings ..................................................................................................................... 34 4.4. View and manage VLANs ..................................................................................................................... 35 4.5. Interfaces Physical and Logical Status 4.6. Monitor..................................................................................................................... 36 connections through edgeBOX 4.7. Change..................................................................................................................... 37 edgeBOX's hostname and network domain ..................................................................................................................... 38 4.8. View the system routes ..................................................................................................................... 39 4.9. Manage static routes ..................................................................................................................... 40 4.10. Wireless
......................................................................................................................................................... 41 Configure and turn on the wireless network ......................................................................................................................................................... 43 Indicate the type of authentication ......................................................................................................................................................... 46 Make the wireless network more secure ......................................................................................................................................................... 47 Make the wireless network public

..................................................................................................................... 47 4.11. Managing the DNS server
......................................................................................................................................................... 48 Adding or Editing DNS domains .................................................................................................................................................. 48 How to add a Master domain .................................................................................................................................................. 50 How to add a Slave domain .................................................................................................................................................. 51 How to add a Forwarder domain ......................................................................................................................................................... 51 Changing global DNS Settings ......................................................................................................................................................... 52 Managing DNS ACLs ......................................................................................................................................................... 53 Managing hosts on an existing domain

Critical Links, Inc.

Network

5

..................................................................................................................... 54 4.12. Use Dynamic DNS 4.13. Using ..................................................................................................................... 55 the DHCP service
......................................................................................................................................................... 56 Assign IP addresses using Ranges ......................................................................................................................................................... 57 Assign IP addresses using MAC-IP rules ......................................................................................................................................................... 58 Configure DHCP advanced settings ......................................................................................................................................................... 59 DHCP Leases

..................................................................................................................... 59 4.14. Manage the Webcache size and sites 4.15. Using ..................................................................................................................... 60 NAT and Port Forwarding 4.16. Using ..................................................................................................................... 61 QoS
QoS Upload......................................................................................................................................................... 63 configuration ......................................................................................................................................................... 64 QoS Download configurations ......................................................................................................................................................... 64 Service Classification ......................................................................................................................................................... 65 Internet and DMZ QoS statistics

5. VPN

67
General ......................................................................................................................................................... 69 Advanced .................................................................................................................................................. 70

5.1. IPSec ..................................................................................................................... 67

5.2. PPTP ..................................................................................................................... 71
......................................................................................................................................................... 72 PPTP Properties

5.3. L2TP

..................................................................................................................... 73

6. Security

75

..................................................................................................................... 75 6.1. Firewall
......................................................................................................................................................... 76 Securing the Internet and DMZ links ......................................................................................................................................................... 76 Securing Internal Connections ......................................................................................................................................................... 77 Using Advanced Firewall Rules

6.2. Setting ..................................................................................................................... 79 up a DMZ ..................................................................................................................... 80 6.3. Enabling NAT for the private networks ..................................................................................................................... 80 6.4. Using Port Forwarding ..................................................................................................................... 81 6.5. Website Access Restrictions
Domains ......................................................................................................................................................... 82 ......................................................................................................................................................... 83 Words in URL

..................................................................................................................... 83 6.6. Install and Manage Anti Virus Engines ..................................................................................................................... 83 6.7. Scanning Shared Folders for viruses ..................................................................................................................... 84 6.8. Scanning E-Mail for Viruses
Messages ......................................................................................................................................................... 85 ......................................................................................................................................................... 86 Actions Quarantine......................................................................................................................................................... 86

..................................................................................................................... 87 6.9. Scanning E-Mail for SPAM

7. Office Servers

89

..................................................................................................................... 89 7.1. Manage your web sites and intranets
......................................................................................................................................................... 90 Setting up multiple websites

..................................................................................................................... 92 7.2. E-mail Server and Webmail
......................................................................................................................................................... 92 E-mail Queue

Critical Links, Inc.

............ 99 7................................................................................................................................................................................................................... 94 Settings and Permissions ................................................................................................................................ ............................................................................................................................................................... Configuring Voice Lines ..........................3.................. 133 Defining Automated Attendant menus Schedules............................................................................................................................................... 130 Creating incoming call rules .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 143 ISDN BRI.............. 148 Blind and Supervised Transfers .................................................................................................................................. 102 Setup Share Permissions ............................................... 103 7.................. 128 Internal Dial Plan ............................................................................................................................................. 129 8.............................................................. 146 FXO-FXS 8............................. 150 Call Listening and Call Whispering ...................................................................................................................................... 111 Creating phones ............................................................................... 141 ENUM service ............................................................................................................................................................................................................................................ IP-PBX.......................................................................................................................................................................................................................................................................................................................................................................4....................................................................... 123 Phone Groups and Access Control Twinning .4.................................................. Configuring incoming call rules .............................................................................. 117 Connecting VoIP Phones ................. 136 Rules Definition .................................................................. Windows Shared Printers 8.............................5......... 116 Connecting phones .............................................. 144 ............................ 149 Intercom Calls ....................................................................................... 103 Temporary Shared Folders ................................................................................................................................ 138 Emergency number .................................................................................. Inc....................................... 93 Mailing Lists ...................................... Windows Server ..................................................................................................................................................................................................................................................................................................................................................................................................................................... IP-PBX and VoIP 105 8.......................................................................................................0 Help ........................................... 140 VoIP Providers .......................... 96 SMTP Access Control ... 143 ISDN PRI........................................................... 118 Connecting ISDN Phones Automatic..................................................................................................................... 146 How to change configuration mode (E1 / T1) Analogue....................................................................2......................................................................................... Define........................................................................................................................ Windows Shared Folders Shares .................................................................. 115 Analog phone extensions and fax machines ........................................................................................................................................................................................................................ 116 ISDN Phone extensions .................................................................................................................................................................................................................................................................................................................6 edgeBOX 5.......................................................................... 135 your outgoing call rules .......................5............................................................................ 97 7... 108 8............................................. 118 Connecting Analog Phones and FAX machines ........... 142 Remote Offices Hardware ...... Phone.................................................................................... 135 8....................... 122 Auto Configuration Modes .................................................................................................................................................................................................................... 113 SIP and IAX phone extensions ....... 147 operations .............................................. 149 Group Calls ...........................................................................................................3............................................................................................................................................................................................... 136 Authentication ........................................................................ 106 Overview .....................................................1............................................................................. 119 configuration of phone devices .................................................................................................................................... 126 ........................................................................................................................................................................................................................................6.................................................................................................................................................................. 93 E-mail domains and Webmail Aliases and........................................................................................... Managing your phones . 151 Call Pick-Up Critical Links.............................................. 139 8................................................................................................................................................................................................................................................................................................................................................................ 109 Understanding the Phones list .............................................................................. 100 .....................................................

................ System 196 ............................................................... 184 the user login web page ......................................................................................................................... 186 9............................................................................ Automatic Call Recording 8............................................................................................................................................ Delegate a Local Administrator .......... Advanced VoIP Options Voicemail ........................................................................................7................................................................................................................................................................................................................................CDR ............................................................. Privileges .............. 162 8............... 174 9...................................12........................................................................ Configure authorized RADIUS clients 10........................... 172 activity logs ................................................................................. ....................................................................................................................................................................................................... Inc.................................................. 168 NAT .............................................. 164 Sound Files ................................................................................................................................................................................................................................... 154 8..................... Groups .................................................. 189 Fine tunning Internet and DMZ access Access to ........................... 159 8............................................10.............................................................. 170 8........................................................................................................................................................................... 153 Labeling CDR records with Cost Centers .......................3....... Managing Call Queues Advanced............ 163 Call Parking Operation.... MailFax Service ........................................................... 166 G.................................................................................. 181 Using a remote RADIUS Server .......8.............................................. 196 10....................................................................................................................................................................................................................................................................................................................................................................IP-PBX and VoIP 7 Twinning ..........................................................................................................15... 181 Using remote authentication .................................................. 163 Key Codes Customize........................................................................................................................................................................................................................... 151 Follow Me ..................................... Adjusting Date and Time Critical Links..........................................................................................11...................................................................................................................................................................................................................................................................... 158 8............................................................................. VoIP ........... 182 Using a remote LDAP Server .............. 191 9.............................................................................................................................. Codecs ......2................................................................................................................................. 166 Billing Service .... 190 other VLANs ..................................................... 153 One Touch Recording .....6................................................ Users 174 Managing ............................................................................13......................................................4........1........................... 183 Using a remote AD Server Customize........................... 175 network users ............................................................................................................ 155 8........................................................................................................................... Default Predefined Phone Numbers 9............... Authentication ................................................................... 191 9.............................................. 194 9............... 177 Importing and Exporting Users ............ 172 8........................................................................................................ 167 Manager Interface Advanced.............................. 179 Authentication ................ 179 Default Quota Activating..................................................................................................................................................................... Music On-Hold ...............................................................................729 Licensing .......... Conference Rooms . 169 8..................14..... 152 ................................................................................................................................................................................1................................................... 162 .......................................9.......................................................................................................................................................................................................................................................................................................................5........................................................................................................................................................................... 165 Echo Cancellation ......................................................... 161 How to send a fax using MailFax? ............................................................................ 165 Define Country Zone ......................................................................................................................................... 194 9.................................................................................... View currently Connected Users ........................................................................................................... 157 Settings for Queues ................

.....6................... Maintenance ..................................................................................................................................................................................................... 238 12.......11............................ Managing Software Updates ...................1................................................................. User Services and Applications 237 ...................... 217 10.......................... 202 Backup Scheduled............................................................13.............. Hardware Monitor ....................................................................................................................................................................................................................................................................... System .................................................................................................. Services ....................................................................... 227 Web Server Firewall ...................................................................... 212 Disk Notifications Replacing ............................................................................................................................. Diagnostic Tools .......................................... Inc............................. 228 .................................................................................................... 232 11........................................................................................................................... 219 10.........................8................................................................................................................................................................................................................................................................................................................................................................. Flash.. Notifications ........................... Webmail 12................................. 221 CPU Memory ........................................................................................... 218 10................................... Temporary Shared Folders .......................................................................................3.........2........... 231 VPN .................................. Users General ... Administration ..................14................................................................................................. Services Control Panel ........................................ 230 VoIP ........................... 198 10.....................................3........... Backup & Restore Immediate......................................................................................................................................... 208 software updates in a Hotbackup scenario ..... 242 12.....................................................................2........................................................................ Reading and Managing System Logs .. 243 Operator Panel (FOP) Critical Links..... SNMP .... Reporting 221 .................... 211 10............................................................15.............................. RADIUS Accounting .....................................10....................................................... Managing and Diagnosing RAID ............................................................................5.................................................................................................... 213 10....................... 210 10....................................................................... 215 10... 232 ............................................................................................ 216 10............................ 234 HTTP Access ........................................................................................................12......................................................................................................................................................................................................................................................4.............................................. 217 10.................................... 212 a faulty disk ........... 199 10................................................. Using HotBackup for redundancy Managing ............................................................................................................... 229 E-mail .................................. 225 ................................................................................................. 224 Disk Usage Interfaces.........................7.....................................................................................1...................................... 214 10........................................................................................................................................................2....................................... 234 E-mail ......3................................................................................................................................................................................................................................................................. 226 HTTP Access ......................................9................................................................................................................................................................................................................................................... 203 Backups ................................................................................................................................... 221 11..... 223 Load .............................8 edgeBOX 5............................................................................................................................... 233 Accounting .......................................................... 205 10.................................................... 226 11................................. Remote Management 11.................................................................................................0 Help ............................................................................................................................................................................................................... ................................................................................. 222 ..................................................... 235 VoIP ............... 236 VPN 12............................... 201 10....

............................................................................................................................................ Appendix B: Connecting to Wireless 802......................................................................................................................................................................... 267 VLAN Scenario 3 ................. Appendix E: Factory Reset ........................................................................................................... 262 13........................................................................................................................... Appendix A: Authentication ....................... 248 call Barging ............................................................................................................................. 269 13....................................... Inc........................................................................................................... 251 Require users to login vs Privileges policies .................................................................................................. 250 Conference Calls ............. 251 Authentication architecture .................................................................................................................................................................................... 256 ........................................................................................................................ 261 Shared Folder on Windows ................................................................................................................................................................................................7...................................................................... Appendix C: Windows Integration ..........................................3......................................................... 271 13..................................................................... 246 Initiate a Call ..................................................... 260 13.................................. 265 VLAN Scenario 2 ....................................... 248 Create an..................... 253 Putting it all together .......................... 247 External Calls Transfer a........................................ 254 13......................................................................................................................................................................................................................5..... 264 VLAN Scenario 1 .. 251 13............................. 244 .................................................. 250 Typical Caller Scenario 13........................................................................................................................ Appendix G: Usernames and Passwords Critical Links...................................................................................................................... 248 Agent ............................................................................................. 268 VLAN Scenario 4 ................................................4........................................................................................................................................................................................................................................................................................................................................................................................User Services and Applications 9 FOP Login...................... 249 Queue Managment ................................................................................................................................6..........................................................1..................... 270 13.................... .............. Appendices 251 ..................................................................................................... Appendix D: VLAN based Infrastructure .....................................1x WPA ..............................................................................................................................................................................................................................2................................................................................... 260 Adding a Windows Host to edgeBOX Domain Mapping a.................................................................................................................. 258 .............................................................................................. 253 Remote configuration ........................................................................... 249 Park-Unpark Calls ....................................................................................................... Appendix F: edgeBOX Network Services .........................................................................................................................................................

Privileges. Windows Server . Wi-Fi Access Point. network access profiles . comprehensive Networking. it provides IP-PBX and VoIP. Quality of Service (QoS). While all this is commonly delivered using up to 8 different independent products/devices. Hardware and Software Critical Links. Security tools. such as Anti Virus and Firewall and SMB Office Servers (e-mail / web server / windows server).with advanced File and Print sharing. data and IT functions at a Small and Medium Business (SMB) into one single appliance.10 edgeBOX 5. Introducing the award-winning edgeBOX edgeBOX's main features Unpack and install edgeBOX to the network Connecting to edgeBOX's web interface Understanding edgeBOX's web interface Connecting to edgeBOX's console Working with edgeBOX LCD panel License. . Critical-Links' edgeBOX provides an unified architecture and delivers all this in a single product. Specifically.0 Help 1 About edgeBOX Critical Links’ edgeBOX is a network appliance that consolidates the voice. Inc.

About edgeBOX 11 1. complexity and cost at a SMB. The edgeBOX comes with a wide range of interfaces to connect to the Internet and the PSTN (such as FXO/FXS. Reduces initial investment & recurring operational expenses over 60% · Initial cost reduced to less than a third of a multi-device solution · Recurring costs are nominal. data Critical Links. NOTE: The box already comes with a set of default configurations that will allow most customers to just literally power on the box and begin to use it. Increases Productivity and Convenience at the SMB · Provides the broadest range of voice. simplified management 4. Ethernet. T-1/E-1 etc). . even remotely 3. ISDN PRI/BRI. SMBs have had to incur a high degree of complexity (due to the many devices and vendors needed to be managed) and the attendant cost (due to expensive IT support) to get much needed voice and data features. Every edgeBOX has an intuitive GUI that allows the user to access the box and configure the various functions very easily. Now with the edgeBOX a customer can get a broad range of voice. remote. data and IT capability · Managed through a simple. it also provides a customer the ability to customize the settings to support their environment. The edgeBOX: 1.1 Introducing the award-winning edgeBOX The edgeBOX appliance comes in 3 different form factors (with different redundancy & faulttolerance options). Dramatically simplifies the SMB voice and data infrastructure · It replaces up to 8 independent products/devices with 1 device · Reduces maintaining & managing several devices (and vendors) 2. Environmentally (and economically) friendly · Much smaller carbon footprint lower power/space consumption · Lower waste generated at end of life The edgeBOX eliminates the traditionally painful trade-off between features. Inc. unified interface.

. In addition. have to also be usually configured.com 1-888-4-EDGEBOX 1. interoperability. further enhancing the user experience. Inc. Cable modems or other WAN Broadband devices. further simplifying and cost reducing maintenance. The edgeBOX.9006 www.critical-links.12 edgeBOX 5. for example. The edgeBOX incorporates a set of functional capabilities that are necessary when provisioning voice and data services at a SMB. This not only reduces the upfront cost but also speeds up service turn up. these further augment the networking services in the edgeBOX with application oriented capabilities. Supports dynamic and static IP Address assignment. monitoring and management of several edgeBOX appliances as well. also allowing the configuration of a registered domain name.973. More information on the edgeBOX: Critical Links. Firewall.S. Content Management System (for managing website content). are also available for specific vertical segments. in one appliance and managed by a simple GUI dramatically reduces the complexity and brings down the costs. The number of features available on the edgeBOX is unmatched competitively and it provides more voice and data services than most SMBs would require currently.A +1.2 edgeBOX's main features · · Internet connections using ADSL. e-mail server. Quality of Service (QoS). also ensures a best-of-breed solution that is competitively superior in terms of both feature richness and cost. based on open source standards. by integrating the voice.276. Current edgePACKs include the Learning Management System (for academia). The SMBs can now focus on their core competence instead of worrying about the cost and complexity of managing their networking The edgeBOX. All this can be done right in the edgeBOX appliance from a GUI and without having to concern about the peculiarity of different devices. The edgeBOX comes provisioned with a default configuration for the router/switch settings and also for commonly used SIP phones. Router tables. and edgeExchange (for e-mail. Critical Links.0 Help and IT services for a fraction of existing costs. in addition to configuring the IP-PBX. etc. value-added application packages called edgePACKs. NJ 07004 U. and making all of them work together. data and IT features. The edgeBOX is changing the rules of the game for the SMB. If a VoIP service is to be provisioned. A remote based management system ensures remote provisioning. 695 Route 46 West Fairfield. Inc. calendar and content sharing).

Inc.About edgeBOX 13 · · · · · · · · · · · · · · · · · · · · · · · DHCP server on the Intranet side with optional automatic name range generation. Explain the elements and connectors in the rear and front panels. System updates from a remote server. Support for a dynamic Intranet with content management capabilities. Internet E-Mail Server with anti-spam control. The guide will quickly: 1.1x Port based authentication with Single Sign On. See who is on your network and from what IP address. including support for line fail over. 1. Show you how to power up the appliance. Group based access control for third part applications integrated with edgeBOX. 802. IMAP and POP3 Servers. Integrated e-mail access using the internal web server. DNS Server for both local private domain or as a master name server on the Internet. Possibility of reserving bandwidth for important users in your company or for high priority traffic types. Supports DynDNS or No-IP. Backup and Restore of edgeBOX's configuration and of users's data.1Q and Inter-VLAN access policies. 2. Traffic control in inbound and outbound traffic. Introduce you to all the edgeBOX components. Support for SMTP Relay for Road Warriors. VoIP Features. etc. Sound Manager. Fax2Mail and Mail2Fax. VPN tunnels based on the IPSec standard or the PPTP protocol. Call Rules. Hunt Groups. . Tell you how to connect edgeBOX to your Internet Modem and Ethernet Switch. User time and traffic based accounting. 3. Supports optional RADIUS session servers.3 Unpack and setup edgeBOX To install the edgeBOX onto your network please consult the Quick Start Guide flyer that was sent to you with your edgeBOX appliance. Full access control over the internal network services and the Internet access. Dynamic DNS. Supports 802. such as voice traffic. Optional Wireless Network with edgeBOX's access point. Phone Auto Configuration. Interactive Services. Critical Links. A web server on both the Internet and Intranet side. 4. User based access control to manage accesses to the network resources. VLAN aware router. with optional home pages for every user of the network. LDAP Server or using Active Directory. Supports Local User Authentication or Remote User Authentication using a RADIUS Server. Conference calls.

After the page opens. You can perform the initial configuration from a computer connected either: · directly to edgeBOX's LAN interface.100.254 and DHCP is active.4 Connecting to edgeBOX's web interface The edgeBOX appliance is configured with a default factory configuration. open the webpage https://myedgebox.254:8011.14 edgeBOX 5.168.254 for Default Gateway. use 255.0/24 range (ex. use 192. Inc. the first task after you connect the edgeBOX to the network is to change the default configuration. 2.255. Then. . from the computer: 1. Critical Links. The LAN interface is initially configured with the IP address 192.100.168. Typically.100. · Or configure it with a static IP address: the IP address used must lie in the 192.168. click the Login link.255.0 Help 1.254 for Nameserver.168. also 192. This way. or · to a hub or a switch connected to edgeBOX's LAN interface. so that it meets your requirements.100.100. With a browser.100.0 for Subnet-Mask. to connect your computer to the edgeBOX: · Configure it to automatically obtain it's local network IP Address from the edgeBOX using DHCP (recommended).com or https://192.168. 192.50).168.

Critical Links. This will help you get familiar with edgeBOX. To use the edgeBOX web interface you'll need the Java Plug-in installed: Java Runtime Environment version 6. Use admin for username and root for password to login (this is the default password. Office Servers. VPN. Feel free to click the links and navigate the interface. Security. . for security reasons you should change it).About edgeBOX 15 edgeBOX initial page 3. When loading completes you will see the Dashboard page with a quick overview of some relevant edgeBOX variables and it's global status. Users. please note it might take a few moments and you may have to accept one ore more warning messages due to the Java Platform. System and Reporting sections and menus. At the top you'll also find links to the Network. hit the Login button. Inc. IP-PBX. The edgeBOX web interface will then start loading.

1. This page introduces those common concepts and resources and explains their global meaning and usage scenarios. buttons. When you see the Dashboard you are succesfully connected to edgeBOX's web administration interface. Critical Links. .such as graphical symbols. Inc.5 Understanding edgeBOX's web interface edgeBOX's administration web interface makes use of several common user interface concepts and resources . or · jump to the Initial Configuration section to get a an initial roadmap. popup dialogs and others. At this point you might want to: · have a look at the Understanding edgeBOX's web interface page of this manual. ready to start configuring it.16 edgeBOX 5.0 Help edgeBOX webadmin initial page: the Dashboard That's it. Congratulations. This helps to improve the user's experience while maintaining overall coherence among similar operations and concepts across distinct panels and dialogs.

Then. you can make any quick changes you need and get back to your starting point. Service Status and Service Start/Stop The Service Status Bar [4] shows you the current operational status of the corresponding edgeBOX service: the green color indicates the service is active while gray is be used for services Critical Links. Sections are subdivided into Menus. This gives you an alternate and useful navigation path.About edgeBOX 17 The following image displays most of these features and will be used as a starting point for further explanations below: Navigation The interface is divided into Sections. Related Topics In each Menu you'll find context specific links to other related configuration menus in the Related Topics corner [3]. select the configuration Menu from the menus list [2] at the left. Navigation is a two-step interaction: choose the Section you want from the sections bar [1] at the top and. If you click the links you'll get immediate access to those configurations in a new popup window. Inc. Once there you get a summary overview with current configurations and the most relevant status variables concerning the topic involved. once that section loads. .

· in any situation. New lets you create new entries. By entering the alv sequence our search is considerably narrowed and it's now easy to find the person we are searching for. when in doubt.Cancel cancels While configuring edgeBOX you'll enter data into several dialogs. If you feel lost. it's a way to say: "Please wait. At the right end. New .usually when you press Save.18 edgeBOX 5. an informative text message is displayed accordingly. Inc. we are busy". this also means that. you need to press Save at some point.Delete All over the interface these three operations [5] are executed in innumerous situations. if you press Cancel the dialog is immediately aborted and no changes are propagated to edgeBOX. the Service Status Bar gives you control over the service by means of the Start Service and Stop Service options. Depending on the complexity of the operations being executed you may need to wait a little bit. By clicking them you actually instruct edgeBOX to change the administrative status of the service. For faster search. Glass Pane: in order to keep your interaction with edgeBOX even safer.0 Help that are not running. Critical Links. . On the left. please keep in mind: · none of the changes you made is actually applied to edgeBOX until you press Save. Please note: these are global principles that should hold true in the great majority of the situations you might find. press Cancel. Lists with Filters Some of the lists presented may grow a lot as you add new entries.the interface is covered with a Glass Pane that prevents you from pressing any buttons or interacting with the interface. Save applies . In several situations the sequence of popups that need your input may even become a bit more complex. but also in other situations . Edit allows you to change an existing entry and Delete let's you remove configurations. in order to apply your changes to edgeBOX. the red color is used for error situations. those lists include a filtering option [6] that lets you quickly search for specific entries. during the configuration sequences between the administration interface and edgeBOX itself . or if you're in doubt.Edit . In the example image above we are trying to search for a user called Alves.

Rx and Tx wires are "crossed") serial cable to the serial port in the rear panel and the other end to your laptop's serial port. on Windows you can use putty. enter help <SOMETHING> to get specific help on <SOMETHING>. on Linux you can use minicom. Entrer the usual admin username and it's password (root if not changed). However. The screen should display a prompt requesting a login/password to be entered. if you have the Authentication service running. 38400N8 (38400 bit/s. 8 databits).About edgeBOX 19 Context Sensitive Help Usually located at the top-right corner you will find the Help icon [7].com). you will be confined to the limited set of commands available.com or the LAN interface IP Address. Inc. You can acces the CLI in three diferent ways: · keyboard/VGA: connect a keyboard to the PS2 port or any of the USB ports located on the rear panel. If edgeBOX encounters some error then a red X will be shown. At the eOS> prompt type help to get a list of available options. on Windows you can use Hyperterminal. Critical Links. the Privilege you are assigned to needs to have access to SSH. no parity bit. connect a monitor to the VGA port located in the rear panel. on Linux open a terminal and use the ssh command (ex: ssh admin@myedgebox. If the operation is successful a green V sign will be displayed. 1. Status Bar Located in the lower-left corner. Clicking it will open a new browser window directly into the correct page of this manual. . use no hardware or software flow control. from the internal network you can use the address myedgebox. · Serial Port: connect a null-modem (also known as serial cross-over cable.6 Connecting to edgeBOX's console It is also possible to connect directly to edgeBOX's console to manage the appliance using a Command Line Interface (CLI). Now that you have a global understanding of the interface you can jump to the Initial Configuration section to get a roadmap. · SSH: you need to have SSH service active on your Firewall. the Status Bar [8] shows you when the interface is busy interacting with edgeBOX.

7 Working with edgeBOX's LCD panel The edgeBOX LCD panel is a simple information panel available on Business and Enterprise appliances. · DMZ IP . Use the command line only if you are an advanced user.0 Help ex: help service shows you a usage summary of all commands starting with service. Using it incorrectly may compromise edgeBOX's correct functioning or even stop it to work completely. Critical Links. press the Power button. press the Up or Down buttons near the LCD screen. · press the Power button again. The DMZ is often used as an internal Server network. Inc. edgeBOX's LCD panel View information about the network To see information about the network on the LCD panel. edgeBOX will beep.The IP address of the Internet Connection. 1.The IP address of the Internal Network. · WAN IP .20 edgeBOX 5.DMZ IP address. . if it is disabled. · Gateway Address .Firewall On. and edgeBOX will beep twice and start the shutdown process. Then. if the firewall is enabled or Firewall Off. · Firewall Status . · User Authentication Status .Default Gateway IP Address.Enabled (LAN based users are required to authenticate) or disabled (LAN based user are not required to authenticate) Shutdown the edgeBOX To shutdown the edgeBOX. The information available is: · LAN IP . service status will show you a list of services and their current and administrative operational status.

Critical Links.0. build number and build date. To do this go to the Webadmin interface.Administration section. Build 1. · Product Licensed to: licence owner (person or company).About edgeBOX 21 · or press the LCD Enter button. You can also shutdown the edgeBOX using the web interface. · Network users limit: maximum number of users allowed for this licence. . 1. · Hardware Description: hardware reference and serial number. · License Serial Number: edgeBOX license. 29/06/2009: software version. Hardware and Software By clicking the about link at the top-right corner. each edgeBOX has a distinct license. Inc." will be displayed in the LCD. edgeBOX will start the shutdown process and the message "Shutting down system. · Version 5. hardware settings and license definitions. you'll get information about edgeBOX's software version. System .8 License... Wait.

each and every device interacting in a TCP/IP network. they all communicate by connecting to the so-called TPC/IP Ethernet infrastructure and the messages thus interchanged are all identified with two distinguishing marks: the IP Address of the sender and the IP Address of the destination computer or server. you need to assign such an address to the LAN interface of edgeBOX .keep in mind: edgeBOX is the gateway to the outside world. make VoIP calls to another country . laptops. the first step is to connect it's WAN interface to the internet. all IP devices in your network will somehow find a way to make messages reach edgeBOX's LAN interface IP Address and edgeBOX will know how to send them back IP messages identified with it's own LAN IP Address. and so does edgeBOX. like yours. .access the Internet. edgeBOX is Critical Links. whatever you may do . First: you need to open the webadmin interface If you haven't done this before please follow the steps in the Connecting to edgeBOX's web interface section of this manual. Inc.0 Help 2 Initial Configuration If you've just turned edgeBOX on for the first time. send an e-mail. has it's own IP Address.your LAN. When you get connected you can jump to Step 1 and get started configuring edgeBOX Step 1: Connecting edgeBOX to the Internet . · Hands On: Configure the internet connection (WAN interface) Step 2: Setup your Internal Network .WAN · Concept: edgeBOX is supposed to work as the main link between any devices/systems in your internal network and the Internet.22 edgeBOX 5.through this interface edgeBOX reaches all those LAN devices and all of them know how to reach edgeBOX if they need to.LAN · Concept: your internal network . for short . so.is composed of computers. IP Phones and other miscellaneous IP devices like printers and so. In seven simple configuration steps you'll understand the concepts and review the sections in this manual where the configuration details are covered. you need to make an initial basic configuration so that edgeBOX can start managing your network and services.

.com. then you can use that public domain. if your company is called MegaSoft.. the domain is the name by which your network is known.168. · Hands On: Change edgeBOX's hostname and network domain Step 4: Check and adjust edgeBOX's Date & Time · Concept: edgeBOX. you can and should adjust Date and Time. like critical-links. keeps it's own date and time internally. this domain will be private and visible only within your network. com. if you do not have a registered domain. Inc. · Hands On: Change the local network properties (LAN) Step 3: Specify a hostname and a domain name · Concept: the hostname is the name by which the edgeBOX is known in the network (the name that the computers in the network use to refer to the edgeBOX). then you can give your network the domain you want. if you have two offices with an edgeBOX in each. edgeBOX is shipped with the Firewall service running and this. such as mycompany. if you have a registered domain. but if you do. as any other computer.254 IP Address previously configured for you. change it to your location. for example. · Hands On: Adjusting Date and Time Step 5: Overview your Firewall and secure your network · Concept: the Firewall is possibly the most important network security resource shipped with edgeBOX.Initial Configuration 23 shipped with the LAN 192. a hostname is a descriptive name (gateway. additionally you should adjust your Timezone too: edgeBOX is shipped to use timezone Europe/London. edgebox. you can choose any name you want. for example.loc. don't change it if you don't need to. you can call eboxhead to the first and eboxbranch to the other. . then a possible domain could be megasoft. several edgeBOX features rely on a correct Date and Time in order to operate in a timely fashion as expected by network users and other processes. it's very important that you consider always having your Firewall service up and running (don't turn it off unless you really need to). alone.100. is enough for providing a very high degree of Critical Links. fileserver. that domain is visible to everyone in the world throughout the Internet. printerhost).

by default only Ping and Webadmin services are allowed from the Internet. to follow this section through up to Step 7 to get the whole picture. Users want to use services. if you really wish to do it. go to the Security section in the Webadmin interface. Step 6: Add a User and a Phone · Concept: edgeBOX is for Users. edgeBOX Firewall working principle is the definition of Allow/Deny rules for specific network services and protocols.. a popup window will show you the list of forbidden services for your internal network. this could be good if you need to administer edgeBOX from home: later on you may come consider this unnecessary. but. just jump to the Firewall section in this manual for the details ( don't start configuring the Firewall until you have read that section of the manual and you are confident on what you're doing). Inc.24 edgeBOX 5. well.. Critical Links. the Firewall menu will load by default. by default the list is empty: that means that. this means that the administration web interface is available from the outside world. notice the services that have allowed access for connections from the Internet. by default. but let's leave it for later. access to the Internet. a personal web page. your internal users can access all edgeBOX services. Users are central in edgeBOX.. allowing access only to specific users gives your network more security. furthermore you need to consider Security: if you'll allow everyone to use your network or just let specific users to use it. you need to manage (create. .. a personal Windows Share for documents. we advise you. once you decide the services that should or shouldn't be available. as more people join your company edgeBOX will always be ready to provide resources for them: a Phone.. Users have needs. to provide the maximum security possible to itself and to your network. a great deal of effort has been put into making edgeBOX a user oriented product. the fundamental concept you should keep in mind is: if my users don't need this service then I will make it unavailable at the Firewall or if that specific service is not supposed to be accessible to the Internet then the Firewall will block any requests to it.0 Help security for your network users and services. nevertheless. and you may wish to increase security even further by removing the Webadmin from the Internet allowed services. edit and delete users) them and setup authentication services. · Hands On: at this moment let's just take a look around to get familiar. right now you may just want to start configuring the Firewall. edgeBOX will automatically determine the best Firewall settings and use them.. to let only specific users access the network.. link. Users want to make Phone calls.. click the Internal Connections. Users want to share files and need Phones to chat internally or to make long distance calls. that is configuring your Firewall. you name it. this is where you would add some service that you'dd wish not to be available internally..

concept. away from edgeBOX. follow the details here... or some place away from work. at home. ... this is a simple. please realize: adminroot is a very simple guess for most hackers and password exploits and attacks.. go for it. right now. pick a password you can remember and write it down in some safe place. Next Steps: how do I ... At the end of Step 7. you have a pretty good picture of edgeBOX's basics.. let's leave it be. create Windows Shared Folders ? change User Privileges ? activate Webmail ? secure the Internet (WAN) interface ? configure the Firewall for internal connections ? enforce Authentication ? setup VLANs ? Critical Links. adding a new User and a Phone for the new user is an easy task. Inc. please change it immediately. edgeBOX is shipped with a default password for the admin user: "root".. Step 7: Change the webadmin password · Concept: you should change the password. you should change it. the admin password is used to access the Webadmin interface.. To step into more advanced edgeBOX features you might need for your network. if you expose edgeBOX to the Internet this risk is even higher. please review the following Next Steps and feel free to navigate around. yet very important. · Hands On: go to the Users section in the Webadmin interface and follow the details here Managing Network Users. · Hands On: in the Webadmin interface click the System section and choose the Administration menu.Initial Configuration 25 Authentication is actually a very important aspect but.

percent CPU usage (averaged over a 5 minutes interval).26 edgeBOX 5. Information is provided in the form of values. The Dashboard is divided into: System · Date & Uptime: current Date and Uptime (time elapsed since last boot). · Temperature: motherboard temperature (if available). Critical Links.processor load indicator (from left to right: 1 minute. · Load . · Memory: current instantaneous RAM usage/total and current instantaneous SWAP usage/ total. 7/6/2009 17:13 and 14d 11h 32m in the picture.0 Help 3 Dashboard The Dashboard provides a quick summary overview of the most relevant edgeBOX variables and status informations in an intuitive graphical display. · Processor: · CPU usage . . colors and icon behaviours and refreshed every 30 seconds. 5 minutes and 15 minutes process load average). Inc.

if your LAN seems operating normally (both LAN link is detected and LAN hosts activity is detected too). then a red 'X' icon will be shown instead. as depicted. Inc. red otherwise. if the three tests are successful it will not show up. if the Firewall service is running. LAN · IP Address: the currently configured IP address for the LAN interface (default VLAN). you get persistent reds. WWW · WAN IP Address: the currently configured IP address for the WAN interface. if no link is detected the line will change color to gray. tells you if the User Authentication service is active. · Line Color: the line connecting edgeBOX to the LAN will be green.160 in the picture.Dashboard 27 · Storage: current instantaneous System Storage and Home Storage percent occupation/ total. If any of the horizontal bars changes to yellow. gray otherwise. . as depicted.51 in the picture. 192. On in the Critical Links. · LAN icon: colored. as depicted. if the LAN connector does not have link (cable disconnected at one of the ends). you should stay alert. that means you should try to diagnose the problem and take action to prevent any damage or operational instability.168. · Gateway Test: green if edgeBOX is able to ping the Default Gateway. · Firewall: colored. in the situation depicted edgeBOX detects link on the LAN connector and active LAN hosts. gray-scale otherwise. gray-scale otherwise.5. as depicted. if link is detected on the LAN connector (meaning that edgeBOX is actually connected to an active network device).126. as depicted.5. red otherwise. if all three tests fail then a red 'X' icon will be shown instead. · WWW icon: colored. · Connection Status: the red connection status icon (a red triangle with an exclamation mark ' ! ' inside) will show up if no LAN hosts are detected (see the also DMZ explanation). gray-scale otherwise. 10. If. red otherwise. · DNS Test: green if edgeBOX can access an operational DNS service. if WWW is accessible as depicted. · Authentication: On or Off. as in the picture. on the other hand. · Browsing Test: green if edgeBOX can actually browse the World Wide Web. · Line Color: green indicates edgeBOX considers the WAN connection is fully operational with respect to those 3 tests. · Connection Status: the red connection status icon (a red triangle with an exclamation mark ' ! ' inside) will show up if any of the three tests fails: something is not operating as expected. as depicted.

168. . 4 in the picture. · Connection Status: same behaviour as for the LAN.28 edgeBOX 5.. · Phones Online: the amount of phones currently active. · Ongoing Calls: the amount of phone calls currently in progress.254 in the picture. the Wifi icon will show you: · Line Color: green if WiFi is enabled (as in the picture). 15 in the picture. link. the information icon will show up in the lower-left corner.200. Inc. Critical Links. 192.. · SSID: the current wireless SSID is displayed within parentheses (mywifi in the picture). gray-scale otherwise (as depicted). · Users Logged In: the amount of users currently authenticated. DMZ · IP Address: the current IP address on the DMZ interface. 2 in the picture. gray otherwise.link detected. Wifi If your system has wireless. · Connected Devices: the number of wireless clients currently connected (6 in the picture). Please read them carefully. the picture shows that the DMZ connector is actually connected to some device . · DMZ icon: colored if link is detected and DMZ hosts activity is detected too. System Messages · There are new system messages: when new notifications arrive.0 Help picture. in the picture the ' ! ' sign is showing: that means that no hosts are being detected on that interface. Just click the Read Messages. software updates or other. A new popup window will display them. such as system messages. · Line Color: same behaviour as for the LAN.

manage access controls (ACLs) or use Dynamic DNS. WPA and 802.Network 29 4 Network The Network section is where you can overview and configure most details and functionalities of your network.NAT .1x. change the local network (LAN) properties.Port Forwarding. List web sites that you do not want the edgeBOX to cache. Allow remote computers to access services on a specific host or hosts within your private network . Use Network Address Translation .QoS: assure bandwidth for services and users. configure edgeBOX's DNS server: add and remove domains. Use Diagnostic Tools to solve connectivity issues. · · · · · · set the internet connection (WAN).DMZ for your Internet servers and other special purposes. manage DHCP. . Manage Quality of Service . edgeBOX includes a DHCP server that allows you to automatically assign IP Addresses to the computers in your network based on ranges of IP address or based on specific IP Addresses. overview your virtual networks (VLANs) and specify a domain and a hostname. Inc. view IP routes managed by the edgeBOX (system routes) and create and manage your own routes (static routes). Setup and secure your Wifi network with WEP.to allow computers on the network to connect to outer networks like the Internet. · · · · · · Related Topics: · Cache Websites · Firewall Critical Links. Setup a Demilitarized Zone .

for the Internet Connection will not be displayed here. If the DNS service is not running edgeBOX will use the DNS servers configured and displayed in the Internet Connection menu. . Those settings override any static or dynamic DNS settings configured for the WAN interface in the Internet Connection menu. the Secondary DNS fields represented in the Internet Connection menu will automatically revert to the first and second entries in the Forward DNS Servers list. Related Topics: · Cache Websites · Firewall · NAT · Dynamic DNS · Internet Traffic · Diagnostic Tools 4. The DNS servers configured. you can choose to: Critical Links. There you will be able to change the configuration for the external WAN Interface. statically or dynamically..1.30 edgeBOX 5.0 Help 4. The Primary DNS and.. edgeBOX will use these DNS servers for all external DNS queries.1 Configure the internet connection (WAN interface) To configure how edgeBOX connects to the Internet or to another wide area network you should choose the Internet Connection menu in the Network section. if displayed.1 through another device such as a cable modem or a router If. in your setup. button to select how edgeBOX connects to the Internet: · through another device such as a cable modem or a router or · through a DSL/PPPoE connection. because edgeBOX is actually not using them. Click the Change. Inc. edgeBOX connects through another device such as a cable modem or a router. If you change the Forward DNS Servers list and you have the DNS service running.

Network 31 Obtain the data for the connection automatically from the device (DHCP) If you chose the DHCP connection method.optional). . Type-in the MTU size as agreed with your Internet Service Provider. 3.MTU If your Internet Service Provider requests it.. Click the Settings. The edgeBOX will get all needed information from the DHCP server Use statically configured IP settings (Static) You need to provide the: · IP Address · Netmask · Gateway · Primary DNS (IP Address) · Alternative DNS (IP Address . you don't need to enter any additional information. Inc. you can change MTU (Maximum size of the packets). 1. 4. The primary and alternative DNS servers you type here will be added to the list of DNS Servers in the Forward DNS Servers list. 2.1.2 through a DSL/PPPoE connection If edgeBOX connects through DSL/PPPoE connection. you need to provide: Connection Settings For this type of connections you must type your username and password (please contact your Internet Service Provider in order to correctly determine these two settings). press Ok.. Activate the Override MTU check-box. button. Advanced Options In the Advanced Options menus you should specify how your connection details will be configured Advanced Options Critical Links. Advanced Options . Press Save. 4.

View example. · You may also need to change the properties of the network connection of the computer you are using to manage the edgeBOX. 1.1. · PPPoE over VLAN: select this option if you belong to one of your Internet Service Provider's VLANs.1. If you change the local network IP address while you are accessing edgeBOX from the LAN segment. this may be required by your Internet Service Provider (ISP). if you select this option. and you can proceed. If you change the edgeBOX’s IP Address to 10. · Obtain the Gateway automatically or specify it yourself. .254:8011. · You need to indicate the new address of the edgeBOX in the browser to connect to the edgeBOX’s web management. in the VLAN field.32 edgeBOX 5. select the option Override MTU and change the value in the text field to the value requested by your ISP. Inc. Type the desired IP Address for the edgeBOX (IP Address for the edgeBOX’s internal interface) in the IP Address field. type in your browser the address https://10. or simply to adjust your LAN interface IP address. to do it. make sure you re-adjust your IP address (DHCP or static). button: Connection You should choose to: · Obtain the IP Address automatically or specify it yourself. close your browser. Type the network mask in the field Subnet Mask.1. View example. you may loose access to the edgeBOX web management. Choose the LAN network from the list and click the Edit button at the top of the Networks table...2 Change the local network properties (LAN) To change the properties of your local (internal) networks. There you will find a list of all your networks (including VLANs). Packets · MTU: In this section you can override the MTU (Maximum size of the packets). type the VLAN. · Obtain DNS Servers automatically or specify the desired DNS servers.1. If your computer receives the IP dynamically from the edgeBOX. 2. you may need to ask the Critical Links. as specified by the ISP.254. you should navigate to the Networks menu in the Network section. in that case. your ISP may require this. 4.0 Help Click the Settings.

Network 33 operating system to repair the connection to gets a new IP address. Or if you have defined a static address in the connections of your computer. 3. Change the IP Address and the Netmask fields with the desired information. 1. Click the Apply button in the bottom right corner of the tab. even if you have Firewall based DMZ services active. There you will find a list of all networks currently managed by edgeBOX. Select the Enable DHCP Server on this Interface if you wish to have DHCP also on the DMZ network. you need go change that address to a new IP address of the network. Inc. Related Topics: · Cache Websites · Firewall · NAT · Dynamic DNS · Internet Traffic · Network · Interfaces · DMZ · Diagnostic Tools 4. Please note: you can activate the DHCP service on the DMZ interface. Related Topics: Critical Links. . 2. Choose the DMZ network from the list and click the Edit button at the top of the Networks table.3 Change the DMZ settings To change the properties of your DMZ network you should navigate to the Networks menu in the Network section.

. Your switch should be configured accordingly · IP Address and Netmask of the VLAN – edgeBOX will be active on this VLAN with this IP address. The status icon will turn green. The VLAN status icon will become red. For more details on edgeBOX's VLANs and possible scenarios please refer to Appendix D: VLAN Based Infrastructure.0 Help · DMZ Traffic 4. · Easily manage the network . Each computer on this VLAN will have an IP address in this segment. Define the Guest VLAN Critical Links. Change the desired properties of the VLAN: · Name – A descriptive name to allow you to identify each VLAN. Change the properties of a VLAN 1. separate users that have VoIP phones from users that do not have them. for instance. a VLAN can isolate those users from the remaining network so that information will not be accessible for other groups. 2. Each VLAN tag must be different. to: · Control bandwidth usage and make the network faster . Disable or enable a VLAN To disable an enabled VLAN select the desired enabled VLAN from the list and click Disable at the top of the list. · Increase security . To enable a disabled VLAN select it and click the Enable button. To manage VLANs navigate to the Networks menu in the Network section.If you have groups of users that need more security due to the type of information they share between each other. They also provide additional security by separating groups of devices. Why to use VLANs? VLANs offer higher performance because they limit packet broadcasts in the network. Inc. you have more than 200 devices on your local network and your local network is getting slower because there is too much broadcast traffic (data that is sent from one computer to all computers in the network).4 View and manage VLANs edgeBOX allows you to have up to five VLANs active on your network. VLANs will limit the broadcast only to the specified group of devices within a VLAN instead of broadcasting to all devices in the network.For example.For example. Select the desired VLAN from the list and click the Edit button. You can use VLANs.34 edgeBOX 5. · Tag – The number that will be used on the network packets to allow the edgeBOX to send the packet to the correct VLAN.

· IP address: the current IP configuration (IP/netmask) of this bridged virtual interface. This means that the br0 brings together those interfaces in order to. ath0 for example). to be treated transparently by edgeBOX kernel as your LAN. 4. the Guest VLAN is the VLAN the network users are temporarily assigned to if they haven't authenticated yet or if they have introduced an incorrect username or password. If you don't wish to have a Guest VLAN make sure you select the Have no Guest VLAN option at step 2. Click the Define a Guest VLAN. The informations available are: · Interfaces: the current composition of the bridge (eth1. . interfaces together: same as saying Bridges. eth3. Critical Links. 3. option.1x authentication on your switch. thus. logical or physical. This VLAN usually has limited network privileges. To configure the Guest VLAN: 1.5 Interfaces Physical and Logical Status If you need to determine the current physical. View an example where VLAN 6 is used as the Guest VLAN. if exists). It is commonly used to display information about how the users can authenticate properly onto the network.Network 35 When you use 802.. After they authenticate. That's the case of the br0 interface: it commonly bridges together the eth0 (LAN). 2. The information displayed is somewhat detailed in that it shows you how edgeBOX implements certain networking aspects using specific techniques like Bridging and VLANs. form a virtual interface. if available) and the ath0 (your wireless interface. operational or logical status of edegBOX's network physical or logical interfaces you need to load the Interfaces popup. Configure your switch accordingly: to do this you must configure you switch to use that VLAN as the Guest VLAN. they are assigned to their respective VLANs. the eth3 (AUX.Network section.. It is divided into three major sections: Bridges Here you'll find virtual interfaces used by edgeBOX to logically "attach" several other.. Inc.. back in the Networks list the choosen Guest VLAN will be identified with an appropriate note. Choose the Use as Guest VLAN the VLAN: and pick the VLAN to be used as Guest VLAN. This panel is accessible in the Related Topcis corner of the Networks menu . refered to as br0.

· IP address: the current IP configuration (IP/netmask) of edgeBOX in this VLAN. if available.0 Help Physical Devices Shows you a list of physical network interfaces found in the system. this Tag is the means by which your VLAN enabled switch or other VLAN enabled Ethernet devices can tell to which VLAN each packet belongs. Critical Links. eth2 and so. VLANs This section of the panel shows you your VLANs.36 edgeBOX 5. or hardware address. For example: eth0. · IP address: the current IP configuration (IP/netmask) of this interface.. In that case the IP address you're searching for will be found in the respective entry in the Bridges section. The Network popup will help you with that. for example. 4.. Inc. · Interface Status: you'll get a graphical indication of Up/Down status and the interface current connection bit rate in Mbps. Related Topics: · What are VLANs ? · How do I configure and manage VLANs in edgeBOX ? · I need more details on deploying VLAN based scenarios with edgeBOX.1Q VLAN ID or Tag in use. For each of them: · Tag: the 802. like VLAN_D or SERVERS. Each is identified by it's assigned name. . If you don't find the IP address for some of these interfaces it just might happen that they are bridged. this is a distinguishing marker identifying packets destined at a given VLAN. For each of them: · MAC Address: the interface physical address.6 Monitor connections through edgeBOX In certain situations you will need to determine exactly which network connections are actively passing through edgeBOX or determine if a given IP address is currently connected to some internet server.

Inc.. Critical Links. · Destination Port: transport protocol level destination port. For each of them you can read the total bytes sent and received. usually identified by a mnemonic indicating a well know network service like sip or http.7 Change edgeBOX's hostname and network domain You can find the Hostname in the Hostname and Domain menu.org. Connections passing through edgeBOX This list shows you the network connections currently maintained by edgeBOX. if a username can be associated to this IP Address it will be displayed instead of the IP address for easier identification. server1.Network 37 You can find it in the Related Topics corner of the Networks menu in the Network section. If you have two offices and two edgeBOXes managing each one you can call one edgebox1 and the other edgebox2. button and type the new name in the hostname text box (the hostname must be less than 16 characters long). 4. For each connection: · Source IP / User: the IP address that originated the connection. · Destination IP: the other end of the connection. mycompany. The mycompany. like for example. What is the Domain? The Domain is the name by which your network is known.mycompany. Just click the Network link. As example. You can choose any name you want. within the Network section. · Source Port: transport protocol level source port.org. A hostname is a descriptive name. john-laptop.com part is called a domain name.. . for example. To change the Hostname click the Change. Status and traffic of edgeBOX's network interfaces The upper part of this panel shows you a graphical overview of your network interfaces: Internet Local Network and DMZ. You can find the Domain of the network in the Hostname and Domain menu in the Network section. the IP to which this connection is established. What is the Hostname? The Hostname is the name by which the edgeBOX is known in the network (the name that the computers of the network use to refer to the edgeBOX). Other hosts could exist in that same domain.org indentifies the host server1 within a network domain called mycompany.

0.255.com.168.255. The System Routes list should contain several entries. Inc.168. edgeBOX does not update the reverse hosts files of the DNS Domains when you change the hostname and you have networks defined on the edgeBOX (the local network or the VLANs) that do not belong to network classes A. for example. in a simplified fashion.170.. for example.0/24. you have a VLAN named VLAN_B with the properties: 192.0. If your local network is 192. If you have a registered domain. An appropriate popup window will advise you of that need.com. the list should have a route with the following information: 192.102.254 | 255. If.170.102.254/32.0 Help If you do not have a registered domain. This menu shows you. B or C.0.0 | DMZ · A route for every active VLAN (virtual local network VLANs interfaces). 4.0 | 0.168.255.255.0.0 | 255.100.200/24. like critical-links.168.255 | 0.255.0.38 edgeBOX 5.255.0/24 in the edgeBOX's vlan3 interface.0 | 0.0 | 255. for example.0. for example. If you change the hostname or the domain you need to reboot the edgeBOX so that the changes take effect.168.. If the network is 192. You can not edit these entries because they are configured automatically by edgeBOX.8 View the system routes In the Network section you will find the Routes menu. bellow it you can find the System Routes table. button and type the domain name you want in the Domain text box. If your local network is 192. If you need to add routes to other hosts or networks please see Manage Static Routes . the list should have a route with the following information: 192. for example.168.0 | WAN Critical Links.100.0 | vlan3 (VLAN_B) · A route for the internet (WAN interface).100. .200 | 255. if your company is called MegaSoft then a possible domain could be megasoft.0.0 | LAN · A route for your DMZ network.additional routes that you can create and modify. the contents of edgeBOX's IP routing table: at the top you'll find the Static Routes table. then you can give your network the domain you want.255.0 | 0. This domain will be private and only visible within your network.100.0.255. For example. In the System Route table you should see: · A route for your local network (LAN interface). the list should have a route with the following information: 192.168. To change the domain of the network click the Change.168. the list should have a route with the following information: 192. then you can use that public domain.

0 | 212. Specify the IP Destination Address of the destination network or host.0.9 Manage static routes If you need to manually configure routes on edgeBOX.12. It will open a new dialog window. and this IPSec tunnel gives you access to an example 10.0 | 0.168.12.12. A route that is used in case you do not have a connection to the exterior. then you will need to add static routes. the corresponding Destination Netmask and the Gateway (the secondary route through which edgeBOX will reach the destination network or host) The added route will appear in the Static Routes list.0. 2.0 | 0. .12. Critical Links. etc.0. If your gateway has the IP address 192.170.12.255.0. This panel displays also System Routes . the address of the WAN interface – the gateway address). WAN.0/24 remote network.254 | WAN · IPSec routes will be identified with the IPSec tag on the Interface column If your the remote IPSec gateway has the IP address 212.12 | IPSec 4.100.0.0. the list should have a route with the following information: 0.170.0.168. If you need to enable access to other hosts or networks that are unknown to edgeBOX or aren't directly accessible. You can: Create a new route To create a new route.0.0 | 255.routes that are created and managed automatically by the edgeBOX based on the settings your global LAN.254.0 | lo · A default route (typically.255. on the Static Routes panel: 1. Click the New button.0. the list should have a route with the following information: 10.0 | 192.100. You can assume that edgeBOX will create and manage automatically all routes needed for it's correct operation.0. VLANs.0 | 255. Network section.0. for example. Inc. for example.Network 39 · A route for the edgeBOX (Loopback route). Please note: all necessary routes should be created and managed automatically by edgeBOX.0. use the Static Routes list in the Routes menu. The list should have a route with the information similar to: 127.

To manage these access points you need to use the specific access point's management interface.0 Help 4. Critical Links.40 edgeBOX 5. Configure and turn on the wireless Indicate the type of wireless authentication Make the wireless network more secure Make the wireless network public edgeBOX allows you to have a wireless network and define several configurations to make it more secure. It can operate with an embedded Access Point or as an 802. . Inc.1x Access Point controller if you use several external Access Points spread through the network. edgeBOX cannot manage external access points. How does Wireless work on edgeBOX? edgeBOX provides a wireless LAN access to your office.10 Wireless In the Wireless menu. Network section you can configure and change the properties of the wireless network.

Critical Links.1 Configure and turn on the wireless network To review or change your Wireless network. as integrated authentication using edgeBOX users' accounts or external authentication using a remote RADIUS server. WEP or 802. without having to configure anything on the edgeBOX. A short summary is provided. you can combine them with the wireless features to create wireless VoIP phone access. As edgeBOX also provides IP-PBX features. edgeBOX supports for WPA. . 4.Network 41 As you can see in the image above.1x authentication. you can set several scenarios. This way. By default. you can immediately start providing wireless access on your office. please go to the Wireless menu in the Network section. as seen by wireless clients (SSID). Inc. for quick reference: · Network Name: the network name. channel 11 and the WPA password is mydemokey. edgeBOX's wireless network is already running with a factory configuration defined: the network name is mybusiness.10.

grants a very high level of security and privacy. Advanced · Channel: the radio-frequency broadcast channel to be used (from 1 to 11). also known as the SSID. it's preferable to use WPA instead). · WAP: Wi-Fi Protected Access.choose from 1 to 4.0 Help · Security: WEP... · 802. this is commonly referred to as the PSK (pre-Shared key). WAP or 802... A new window pos up with two tabs: General · Name: the name for your wireless network. (WEP is considered deprecated and has been cracked. button and specify the following: · Data Encryption: choose WPA or Dynamic WEP.1x: with this option you can integrate your wireless network in RADIUS based authentication and accounting setups. · Accounting: you can choose to save user statistics and other accounting information in a remote RADIUS Accounting server (again by specifying it's IP Address. don't use this option unless you really need to and you understand the insecurity consequences. only the MAC addresses specified will be allowed in the Wireless network. .. hit the Change. button to edit. details are: Key . · Allow only specific devices to use the wireless network: click the Add.a 10 or 26 hexadecimal characters sequence .. · Security: you have 4 choices · None (Public Network): this operation is insecure. Inc.1x · Channel: the radio-frequency channel being used Hit the Change. button to add a new MAC Address to the list. the name of the wireless network is a name of your choice that will work as the public identifier of the network so users can connect to the network.42 edgeBOX 5. · Hide Network: if you select this option the network will not appear in the list of available networks when users look for wireless networks in their computers.and Key Position .a 8 to 63 characters long sequence or a 64 hexadecimal characters sequence. how to get the MAC address ? Critical Links. ex: mywifi. Port and Password). if the network has no authentication then everyone will be able to connect to it. details are: Key . · Authentication: can be local (using edgeBOX) or remote (using the specified RADIUS server .IP Address. Port and Password). · WEP: Wired Equivalent Privay.

to avoid conflicts with the other devices. other Access Point devices or other edgeBOXes. For example. Related Topics: Indicate the type of authentication for the network Make the wireless network public 4. if you wish to make the wireless network available again just click Start Service. go to the Wireless menu in the Network section and hit the usual Stop Service. . some smartphones or older network devices do not support WPA security yet. Later on. . so you need to use WEP authentication to ensure compatibility with all devices. Change the Channel of the wireless network You will probably need to change the Channel of the wireless network if you have other devices than this edgeBOX providing wireless networks nearby. This step will ensure your network is. or if you don't want to have a wireless network anymore.10.Network 43 On Windows computers. but the configurations will not be erased. protected against undesired users. This is because each of the overlapping Access Points must have a different channel. . to some extent. . 00-0C-29-C5-91-9F. . you need to reboot edgeBOX after you added the card. go to the Start menu and run the Command Prompt. per example. . select a channel that is not used in the overlapping networks in the Channel Selection drop down list in the Basic tab when you are creating the wireless network. To secure edgeBOX wireless network you can use one of the following authentication methods (protocols): Which type of authentication should I use? The type of authentication you use depends on the devices that are going to access the wireless network. If you wish to temporarily turn of the wireless network for any reason. To change the Channel of the edgeBOX's Access Point. Critical Links. The wireless service will be stopped. If you add a wireless card to the edgeBOX.2 Indicate the type of authentication When you create your wireless network you should configure the wireless Security option in the General tab. for example: Physical Address . Inc. when the black command line appears type ipconfig /all. the MAC address is identified by the Physical Address. .

You should try to always use secure passphrases and pre-shared keys to increase the network security. Use WPA security To use WPA authentication on the wireless network: 1. avoid using WEP authentication. Inc. You can obtain random generated secure keys at the GRC website.must be between 8 and 63 characters long and cannot contain spaces. WEP is relative relatively easy to break. Go to the General tab and choose Security WPA. nor special characters like | \ / : * ? ! < > “. then use the 10 hexa chars sequence. 802. 2. 3. It is normally used to secure wireless networks on workplaces. WEP is relatively easy to break. Go to the General tab and choose the Security WEP. · Passphrase . If you need to use WEP then change regularly the WEP keys.must be composed only of exactly 64 hexadecimal characters (A to F and 0 to 9) and cannot have spaces. How must the key be? The key must be formed using groups of hexadecimal characters (A to F and 0 to 9) separated by '-'. You should indicate the passphrase or the pre-shared key to the users of your network you want to be able to access the wireless network. Use static WEP keys authentication To use WEP authentication on the wireless network: 1. If all your devices support WPA authentication.1x authentication is even more secure than WPA authentication.1x authentication Critical Links. 2. This is not easy to accomplish if you have many users of the wireless network because you need to inform them all about the new active key each time you change it. use WPA with a strong password instead because it is more secure. How must the passphrase or the pre-shared key be? · Pre-shared Key .44 edgeBOX 5. but if you need to ensure compatibility with devices that do not support it. . Example of a 26 chars key: ACBB-8EF2-3410-23AA-F8F0-EEEE-A2.0 Help If you don't need to grant compatibility to older devices. then use WPA instead of WEP. Activate 802. Indicate a key (passphrase or a pre-shared key) that will be used to authenticate to the network. you should use the 26 hexa. to grant a certain level of security. Type-in a 10 or 26 hexadecimal characters long sequence.

Related Topics: Make the wireless network more secure Make the wireless network public (with no authentication required) Critical Links. 3. instead of using a network key that is shared by everyone. If you have devices that do not support WPA accessing the wireless network. Check the option Authenticate Users on another RADIUS Server. edgeBOX will see if the username and password of the user exist in the edgeBOX's list of users and if they match. in the Users section. port and password).1x authentication means that each user who wants to enter the wireless network has to login using its own username and password. This is normally called WPA-Enterprise. the user needs to have 802.Network 45 802.1x authentication on the wireless network: 1. button. Select WPA in the Data Encryption section. using the 802. Below the option. you can save that information on a remote remote RADIUS server. choose Dynamic WEP instead. port and password for that server. a remote RADIUS server will validate the users' credentials instead of edgeBOX. Go to the General tab and choose the 802. Inc.. 2. . You can validate these credentials: · Locally on the edgeBOX It means that. Define the Authentication type: where users' username and password are validated when they try to login to access the wireless network. fields to indicate how the edgeBOX can connect to the remote server will appear: IP address. · On a remote RADIUS server It means that. To use 802. Check box in the Accounting zone and indicate how edgeBOX can connect to the remote server (IP Address. If you also wish to save information like the time the users were connected or what did they do.. This is the default option. For a user to be able to login. You can verify these settings in the Privilege user.1x Access permissions.1x option and hit the Change.1x method.

) button. Network section. select the MAC Address of the computer from the list and click Remove . Activate the Allow only specific devices to use the network option and add the desired MAC addresses to the list using the Add.46 edgeBOX 5. It makes difficult unauthorized access attempts.1x. they need will need to connect to the network manually. (or Edit.3 Make the wireless network more secure You can configure two settings on the edgeBOX to make your wireless network more secure. . Activate the Hide Network option. hit the Change. that is. Why should I hide the wireless network? Hiding a wireless network is a way of improving the network's security.10. This process differs according to the user's Operating System. Even if you don't use this option you still have control over who accesses your wireless network because users still need to authenticate using a wep key.. even if you are already using a secure type of authentication: Allow only specific devices to use the wireless network If you want just a list of specific computers and other network devices to be able to use the wireless network. to be able to connect to edgeBOX's access point. For your network users to use the hidden wireless network. Inc.. or using 802. button and select the Advanced tab.. button and select the Advanced tab... people won't try to enter a network if they do not know it exists in the first place. If you don't want a computer to belong to the list anymore.. Hide the network You can hide edgeBOX's wireless network from appearing in the list of available networks people see when they scan for available wireless networks they can connect to in they computers. hit the Change. Network section.. To hide the network go to the Wireless menu. WAP. To do that just enter the MAC Addresses (or Hardware Addresses) of the computers for which you wish to allow access to the network: in the Wireless menu. This option will restrict even further more the access to the network to specific devices. Related Topics: Indicate the type of authentication for the network Critical Links..0 Help 4.

For more information see Wikipedia DNS.227. . Inc. DNS is a network service that translates literal hostnames and domain names (such as webmail. · · · Domains – Where you can indicate all the domains that the DNS server will know. If you want to make your wireless network public: go to the Wireless menu in the Network section and select Security: None. grant query access from internal or external networks. unauthorized people can get access to the information on the computers on the network and use the connection to access the Internet. It means that everyone who receives the radio signal will be able to enter it and use it.Network 47 4. Avoid creating public wireless networks if you don't really want to make it available for everyone for a given reason.4 Make the wireless network public A public wireless network is a network with no authentication method.85. Related Topics: Critical Links. edgeBOX supports DNS through the well-known named server. If you don't protect the network. Always secure the wireless network if you don't want everybody to access it. slave or forwarder type name servers. Wireless networks are more vulnerable to hackers and malicious software because the signal is available for everybody nearby edgeBOX's access point. Access Control List – Defines access controls for the domains that the DNS server knows.com) into numeric IP addresses (such as 209. It is possible to: · · configure master.103). Settings – Shows the DNS status and the properties of the DNS server. Related Topics: Configure the wireless network Indicate the type of authentication for the network 4. edgeBOX's DNS configurations are divided in the three first subtabs.10. There you can review and change edgeBOX's DNS Server configuration. critical-links.11 Managing the DNS server If you need to configure DNS you should navigate to the DNS menu in the Network section.

when hosts are added. using that database. · Allow only internal hosts to query this domain: selecting this will restrict DNS answers to queries coming form your local networks. · Network: IP address and the class (A. Inc. It will answer the queries for that domain.0 Help · Dynamic DNS 4. if you have a registered domain you will grant access to external networks to query this zone.1 How to add a Master domain If you need to add. . you should go to the DNS menu in the Network section. otherwise for private domains you will most likely want to grant only to internal hosts for security reasons. · Resolution Type: choose Direct or Reverse. 4. These are: · Master: a Master domain server stores the domain database locally (also called authoritative domain for that domain).11. This option is not accessible if Critical Links.11. the forward entries are required (resolving names to IP's). the host entries required (map IP's to names). If Direct is chosen.1 Adding or Editing DNS domains If you need to add new DNS domains. On the Domains Tab click New. This option is not accessible if you have selected Resolution Type Direct and the Manual Reverse DNS Management option · Name Server: here you specify the IP address of the name server. · Slave: a Slave DNS domain gets its zone file information from a zone master and it will respond as authoritative for those zones for which it is defined to be a 'slave' (it is sometimes referred to as a secondary).48 edgeBOX 5. just follow these steps: Domain Tab · Name: the domain name. · Forwarder: a forwarder type domain server does not answer queries directly: it will forward them to another name server. B or C) of the IP segment for which this domain is valid.1. this choice is only active if you have selected Manual for the Reverse DNS Management option in the global Settings tab. If reverse is chosen. or edit. a Master DNS domain. There you will find the current DNS configurations table. Three possible Domain Types are available.

and the next time it checks to see if it needs a new copy. Click the New button and specify the following: · Type: Choose Network or Host based access control rule. or how. for which this domain will be responsive. You can have several rules. it will process the DNS queries. when creating or editing your DNS domains. ACLs created in the Access Control List tab will be available to you in this process. It might be a good idea to create that list first and. · Allow or Deny Updates: whether other servers are allowed to submit dynamic updates for this domain To add access from Slave domains to a master domain witch is configured to only let internal hosts make queries. · Retry time: The time which the edgeBOX will wait before querying a Master (if the master fails to respond to a request) Critical Links. Permissions Tab If you wish to have higher control of hosts. you should use the Permissions Tab. Please refer to that section. Hosts Tab Managing the contents of the Hosts tab is explained in section Managing hosts on an existing domain. If a rule matches it will be applied. Here you can specify an Access Control List (ACL) of rules that will be pre-verified before the server determines if. . re-use them here. or networks. and type bellow it the corresponding values for Network IP address and Netmask or Host IP address · Query Permissions: from the choice boxes displayed choose if you wish to: · Allow or Deny Queries: indicates if queries are allowed for this domain · Allow or Deny Transfers: determines whether other servers are allowed to copy the zone information from this server. the user needs to add an ACL with the IP/Hostname of the the respective slave domain and allow the transfer option. or how it will operate. later. Time Options Tab · Refresh time: The number of seconds between the time that a secondary name server (slave) gets a copy of the zone (or sees that it hasn't changed). Inc. If no match is found the default behaviour is to allow queries and transfers but to disallow updates.Network 49 you have selected Resolution Type Reverse and the Manual Reverse DNS Management option.

· Query Permissions: from the choice boxes displayed choose if you wish to · Allow or Deny Queries: indicates if queries are allowed for this domain. Click the New button and specify the following: · Type: Choose Network or Host based access control rule. otherwise for private domains you will most likely want to grant only to internal hosts for security reasons.11. · Master Servers: here you specify the IP address(es) of Master DNS server(s) for which this domain is a Slave (from which it gets it's DNS database). · TTL time: Specifies the maximum amount of time other DNS servers and applications should cache the DNS record. · Allow only internal hosts to query this domain: selecting this will restrict DNS answers to queries coming form your local networks. it will process the DNS queries. You might wish to lower this if you are going to change your DNS entries and then increase it to a normal value after the changes have been made and tested 4. · Allow or Deny Transfers: determines whether other servers are allowed to copy the Critical Links. Permissions Tab If you wish to have higher control of hosts. or how. Here you can specify Access Control rules that will be pre-verified before the server determines if. and type bellow it the corresponding values for Network IP address and Netmask or Host IP address.50 edgeBOX 5. · Network: IP address and the class (A.2 How to add a Slave domain In order to add. or networks. Inc. . if you have a registered domain you will grant access to external networks to query this zone. · Resolution Type: choose Direct or Reverse. You can have several rules. for which this domain will be responsive. a Slave DNS domain you need to provide: Domain Tab · Name: the domain name.1. this choice is only active if you have selected Manual for the Reverse DNS Management option in the global Settings tab. B or C) of the IP segment for which this domain is valid.0 Help · Expire time: The number of seconds that lets the secondary name server(s) know how long they can hold the information before it is no longer considered authoritative. you should use the Permissions Tab. or edit. or how it will operate.

. or edit a Forwarder domain you only need to enter it's: · Domain Name · Preferred DNS server and · Alternative DNS server (optional).. Server Options The settings displayed can be changed by pressing the Change.Network 51 zone information from this server. To add. See Forward DNS Servers below. requests are made to the forwarder server(s) and. Instead. · if Local is chosen. · if Remote is selected (this is an appropriate option.. 4. those queries will be forwarded to an alternate DNS server. Inc. 4. Click the Settings tab. only if you have entered forward DNS servers). if not answered.11. an attempt will be made to find an answer locally. · Zone Transfer Format: determines the format used by the server to transfer zones.1. button: · Reverse DNS Management · Automatic: the reverse domain is automatically created · Manual: the admin is responsible for creating the reverse domain (if a reverse domain is required) · Lookup Mode: determines the first nameserver to be consulted when a request is received. Network section you will find the global DNS server options. options are: Critical Links.3 How to add a Forwarder domain DNS queries for a Forwarder type domain will not be answered by the DNS server.11.2 Changing global DNS Settings In the DNS menu. the local consult will not be attempted.

Use the Move Up and Move Down buttons to change the order of the entries. Click the New button in the User ACLs table. for the Internet COnnection will not be displayed there. 4. You can add several rules. Go to the Network section. Zone Transfer Time: maximum time allowed for inbound zone transfers. Click the Add button if you wish to add more servers to the list. · Max. · Max. . edgeBOX will use these DNS servers for all external DNS queries. DNS menu and click the Access Control List tab. You need to provide an ACL Name and a set of rules. If you change the Forward DNS Servers list and you have the DNS service running. Rule Type · Use an existing rule: choose from Critical Links. Two tables are presented: the System ACLs table and the User ACLs table. · Many: will pack as many records as possible into a maximum sized message. You can add and edit User ACLs. Inc. Query Cache Time: maximum time requests are cached internally.0 Help · One at a time: will place a single record in each message. This setting overrides any static or dynamic DNS settings configured for the WAN interface in the Internet Connection menu. To do this you need to add one or several Access Control Lists (ACL).3 Managing DNS ACLs This section tells you how to allow/deny clients the use of your server to perform DNS lookups. if displayed. The System ACLs are managed automatically and can not be edited. ACLs names must start with a letter and can consist of only letters and digits. This will be the Name Server(s) used to resolve external domains. Forward DNS Servers This list contains the servers to which queries will be forwarded if the domains queried are not in the current list of domains.11. the Secondary DNS fields represented in the Internet Connection menu will automatically revert to the first and second entries in the Forward DNS Servers list.52 edgeBOX 5. If the DNS service is not running edgeBOX will use the DNS servers configured and displayed in the Internet Connection menu. statically or dynamically. The DNS servers configured. The Primary DNS and. because edgeBOX is actually not using them.

The current hosts list is presented. the ACL will deny the DNS service to that host. For each of the record types a different set of data is required: · A: the Host Name and it's IP Address.4 Managing hosts on an existing domain During the process of creating a new Master domain or editing an existing one. you can add or remove existing IPaddress-to-name and name-toIPaddress mappings (the management of the domain database). referring to your LAN/VLAN or DMZ hosts. you should use localnets instead. available choices are A. a rule for Allow. Select an existing Master domain (the same applies when creating a new Master domain). NS. Note: Deny takes precedence over allow. Critical Links. · any: for any host. if some host verifies a rule for Deny and. Go to the Network section. · localhost: for edgeBOX's system internal localhost interface (please be very careful when using this one. You can create new entries or manage existing ones. · external (for networks external to edgeBOX).Network 53 · none: for no hosts. MX.Access to this domain is available for IP's/Networks in this list. · localnets (your LAN. That is. DNS menu. all ACLs created here are made available to you. if you mean 'the hosts on my local network'. simultaneously. when you create or edit a DNS domain. The first thing you need to do is to choose the Type of DNS record you're adding (this option is only available when creating new entries).Access to this domain is unavailable for IP's/Networks in this list. the localhost rule is considered an advanced rule and should only be used in specific situations). . · Record Type: select from the list. in the Permissions tab. CNAME. For large DNS deployments. you can manage the hosts on that domain. · Use IP Address: here you specify the hosts for this rule by typing-in a Host IP Address or a Network IP/Netmask pair. Inc. VLANs and DMZ networks). SRV and TXT. Click on the Hosts tab. · Deny .11. Action · Allow . That is. 4.

· TXT: the Hostname. The longer TTL means faster resolution times because of caching. lower value means more preferred. the e-mail server with a priority of 5 will be tried first. Critical Links. Weight: A relative weight for records with the same priority. Thus.no-ip. if one e-mail server is set as 5 and the other as 10. · NS: the Name Server (you need only to enter the left-most part). Port: the TCP or UDP port on which the service is to be found.org or www. Port/Protocol): used when more servers are providing the same service. consult www. the Target Host. . but also means the data may be stale for longer. Weight. Port/Protocol. 4. · SRV: the Service. Priority: the priority of the target host.12 Use Dynamic DNS Dynamic DNS is a usefull service when you don't have a fixed IP Address to connect to the Internet (that is. It's common to set this value to several hours normally.54 edgeBOX 5. but to push it down 5 minutes when changes to DNS are expected. You can use one of the two supported dynamic DNS services: · · DynDNS No-IP To see details on how to setup and manage an account on these services.0 Help · MX: the Domain Name (you need only to enter the left-most part) and the Priority field. How does the Priority field work ? The lower this number. Used in load balancing. the Domain Name. What is the Time-to-Live for ? The Time-to-Live (TTL) allows you to specify how frequently domain data may change. What is the purpose of the PWP ? PWP (Priority.org. Weight (PWP). the Time-to-Live for this entry and the Text Message specific for this kind of entry. · CNAME: the Alias name and the corresponding existing Domain Name. the Time-to-Live. when you don't have static IP configuration on the WAN side) and you still want to access your host from external networks by a name of your choice.dyndns. Priority. Inc. the higher the priority.

your DMZ. Click the Configure. a Default Gateway. this way you can have static MAC-IP assignments. a Netmask.org or myserver. IP phones and other devices will request the assignment of an IP Address.no-ip. DNS sever(s) and other TCP/IP related informations. in order to be able to actively participate in the network they are attaching to. 4.. · When you have that. such as maximum lease time and host configuration variables.: mybusiness. Inc..g.13 Using the DHCP service The DHCP Service assigns IP configurations to hosts. · Fixed IP Addresses: this section shows you the IP addresses that are automatically assigned to one specific host or phone. button if you wish to configure it: · Provider: choose your service provider.dyndns. possibly. This process is accomplished with the Dynamic Host Configuration Protocol . · Username: type the username given to you by the provider. A new popup dialog will show you the current configuration status of your Dynamic DNS service. A table with three tabs will be presented: · IP Address Ranges: the ranges displayed will be used by your DHCP server to assign IP addresses to computers or phones that request them. Critical Links. e. . DHCP menu. type-in the FQDN (fully-qualified domain name. Managing your DHCP server To get an overview of the current status and configurations point your browser to the Network section.DHCP (to learn more visit Wikipedia DHCP). · Advanced Options: here you'll find several global options the server will comply to. a specific host is identified by it's MAC address.org). browse to the Network section and click the Dynamic DNS entry on the Related Topics (at the lower-left corner of the browser window). What exactly is DHCP ? Usually on boot. · Hostname: this is the name that you created when you set up the account of the service. computers. · Password: the password given to you by the provider.Network 55 Enabling Dynamic DNS · You need to have an account on either one of those services. VLANs and. laptops and phones on your internal networks: LAN.

10. will also receive 'mobile200.200.loc' as hostname.0. 2. then a host to which the IP address 192.70.255. · For each IP address interval you can define a prefix.If you have edgeBOX e-mail server running and you want to have domains or hosts in the SMTP Relay list.10 to 1. · E-mail Server .3. Create a new range To create a new range of IP Addresses: 1.13.2. the DHCP service will assign it an available IP address from one of the existing ranges.2. then you must indicate a prefix.168. On the dialog window indicate the lower IP address of the range in the Start IP Address field. Inc.168.0 Help Related Topics: · DHCP Leases 4.100. see an example Let's use the following reduced scenario for simplicity: your LAN segment is 10.2. see an example If you have a DHCP range from 1.local. in the e-mail server's Access Control definitions.168.2.0/255.loc.168.1.0/255. this range would not be used at all. .20 because you do not have an internal network compatible with this range. 4.255. Optionally. Delete a range Critical Links. type the Prefix. Click the New button below the Ranges list in the DHCP tab. Indicate the higher IP address of the range in the End IP Address field. When a computer in the network requests an IP Address.200.200 is assigned. you have an active VLAN on the 192.255.If you enter mobile as the prefix and the domain if your network is local. you will not be able to add a DHCP range from 192.0 segment and your DMZ is 192.168. · Each DHCP range created must completely fit into one of the currently configured internal networks (LAN.70.100. · You can create several IP address intervals as long as they don't overlap.50 to 1.103.200 because they overlap.1 Assign IP addresses using Ranges Here you can define ranges of IP Addresses that will be assigned dynamically.200. it will be prepended to the last portion of the IP assigned.168.3. VLANs or DMZ).3.168.255.255. thus forming the hostname sent.0. you will not be able to add another from 1. on the other hand you can define a DHCP range like 192. 3. View details about the prefix · Example .10 to 192.100 because it fits into one of your internal networks (the DMZ in this case).0/255.56 edgeBOX 5.3.255.50 to 192.

3. DHCP menu. Be careful when deleting DHCP ranges. Network section. Inc.Network 57 To delete a range of IP Addresses: 1. Click the Delete button below the list. Enter the device's MAC address in the corresponding afield. If you delete a DHCP range. Click the Apply button to save the changes. Other failure situations are possible. To find the MAC address of a computer you can use the ipconfig /all command in the command line of Windows systems or ifconfig in the command line of Linux systems. specific IP address. Select the desired range from the Ranges list. Each time that specific host or phone requests an IP address to connect to the network. . the server will provide the IP address you specify. 3. 2. Type-in the IP address you want for the device in the IP Address field. Create a new MAC-IP Rule To assign a specific IP address to a specific device: 1. Related Topics: · Assign IP addresses using Ranges · Overview the settings of the DHCP service · Configure DHCP advanced settings Critical Links. the computers that receive IP addresses from that range may not be able to connect to your network the next time they are turned on. Click the New button.2 Assign IP addresses using MAC-IP rules The Fixed IP Addresses tab.13. 2. allows you to assign always the same. Related Topics: · Assign IP addresses using MAC-IP rules · Overview the settings of the DHCP service · Configure DHCP advanced settings · DHCP Leases 4. to a computer.

click the Change. Related Topics: Critical Links. DNS and Domain Name that will be provided to the network hosts as part of their IP configuration. · Default Lease Time: is the default duration.. · Gateway: determines the Default Gateway to be provided to the hosts requesting the dynamic IP configuration. will be provided on any network zone to which the DHCP service is reachable. in other situations they can ask for a specific lease time. The Advanced Options are separated into: Lease Time The Lease Time is the length of time for which the host can use the IP Address assigned by the DHCP Service before he is required to request it again from the DHCP Service. in seconds. In those cases. in the popup dialog. otherwise the maximum time will be used. · DNS Server(s): this/these are the DNS servers the host should query in order to resolve names. by default edgeBOX will take on that task. the default configuration is to provide edgeBOX's LAN IP address. by default this is edgeBOX's LAN IP address. for short) hosts. .13.58 edgeBOX 5. If you need to change these default settings. will be provided only to LAN and DMZ (if enabled) hosts requesting dynamic IP configuration. To change any of them just hit the Change. the DHCP service will assign the IP address for the requested duration if it is smaller than the max.. button and type in the desired value(s). will only be provided to internal network (LAN. · Domain: this is the network domain to be provided. Inc.. · Maximum Lease Time: hosts usually simply ask for an IP Address and use it for the default lease time. and thus.0 Help · DHCP Leases 4. a host can use the given IP Address. it determines the domain to which the host belongs when getting it's IP configuration.3 Configure DHCP advanced settings The Advanced Options tab allows you to further refine your DNS server's configurations. button and specify them manually by entering data into the desired text fiels. Gateway and DNS These settings control the Gateway..

4 DHCP Leases The DHCP Leases popup is available in the DHCP menu. Network section. button and select a value between 128MB and 8192MB in the Cache Disc Size drop down list. Click the Change.Network 59 · Assign IP addresses using Ranges · Assign IP addresses using MAC-IP rules · Overview the settings of the DHCP service · DHCP Leases 4. Change the size of the Proxy Cache 1. Indicate cache exceptions Critical Links. 4. To do this.14 Manage the Webcache size and sites You can specify websites which you don't want to cache of (cache exceptions). 2.. The Ping Status column will show you if that specific IP Address is currently present on the network: select an entry from the list and click the Ping button to update this field. Follow the Cache Websites link in the Related Topics corner. and the start . the Device Name (if available).To field . It makes the webpages your network users consult more frequently to be loaded quicker. It shows you the current list of IP addresses assigned to each computer in your internal network.. the host's MAC Address. option to get a list of leases considered expired. It shows you the IP Address assigned. About edgeBOX's cache. also minimizing WAN bandwidth usage This is made by saving parts of the webpages in the edgeBOX.and end .From field . in the Related Topics corner. Hit the Save. edgeBOX acts a Transparent Proxy Caching Server.. button... Inc. Click the View expired DHCP Leases..dates of each lease.13. . please navigate to the Network section.

Type the IP address of the website that the edgeBOX must not cache in the window that will pop up. You can indicate websites that you don't want the edgeBOX to cache. like websites that are very dynamic and their content changes constantly. To stop edgeBOX's proxy cache click the Stop Service link at the top. To start caching websites again. Critical Links. You can stop the service if you don't want edgeBOX to cache any websites.0 Help By default. Click the New button. the Proxy Cache service is by default running. Please refer to that section for details: NAT and Port Forwarding. being mostly Firewall related. 4. This is. To indicate to the edgeBOX not to cache a website: 1. If you have Premium traffic defined in the QoS section. this traffic is not cached by the edgeBOX. If you stop caching websites. It may be useful for some specific websites. Click OK. 2. . Inc. Security section. edgeBOX will not be able to block access to websites you may have blocked or block access to websites containing words and expressions you may have blocked in the Website Restrictions options. is fully covered in the Security section. 3. You can also delete and edit these entries.60 edgeBOX 5. click Start Service.15 Using NAT and Port Forwarding The usage of NAT and Port Forwarding. edgeBOX caches all websites. Do not cache websites / stop the Proxy-Cache Service By default edgeBOX caches the websites your network workers visit.

maximum delay. On the one hand. just by applying both configurations. The edgeBOX provides a set of CoS according to the Diffserv model. It is also important to keep in mind that service classification is always processed in the first place. These two approaches have different purposes. This is possible. that is. maximum delay variation and maximum packet loss. Moreover. the IPSec tunnel and the users' Internet access when the network is congested. Therefore. we may want both the scenarios. On the other hand.16 Using QoS The edgeBOX QoS (Quality of Service) consists of differentiating the network traffic resulting from the activity of services and/or users. given by a Privilege. User Privileges 3. A CoS is deployed by a internal mechanism which shapes the network traffic in order to meet a set of expectations such as the minimum rate. service traffic differentiation requires service classification configuration. Service classification 2. we chose to use a more user friendly one called Olympic. the edgeBOX provides the following CoS: CoS Olympic CoS Diffserv DSCP (hexadecimal) ToS (hexadecimal) Maximum Percentage Rate Critical Links. Inc. we just need to select an appropriate traffic profile and assign it to the users' Privilege. Nevertheless. information about how the service packets may be recognized among all others on the network. Classes of Service The differentiated traffic behavior is given by CoS (Classes of Service).Network 61 4. Let's consider that we want to be able to use an IPSec tunnel no mater how much congested the network is. otherwise. Classification based on the packet DSCP mark Classification based on the DSCP mark will only be used when the authentication is turned off because. In this case. all traffic is somehow included in a user privilege. user traffic is much easier to configure as it only involves assigning a traffic behavior to a group of users. . In this case. we would need to classify the service by creating a rule to assign an assured rate to every ESP and GRE packets. we may not be concerned with a service in particular and we may just want to be able to grant Internet access to a certain group of users even if the network is overloaded. As the Diffserv nomenclature is very technical. The process of service and user QoS configuration is different both in the concept itself and the difficulty to accomplish. The order of packet classification is the following: 1.

Actually. the premium class cannot be assigned but pipes can. Network section. 0x50. AF32. 0x16 0x48. Inc. The only configuration required is setting the VoIP assured rate. The purpose of this class is to be used to build a set of high priority subclasses called pipes. The CoS provided for inbound and outbound traffic are not exactly the same. 0x30. Related Topics: · Privileges Critical Links. Thus a pipe. then it will not use this hidden pipe anymore and will use the Gold for every VoIP packets class instead. there is an exception: if the VoIP QoS is set to 0. 0x58 Gold Premium AF31. Starting and Stopping QoS The QoS Service can be started and stopped on the service bar at the top of the QoS menu.0 Help BE DF 0x0 0x0 10% of non premium rate 20% of non premium rate 30% of non premium rate 40% of non premium rate User defined Bronze AF11. IAX) is classified as Gold. VoIP audio (RTP) packets are classified as Premium and signaling (SIP.62 edgeBOX 5. 0x1e 0x2e 0x68. AF13 0xa. although premium has no pipes it can be classified directly. is a user defined traffic profile. 0x78 0xb8 Only the Premium class is configurable and cannot be classified directly neither by the users or by the services. AF12. only two of those classes are provided: BE and Premium. AF23 0x12. . VoIP QoS VoIP traffic classification is handled internally as a pipe.WAN and DMZ (if available). rate is to be set by the user. AF33 EF 0x1a. 0xb. Therefore. 0xe 0x28. inheriting the Premium configuration except for the rate. Furthermore. 0x38 Silver AF21. that is. 0x1c. for inbound traffic classification. it is possible to decide whether to apply or not QoS on each interface . 0x70. However. 0x14. that is. AF22. In this context.

. packets will be classified and marked according to the Diffserv architecture.16. It includes: · the pipe's Name. if available) just hit the corresponding Change. button opens another window with the advanced upload QoS settings. this can be used to limit the upload rate for all the upload traffic. Otherwise unused Premium bandwidth will always stay unused. Advanced QoS Upload Configuration The Advanced Configuration. · Pipes Management: by clicking on the New (or Edit) button a window will be presented with the Pipe configuration... · VoIP Assured Percentage: sets the percentage of upload Premium bandwidth to be used for VoIP traffic. enable this feature only if you have an SLA (Service Level Agreement) with your ISP.Network 63 · Internet Traffic · DMZ Traffic 4.. · Allow other classes to borrow unused Premium bandwidth: selecting the option means that the Premium CoS will borrow bandwidth whenever it is requested by another CoS and if that premium bandwidth is not being used.1 QoS Upload configuration To set QoS upload configurations for the Internet (the same applies for the DMZ. button in the QoS menu. · the Percentage of Premium assured rate assigned to the pipe. Critical Links. · Premium Assured Percentage: sets the maximum percentage of the upload bandwidth assigned to the Premium CoS. A new window with the QoS upload properties will be presented including the following parameters: · Maximum Rate: sets the maximum upload rate. Network section. These settings consist of the following: · Mark DSCP: by checking this. . Inc.

16. options are Any IP Address.0 Help 4. Download configuration includes the following parameters: · Maximum Rate: maximum download rate.2 QoS Download configurations To set the QoS download configurations for the Internet or the DMZ. it accepts a single port. · Premium Assured Rate: percentage of the maximum download rate that will be used for the Premium CoS. The service configuration panel is accessed in the Network section. 4. Network section. button in the QoS menu. QoS menu by clicking the Create. it accepts a single port. · based on the user privilege and · based on the packet DSCP field. if supported. · Service Class: sets the CoS which will be assigned to the service.3 Service Classification As mentioned before in this section of the manual. options are options are Any IP Address. edit or remove QoS service classification rules option.. LOCAL->DMZ. . This parameter it's only visible for TCP and UDP protocols. LAN>DMZ. DMZ>LOCAL (LOCAL referrers to packets going from or coming to the edgeBOX itself).64 edgeBOX 5. LOCAL->WAN. just click the corresponding Change. It was also mentioned that the first has higher priority and it is always applied in the first place.. WAN->LOCAL. Inc. accepted values are LAN->WAN. The available options depends on the traffic direction and on the pipes created. · Destination Ports: sets the destination ports. Critical Links. accepted values are TCP. The parameters which may be used in service configuration are the following: · Traffic Direction: sets the direction of the packet. DMZ->LAN. GRE or ESP. · Source Ports: sets the source ports. WAN->LAN.16. a port-range or a set of ports and port-ranges. · Source Address: sets the source IP address(es). there are three packet classification strategies: · based on the service. a port-range or a set of ports and port-ranges. UDP. Single IP Address or IP Address Range. · Destination Address: sets the destination IP address(es). Remember that there are only two classes in inbound (Best Effort and Premium) and no pipes. This parameter it's only visible for TCP and UDP protocols. Single IP Address or IP Address Range. · Protocol: protocol of IP packet.

from any IP address. packets destined to port 22 will be classified as Gold and packets destined to the other ports. Similarly. to port 22. classified as upBE. For example. upper corner panels show you the inbound and outbound current bandwidth usage and the current QoS Maximum Rate in Kbps: as example 235 Kbps of 20000 Kbps. 4.4 Internet and DMZ QoS statistics The Internet Traffic and DMZ Traffic popups are available in the QoS menu. will be classified as BE. Data is calculated for a period of 15 minutes using values that are collected every 2 minutes. from any IP address. Both display the same kind of information. . to any IP address.16. inverting the priority. specifying service classification rules demands special attention to these issues. but each for it's corresponding network zone: Internet zone (WAN) or DMZ zone. classified as upGold. the DMZ Traffic popup can identically be reached in the Related Topics. 2. Network section. · Transmitted bytes: total transmitted bytes. let's consider the following two rules on the following order of priority: 1. to the port range 20-100. left and right.Network 65 Service Rules Priority There may be conflicts between service classification rules. is subsumed by rule 1. in the Related Topics corner. setting rule 2 priority higher than rule 1. port 22 is included in the port-range specified on rule 1 and as rule 1 has higher priority than rule 2. Security section. In this case. Inc. to any IP address. of course. the Internet Traffic popup can also be reached in the Related Topics corner of the Internet Connection menu in the Network section. DMZ menu. For convenience. Upload Bandwidth and Download Bandwidth · the two. will have a completely different result. These panels allow you to view traffic control statistics for the Internet Connection and for the DMZ interface. On the other hand. form any port. that is. from 20 to 100. All TCP packets from LAN to WAN. In this case. with the exception of port 22. Rules priority is changed by selecting a rule and clicking the Up and Down buttons on the toolbar. Only rule 1 will be used to classify these packets. rule 2 will never been reached because. form any port. Therefore. All TCP packets from LAN to WAN. In other words. Critical Links.

Dropped Packets. Download Bandwidth per class For each of Premium and Default (BE) QoS traffic classes displays the same four values: Bandwidth Used. Inc.0 Help · Transmitted packets: total transmitted packets. Silver. . Transmitted Bytes. You can use the Reset button to bring all values to zero and restart statistics. Transmited Packets. · Dropped packets: total dropped packets. Transmitted Bytes.66 edgeBOX 5. Critical Links. Bronze and Default (BE) QoS traffic classes displays the same four values: Bandwidth Used. Dropped Packets. Upload Bandwidth per class For each of Premium. Gold. Transmited Packets.

thus providing safe connectivity for remote sites or users. connecting them securely. edgeBOX currently supports three options for enabling VPN connections: · IPSec · PPTP · L2TP 5. This kind of IPSec VPNs is referred to as Net to Net IPSec.VPN 67 5 VPN This section allows you to review and change VPN configurations · · · IPSec PPTP L2TP A Virtual Private Network (VPN) provides the means by which two private protected networks. or a user and a private network.1 IPSec IPSec VPNs are especially suited for establishing tunnels between two private networks over the Internet. Critical Links. Inc. . Nevertheless edgeBOX also supports the RoadWarrior type. such as the public Internet. which is best suited for remote users to connect to a protected network. This is accomplished by the usage of authentication and encryption techniques which assure privacy and security form one end to the other. can be made to communicate and interoperate. using an available link through an unsafe network.

Please note that the IPSec service can not be started if the WAN interface is not configured. in the service status bar. limited to situations where the edgeBOX have an interface directly connected to the tunnel local network. For tunnels that are running you can select the entry and right-click it with the mouse. In addition to the usual management operations (New. their details and their respective status. the Status function will not produce a correct tunnel status information. architecturally.0 Help Net to Net IPSec VPN connecting two private networks To review or manage your IPSec tunnels.68 edgeBOX 5. . If that is not the case. navigate to the IPSec menu in the VPN section. To Start or Stop the IPSec function globally you can use the usual Start Service and Stop Service options at the top of the menu. Please note that the Status function's correct operation is. Stop and refresh the Status of each tunnel. you will need to choose among two kinds of IPSec: Net to Net and RoadWarrior. An overview is presented with a list of configured tunnels. These routes are distinguished with a specific 'IPSec' identifier in the Device column of the System Routes panel in the the Network Critical Links. The Configured Tunnels table shows you several details about each tunnel: · Name: the tunnel's name · Gateway: the tunnel's gateway IP address or the RoadWarrior indication · Networks: the two network endpoints · Status: the current operational status of each tunnel. IPSec Routes edgeBOX automatically generates and manages IP routing details necessary for the correct manipulation of IPSec traffic between the two tunnel endpoints. You'll get access to a context menu with an option named View that allows you to view current details of the running tunnel. Inc. Edit and Delete) you can also Start. To create a new IPSec tunnel. All other options are also available.

go to the Advanced Tab.168. Depending on the type of VPN tunnel.255. the PSK should be generated from purely random characters.1. .1 General After clicking New and choosing the type of IPSec .255.255. If you need to review them or change them. you should provide: · Tunnel Name: a name by which to identify this tunnel · Local Network: IP Address and Netmask specifying the internal segment on the "local" side of the tunnel.0/255. Critical Links.100. That is.Net to Net or RoadWarrior .101. Net to Net specific: · Remote Network: IP Address and Netmask specifying the IP segment on the "remote" side of the tunnel (as will be "seen" locally).168. RoadWarrior specific: · Remote Hosts: any or a specific host.VPN 69 section. Related Topics: · Routes 5. · Shared Key: both local and remote ends of the tunnel must have the same key to initiate encryption.0).you can configure several details for the tunnel: General Tab: The general tab allows you to configure a VPN tunnel with a minimum of information. · Gateway: the IP Address of the IPSec server this tunnel is to be established to. 192.255.0/255. Inc. a number of networking and security related parameters are automatically set for you. could be your local LAN (ex. this key is the pre-shared secret (PSK).0) or any of your VLANs (ex. 192.

a specific Configure. alternatively an IP Address. but exposes identities of the peers to potential eavesdropping. a FQDN or an e-mail address. Critical Links. · Remote ID: default local ID (IP Address) or. To let you fine tune them..1. avoiding aggressive mode should be preferred when possible. button exists in each of the four configurable sections.1 Advanced You'll find all IPSec Advanced configurations in the Advanced Tab. . generally speaking. Inc. This tab shows you an overview of your current options. · Agressive Mode: Enables faster tunnel creation/operation as fewer messages are exchanged between peers.1. a FQDN or an e-mail address. The defaut values are: Proposals · Phase One · Encryption: Options are 3DES or AES (128 bit encryption) · Authentication: MD5 or SHA1 · SA Lifetime: 8 hours to 24 hours · DH Group: Options are Group2 (1024bit) or Group5 (1536bit) · Phase Two · Encryption: Options are 3DES or AES (128 bit encryption) · Authentication: MD5 or SHA1 · SA Lifetime: 1 hour to 8 hours · DH Group: Options are Group2 (1024bit) or Group5 (1536bit) · Perfect Forward Secrecy: provides additional security by preserving the security of your old encrypted data even with the private key compromised. Please note: edgeBOX supports only AES-128..70 edgeBOX 5. usually set to on.0 Help 5. ID Information · Local ID: default local ID (IP Address) or. alternatively an IP Address.. making it less secure.

.. PPTP tunnel connecting a host to a private network In the PPTP menu. Allowed Services · this add/remove service list provides the means by which edgeBOX services allowed/denied through the tunnel. VPN section. Inc. you can grant or revoke access to services running on the edgeBOX for hosts in the remote network. and . · Connected Users: a table where each connected user is listed as well as the IP address of the Critical Links. or aren't. by default all hosts in the network will be able to use the tunnel. A short overview is provided: · Remote Users are authenticated by the: local authentication service or remote RADIUS server · IP Addresses are dynamically assigned between . · Outgoing Access: list of rules blocking access of your hosts to the remote network. visible to remote hosts over the tunnel. . you can review and change your PPTP configuration.. This allows remote users to access the internal network from anywhere on the Internet.2 PPTP PPTP is used to establish VPN tunnels across the Internet. 5..VPN 71 Tunnel Access Control · Incoming Access: list or rules specifying whether your hosts are.

The process by which edgeBOX determines if a given user .. go to the VPN section PPTP menu and click Change. nor should any static IP addresses in this range be defined. Please review that option if you loose access to the Internet. the Port and Password for the RADIUS server. which reduces edgeBOX traffic and encryption overheads. · Authenticate the remote users using a remote RADIUS server: type the IP Address.0 Help client machine from where the connection was established.. Click the Change. The address range should not overlap the DHCP range. button to edit these settings. Access to PPTP is one of those features. Authorization for PPTP VPN use is configured in the User Management panel. This is because it makes more sense to access the internet via your local network.is or is not allowed to do it depends solely on the Privileges defined for that user. Related Topics: · Privileges 5. No additional configuration is needed. Critical Links..trying to establish a PPTP connection .1 PPTP Properties To change the PPTP properties... such as RADIUS user creation. Inc. you will not be able to access the Internet via the PPTP connection. You should keep in mind that edgeBOX manages all users permissions around the concept of Privileges. When using PPTP with the (local PC) default remote gateway option checked (connection TCP/ IP options). You'll need to specify configurations for: User Authentication · Authenticate the remote users using the local authentication service: selecting this option means that the authentication will be performed by edgeBOX. .2. and the time at which the connection was established.72 edgeBOX 5. IP Address Assignment These two fields allow you to set the IP address range which will be assigned to clients connecting through PPTP.

with access to the network services based on the profile policies he belongs to.. Access Priviliges using Local Authentication When a user accesses the network using a PPTP connection.. If you need to configure L2TP go to the VPN section. the user will have no access privileges at all besides the specific access rules defined in the Access Profile's Destination Access Policies list. PPTP users that authenticate in a remote RADIUS server will always belong to the 'Default' access profile as it is impossible for the edgeBOX to know who they are.VPN 73 Please read on. Please provide: · Server IP: IP address of server · Username: Username on the server used for authentication · Password: Password on the server used for authentication. so you don't need to create the users in the edgeBOX. then all the process is made in the Remote Server. Inc. the privileges the user has are related to the access profile the user belongs to.3 L2TP Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used by Internet service providers to enable the operation of a virtual private network (VPN) over the Internet. Access Privileges using remote RADIUS authentication If you want PPTP users to authenticate in a remote RADIUS server instead of the edgeBOX. L2TP menu. button. Click the Change. A quick overview is provided stating the current tunnel status. If the profile of the user has the Allow full access to LAN from PPTP connections option switched on then the user will have access to the LAN as if he was a regular LAN user. Else. . Related Topics: · Privileges 5. which is the password for the Critical Links. edgeBOX verifies the access rules defined on the profile of the user to determine access to the LAN and VLANs.

Critical Links.0 Help above username · PSK: Pre-Shared secret key (must match the one on the server) · Keep Connection Alive: Polls the server to maintain the connection At the end make sure the L2TP service is running.74 edgeBOX 5. Encryption/Privacy should be provided by higher protocol layers and/or applications. Inc. Note: L2TP is not encrypted but simply allows the tunnel connectivity. .

prevents internal users from accessing edgeBOX's ftp service but still allows users to ftp. ftp. There you can: · Apply Firewall settings for connections coming from the Internet and the DMZ · Adjust firewall blocking rules for Internal Connections · Fine tune your Firewall using Advanced Firewall Rules If you do not activate the Firewall service edgeBOX will be working in pure router mode – all services will be available. . Enabling or disabling a service. SPI NAT and Port-Forward Website Access Restrictions Anti Virus Engines Shared Folders Scanning Mail Scanner 6. Inc. Go to the Firewall menu in the Security section.Security 75 6 Security This section allows you to review and change Security related settings such as: · · · · · · Firewall: WAN and DMZ service access. your network services and your users. Related Topics: · Services Critical Links. allows or blocks access to that service on the edgeBOX. Internal Connections.1 Firewall Configuring the Firewall is an important aspect in the global security of your network. through the firewall. If you wish to block user's connections to other servers besides edgeBOX then you should look at the user Privileges section. Blocking. Advanced Firewall. to outside servers. for example.

Just Add and Remove items from the list. any connections coming from the Internet to the SNMP service are unallowed.2 Securing Internal Connections Clicking Internal Connections. The interface is similar.1.. You need to press the Change. Then.0 Help · Privileges 6. . That's it: starting now. Click it and click the Remove button.. button. 6. button and select the Internet tab.. This menu shows you two horizontal panels: · Connections allowed coming from the Internet: connections originating in the Internet directed at edgeBOX will be allowed if listed. Critical Links. This panel allows you to review and manage your Firewall configuration.1.. and use the Add and Remove buttons to edit the allowed services list according to your needs (note that managing the firewall is only allowed if the service is running). By default. Please note that the services you add to this list will be unreachable from the LAN and VLANs (in the Internet and DMZ panel the rule logic was the oposite: to allow connections. you gain access to a configuration panel that allows you to specify edgeBOX services that can not be accessed from the LAN and VLANs. Click Save. Press Save in the end.76 edgeBOX 5. A new dialog window will popup. To add or remove a service from these lists click the Change.1 Securing the Internet and DMZ links The operation of your Firewall can be managed in the Security section. here the rule is "services added here are unallowed"). after installation. Inc. Firewall menu. See an example: If you wish to block any connections to your SNMP agent that originate in the Internet. the Firewall service is running and most services are forbidden from the outside: only Webadmin (https management) and Ping are allowed. In this new dialog please select the sub-panel you wish: · Internet (WAN).. if the SNMP service is listed you need to remove it from the list (if not listed you're done here).. · Connections allowed coming from the DMZ: connections originating in the DMZ directed at edgeBOX will be allowed if listed. or · DMZ Network.

Configure: · Inbound Rules / Outbound Rules: to manage rules in each traffic direction.. you can explicitly allow/ deny incoming/outgoing traffic based on the source.... Now you need to add or edit rules. Even if you don't activate the User Authentication service you can manage which services your users have access to. 6. (blocking) list will be blocked to the LAN and VLAN users. link in the Network -> Firewall menu. how can it be usefull for me ? A Statefull firewall raises the level of network security obtained because only packets matching a known connection state will be allowed by the firewall. For each rule. · Default Rule: click Allow or Deny to determine the default rule to be applied when no rule matches (a Red/Green icon will toggle indicating the current default rule).. Using this. destination and protocol. to learn more see Wikipedia Stateful Firewall. Check the Use Advanced Firewall Rules option to activate the rules panel.3 Using Advanced Firewall Rules In most situations you should not need to add extra firewall rules. existing rules.. Rules You can create New.1. This is actually an increase in network security because you increase the ability of the firewall to determine if a packet is or is not supposed to be allowed in. But if that is the case you can use the Advanced Rules. a wizard-like sequence of dialogs will guide you through the creation/edition of your advanced firewall rules: Critical Links. Please refer to the Users section for detailed information. You need to keep in mind that edgeBOX supports extensive mechanisms for granting and controlling Users and their Privileges.. or Delete. You can have distinct a Default Rule and a diferent SPI setting for each traffic direction..Security 77 Services added to the Internal Connections. How do I fine tune and manage connections that originate in the internal network ? This is an important topic when configuring your edgeBOX. The order by which rules will be verified can be changed with the Up and Down buttons. rules and Edit. . no matter what configurations you might add somewhere else. · Stateful Packet Inspection: keep track of the state of incoming/outgoing network connections (analyse packets in packet context and in connection context). others will be rejected. Inc...

Step 2 From: Any To: Device (that specific host IP Address). 80. Step 3 name it forbidden.3. · Summary: at the end..0/24 from sending any kind of e-mail through SMTP.0 Help Step 1: Action and connection type · Allow/Block connections: choose if this rule is to Allow something or to Deny something. 22. 500-600). as specified by an IP Address and a Netmask) and edgeBOX (connections originating in edgeBOX it self). TCP (you can choose All destination ports or specify individual ports or even port ranges like 21. On the other hand. Private Network Routing. Show me an example Lets imagine you need to prevent all computers from IP segment 1. you might wish to deny any kind of access to a specific host: Step 1 you'dd need to Block All. Critical Links. edgeBOX can have it's WAN interface attached to a public or private IP segment... Step 3: Name and Summary · Name: a suggestive name for this rule. RFC 1918 determines that "because private addresses have no global meaning.255..78 edgeBOX 5. If you need to implement such behaviour you should add specific firewall rules in the Advanced Rules. Due to the fact that edgeBOX is designed to operate in a variety of network configurations. Step 3 Name nosmtp123.of WAN segment. an overview of the rule. This is how you'dd do it: Step 1 Block TCP port 25. Device (connections that originate in a specific IP Address). and packets with private source or destination addresses should not be forwarded across such links". · Connection Type: All. · To location: Any.public or private . Step 2: Source and destination · From location: Any (connections that originate anywhere). Network (connections that originate in a specific segment. Step 2 From Network 1. To Any. UDP (same as TCP) and ICMP.2. routing information about private networks shall not be propagated on inter-enterprise links. edgeBOX (connections directed at this edgeBOX it self). Device.0/255. So edgeBOX's default behaviour is not to block routing of incoming or outgoing packets based on the nature .3.2.255. Network. . Inc.0. menu.

. you will have to explicitly grant access to hosts residing in it. UDP. is being appropriately routed to edgeBOX. . but cannot access the trusted network. ICMP and ALL.. this range will be a public range. you may specify a port range to which access will be granted · Protocol: The specific protocol to which access will be granted. Next. To: if you select this option. The rules are shown in a table which can be modified with the following options: New. a Corporate internal network) and an untrusted external network (such as the Internet).Security 79 6. DNS servers. e-mail servers). Enabling your DMZ Go to the DMZ menu in the Security section. Choices available are TCP. and so your ISP must provide routing to it). · From. After checking this option you will need to create rules to grant access to hosts residing in this subnetwork.2 Setting up a DMZ A DMZ is a small sub-network that sits between a trusted internal network (for example. via appropriate rules. this kind of networks is used to house Internet servers (web servers. This interface is configured with an IP address range accessible from the external network (in case the external network is the Internet. Make sure you configure an appropriate address range for the DMZ interface. Although this address space is accessible from the external network. and that traffic with this subnetwork as its destination. you will need to specify the single port to which access will be granted. This kind of network is used as a buffer between the two networks: hosts placed in this network are accessible either from trusted and untrusted networks. A new DMZ rule is set up this way: · Destination IP: The host/range to which access will be granted. · Port: If you select this option. · Netmask: The netmask to be used. we will show the options available for configuring a DMZ. Edit and Delete. Usually. Inc. As usual you can start and stop the service on top. Related Topics: · DMZ Traffic Critical Links.

you are actually providing the means for the hosts on the 10.255. Configure NAT on an internal network To configure NAT on an internal network: 1. 6. so that the computers can connect to outer networks like the Internet and have access to several services. If you use 10. by default.80 edgeBOX 5.10. you can view and change NAT settings for your network. What is NAT ? NAT (Network Address Translation) translates the private IP addresses of computers in your internal networks to a single public IP address. . Also. What is Port Forwarding? Critical Links.10..10. Type the IP address and the Netmask of the network for wich you want to have NAT working (most likely it's one of your internal networks. without needed to configure anything. in the Security section. it is already configured for the LAN and for each of the VLANs. you are able to use private addresses in your internal network. So you can connect to outer networks from the computers of your network immediately.10. With NAT. All requests made from internal hosts are seen by the external networks as being made by edgeBOX which then translates back the response packets' destination addresses to the originating internal host NAT is by default enabled on the edgeBOX. Show me an example. You can use Port Forwarding from the Internet (WAN interface) to your local network or from the DMZ to you local network.4 Using Port Forwarding You can find edgeBOX's Port Forwarding functionality in the Port Forwarding table of the NAT menu. by NAT'ing their IP addresses on the WAN segment.0 for Network IP/Netmask and WAN for the Interface. Use the Drop-Down list to select the interface used to reach the network you just indicated.0 Help 6. Security section.. LAN or VLAN) 3. Inc.x IP segment to have access to the Internet or any other external network accessible through the WAN interface.255.0/255.3 Enabling NAT for the private networks In the NAT menu. Click the New button and a dialog window will appear 2.

like a web service or an e-mail service. · External Settings · Single Port: to indicate the external Port visible in the interface chosen or. Website Restrictions Critical Links. as if it was running on edgeBOX itself. To configure this service just point your browser to the Security section. · Range of Ports: to use the same range of ports that was chosen in External Settings (this option is only available if you have selected Range of Ports in External Settings).5 Website Access Restrictions The edgeBOX provides a web page filtering service that can be used to block access to web sites. Add a port/service to Port Forward To make one or more internal services available to external networks click the New button to create a new entry in the Port Forwarding table. · Range of Ports: to indicate the start and end ports of the Range of external ports.g. Please specify: · Interface: choose the interface where you want to make the port forward available ( WAN or DMZ). alsonote that HTTP traffic that is configured to use Premium bandwidth cannot be blocked. · Internal Settings · Internal IP:address (in your local network) of the computer that is running the service you want to make available. 6. HTTP traffic that has QoS rules defined in the QoS Services panel cannot be blocked either. Filtering can be performed on either domain names or by checking URLs for certain keywords.Security 81 Port forwarding allows remote computers (e. With port forwarding. Note: The web filtering service only blocks words in URL and domains in HTTP (port 80) traffic. HTTPS and FTP traffic can not be checked. . Inc. This is because Premium bandwidth HTTP traffic bypasses edgeBOX's Proxy. you can make a service run on an internal host visible to the outside world. from that IP address. where the traffic will be forwarded to. A new dialog will appear. Also. public machines on the Internet) to transparently connect to a specific computer within your private networks so they can use services that your computer shares. · Single Port: to indicate the internal port.

com' as well as 'new..bat When adding a domain to the file.com/getit.5. button you should choose the type of file you are uploading: · Domains list to be denied · Words-in-URL list to be denied After uploading any file you should enable/disable their usage by clicking the Enable/Disable buttons according to your needs.82 edgeBOX 5.com'.0 Help menu. www.com/help'.com' and 'test.com) Blocks domains containing the word dog or cat (eg www./] *\. for example.net [-. if you specify test.catty.example.info Some one-line examples for the domain file are: . Clicking the New. Each line in the file may be a domain to deny.regular-expressions. it will match 'test./]dog[-.school.net (eg www. Critical Links. .exe or www. For example '.com' will match 'example. com'./] [-. A domain preceded by a dot will match that domain and all subdomains.net) Blocks domains containing the word dog (eg www. Inc./](dog|cat) [-.bad.. visit: http://www.(exe|bat) Block anything.example.mylocal. 6.ttdoggy. or can contain regex expressions To find out more information about Regex exprssions.verbad.example.net or https://www.pt/download/file.com' or 'old.pt) Note: There is no space before or after the | character Blocks. the following rules apply: A single domain will match all urls under that domain and is case-insensitive As an example.1 Domains File Format The format of the uploaded file is one entry per line.

it will match 'google. and specify: Schedule Critical Links. click the Mail Scanner menu.6 Install and Manage Anti Virus Engines Currently. and then click the Anti Virus Engines link. McAfee and ClamAV. edgeBOX is not shipped with the Sophos or the McAfee Anti Virus engines installed. Click Change. which contains the word GoO (recall that the word lists are not case sensitive).7 Scanning Shared Folders for viruses The Shared Folders Scanning menu in the Security section allows you to configure the shares scanner. if you specify 'goo'. Select the desired Anti Virus engine and hit the Install or Update button. McAfee and Clamav.. in the Related Topics list. The Install dialog will require you to select the appropriate file from your computer. navigate to the Security section. A summary of the configuration is displayed. 6. . Related Topics: · E-Mail server 6.com and www.myinfo. The rest of the task will be automatic. the following rules apply: A single word will match all urls which contain that word. Currently the supported Anti Virus engines are: Sophos.5. As an example. It matches the second URL as it contains ToGoOver.2 Words in URL File Format The format of the uploaded file is one entry per line.pt/ToGoOver/help. Inc. Sophos.Security 83 6. so you will have to buy the appropriate number of licenses to use and upload them to edgeBOX. either completely or as a substring. When adding a word to the file.. To perform the installation and configuration of Anti Virus engines and update their IDE files. as both URL's contain the word goo. support is available for three Anti Virus engines.

· using: the Virus Scanning package to use. Inc.. Actions · Delete infected files found · Delete infected files and send me an e-mail notification · Don't delete infected files.84 edgeBOX 5. unless they are installed) · Also scan files when they are placed inside the shared folders (this option is only available for ClamAV). so these choices are not available from the dropdown. Click the Configure. If so.8 Scanning E-Mail for Viruses In the Security section you'll find the Mail Scanner configuration menu.. possible choices are Sophos. please specify: · Anti Virus engine: choose one form the list · Notify sender: for the sender of the message to be notified · Notify to the specified e-mail address: and type an e-mail address.. McAfee or ClamAV (Sophos and McAfee engines are not shipped with edgeBOX. Click the Anti Virus tab. Basic Configuration Please select whether or not e-mail should be scanned for viruses. button: · Messages: special options for detecting types of messages or scanning based on message Critical Links. button. Advanced Configuration To access further Anti Virus operation details click the Advanced Configuration. .. Just send me an e-mail notification Related Topics: · Anti Virus Engines · Windows Shared Folders 6.0 Help · Scan every day at: choose the time of day for the operation.

There is also a filter for faster search.allow messages where the body is stored in a remote server and not in the actual message.allow messages to carry Iframe tags.8. · Actions: for finer grained configuration of actions to be performed in case a virus is found. It will be up to the e-mail client to fetch the message body later. .allow messages to carry Form tags. · Allow object codebase tags . Inc. See more. You can.allow messages to carry Object codebase tags.enable the conversion of Iframe and Object codebase tags into plain text. decide to Forward the message(s).allow messages that contain only a fraction of the attachments. · Convert dangerous HTML to text .Security 85 characteristics. Critical Links. Setting this option is very dangerous as viruses may go undetected. · Allow form tags . Setting this option is particularly dangerous.1 Messages Message characteristics · Allow partial messages . at this point. it will not be done properly. Related Topics: · Install and Manage Anti Virus Engines · Administrator e-mail address · System E-mail aliases · E-Mail Server 6. · Allow external message bodies . to Unblock it. Quarantine If any e-mails were placed in quarantine you can inspect the by clicking View Quarantine. This is a good alternative to disallowing or leaving them untouched. MailScanner never scans the message body so it may allow viruses into your network. As the scan is not performed on the whole message but on its fragments. to Delete it or to View Attachments. This will give you access to the list of infected e-mail messages and their details. · Allow iframe tags .

If you expand an e-mail you will be able to see the sender and the receiver of the mail. Unblock a quarantined e-mail Critical Links. · Quarantine infections .allow the delivery of Rich Text Format attachments produced by some versions of Microsoft Outlook that cannot be completely decoded at present.DAT file.infected attached documents are automatically disinfected and sent to the original recipients. The e-mails are grouped by date inside folders in the list on the left.enable blocking of encrypted messages.mark every message that is not scanned by MailScanner.3 Quarantine View the incoming or outgoing e-mails that are put under quarantine (blocked) by edgeBOX because they may contain files with virus. · Sign clean messages .8. You can expand and browse through the folders to find the e-mails.If you check this option MailScanner will mark every infected message and every message that. Inc. If this option is not selected then the warnings will simply be included as inline text. · Block unencrypted messages . · Deliver unparsable TNEF . 6. · Deliver silent viruses .include warnings for dangerous or infected attachments will as an attachment. for some reason had its attachments removed. If you select an e-mail. If you don’t check this option then the filenames within the TNEF attachments will not be checked.2 Actions Possible Actions: · Deliver disinfected messages .infected or dangerous attachments are stored in directories created under the quarantine directory.0 Help · Convert HTML to text . 6.enable expanding of TNEF attachments that are joined in one WINMAIL. · Include warning as attachment . · Expand TNEF .make MailScanner sign every clean message processed.enable the conversion of all HTML tags into plain text.messages that originally contained a silent virus are still delivered. its attachments appear on the list on the right. · Mark unscanned messages .8. · Mark infected messages . · Block encrypted messages .86 edgeBOX 5. .enable blocking of unencrypted messages. even if the addresses were chosen at random by the infected PC and did not correspond to anything a user intended to send.

· When spam is found: · · Deliver: The message is delivered to the recipient as normal. 4. Delete an e-mail 1. A common synonym for spam is unsolicited bulk e-mail (UBE). Click the Configure. In the Security section you'll find the Mail Scanner configuration menu. Definitions of spam usually include the aspects that e-mail is unsolicited and sent in bulk.. "UCE" refers specifically to unsolicited commercial e-mail. Select the e-mail to unblock from the e-mails list. Delete: The message is silently discarded. Delete all attachments with viruses. Select the e-mail from the e-mails list. 2. Click Forward.Security 87 To remove a blocked e-mail from quarantine and deliver it to its intended receiver: 1. A dialog window will appear. then specify: · Also log spam-related events: this will make spam related activity to show up in the logs. Critical Links. This is particularly useful to remove virus from the e-mails without deleting the e-mail. Type in the e-mail address of the person you want to forward the e-mail to. 6. Inc. also known as junk e-mail. This way you can remove the files that are infected and then still deliver the e-mail to the receiver. Select the e-mail to delete from the e-mails list. Spam usually confuses and annoys e-mail users. 3.. The e-mail will be sent to its original receiver. 2. .9 Scanning E-Mail for SPAM E-mail can also be scanned for spam. Forward an e-mail to another person If you want to send a blocked e-mail to a different person than its original receiver: 1. What is spam ? E-mail spam. Click OK and then Apply to forward the e-mail. Click the Unblock and then the Apply button. If so. Click the Anti-Spam tab. You can also make operations to the attachments of the e-mails. Make sure you remove all infected files of an e-mail before you unblock it. Please choose if messages will or will not be filtered for SPAM. A short summary is presented. involves nearly identical messages sent to numerous recipients by e-mail. 2. Click the Delete and then the Apply button. button.

Inc.RBL).net. .dsbl. What is an RBL server ? An RBL server. contains lists of internet servers that are considered to SPAMers or abusers.0 Help · Attachment: The original message is converted to the attachment of the message.org/wiki/DNSBL Related Topics: · Install and Manage Anti Virus Engines · E-mail Server Critical Links. or DNSBL. At the time of this publication examples of hosts providing such lists are: list.88 edgeBOX 5.org and bl. See details in http://en.wikipedia.spamcop. After checking this option you will have to provide hosts serving these lists. These lists are dynamic. · RBL servers: this feature allows you to have a anti-spam protection based on existing spammers' databases (The Realtime Blackhole List .

the default configured value is 150 which should me more then enough for the majority of situations. Critical Links.. .like edgeBOX's .1 Manage your web sites and intranets Whether you need to bring up one or several web sites for you company or you want to configure a web-based intranet to propagate information throughout your company. these are all tasks for edgeBOX's Web Server.Office Servers 89 7 Office Servers This section allows you to explore and configure several services that enable communication between the people and integration of software resources in your company/office.you can setup and deploy any amount of virtual Internet or Intranet http servers transparently..one or several . To do this just hit the New button at the top of the Websites managed by edgeBOX list and follow the details.. you can safely lower this value. Inc. This important feature is usually referred to as Virtual Hosts: with a Virtual Hosts enabled web server . Click Change. in the Office Servers section. Adding new Internet websites or web-based intranets edgeBOX's internal Web Server can simultaneously serve and manage several distinct and separately configurable virtual webservers. You may wish to: · Configure your company's .websites and intranets · Setup your e-mail server and enable Webmail · Create Windows Shares for network file storage · Allow users to use edgeBOX attached Printers · Allow users to autonomously create public shared directories · Configure edgeBOX to act as a Windows PDC (Primary Domain Controller) 7. to alter this: · Maximum Accesses: the maximum amount of simultaneous connections the web server will allow before starting refusing new connections.. Changing global settings The Web Server menu displays a short summary of the global settings.

the 'webmaster' has FTP access and owns the directory tree for the Intranet and Internet websites.mydomain. a DNS related warning may popup. or edegBOX must translate it. either this name is translated to IP in the outside world. note well: you have just entered a name for a host. in this case. under the public_html directory. This account is initially disabled so you will have to set a password in order to use it. but more may be created. or · the main edgeBOX http URL + "users/jsmith"..1 Setting up multiple websites This panel allows you to configure one or several HTTP Virtual Hosts.. just to remind you that an A or CNAME record needs to be added to the DNS for this setup to be complete. Smith's webpage will be accessible at: · http://yourcompany.com/users/jsmith · Webmaster account: this option allows you to change the password for user 'webmaster'. · Personal Webpages: check the box if users will be allowed to have personal web pages. Otherwise. no one will be able to reach this website. if you stop the Webserver. corresponding to these websites.local.0 Help unless you plan to setup several web sites and expect to have considerable amount of traffic for all of them. . the FTP root directory will initially contain two directories ("intra" and "inter").somedomain. for example.com.com. The user's personal webpage URL will be formed from the concatenation of: · the main edgeBOX http URL + "~jsmith". Critical Links. edgeBOX will either create an appropriate DNS host entry for the domain. if so.loc. Inc. so. simply because the DNS name-to-IP translation can not be performed. if the main URL is http://edgeBOX.com/~jsmith or · http://yourcompany.loc. So.somedomain. 7.somedomain. then you need to a DNS entry for host docs pointing to edgeBOX’s IP Address. they will automatically be placed in their directory. and you add a virtual host for docs. keep in mind that your Webmail users will lose access to the Webmail.1. those pages will be located in the user's home directory. with username jsmith.90 edgeBOX 5. or remind you that you will need to create one manually. the user will be able to manage their personal webpage through FTP – after logging on. then Mr. How do I access my personal page ? Let's assume user John Smith. . · Website URL: the name of this virtual host such as mycompany. Please note: the Webmail service depends on the Webserver. if your domain is local...

clk. which is the filesystem directory where the webmaste user will be placed after logging on through FTP. and Remove buttons to manage the list of redirection URLs. The DNS entry will only be created if the above condition exists and if the condition shown in the following table is true: Internal Website DNS Domain Access = Internal Yes (LAN IP) Yes DNS Domain Access = External No Yes (WAN IP) Yes No DNS host information will not automatically be deleted when the web server host is deleted.com/support will be redirected from the virtual host to the proxy at http://192. the administrator will be informed that the DNS entry needs to be added manually on the system which is hosting the domain. if Path=/support/4. · Files Location: where this website's files (html pages. Inc.. all URLs accessible on this site. the webmaster must now access edgeBOX using FTP and transfer the website's files into the correct directory. options are: · In the public_html directory: of a given user.168. if someone tries to load an non- Critical Links. the webmaster password must be activated before the account is created.. png images. Edit.150. please refer to Webmaster Account in the previous section.100. then the new host for that domain will be added to the DNS domain and the administrator will be informed via a popup.7/. will actually.100.7/ and url=http://192. .. · Webmaster E-mail: the optional webmaster e-mail address. other) will be stored. For example.168. type the username.. this website will correspond exactly to the given user's personal webpage. or if it will be globally available. · Additional redirect requests: use the Add.Office Servers 91 If the domain for the new web server entry does not exist: · and the edgeBOX is not the master domain. · Internal Website: if this website is only accessible internally (like an Intranet). · and the edgeBOX is the master domain.. it will send the request to the proxy (as nominated in the URL field) and add the path (if there is one) to the request.150/support/4. a request to the edgeBOX for www. be redirected to other URLs that you specify in the table below. · The files are not stored locally: this option enables you to setup a web site by aggregating several other sites solely by using redirection of requests. · In the directory: just type-in the name of a directory to store this site's files (if it does not exist it will be created). if the edgeBOX receives a request for the proxy domain. this dir will be located under /home/wwwhost.

Inc. please note that the process of attempting delivery may take some time. · Forward: click the Forward button after selecting an e-mail.1 E-mail Queue Choose the Queue tab. for example. an e-mail is blocked in queue because its destination e-mail is invalid. · Add new e-mail domains. . you can forward queued e-mails to another receiver. this options allows you to perform such attempt immediately. You can: · Deliver All: a delivery operation will immediately be attempted. Related Topics: · Scanning E-mail for Viruses · Scanning E-mail for SPAM 7. · Add your own aliases and manage simple mailing lists. or other reasons) are queued in edgeBOX's e-mail server awaiting delivery. for some reason (destination SMTP server temporarily unreachable.0 Help existent URL.2 E-mail Server and Webmail Please refer to the E-mail server menu in the Office Servers section if you need to: · Review. despite edgeBOX tries to deliver all incoming and outgoing e-mails in queue every 10 minutes.92 edgeBOX 5.Office Servers section. Critical Links. deliver. forward or delete e-mails currently in queue. this can be useful when. in the end some messages may still remain undeliverable. · Enable and Disable Webmail. 7. so. in the E-mail Server menu . a warning page will be return with this e-mail address as footnote just in case the person wishes to get in contact. · Configure other settings and permissions like relay control and message size. please be sure to reload this panel after some seconds or minutes (especially if there are many messages to be processes in the queue).2. The table presented shows you the queue of incoming and outgoing e-mails that edgeBOX e-mail server is processing at the present moment and also e-mails that.

For example you could receive e-mails being sent to: · @mother-house.. check Web Mail. .3 Aliases and Mailing Lists Choose the Domains tab. that the Web Server must be running to access Webmail. E-mail aliases allow forwarding of e-mail to alternative e-mail recipients Critical Links. if you stop the Webserver. Date. 7.com and · @spin-off.Office Servers 93 · View Message: click the View Message button after selecting a message to get the details. 7. Size and Status.mybusiness. To specify the webmail domain click the Change. button and: · Enable webmail for the specified domain: check this if you wish to have enable webmail. For details on using and accessing the webmail functionality.2. From. Just hit the New button and enter the desired domain. This topic is not related to domain relaying: see Access Control for details on relaying. To.2 E-mail domains and Webmail Choose the Domains tab. directed at edgeBOX's users.mybusiness. In this panel. you may edit the aliases' list. for any of the domains specified. Subject. Webmail Only one domain may be a Webmail domain. uncheck if you dont want webmail. · Delete: to delete an e-mail. Inc. keep in mind that your Webmail users will lose access to their e-mail. in the E-mail Server menu ..2. You can add as many domains as you wish. Domains E-mail domains let you configure more than one virtual e-mail server for your company.com.Office Servers section. edgeBOX will accept e-mail. in the E-mail Server menu . so. Also note.Office Servers section. · Domain: choose the domain for which webmail will be accessible.

This table has some predefined aliases related with management that can not be deleted. 7. let's say your company has hired the services of an external maintenance company called Nice&Clean. All you have to do is: select the help-24-7 / jsmith entry in the aliases table. The panel shows you summarized information as a quick overview. button. Starting now. . all e-mails sent to the help-24-7 alias will be delivered to Mr. hit the Edit button and.com in the text field.4 Settings and Permissions Choosing the Settings and Permissions tab..2. type wecanfixit@niceandclean.. Creating a simple mailing list Following the above example. Creating a simple e-mail alias Lets imagine edgeBOX user jsmith is actually the person in charge of maintenance in your company. You can choose to redirect e-mail for these aliases to another user. That's it. Save all in the end. Smith instead (the help-24-7 account doesn't actually exist: it's an alias). Just hit the New button and enter: · Alias: type-in the new alias help-24-7. Smith and to the people at Nice&Clean. Server Settings To change any of these hit the corresponding Change. Inc. The details are: Critical Links. Office Severs section. All e-mails sent to help-24-7 will actually be received by Mr. · E-mail addresses that will receive the messages: click Add and type jsmith. Inc. Smith has determined that all e-mails requesting help will also be received by the guys at Nice&Clean. in the popup. you gain access to some advanced configuration options for your E-mail server and users. forward e-mail to another host or create mailing lists.94 edgeBOX 5. hit the Add button. so that they receive the messages.0 Help With this element you can provide alternate names for individual users. E-mail Server menu. Mr. You can create an e-mail alias for the maintenance service called help-24-7.

10 MB or 50MB. imap) with the storage server instead of edgeBOX. the default value is Unlimited. please specify: · Hostname/IP: the hostname or IP Address of such server. sender and receiver. Critical Links. E-mail permissions A short overview is presented: · Whether users can send e-mail to external domains from within the local network. SMTP. pop. · Keep original e-mail envelope address: check this if you wish that the domain name. by the user. instead of edgeBOX. Inc.. if you choose to Save e-mail data in an external server. domain. depending on your specific needs you might wish to limit the message size to. · Check the box if the SmartHost requires Authentication and type the Username and Password. Click the Change. · Storage Location: by default e-mail will be stored in edgeBOX.. You can also create advanced access control rules based on host.Office Servers 95 · Connections Limit: the maximum number of simultaneous connections. · SmartHost server: A SmartHost is an e-mail server through which outgoing e-mail is relayed: that host will actually perform delivery to the final destination e-mail server. despite the e-mail will be received. say. you can change this. these are typical values. from a distinct server. · Whether e-mail from unresolvable domains is or is not to be accepted. the default setting is Unlimited. edgeBOX will initially accept e-mail directed at any of it's e-mail domains and them forward those messages to the e-mail storage server. to change this. just check the Send messages through a SmartHost box and enter: · Hostname/IP: the hostname or IP Address of the SmartHost. connections will be rejected. · Whether users can send e-mail to external domains from outside (relay support). check the box and enter the value you need. the default setting is None. some ISPs block outgoing e-mail traffic and require their users to send out all e-mail through the ISP's e-mail server: that server will be the SmartHost for edgeBOX. check the box and enter the value you need. button and follow the details here. be preserved. in an example situation. to which the e-mail was originally sent.. · Message Size Limit: e-mail messages with size greater than this value are not accepted.. your network users will typically interact directly (Webmail. if you choose a different host for storing e-mail. . above this value.

. and select source: · From specific domain: type-in the domain to which this rule applies. p.ex.1 for a 10. this technique is widely used by spammers.. this a time limited authorisation. E-mail to external domains Check the corresponding box if you want to: · Allow users to send e-mail to external domains from within the local network · Allow users to send e-mail to external domains from within outside (relay support): by checking this option you are allowing relay to users authenticated while reading e-mail through pop3 (usually referred to as pop-before-smtp). Reject e-mails. the server notes the IP address from which the connection was made.ex.2.0 segment).0. the e-mail's origin can not be verified. .255. Inc.4.com · From specific subnet: type-in the first 2 or 3 fields of the subnet address (p. button.96 edgeBOX 5. 10. Hit the Change.Office Severs section you can click the Change.0/16 segment. this setting is particularly useful for users who are connecting from external networks (while traveling for example) and for which we want to allow relaying.100. or 192.255. Critical Links.0/255. Accept and relay e-mails. Advanced Permissions Allows further refinement of acceptance/denial rules for incoming e-mail based on domains. button in the E-mail Permission area: Unresolvable Domains When a sender domain can't be resolved. for security reasons the default behaviour is not to accept.0 Help 7. criticallinks..1 SMTP Access Control Choosing the Settings and Permissions tab on the E-mail Server menu . senders and receivers. n ormally you only permit e-mails to be relayed (sent) from within your own network. You'll get two lists: · Accept or Reject e-mails based on the connection · Choose action: Accept e-mails. IP addresses.100 for a 192. but some users travel and connect from other places and you want to let those users send (relay) e-mail through your server: whenever someone logs in via pop3. and permits relay from the IP for a limited period.168..1. check the box if you want to: · Accept e-mail from unresolvable domains.168. as it will expire some time later.

With the Advanced Settings you could come up with complex rule sets to meet very specific situations. Note: When entering a value (eg the address or IP). personal webpage) in edgeBOX much simpler and intuitive (this setting is not represented in the panel summary).. You should use the Critical Links. all sub domains will also be included in the rule.3 Windows Server edgeBOX can interact with other hosts in your network just as if it was a regular Windows server. you may use wildcards (“*”). edgeBOX may also act as a Primary Domain Controller (PDC) and WINS server. Inc.. Besides the usual file/folder sharing and printer sharing services. The panel displayed shows you a summary of the current configuration. When edgeBOX acts as a PDC and Roaming Profiles are enabled. · Coming From / Going To: select and type the e-mail address to which this rule applies. To set this up point to the Windows Server menu in the Office Servers section of edgeBOX's web based administration interface: Primary Domain Controller / Workgroup You have two main options for the behaviour of edgeBOX as part of the Windows network.Office Servers 97 · From specific e-mail address: type-in the sender e-mail address to which this rule applies. If a given domain is listed. 7. edgeBOX can actually be the network's Primary Domain Controller or edgeBOX can just act as a Workgroup computer. If edgeBOX is configured to belong to some workgroup it will be visible and accessible to other Windows Workgroup hosts. · Accept or Reject e-mails based on the sender/receiver · Choose action: Accept e-mails or Reject e-mails. a) users' desktop preferences can stored in edgeBOX and b) their home directory can be mapped to windows network drive Z: automatically. Learn more. this makes the task of accessing their files (ex: documents. .

edgeBOX just belongs to the windows network. · Domain SSID: this setting is not available for configuration. More details..98 edgeBOX 5. this is the Workgroup name that all computers on the network should use to associate to the Workgroup. in this case the settings are: · Domain Name: enter the desired Workgroup Name. In the popup you can: · hit the Update button if you need to search for new hosts entering the domain or · the Remove From Domain button if you need to remove a host currently loggedin. and · the users will have their home directory mapped onto drive Z: (if you choose not to select this option the user's home directory will still be available but not automatically mapped onto a drive). the host will download the user's Desktop preferences from edgeBOX. button to alter this behaviour or change any of the settings: · edgeBOX is the Primary Domain Controller of the Network. those users will still be able to login in that computer even if you remove the computer from the popup list. · PDC support is disabled. If a given computer has been added to the edgeBOX domain and some users have successfully logged-in the domain from that computer. · edgeBOX Description: enter a descriptive string for easy identification of edgeBOX in the network. . · store the user's Desktop preferences on the edgeBOX: · when logging into the Domain. you should specify: · Workgroup Name: enter the desired Workgroup Name (all computers with the same Workgroup name will be associated to the same network group and so will edgeBOX). This happens because the trust relationship is still valid between the users and that machine..0 Help Change.. it's created and managed automatically by edgeBOX and displayed in the initial panel for your convenience. Inc. How to add computers to the domain? See Appendix C. · Click the Computers of the domain link to review the workgroup computers currently connected.. Critical Links. · Description: a descriptive identification string.

Critical Links. in the Office Servers section. thus resulting in an improvement in performance (the hosts don't need to process broadcast packets).. Inc. What is WINS? WINS performs name registration and resolution. use the Allow/Deny button to change this. are sub-divided into two major features: · Shares: shared network folders managed by the edgeBOX administrator. 7. Windows clients can query a WINS server directly. To learn more http://en. instead of using the usual broadcast method.4 Windows Shared Folders The Windows Shared Folders functions. · Server IP Address: type-in the remote WINS Server IP Address. and check the Provide WINS Support box if you wish to activate WINS.wikipedia. Options are: · Use edgeBOX as the WINS Server: edgeBOX will deal with all domain registration and resolution requests · Use a remote server as the WINS Server: if another WINS Server exists on your network and you wish edgeBOX to use it.org/wiki/ Windows_Internet_Name_Service Click Change. · Relay registration and resolution requests to the remote server: with this option checked edgeBOX will just send the response from the remote server back to the original client. Home Directories Access · If edgeBOX is not the PDC you can determine if you want or don't want users to be able to access their homes. users always have access to their home directories and the Allow/ Deny button is not available. with fine-grained control of permissions and ownerships.Office Servers 99 WINS Support Provides the WINS service.. · If edgeBOX is the PDC. .

add more Shares. if necessary.. Related Topics: · Shared Folders Scanning 7. · moreover. . · Description: a description string specifying any comment for further details (this will be visible only if the windows user selects the Details option when viewing his network resources) Critical Links.4.1 Shares To review the currently configured shares. network shared folders freely created by your network users. if it is listed you need to remove it. it should be related to the contents or the purpose of the share.0 Help · Temporary Shared Folders: temporary and size-limited. A list with currently active shared folders is presented. disable the Samba service on any Privilege. please make sure that the Samba service is not listed in the Internal Connections.to edit an existing share the interface is similar: Please note: · the setup of a shared folder will require the choice of a network user for the role of Share Owner and you can pick up specific permissions for specific users or specific Privileges. some users actually using that Privilege. For your convenience edgeBOX is shipped with a pre-configured shared folder named Public. Inc. · your Firewall may also come into play here: if the Firewall rejects access to the Samba service. blocked services list. at any time.. This share is fully accessible to all users. otherwise no access to shares whatsoever will be possible (the Firewall settings are always superimposed on anything else). go to the Windows Shared Folders menu in the Office Servers section. for this to be possible. you must have at least one Privilege with access to the Samba service enabled and. Share Details · Share Name: type a name for the share. then none of this will be possible.100 edgeBOX 5. or change details. otherwise the dialog windows for configuration of the Share will not show you any valid entries to add. To add new Shares hit the New button . if you. it's users will loose access to the Shares (the Privilege setting is always superimposed on the Share permissions).

How do I map/mount an edgeBOX Share onto a X: drive on my Windows desktop ? Related Topics: · Users · Privileges Critical Links. button and follow the details here.. Only the Owner and the Administrators will be able to Write: other users will not be able to write on the Share.Office Servers 101 · Owner: the share owner.. · Inherit Permissions: new Folders and Files will always have the permissions defined in Share Permissions. button to add or remove Administrators of this share. . Share Options · Inherit Owner: new Folders and Files will be owned by the share owner. check the box if you want this restriction. · Disable Write access for regular users.. Administrators are users who have full control of a share... button and pick-up a user from the list. click the Select Owner.. Inc. · check the box if you do not wish to adjust permissions for specific users or Privileges. Administrators · Select Administrators. Read access will depend on each user's permissions. · Hide Unreadable: do not show files users cannot read. this user will be the share owner (the role of the owner in a share will be clear ahead) Share Permissions · All users can access this Share: · uncheck the box if you wish to adjust permissions on this share to specific users and/ or Privileges.. in this case please hit the Specify Users Permissions..

· Write only access to this share: to Allow Write.102 edgeBOX 5. . Inc.0 Help If you change the properties of a shared folder using Windows XP or Windows Vista. Please keep this in Critical Links. when a new Privilege is created users in that Privilege will have read access to all non-Public shares and Read-Write access to all Public shares. Now. · Allow Read: a green check icon indicates Read permission for this User/Privilege on this Share · Allow Write: a green check icon indicates Write permission for this User/Privilege on this Share · Deny All: a green check icon indicates no Read nor Write access will be allowed for this User/ Privilege on this Share. Otherwise Windows will remove the user or access profile from edgeBOX share permissions' list.1. leave always selected at least one deny or allow option when editing the permissions of a user or an access profile. the user may still have access to the Share. no user that belongs to that Privilege will be able to access the Share unless the user has a specific entry in the list. · Read and Write access to this share: to Allow Read and Allow Write. On the other hand. The popup dialog will let you choose among remaining Users and Privileges and. If you remove a user from the list. for the ones selected.. 7.4. selecting any of the entries and clicking the edit button or clicking the New button you can reconfigure permissions. If you remove a Privilege from the list.1 Setup Share Permissions Setup Share Permissions By clicking the Specify Users Permissions. in the Security tab of the shares properties window. you get a list of Users and Privileges currently configured with permissions for this Share (please note the icons: Privileges are shown with a different icon than Users). specify: · Read only access to this share: to Allow Read.. · Deny all access: to Deny All. The details are: · User/Privilege: the name of the user or Privilege for which each permission applies. His permissions will be defined by his Privilege permissions.

Inc. Ex. Power-up the printer and go to the Windows Shared Printers menu in the Office Servers section.. Critical Links. maximum 240 minutes.Office Servers 103 mind when creating new Privileges. 7. and set the values for: · Maximum Life Time: each folder will be automatically erased after this time. Check the Allow users to create temporary shared folders box.4. if the limit is reached users will have to wait for any of the folders to be automatically erased before they can create any more folders. The list displayed will show you your printer(s).2 Temporary Shared Folders Enabling Temporary Shared Folders allows users to dynamically create network shared folders to share files when necessary. you can choose from 1 to 20 maximum simultaneous folders. button. you can choose from 8 to 1024 MB. all files and folders inside will be lost. How does one create a shared folder ? 7. · Status: Connected or Not Connected (if a printer is shared but not connected it will be displayed as Not Connected).5 Windows Shared Printers Printer sharing is an easy task in edgeBOX. · Maximum Number: the system will not allow the simultaneous existence of more than this maximum number of shared folders. .. You might need to come back to this section and change these default settings. For each of them: · Name: the printer's manufacturer and model. minimum: 30 minutes. if you use the Disable Write Access for regular users option and you give a specific Write access. If you want to use this feature please go to the Windows Shared Folders menu in the Office Servers section. click the corresponding Change. Note that these particular permissions do not override the general permissions of the Share. Simply connect the printer to one of edgeBOX's USB port (s). the user will still only be able to read the share. These folders are deleted automatically after a while. At the bottom. · Maximum Size: the folder is limited in size to this value.

Inc.104 edgeBOX 5. Please note that the Windows Server must be running for the shared printers to be accessible on the network.0 Help · Share: Shared or Not Shared. edgeBOX supports any printer supported by the Common Unix Printing System. . To stop sharing it hit the Unshare button. To start sharing a printer. just select it and press the Share button. Critical Links.

and the automated conference rooms service. Identified system warnings will also be displayed providing a quick way to identify and follow up on potential system problems. Here you can define the flow of every incoming call depending on caller (CallerID) and callee (DID) numbers and time schedule. These tasks are accessible directly as main topics on the left menu of the UI's IP-PBX section. extensions and correspondent configurations like voicemail. ACD. DISA. Those messages will be converted to (and from) phone calls. and those calls can't be always answered immediately then you should use queues. twinning. including call conferences. You can divert the call to automated attendants. Critical Links. fallback to PSTN. among others. like connections. IVR. Inc. incoming call rules apply. The queue will place the calls in music-on-hold until an agent is available to answer the call. and others. type of call and time period. calls. Whenever you have a stream of customer calls to be answered. together with the real time status of the phone system.Managing your phones: In this section is where you define and configure everything about the phones. · Managing Conference Rooms: This is where you create and manage conferencing rooms. · Outgoing Call Rules .Understand your phone system deployment: In this section you can see the overall phone system logical scenario. · Overview . Call recording rules and others. Here you can also organize your phones into groups for better organization and access policy definition. LCR. Voicemail main number. · Phones . · Mailfax accounts: Mailfax provides a facility where you don't need an actual fax machine running in your company. · Incoming Call Rules . voicemail.Defining Incoming Call Rules: Whenever the system receives a call from the outside world. Tasks to configure your phone system To setup your VoIP system.Defining Outgoing Call Rules: Every time a user makes a call to the outside world. phones. · Managing Call Queues: Queues are perfect for Customer Support and Sales Departments. The PBX allows for the integration of ordinary VoIP extensions with plain standard analogue or digital (ISDN) phone lines.IP-PBX and VoIP 105 8 IP-PBX and VoIP edgeBOX IP-PBX provides all the telephony features a small business needs. . parking and forwarding. Call parking number. · Advanced Setup Options: In this section you will find advanced setup options like Country. You can also restrict access to calls based on dialed number. specific extensions. outgoing call rules apply. codecs. If you're using PSTN voice cards (ISDN or Analog) you shall setup the country settings since it may impact on the voice quality because some parameters vary from country to country. IVR and others. This is where you can define the route(s) and prefixes to use to make a call. The fax documents will be sent and received through e-mail messages. configuration options are divided into categories having in mind the main tasks you need to perform.

. seamlessly integrated with the user's phone. calls add move calls to queues.1 IP-PBX Overview When you load the IP-PBX section in the webadmin interface you get an overview display where can see the overall phone system logical scenario. In this section you can see a complete list of phone operations and default keycodes.106 edgeBOX 5. See below the pointers to how users can interact with the phone system: · Phone Operations: The most basic tool to use the phone system is of course the phone itself. park and others. phones. edgeBOX supports SIP. IAX and Analog phones. twinning. together with the real time status of the phone system. Understanding the IP-PBX Overview panel The picture below presents the main areas and the correspondent information contained in each one. forward. Identified system warnings will also be displayed providing a quick way to identify and follow up on potential system problems. Critical Links. calls.0 Help Working with the phone system Having the phone system setup and running. 8. providing a number of keycode operations like transfer. for example. Inc. like connections. · edgeDESKTOP: This is an application that provides a self-service operations for the end user. All extensions and phone operations are available from the application's UI. and others. · Flash Operator Panel: This is an application specifically for PBX receptionist/operator use. Allows the Operator to view the current status of the PBX and can use drag and drop functionality to make. user's can start using it for daily work.

n groups and k queues are currently configured. Critical Links. · Services: status and operational details regarding the Authentication for Outgoing Calls and Autoconfiguration services. Inc. many of the values and labels displayed are actually hyperlinks to detailed information regarding the topic involved: clicking on them will load additional status panels and configuration menus concerning the topic clicked. Realtime Status Shows you realtime status in terms of: · Calls Status: the counts displayed show you the current usage intensity of several of your PBX features. the green/gray circles on the left show you the current administrative status of these services. . colors. The IP-PBX Overview is composed of the following major sections: Configuration Displays a summary with your current configurations regarding: · Phones and Faxes: m Phones and n Fax Accounts are currently configured. Additionally.IP-PBX and VoIP 107 The IP-PBX Overview is refreshed every 30 seconds and gives you several useful informations in the form of values and labels. · PBX: m conferences. icon behaviours and tooltip texts.

through a trusted ISDN Line. Synoptic The central synoptic of the IP-PBX Overview focuses on the connections of your IP-PBX to the outside world. In any case. from which edgeBOX accepts calls as internal. From there you can acomplish the following goals: · Understanding the Phones list · Create SIP. you may get only a subset of the picture. gray will denote total failure or all connections bad.2 Managing your phones This section brings together several aspects related to the manipulation and configuration of your phones and the corresponding edgeBOX features. Analog and ISDN phone extenxions · Use Phones Automatic Configuration Critical Links. a red 'X' tells you there is no connectivity whatsoever in that(those) connection(s). · Public Telefony Network: connections to the PSTN through FXO interfaces. for each type of connection. in the IP-PBX section of edgeBOX's webadmin interface. the red 'X' and '!' icons displayed tell you that something is not Ok. these Warnings give you a little more insight onto what is not ok. Point your browser at the Phones menu. the following global colouring rules apply: · Line Color: green will tell you that at least one of the connections of each type is healthy and working as expected. . attempting to provide a quick grasp of their current operational status. a red exclamation mark '!' tells you something is wrong concerning those types of connections. Inc. Topics are separated in a task oriented approach. Up to four lines are displayed linking edgeBOX to the four possible outside world voice connection types: · Remote Offices: SIP or IAX connections to other remote edgeBOX's. 8.0 Help · Warnings: the warnings displayed help you diagnose the reds in the central synoptic.108 edgeBOX 5. · Connections Status Icon: a green 'V' sign means everything is Ok. · VoIP Providers: connections to VoIP service providers on the Internet. · PBX: connections to other PBXs. IAX. Depending on the specific characteristics of your setup. BRI cards and others.

This manual section helps you understand it fully as it may help you getting a quick overview of your phones status and also provide immediate detailed information regarding each of them. The list provides information in the form of text labels. In conjunction with the Overview panel. The list is divided into six columns: Extension This column displays the extension's number and name.IP-PBX and VoIP 109 · Create Groups of Phones and Manage Access control in bulk · Understand and Manage Twinning Related Topics: · Groups · Automatic Call Recording · Internal Dial Plan · Voice Lines · Network Users 8.2. colors and icon behaviours. .1 Understanding the Phones list The Phones list in the IP-PBX section displays a considerable amount of information about all phones configured in edgeBOX. Inc. Data is refreshed every 30 seconds. this list may prove to be a useful diagnostic and overview tool for your installed VoIP infrastructure. If this extension is currently assigned to a Critical Links.

· Forward (nnnn): Follow Me is active for this extension. Let us consider extension 1607 in the screenshot above. Down. other IP phones are simply identified by the VoIP (SIP) or VoIP(IAX) labels. calls are being forwarded to number nnnn. Ringing or Busy. In some cases. if nnnn is missing then.0 Help specific user then it's username will be shown in shaded color below the number. if known. analog phones are identified with the ANALOG label. · ISDN Phones: Up. despite the feature is enabled. there is no twinned phone at this moment. Ringing or Busy. Configuration The Configuration column provides a quick summary of the most relevant configuration features currently active for each phone. OffHook. . · Analog Phones: OnHook. indicating it's current connectivity status. Inc. a short status each of those features is added within parentheses: · Voicemail (m msgs): Voicemail is active for this phone and there are currently m new messages. Show me a detailed example. Setup Mode The Setup column tells you if the phone is configured Automatically by edgeBOX or Manually by yourself. this phone is twinned with the phone at number nnnn. Online. IP / Port / MAC The phone's IP and MAC addresses.. Ringing or Busy. A Port number in case of analog phones. The information displayed depends on the type of phone: · IP Phones (SIP or IAX): Offline.110 edgeBOX 5. · Twinning (nnnn): Twinning is enabled for this extension. Status The Status shows you the current connectivity status and operational conditions of each phone. The extension's name is poly607 and it is not assigned to any specific user. The green circle at the left indicates the extension is online (meaning that edgeBOX can actually communicate with the phone over the Ethernet TCP/IP Critical Links.. Brand / Model The Brand and Model of supported IP Phones. A small green/ gray circle is displayed on the left.

the phone is currently Busy . There are three new messages in the Voicemail account. · ISDN: Used for ISDN phones. You can dial this name to call the extension.199. The SIP protocol is the most widely available in IP phones. Contact your Reseller/Support before planning a ISDN Phones scenario. 8. There are four different types of phone extensions supported: · SIP: Used for IP Phones compliant with the SIP protocol.2 Creating phones Extensions in edgeBOX work like phone accounts. · IAX: Used for IP Phones compliant with the IAX2 protocol. You need the ISDN BRI card option in your edgeBOX. . Inc. · Number: The number used to dial to the extension (like 2010). The phone is connected directly in one of the ISDN BRI ports in edgeBOX's back panel using an ISDN cable. The Setup Mode is Automatic meaning edgeBOX will automatically configure this phone. The Configuration column tells you that this extension has Twinning and Voicemail configured. You need the analog card option in your edgeBOX with FXS ports.as displayed in the Status column. Actually. IAX. Manual Config and Phone-to-Extension Assignment buttons please refer to the Automatic Configuration section of this manual. The Brand / Model is the text displayed in the 3rd column: it's a Polycom IP phone. To use ISDN phones you need to have an ISDN card with ports configured in NT mode. Follows a description of each one of them: · Name: This is the “friendly” name of extension (like John) and the login name for the VoIP account.2.on a call or similar .168.IP-PBX and VoIP 111 infrastructure). The Phone's Ethernet Hardware Address is 00:04:F2:18:D3:E6 as and it's currently assigned IP Address is 192. for any phone you want to connect to edgeBOX you need an account (extension) to register into. When you call from this extension. This requires hardware configuration. · Analog: Used for Analog phones and Fax machines. For details regarding the Synchronize. the name will be displayed at destination's extension. Common properties among all phone types Independently of the phone type (SIP. What are SIP URI calls? Critical Links. · This extension can be called directly through incoming lines (Publish Extension): When checked means that this phone will be able to receive SIP URI calls. Analog or ISDN) there's some information that is common among them. The phone (or fax machine) is connected directly in one FXS ports in edgeBOX's back panel using a RJ11 cable.101.

· Phone "desk" . You can enable or disable the ability of the user to have twinning. Extension Password: "1020". · Twinning: The twinning feature can be used with any phone type. · Voicemail: The voicemail settings are also common among all extension types.com) instead of using a number.. Related Topics: · Voice Lines · Groups · Automatic Call Recording · Network Users Critical Links. are not associated with any user. Extension Password: "1000". · Ring Duration: Time the extension will ring without being answered. Extension Password: "1010". and by default is generated using the data introduced previously in the Name field. This field is placed in the advanced tab. Please follow the links below for details: · IP Phone extensions · Analog Phones and FAXes · ISDN Phone extensions Default configured phones edgeBOX comes with 3 already configured example phones. The fields you need to provide are the PIN number to access extension's voicemail account an e-mail address were edgeBOX will send notification about new voicemail messages. Extension PIN: "1010". Usually identifies the person using the extension. or handed over to the voicemail system if voicemail is active for the extension.112 edgeBOX 5.Extension Number: "1000".0 Help SIP URI calls are calls made from IP SIP Phones using a URI (like john@mycompany. phone "desk" and phone "room".. · Phone "user" . After this time the call will be finished automatically. com or 2010@mycompany.Extension Number: "1010". The other two phones. For more details see Twinning. and to configure the number which will be used together with the extension. More details about Voicemail. Inc. Extension PIN: "1020". Extension PIN: "1000". · Phone "room" . · Identification (Caller ID): The name and number by which calls will be identified to the called party.Extension Number: "1020". . The phone "user" is associated with one of the example users that also exist by default.

IP-PBX and VoIP 113 8.2.2.1 SIP and IAX phone extensions SIP is the most widely available VoIP protocol in IP phones. Another protocol, called IAX is also supported by edgeBOX. Please navigate to the Phones menu in the IP-PBX section to create and manage SIP and IAX phones/extensions. Below you can find the most common operations regarding these types of IP phones. Quick steps to create a VoIP phone extension 1. Goto IP-PBX > Phones. 2. Click New, and select New SIP/IAX Phone. 3. Enter the number you want to assign in the Number field. This number will be used to dial to this extension. 4. Enter the name you want for your extension (like MeetingRoom) in the Name field. 5. Enter the password you want for this extension in the Password field, and repeat in Repeat Password field. When using Phone Auto-Configuration system in Callback mode for configuring phones, use numbers for the password instead of letters, it will be easier to enter when using the phone keypad. Phone Auto-Configuration applies only to SIP phones. 6. Click Add to save the phone settings. Only basic properties are mentioned above, those that are mandatory (an typically the the only ones you need), for a description of other properties see Common Properties and other Advanced Phone Properties below.

Configuring Codecs Codecs affect the quality and the bandwith consumption at the same time, higher quality means higher bandwidth consumption. In the Codecs tab of the new/edit VoIP phone extension dialog you can define the codecs allowed to be used by the phone using this extension. By default when you create a new VoIP extension G711 codecs are selected. As best practice use high quality codecs (like G711) for phones connected in the LAN, and low bandwith codecs (like GSM or G729) for phones connected in the WAN. This way you will provide high quality in your internal phones and avoid large Internet bandwith consumption by your external phones. You have to make sure that your phone is also configured to use the same audio codecs as the extension. For more information see Codecs.

Enabling Video Calls If you have a video enabled phone (or a softphone with video support and a video camera) you can make video calls using edgeBOX.

Critical Links, Inc.

114 edgeBOX 5.0 Help

In order to do that you must allow the extension to use video codecs (like H261, H263, H263p or H264) in the Codecs tab of the extension's properties dialog. You have to make sure that your phone is also configured to use the same video codecs as the extension. See your phone's manual for instructions.

Allow phones to connect in peer-to-peer mode (Can Reinvite) By default the voice traffic between two VoIP phones flows through the edgeBOX, meaning when a phone A is calling phone B, voice traffic flow is A > edgeBOX > B. You can change this flow to be A > B directly, thus reducing traffic and CPU consumption in edgeBOX. Peer-to-peer mode is specially relevant in scenarios where you have phones connecting from the Internet (registering through the edgeBOX's WAN port). Imagine the same two phones A and B in the WAN making a call between themselves, you'll have both of them consuming your Internet line, if they could connect directly your Internet line would not be used at all (except for residual SIP traffic). To allow phones to connect in peer-to-peer mode you need to enable the Can Reinvite option in the Advanced tab of the extension's properties dialog. In peer-to-peer calls DTMF shortcuts (like transfer or park) are not supported, because edgeBOX is not listening the tones anymore. In this case you need to use the correspondent special keys in your phone.

Other Advanced options · Disable NAT Support: to enable/disable this option; necessary when the phone is behind devices as a router or a firewall; see more in Advanced NAT; · Do not Send Keep alive packets to this phone: without this option selected edgeBOX will send keep alive packets to this phone every 2 seconds; · When not registered this phone is reachable at static IP Address: use this only if this phone will have a static IP address; · DFTM Mode: the way the client deals with DTMF signaling; this parameter should be the same as in the phone itself; options are: RFC2833 - selected by default; INFO; INBAND DTMF signaling within the call; note that this type of signaling is not supported by the GSM codec.

Critical Links, Inc.

IP-PBX and VoIP 115 8.2.2.2 Analog phone extensions and fax machines If your edgeBOX includes an analog card with FXS ports, you can connect your analog phones or fax machines directly to those ports.

If you are using analog phones connected through ATA (Analog Telephone Adapters) you must use SIP extension type instead of Analog. The ATA will connect into the LAN and will behave to edgeBOX as a SIP phone.

Please navigate to the Phones menu in the IP-PBX section to create and manage analog phones/ extensions. If your edgeBOX includes an analog card with FXS ports configured, you will see the New Analog Phone option when you click the New button in the Phones list. Below you can find the most common operations concerning analog phones. Creating an analog extension to connect a analog phone 1. Goto IP-PBX > Phones. 2. Click New, and select New Analog Phone. 3. Enter the number you want to assign in the Number field. This number will be used to dial to this extension. 4. Enter the name you want for your extension (like MeetingRoom) in the Name field. 5. Select the port number (like Zaptel/11 for port number 11) where you will connect the phone in Line (FXS) field. What is the port number? The Port Number will match the numbers written on the physical ports in the back of your edgeBOX. 6. Click Add to save the phone settings. Only basic properties are mentioned above, those that are mandatory (an typically the the only ones you need), for a description of other properties see Common Properties and Advanced Analog Phone Properties. Creating an analog extension to connect a fax machine An fax machine is connected to edgeBOX the same way as an analog phone, so the steps to create the extension are the same. However there's a very important detail when configuring the fax's extension, which is about echo cancellation. Fax machines are very sensitive to variations in the sound timings, and echo cancellation algorithms tweak those timings. So, in order to have a proper fax extension, make sure you disable the echo cancellation for the respective extension. To disable echo cancellation edit the phone extension, and in the Advanced tab uncheck the option "Use Echo Cancellation...". Advanced Analog Phone properties There are a couple of settings for analog phones that you shall have in mind at this time. This settings are available in the Advanced tab of the extension's properties dialog in edgeBOX. You can fine tune these parameters with a few test calls from the extension you're configuring. · Use Echo Cancellation: This enables/disables the echo cancellation algorithm for calls to this extension and by default it's enabled. Disable only if you are using a fax machine

Critical Links, Inc.

116 edgeBOX 5.0 Help connected to this extension and you're experiencing reception problems. · Transmission Gain: Amount of gain applied to sound transmitted from this extension. The variation is from -8db to + 8db being the default 0db (middle position of the slider). Increase when the other end (the callee) is barely listening; decrease if other end is listening too loud, with too noise or with echo. · Reception Gain: Amount of gain applied to sound received by this extension. The variation is from -8db to + 8db being the default 0db (middle position of the slider). Increase when the you can barely listen; decrease when listening too loud, with too noise or with echo. 8.2.2.3 ISDN Phone extensions Please navigate to the Phones menu in the IP-PBX section to create and manage ISDN phones. Below you can find the most common operations regarding this type phones. Quick steps to create an ISDN phone extension 1. Goto IP-PBX > Phones. 2. Click New, and select New ISDN Phone. 3. Enter the number you want to assign in the Number field. This number will be used to dial to this extension. 4. Enter the name you want for your extension (like MeetingRoom) in the Name field. 5. Select the Line to which you want to connect the ISDN Phone in the Line (BRI)/MSN field. 6. Click the Advanced Tab 7. Check the box if you allow the extension to be called directly through incoming lines 8. Select also the Ring duration. 9. Click Add to save the phone settings. Only some properties are mentioned above. For a description of other properties see Common Properties.

8.2.3 Connecting phones
The following sub-sections give you details on how to connect your: · VoIP Phones · Analog Phones and FAXes · ISDN Phones

Critical Links, Inc.

IP-PBX and VoIP 117 8.2.3.1 Connecting VoIP Phones VoIP phones are the most common phone types used today and the most flexible. You have available on the market a number of these phones with a wide range of prices. edgeBOX works seamlessly with Polycom, Linksys, Aastra and Granstream phones but any phone following the SIP standard protocol will be able to use edgeBOX. You have two options for VoIP phones, both suitable for use with edgeBOX: · Hardware phones, that work pretty much as a plain old phone, and · Software Phones that you can run in your laptop.

Manually configuring and connecting a SIP Phone The configuration of SIP phones is generally the same among all brands/models. Usually the configuration is done through a web page provided by the phone itself (open your browser at a url like http://192.168.100.195) or follow the built in menu on the phone. See your phone's user manual for more details, or look for a specific edgeBOX How-To document for you phone model. There are really only three fields you usually need setup: · SIP Proxy: this is the name (like sip.edgebox.com) or the ip address (like 192.168.100.254) of the edgeBOX. Pay attention were you are connecting your phone, in the LAN or the WAN. Usually you connect the phones directly in the LAN of the edgeBOX for local personnel and remote workers will connect to the WAN from the Internet. · Account: the Extension Name (like MeetingRoom) that you want your phone to use. · Password: the password of the extension. Other fields you may need to have in attention are: · DTMF: This is the type of Dual Tone Multi-Frequency, and affects the conversation with dial tones between the phone and edgeBOX. They must match in both sides (the phone and extension's properties in edgeBOX). The default value in edgeBOX is RFC2833, and that's usually the same in the phones. · Codecs: The codecs configured in the phone must match the ones configured in the extension properties in edgeBOX. The default codecs of a new extension are G711 a-law and G711 u-law and those are usually supported by default in the phones. Order the list of codec by preference, edgeBOX will always try to use the first, then the second and so on.

Automatic configuration of SIP Phones edgeBOX provides an automatic configuration system for Polycom, Linksys, Aastra and Grandstream phones (see more details here). When the auto-configuration system is enabled, at the moment you connect the phone's ethernet cable to the LAN of edgeBOX, the phone will be detected (by mac address) and displayed in the Available Phones list, you can then assign it to an extension.

Critical Links, Inc.

These settings are available in the Advanced tab of the extension's properties dialog in edgeBOX. Contact your Support before planning an ISDN phone deployment. Analog phone settings There are a couple of settings for analog phones that you shall have in mind at this time. the edgeBOX Online Help or the Phone Configuration How To available in the edgeBOX documentation. Critical Links. Disable only if you are using a fax machine connected to this extension and you're experiencing reception problems. with too noise or with echo.2.3.3. . The variation is from -8db to + 8db being the default 0db.0 Help See Phone Auto-Configuration How To guide.118 edgeBOX 5. Increase when the other end (the callee) is barely listening. with too noise or with echo. Increase when the you can barely listen. You can fine tune these parameters with a few test calls from the extension you're configuring.2 Connecting Analog Phones and FAX machines Analog Phones and Fax Machines Connecting analog phones or fax machines to edgeBOX is quite simple.2. · Transmission Gain: Amount of gain applied to sound transmitted from this extension. The variation is from -8db to + 8db being the default 0db. Just plug the phone (or fax) RJ11 cable to the proper FXS port in the back panel of your edgeBOX. 8. 8.3 Connecting ISDN Phones ISDN Phones edgeBOX supports EuroISDN BRI phones seamlessly. decrease if other end is listening too loud. · Reception Gain: Amount of gain applied to sound received by this extension. decrease when listening too loud. but there's a number of details and complexities arising from the underlying ISDN phone technology and the number of different proprietary signaling built by ISDN phone manufacturers. · Echo Cancel: This enables/disables the echo cancellation algorithm for calls to this extension and by default it's enabled. Inc.

avoiding the configuration on the phone itself. Whenever you change the settings of the extension. At this point the phone reboots automatically and downloads the new configuration file. Configure a detected phone To configure a phone that was connected to the network: 1. IP670. Click Assign Extension to Phone button. and reflects the configuration of the extension associated with the physical. 3. or. Forcing the configuration of other models than the ones mentioned above may result in damage of the configuration of your phone. Learn more. Critical Links. it needs to be configured in order to make calls. SPA 922. wait a moment for the automatic panel refresh (up to 30 seconds). You can identify uniquely the phone by the MAC address. avoiding this way. When you connect a phone to the network for the first time. SPA 942.IP-PBX and VoIP 119 8. This file is generated and maintained by edgeBOX based on the phone brand and model. Only supported SIP phones can be configured directly on the edgeBOX . the configuration of each phone locally on the phone itself. 51i.2. 55i. Polycom SoundPoint IP320 IP330. All the configuration of the phones is available through the IP-PBX > Phones panel. In the popup window select the phone extension you want to assign and click Add button. SPA 962. Go to IP-PBX > Phones. · Make sure the Phones Auto Configuration System is running (the service bar at the top of the panel must be green).4 Automatic configuration of phone devices The Auto Phone Configuration allows you to configure VoIP phones of your network directly on the edgeBOX. SPA 941. Aastra 9133i. How does it work? The Phone Auto Configuration allows you to configure VoIP phones directly on the edgeBOX. Linksys SPA 901. Select the phone in the list. a new file is generated and the phone is informed that a new file is available. thus only phones configured through DHCP will be automatically detected.Auto Phone Configuration. avoiding the users to have to configure the phones themselves. 57i and Snom 190. 4. IP601. just using the edgeBOX's web interface. Why the phone is not listed? · Phones that have been connected just a few seconds before may not be listed yet. . New phones are detected upon the DHCP dialog between the Phone and edgeBOX. SPA 932. 2. Using the Auto Configuration System you can configure phones remotely. You'll see the phone in a line with <not configured> in the column Extension. The currently supported phones are Grandstream GXP 2000. 480i. Inc. 53i. Each phone downloads a configuration file from the TFTP (Trivial FTP) service. This configuration is basically the configuration of the phones account to be used by the phone. 360.

In these cases you can resend the correct configuration to the phone. Select the phone in the list. Go to IP-PBX > Phones. Stop ignoring a phone If you want edgeBOX to stop ignoring a phone and start sending configuration information again just proceed as if you would configure it from start. a user changes incorrectly the configuration of a phone. the phone may stop working properly. Click Unassign Phone from Extension button in the toolbar. In these situations you don't want edgeBOX to be trying to send configuration information to those phones. Go to IP-PBX > Phones. for example. Critical Links. 3. Select the desired phone in the list. 2. Synchronize a phone's configuration with edgeBOX If. Click Synchronize button in the toolbar. To synchronize the phones configuration with edgeBOX's saved configuration: 1. At this point in the phones list the previously <not configured> phone is not listed anymore. Select the desired phone in the list. so it can work properly again.120 edgeBOX 5. Why should I ignore phones? Ignoring phones can be usefully if you have some phones on your network being managed by a device other than the edgeBOX. 3. Go to IP-PBX > Phones. 2. by using the Assign Extension to Phone button in the toolbar. To ignore a phone: 1. Click Manual Config button in the toolbar. The phone will restart automatically and will get the original configuration upon boot. . At this point edgeBOX will no longer try to configure this phone automatically. Depending on the Autoconfiguration Mode and the status of the physical phone you may need to reboot the before it gets the configured. 2. 3. Ignore a phone You can ignore a phone so that edgeBOX doesn't try to send it configurations nor try to call it to start the Configuration Assistant. Remove the configuration of a phone To remove the configuration of a phone: 1. Inc. The Setup Mode will change to Manual. and the line corresponding to the extensions you've selected in step 2 contains the Brand. IP and MAC addresses of the phone.0 Help 5.

3. You can just create the phone in the system. Where can i find the MAC address? Usually the MAC address is printed in a sticker placed at the bottom of the phone. and then mail it to the office. This item corresponds to the physical phone that was previously associated. Enter the MAC address of the new phone in the MAC Address field. Pre-provision a new phone 1. You can now physically replace the old phone by the new phone. 3. Critical Links. 6. Select (double click) the desired phone in the list (or Click New. Go to IP-PBX > Phones. 4. The phone is now free of any configuration. 5. Select the new brand of your new phone in the Phone Brand field. The new phone will be configured automatically as soon as you connect it to the network. and select New SIP Phone to create the a new extension). meaning that when in Callback mode. At this point you'll see a new item in the list with <not configured> in the extension column. You can pre-provision phone independently of your configuration mode (Callback or Silent). Enable the option Assign a physical phone to this extension. and also in the package. Pre-provisioning is very useful when you're managing the office from a remote location and you need to install a new phone. Click Save button. Go to IP-PBX > Phones. This item corresponds to the physical phone that was previously associated. When it arrives the end user just needs to plug it to the network and it's ready to use without further issues. Enter the new MAC address of the new phone in the MAC Address field. Replace a broken phone When a phone it's broken and needs to be replaced by another one proceed as follows: 1.IP-PBX and VoIP 121 4. When those phones are plugged in the network for the first time. Select the desired phone in the list (like 1020). they will immediately receive the configuration you have defined and become configured and ready to use right away. Select the brand of your new phone in the Phone Brand field. 4. 5. or assign it to another extension. . you can delete it (if the phone was definitely removed from the network). 6. At this point you'll see a new item in the list with <not configured> in the extension column. Edit the phone extension in the list (1020 in this example). 2. and another line corresponding with the extension (like 1020). the assistant call doesn't happen. Preprovisioned phones will be configured as soon as they connect to the network. 2. Inc. Click Unassign Phone from Extension button in the toolbar. Pre-Provisioning Phones You can also configure phones that haven't yet been connected but will be connected in the near future.

Dial password of the extension. 5. Which configuration mode shall I use? Use the Silent Configuration Mode: · When you already have phones configured in the office. Your phone will be listed in IP-PBX > Phones panel as <not configured>. Phone will reboot and start with the configured settings. · When you don't know mac-addresses. Hang up the phone. Restart/Replug the phone to get the new configuration. 4. One mode (Callback) is focused in configuring the phone by using the phone itself.122 edgeBOX 5.2. Plug/Restart the phone 2. 7. Plug the phone. 6.4. Use the Callback configuration mode: · When you need your customer to configure the phones. .1 Auto Configuration Modes edgeBOX provides two different operation modes for auto configuration of the phones. Assign the phone to the extension by pressing the Assign extension to Phone button in the toolbar. Use Case for Silent configuration mode 1. Inc. · When setting up a new office on the field. the phone will receive a call with a configuration wizard where you can dial the extension to assign and respective password (numeric passwords only). 3. 3. Dial number of an already existing extension. At this point you should answer the call. Use Case for Callback configuration mode 1. The Silent mode doesn't use any interaction on the phone's end. Press “1” to start auto configuration. Call phones when they are first connected and start the Configuration Assistant Critical Links. 2.0 Help Related Topics: Auto Configuration Modes 8. The configuration assistant calls the phone. 4. and all the configurations are made through the administrator's panel. · When you know mac-addresses.

5 Phone Groups and Access Control edgeBOX allows you as an administrator. If it is not running click Start Service.. 4.IP-PBX and VoIP 123 To configure the system to start the Configuration Assistant call each time a user plugs in a new phone in the network (Callback Mode): 1. if they do not answer the Configuration assistant call) from a given phone to start the phone configuration process. Click button Change. and then define what operations that group can execute. 5. The phones access control mechanism has in it's base Groups of Phones. Inc. Click the Save button. Go to IP-PBX > Phones 2. How to call the Configuration Assistant? To call the Configuration Assistant from a phone of the network.... Select the option Automatically call the phone and start the Configuration Assistant. Go to IP-PBX > Phones 2. Related Topics: Phone Auto Configuration 8.. . 5. to define access control policies restricting the operations and types of calls that user's or specific extensions can execute. 3. you or the user need to dial 1234. where you can specify to which Groups a specific rule is applicable to. 4. Make sure the Auto Configuration System is running (you should see a green bar at the top of the panel).2. Click the Save button. Note: It is only possible to dial the Configuration Assistant if the configuration was interrupted previously due to some problem and needs to be finished to configure the phone. If it is not running click Start Service. 3. Make sure the Auto Configuration System is running (you should see a green bar at the top of the panel). Click button Change. Do not call phones when they are first connected to start the Configuration Assistant If you don't want the user to receive the Configuration Assistant call when he connects a phone for the first time (Silent Mode): 1. which is the configuration assistant number. You or the network users can also call the Configuration Assistant at any time (for instance. Critical Links. The same applies to Outgoing Call Rules. Basically you need to create a Phones Group. Select the option Do not make the Auto Configuration Assistant call.

not even from the group. The policies are organized by the operations: Call Pick Up.124 edgeBOX 5. Call Listening and Call Recording. Call Pick Up policies With Call Pick Up you can specify the set of phones that can pick up calls on this group. can pick up calls ringing in this group Intercom Calls policies With Intercom Calls someone could make a phone call to this group in which the destination phone will go into loudspeaker mode and the call will be listened to by the people near that phone. Enter a name (like Sales) in the Name field. when defined enables Group Calls. Intercom Calls.Click Save button. like calling all phones in the group at the same time. This number is optional. Description of the Access Control policies The access control policies of a phones group are configured in the Access Control tab when you create or edit a group. In this panel you can Critical Links. Select the Access Control tab. 6.0 Help About Phone Groups Basic steps to create a phones group. The choices are: · any phone can pick up calls on this group (this is the default setting) · only the phones that belong to the group can do this · no phone. You can choose: · any network phone can initiate Intercom Calls to the phones on this group (this is the default setting) · only phones in the group can initiate Intercom Calls to each other · this group will not accept Intercom Calls Call Listening policies With Call Listening you can listen to ongoing calls on other extensions. . 4. Click Add button. 3. Inc. 5. To create a group of phones proceed as follows: 1. Click Groups in the Related Topics section of the menu. 7. select and add the phones to make part of the group (use Ctrl key to select multiple phones at the same time). Enter a phone number (like 450) for the group in the Extension field. Enter a description (like Sales Personnel) in the Description field. Define the access control policies to apply to the phones in the group (see examples below for better understanding). 10. 2. Go to IP-PBX > Phones. 8. Click New button. 9.

but they don't want other people outside the group to pick their calls. or specific extensions belonging to the group. can pickup calls ringing at any phone of the group by dialing *8 followed by the group extension number (300 in the example). 8. Enter a phone number (like 300) for the group in the Extension field. For the scenario above execute the following steps: 1. Enter a name (like Support) in the Name field. Click New button. Below you can find some examples of the most typical configurations. default setting is 'no'). default setting is 'no recording'). Enter a description (like Support Personnel) in the Description field. Critical Links.Click Save button. . 6. How to create a group of phones that can pickup calls only between them? In this example. Click Add button. Configuration examples You can configure any number of phone groups. At the Call Pick Up section. select the option Only phones of this group can pick up calls ringing on these phones. 5. and · if phones on this group can or can't be recorded (see Recording calls. 4. At this point any phone within the group Support. 10. Go to IP-PBX > Phones. 3. Other phones not belonging to the group Support won't be able to execute pickup to the group. When using the group's extension number like *8300 the user will randomly pickup a call ringing in the group. with many variations of access control policies building from the most simple to the most complex set of policies. Inc. 7. 2. select and add the phones to make part of the group (use Ctrl key to select multiple phones at the same time). depending on your company requirements. 9.IP-PBX and VoIP 125 specify if: · if phones on this group can be used to listen to calls on other phones (default setting is 'no') · if calls on these phones can be listened (default setting is 'no') Call Recording policies The Call Recording settings for a group allows you to specify: · if these phones can record calls (see One Touch Recording. This number will be used to identify the group from where to pickup the call. when using *8<phone extension number> the user will pickup the call ringing at the specific phone (*81001 will pick the call ringing at phone's extension 1001). lets assume that you have a group of support personnel and they want to pickup calls that ringing in another extension of the team (because the person is not at his desk). Select the Access Control tab. Click Groups in the Related Topics section of the menu.

For the scenario scenario above do the following: 1. This is useful. at the Calls Monitoring section leave both policies unselected. while others can't? In this example. can listen ongoing calls of any phone in the group Help Desk by dialing *990* followed by the extension number of the phone to listen (*990*1001 to listen phone extension 1001). when a user goes out of office.6 Twinning Twinning enables you to almost duplicate the behaviour of an extension of the network on another external phone. Add to the group the phones of the help desk team.These phones can be used to listen to ongoing calls on other phones . and give instructions to them during the call. 3. when the user answers a call on his cell phone that was sent by egdeBOX through an analog line. The call will be answered by edgeBOX and the user will hear the dial tone again.0 Help How to create a group of phones that can listen and whisper calls. select both policies: . The user can then make internal calls just by dialing the extension he wants to call or make outgoing calls that will appear to the recipient as being made by user's regular work phone. Learn More. The user just needs to dial the number of the company. for example. He is able to answer calls to his extension on his cell phone. Otherwise the extension will keep on ringing despite the call had already been answered by the user. 5. a cell phone: · When a call arrives at the network phone (for example. Add to the group the supervisors phones.Calls on these phones can't be listened by other phones 4. Inc. for example. 2.2. even if he is at home. In Access Control panel. the user needs to press the # (pound) key after answering. This will inform edgeBOX that the call was picked up and edgeBOX will stop ringing the extension of the user. At this point any phone within the group Supervisors. 8. If you activate and configure twinning with. Create a group called Help Desk. The phone that will pick up the call is the one that will be first answered. In Access Control panel. 6. as a cell phone for example.126 edgeBOX 5. · The user can make calls with his cell phone as if he was on his extension at work. at the Calls Monitoring section. extension 2001) then both the network phone and the cell phone will ring. . lets assume we have a group of supervisors that need the ability to listen ongoing calls in the Help Desk group. To listen and give instructions at the same time (whisper mode) dial *991*1001. Activate Twinning for an extension Critical Links. However. Create a group called Supervisors.

disable and change the number of the phone your extension is twinning with.on your phone. 3. for example. dial *91. 4. In the Twinning section you can see the number of the phone this extension is currently twinning with. Select the option Activate Twinning. . But to do so. Change the twinned phone number 1. this is. so you can switch off twinning so just the company phone rings when a call is received. By default phones are not allowed to twin with other phones like cell phones.on your phone. or you can leave it blank for the user of the phone to configure it himself. 4. or the phone's user. Click Save button. Twinning will be disabled. dial *92* Critical Links. Select the desired network phone from the phone list and click the Edit Phone button. 3. through the phone. twinning must be Active on that phone. 3. See Configure Twinning using the phone. Note that the feature is still allowed at the phone. it is just not enabled at the moment. can enable it again at any time. To allow a phone to twin with another one: 1. this phone is not twinning with another phone. To turn twinning off of a phone: 1.IP-PBX and VoIP 127 The twinning feature is defined at each specific phone. dial *90. 2. Select the desired network phone from the phone list and click the Edit Phone button. Turn off twinning This is particularly useful when the user is close to both phones at the same time. · Enable twinning . Enter the new phone number in the Phone Number field. Select the desired network phone from the phone list and click the Edit Phone button. Enter the phone number to be twinned to in the Phone Number field. Click Save button. Click Save button. Configure Twinning using the phone The user of the phone with twinning can also enable. for example. But you. Unselect the option Activate Twinning. Twining will be now enabled. 2. · Change the phone your phone is twinning with . Inc. 2. the network phone and his personal cell phone.on your phone. having both phones ringing at the same time is not really useful. · Disable twinning . directly on the phone itself instead of the edgeBOX. In this cases. through edgebOX's interface.

The Internal Dial Plan menu gives you access to a finer-grained control of the way edgeBOX processes calls: it allows you to route each call through a set of simple or complex sequences for each call processed. The popup dialog shows you initially: · on the left: the list of Extensions currently active in the Internal Dial Plan: each new phone created is automatically added to the Dial Plan and each phone deleted is automatically removed.2. Inc. 8.7 Internal Dial Plan The Internal Dial Plan popup window is accessible in the Related Topics corner of the Phones menu. a Duplicate button is provided for quickly creating new entries based on the existing ones. You can consider the Internal Dial Plan as a set of individual Extension Dial Plans. Critical Links. Those operations should be performed in the Phones list. . For your convenience. For example. Configure the Extension Dial Plan This dialog lets you configure. the right-hand panel shows you the Extension Dial Plan: the configured sequence of actions the PBX will execute upon reception of a new call for this extension. for a specific entry: · Extension: type-in the extension name to which this Extension Dial Plan applies. · Transfer an ongoing call from the cell phone to the network phone . if your cell phone is 912154014 you can dial *92*912154014.0 Help followed by the phone number you want to twin to. As usual. you can use the New button to add new extensions or the Edit button to change existing entries. · on the right: when you select an extension on the left. in the IP-PBX section.on your phone.128 edgeBOX 5. Don't use the Internal Dial Plan for simple operations like the creation or removal of extensions. · with Caller ID: check the box and type-in the Caller ID if you wish to further specify that this applies only to that specific Caller ID. The Configure the Extension Dial Plan popup window will show. The Internal Dial Plan should only be used for advanced configurations. dial *93 and the call you are answering in the cell phone will continue in the network phone.

· Forward to Conference: you can choose a conference number for the call to be forwarded to (see Conferences).3 Configuring incoming call rules Incoming Call Rules instruct edgeBOX on how to deal with a call coming from the outside world. · Forward to Group: here the call will be answered by some phone in the group you specify from the drop-down list. When configuring Incoming Call Rules you have at your disposal the following tasks: · Creating Incoming Call Rules. The Incoming Call Rules menu is accessible in the IP-PBX section. the selected sound file will be played and all numbers entered by the caller will be ignored until the sound has finished (see here for details on sound files). Inc. use the Up and Down arrows to change the sequence.IP-PBX and VoIP 129 · Actions: an ordered list of actions edgeBOX will try to route the call through. you may choose any extension with an active voicemail. use the New and Delete buttons to manage the contents of the list. · Answer: the call will be answered. · Build Automatic Attendant voice menus. · Forward to external number: this action forwards the call to an external number. · Forward to Voicemail: the call will be forwarded to the chosen extension's voicemail. · Play: the caller will listen to the sound file you choose. · Hangup: the call will be hung-up. you must select the phone from the drop-down list that appears below. · Forward to Queue: with this option the call will be forward to the queue you choose (see Queues). · Define Schedules (or calendars). . 8. For each action you can: · Forward to Phone: this action forwards the call to a phone. Related Topics: Critical Links. you must specify the number you want in the text filed. · Wait: this action makes the call wait for the specified number of seconds.

· rule actions. Click Add button to add the action to the rule. which is a human readable name describing the rule. Repeat from step 4 for as many conditions as you need. 5. Critical Links. while the Actions specify how the call is to be treated. The Incoming Call Rules menu can be reached in the IP-PBX section.1 Creating incoming call rules Incoming Call Rules define how an incoming call is routed through the system. 4. Basic steps to create an Incoming Call Rule 1. Select a condition in the Conditions combobox. Select an action in the Actions combobox. 7. to voicemail or to automated attendants. · a rule name. Conditions determine if the rule is to be applied or not not. 6. that define how the call is to be treated. Rules are applied in the order of appearance. Enter the parameters for the action in the fields at right side of the action. and how it's going to be answered. 9. 2. A rule is composed by: · a rule priority. to determine if the rule is to be applied or not not. There are two default example rules: work-hours and after-hours. . Click New button. Each rule as a set of conditions and a set of actions.0 Help · Voice Lines · Groups · Sound Manager · Music On-Hold · Automatic Call Recording · Automatic Attendants · Schedules 8. Repeat from step 7 for as many conditions as you need. Inc. Enter the parameter value for the condition in the text field at right side of the condition. 8. · rule conditions. Click Add button to add the condition to the rule. Click on a rule and use the UP and Down buttons to change the order.3. Enter the name of the rule in the Rule name field.130 edgeBOX 5. to determine the order by which the rules are evaluated. 3. It can be redirected to a specific extension. Go to IP-PBX > Incoming Call Rules.

Inc. you may choose any extension with an active voicemail. So you could easily build up complex rules such as ''from this origin. to that destination within some period of time''. · Calls to (DDI): This condition tries to match the destination number (DDI) of the call with the supplied value.IP-PBX and VoIP 131 10. you must enter the DDI in the text field at the right side of the condition type. use the Move Up and Move Down buttons in the toolbar to place the rule in the order you desire to be evaluated. 11. · Ring Phone: this action tries to forward the call to the specified phone by making it ring. but out of hours (or at vacations periods or holidays) you want an automated attendant to answer. · Forward to Group: here the call will be answered by some phone in the group you specify from the drop-down list at the right side. you must specify the number you want in the text filed that appears at the right. In a single rule you can use as many conditions as you want. · Forward to Voicemail: the call will be forwarded to the chosen extension's voicemail. . · Forward to Queue: with this option the call will be forward to the queue you choose (see Queues). Rule Conditions When a call is received by edgeBOX. you must choose a Schedule from the drop-down list at the right side of the condition type.At the rules list. This condition is useful for example when at work hours (or days) you want the call to be answered by a person. This condition is useful when you need to redirect a call based on who's calling. if the phone is not answered then the next action will take place. This condition is useful when you have multiple public phone numbers. · Schedule: This conditions evaluates if the call is being made at a particular time or day (see Schedules for more details). · Calls from (CallerID): This condition tries to match the originating number (CallerID) of the call with the supplied value. · Answer: the call will be answered. each one with a different destination department or receptionist. · Forward to internal number: this action forwards the call to an internal number. the conditions of each incoming call rule are evaluated.Click Save button to save the rule. you must enter the CallerID in the text field at the right side of the condition type. you must specify the number you want in the text filed that appears at the right. · Forward to external number: this action forwards the call to an external number. Critical Links. the sequence of actions specified are executed. · Forward to Conference: you can choose a conference number for the call to be forwarded to (see Conferences). For the first rule to match all conditions. you must select the phone from the drop-down list that appears at the right side. You can: · Forward to Phone: this action forwards the call to a phone. The rule's actions will be executed if (and only if) all conditions together are true. Rule Actions The Rule Actions determine the behaviour in case the rule conditions are met.

· Change CallerID: to change the CallerID to a diferent one. · DISA: Stands for Direct Inward System Access. Is it secure? This type of access has SERIOUS security implications. you specify ''Calls From (DDI): 9876543XX'' you could latter. In this case a call from 987654321 would be forwarded to internal number 9921. · Pattern '*': the symbol * accounts for any digit sequence. If you select that option and indicate the passcode. the user gets authenticated automatically. for example. · Change Music On Hold: to change the music to be played if the call is placed on hold. wait for 10 seconds and then forward the call to some Conference. · Pattern 'X': each X accounts for exactly one digit. As an example you could play a sound. followed by the pound sign (#). you can use constructs like "Ricardo Loureiro <916291182>" or even the usual * and X signs for field replacement (see more on this below). first is asked the user to enter the passcode before getting dialtone. Use of pattern characters You can make use of patterns in your rules. Rule actions can be moved Up and Down with the help of the corresponding buttons. · Wait: this action makes the call wait for the specified number of seconds. if.0 Help · Hangup: the call will be hung-up. Allows someone calling in from outside the telephone switch (PBX) to obtain an "internal" system dialtone and dial calls as if from one of the extensions attached to the telephone switch.132 edgeBOX 5. If the passcode is correct. · Play: the caller will listen to the sound file you can choose. when the action DISA is executed. If you do not enter a passcode. the selected sound file will be played and all numbers entered by the caller will be ignored until the message has completed. You can add several rule actions. and GREAT care must be taken NOT to compromise your security. you must type the code on the right. Critical Links. · Set Project Code: to label the call detail record (CDR) with the supplied code. specify an action like ''Forward to Internal Number 99XX''. This way you could compose complex sequences for edgeBOX to execute on the call. · Start Automated Attendant: this action will start the execution of the specified automated attendant menu. you must type it on the right. In each call the XX sequence from the DDI will be evaluated and re-used in the action. . the user will hear dialtone on which a call may be placed. We advise you to ALWAYS enter a passcode. Inc. in the same rule. The DISA application may require the user to enter a passcode. when the DISA action is executed.

like answer. Go to IP-PBX > Incoming Call Rules 2. Each child node is either an action or a condition which may be expanded to see it's underlaying actions. 7. 12. · Conditions are used to respond to user input. like when a key is pressed. or a number is dialed. making it easy to understand the concept of flow of actions and conditions. allowing the administrator to create response menus for a large range of applications. 8. select the condition in the list.Select the type of action desired. Select the desired action in the Action combo box. Enter a name to identify the automatic attendant in the Name field. Callers using a touch tone phone will be able to navigate these menus by pressing the appropriate numbers. Enter the parameter values for the action in the fields shown below the Action combo box.Click Save button when finished. 10. . you must select the phone from the drop-down list that appears at the right side. · Ring Phone: · Forward to Voicemail: the call will be forwarded to the chosen extension's voicemail. An automated attendant menu is built with actions and conditions: · Actions define what is to be done in the call. Click Add Condition button in the toolbar. Inc. Basic steps to create an automated attendant 1.2 Defining Automated Attendant menus edgeBOX provides a flexible Automated Attendant builder. play sound files. Critical Links. 5. To change to action's order execution use the up and down arrow button in the toolbar. you may choose any extension with an active voicemail.3. fully integrating all of edgeBOX's VoIP PBX functionalities. Automatic Attendant's Actions · Forward to Phone: this action forwards the call to a phone. Click Automatic Attendants option in the Related Topics section of the menu 3. Click Save to confirm the action.IP-PBX and VoIP 133 8. and click Add Action (steps 5 to 8). 9. Repeat from step 5 to add more actions. 6. Automated Attendants are displayed as a tree structure.For actions to be executed when a condition is met. you must specify the number you want in the text filed that appears at the right. Click Add Action button in the toolbar. 11. Click New button in the toolbar. 4. · Forward to external number: this action forwards the call to an external number. joining conferences or jumping to another automated attendant menu.

We advise you to ALWAYS enter a passcode. if the sequence of keys pressed by the user is not matching any of the previous conditions. additionally you can also choose the Internal Extensions option. · DISA: Stands for Direct Inward System Access. This way you could compose complex sequences for edgeBOX to execute on the call. the selected sound file will be played and all numbers entered by the caller will be ignored until the message has completed. · Wait: this action makes the call wait for the specified number of seconds. Automatic Attendant's Conditions Conditions are used to execute a set of actions based on the user's input. If you do not enter a passcode. · Forward to Conference: you can choose a conference number for the call to be forwarded to (see Conferences). when the DISA action is executed. As an example you could play a sound. If the passcode is correct. the drop-down list will show you all currently configured automated attendants for you to choose the one you want.134 edgeBOX 5. · If user didn't press any key: This condition will execute the underlying actions.0 Help · Forward to Queue: with this option the call will be forward to the queue you choose (see Queues). the user gets authenticated automatically. Inc. the user will hear dialtone on which a call may be placed. but in this case the user can press keys while listening. Rule actions can be moved Up and Down with the help of the corresponding buttons. Allows someone calling in from outside the telephone switch (PBX) to obtain an "internal" system dialtone and dial calls as if from one of the extensions attached to the telephone switch. · Forward to Group: here the call will be answered by some phone in the group you specify from the drop-down list at the right side. You can add several rule actions. Critical Links. · Answer: the call will be answered. The DISA application may require the user to enter a passcode. You must enter the set of keys that should be pressed in the Keys field. · Play in background: similar to Play. · Hangup: the call will be hung-up. . in that case the caller will be able to dial the internal extension he wishes to reach. · If user pressed keys: This condition will compare the keys typed be the caller. Is it secure? This type of access has SERIOUS security implications. · If user pressed invalid keys: This condition will execute the underlying actions. wait for 10 seconds and then forward the call to some Conference. if the user didn't pressed any keys (after a 5 seconds timeout). · Start IVR: this action will start the execution of the specified automated attendant menu (IVR). and GREAT care must be taken NOT to compromise your security. followed by the pound sign (#). instead of being forced to wait for the sound to finish. first is asked the user to enter the passcode before getting dialtone. If you select that option and indicate the passcode. when the action DISA is executed. and will execute the underlying actions if the keys match the ones you specified on this condition. · Play: the caller will listen to the sound file you can choose.

since you can create rules based on destination number in order to use the least cost route for that destination.3 Schedules Schedules allow you to define periods of time for executing rules in Incoming Call Rules. 8.3. Click New button. vacations. · Time: you can specify any time span within a day. Please refer to the IP-PBX section's Outgoing Call Rules menu. Usually Outgoing Call Rules are used with Least Cost Routing (LCR) in mind. Dialed Number and Time. From that menu you can: · Configure edgeBOX to require PIN authentication for outgoing calls · Configure Outgoing Call Rules and Access Control policies for specific Groups or Devices · Configure the Emergency route Critical Links. You can do this based on: · Date: you can either specify a range of calendar days or a single day. Inc. Next you must specify a set of time Rules. Enter a name identifying the schedule in the Name field. You would call this schedule WorkHours2ndSemester09. This is very useful to specify working hours.. 4.4 Define your outgoing call rules Outgoing Call Rules instruct edgeBOX on how to route calls to the outside world. 5.IP-PBX and VoIP 135 8. You can have distinct rules based on Phone Dialing. 3. 2. Give me an example. As an example you could specify a three rules based schedule as: ''Date: from 1/7/2009 to 31/12/2009'' AND ''Time: from 9h00m to 18h59m'' AND ''Days: from Monday to Friday''. To define a schedule proceed as follows: 1. reducing the overall cost of your voice communications. You can specify multiple rules for a schedule. Go to the IP-PBX section. holiday periods that you can then easily use when defining your call rules. Click the Schedules option in the Related Topics section of the menu. Incoming Call Rules menu. .. · Days: you can either specify a range of week days or a single week day. In that case the schedule will actually be defined as the superposition of all rules (logic AND). from 0h0m up to 23h59m.

. When active the PBX will block outgoing calls if the user supplied invalid credentials or if the user doesn't have the necessary permissions to make the call. you can use patterns such as 123*: this will match all calls to numbers starting with 123. The Outgoing Call Rules menu in the IP-PBX section displays the current status of the authentication service at the top. In this mode of operation users are not required to supply a PIN when making calls. Long Distance. Local. · Type of call: Free. i. International or Special Call. here you can reuse pattern matches from the Inbound Pattern. the system will still check the type of each call. Authentication is based on a PIN assigned on user creation.4. but only to find the correct Route to use.0 Help Related Topics: · Configuring Voice Lines · Phones Groups Access Control · Automatic Call Recording · Configure usage of ENUM routes 8. Click the Require users to authenticate/Don't require users to authenticate to change it. namely: · Inbound Pattern: the Dialed Number.4.136 edgeBOX 5. the type of outgoing calls a user is allowed to make. Outgoing call permissions. When inactive. Critical Links. Mobile. more details below.2 Rules Definition An Outgoing Call Rule is defined by the following data: · Conditions: this is where you define the conditions when to apply the rule. Inc. are also set on user creation. As usual the green/gray colors are used to show the operational status of the Outgoing Calls Authentication service.1 Authentication edgeBOX supports authentication of outgoing calls. · Time of day: the period of the day for which this rule will apply · Routes: in the routes section you define · Route: which line (or lines) should be used to make the call · Outbound Pattern: the number to dial out. 8.e.

Critical Links.IP-PBX and VoIP 137 · Timeout: timeout for this route. Click New button in the toolbar. this would indicate a 9 followed by exactly 3 other digits (which may or may not include the digit 9) 9. · CallerID: outgoing caller ID. whilst your outbound pattern would be 10109*.. 13. say a prefix of 1010 needs to be added. Not all providers allow this to be changed. Enter the number (pattern) that should be dialed (usually the same as the Inbound Pattern you entered in 3) in the Outbound Pattern field.. All these additional routes will be used if the previous one is not available or times out. This way you can have different rules in different time schedules to the same destination number.Repeat 7 to 11 adding all routes you wish to use as fall back routes. Other situation is when you want an outbound prefix like 0. 8. check the Caller ID and enter the number (or text) you want in the CallerID field. Select the route (or line) you want the call to follow through in the Route field. Enter a name for the rule (like US_Calls) in the Name field. you may use several X characters to match a specific number of digits. Inc.. The 'X's must be uppercase.Select the Access Control tab. X matches exactly one digit. 12. If you entered 9XXX. Caller ID is the identifier displayed (usually the number associated with the phone line) in the destination phone.If you want to enforce a specific Caller ID for the call. in this case the Inbound pattern would be 0* and the Outbound pattern would be *. Examples: The 9* indicates a digit 9 followed by any other numbers. 2. 5. One example is when you need to add prefixes to select a specific provider. In the both patterns (outbound and inbound) you can use two special characters: * matches all remaining digits. The outbound pattern may differ from the inbound. The rule is only applied to calls made during the specified time period. Steps to create a new outgoing call rule 1. More details. 4. Enter the time period you want this rule to be applicable. Goto IP-PBX > Outgoing Call Rules. 10. 6. this route shall ring before ending the call (or falling to the next route if defined) in the Timeout field.Click Add.. thus your inbound pattern would be 9* (all numbers starting with 9). in these cases edgeBOX will change it at the protocol level but produces no effect as the provider will override it. More details. 11. 7. if you wish to transform the number. in the From and To fields. . 3. Enter the amount of time in seconds (like 30). or 800XXXXXXX for all 10 digit numbers started with 800) in the Inbound Pattern field. Classify the type of access level required to use this rule (like Free) in the Type of Call field. Enter the dialed pattern (or number) you want as a condition to apply this rule (like 001* for all numbers started with 001.

See more in Configuring Voice Lines. Inc. or if the call is coming from a Device in the Allowed area (like DISA). and will match all calls (except if rules with more specific conditions are applicable). In a sentence this rule could be read as “Calls to any number (*). Note: You can test the Demo rule by dialing 123 in one of the already connected phones. 15.Click Save to save the rule. Select the rule Emergency and click Edit button in the toolbar (double mouse click also works). for whom you want to be able to use the rule. made from any phone will follow demo-proxy route”. Steps to setup the Emergency call rule 1. . the Default rule doesn't include any routes (lines) to the PSTN. If everything is working properly your call will be answered and you'll listen an automated attendant saying “Welcome. · Default rule: This rule is the most generic rule. at any time (00:00 – 23:59) made from any phone (Access Group Default) will follow routes specified”.Move the Groups and the Devices from Denied to Allowed. 8. and then the call will finish. Critical Links.g: 911 or 112) is dialed. The emergency rule it's a system rule and cannot be deleted. Thank you for calling.138 edgeBOX 5. You can easily identify it by the red cross icon .0 Help 14. Please note that this call is made through a connection to Critical Links servers. Note: When you first receive an edgeBOX. so you need to edit this rule and add the routes you've connected. Default Outgoing Call Rules There are two pre-configured outgoing call rules in edgeBOX: · Demo rule: This rule is meant for testing purposes only. demo-proxy is a ITSP connection to Critical Links data center for you to test your edgeBOX setup. 2. In a sentence this rule could be read as “Calls to number 123. 3. Goto IP-PBX > Outgoing Call Rules. Enter the emergency number (like 911) in the Emergency Number field.3 Emergency number The Emergency rule is a special rule to be used when the emergency number (e. meaning that every connected phone (even phones in "not registered" state due to bad password) are allowed to make the call. The rule will only be applied if the phone making the call belongs to a group in the Allowed area. at any time.4. Goodbye”. thus your edgeBOX needs a working internet connection for this test to work. This rule behaves pretty much the same way as other rules but authorization and authentication policies are bypassed.

7. If you entered 9XXX. Enter the amount of time in seconds (like 30). Click Add. Enter the number (pattern) that should be dialed (usually the same as the Emergency Number you entered in 3) in the Outbound Pattern field. Please go to the IP-PBX section. More details. The 'X's must be uppercase. Not all providers allow this to be changed. The Voice Lines panel allows you to manage all these interfaces in a consistent unified approach. Repeat 5 to 8 adding all routes you wish to use as fall back routes. say a prefix of 1010 needs to be added. thus your inbound pattern would be 9* (all numbers starting with 9). if you wish to transform the number. 8. 9. the Outgoing Call Rules and the MailFax Accounts menus.. In the both patterns (outbound and inbound) you can use two special characters: * matches all remaining digits.Click Save to save the rule. Select the route (or line) you want the call to follow through in the Route field. Examples: The 9* indicates a digit 9 followed by any other numbers.. . 10. in these cases edgeBOX will change it at the protocol level but produces no effect as the provider will override it.. X matches exactly one digit. More details. Other situation is when you want an outbound prefix like 0. this would indicate a 9 followed by exactly 3 other digits (which may or may not include the digit 9) 6. 8. When the panel loads you get a summary display of all your phone lines and corresponding status. Inc. this route shall ring before ending the call (or falling to the next route if defined) in the Timeout field. check the Caller ID and enter the number (or text) you want in the CallerID field. in this case the Inbound pattern would be 0* and the Outbound pattern would be *.IP-PBX and VoIP 139 4. You can reach the Voice Lines popup from the Incoming Call Rules . If you want to enforce a specific Caller ID for the call. Caller ID is the identifier displayed (usually the number associated with the phone line) in the destination phone. whilst your outbound pattern would be 10109*. 5.5 Configuring Voice Lines edgeBOX can be connected to the public telephony network or to the IP network in a number of ways. The outbound pattern may differ from the inbound. in the Related Topics corner. or pure VoIP interfaces such as SIP or IAX2. you may use several X characters to match a specific number of digits. All these additional routes will be used if the previous one is not available or times out. Voice lines are classified as follows: Critical Links.. One example is when you need to add prefixes to select a specific provider. With edgeBOX you can manage your connections such as ISDN or FXO-FXS hardware.

The panel will automatically display all lines installed based on your hardware configuration. How to create a remote office connection? · All Lines: Display all the above mentioned connection types plus FXS lines. . · VoIP Providers: IP connections to VoIP providers. Please fill the details regarding your VoIP provider account: · Name: type in an identification name for this provider. meaning that extensions can be called directly.. 8. meaning that extensions can be called directly.1 VoIP Providers To enable edgeBOX to connect to a VoIP provider on the Internet.140 edgeBOX 5. The supported line types include FXO. button and type-in: · Register Name · Authentication Name · From User · From Domain · Outbound Proxy · Realm · Contact Critical Links.5. ISDN BRI and ISDN PRI. where you can connect directly analog phones or fax machines. additionally you can Customize Authentication Fields. The signalling protocol used is SIP (Session Initiation Protocol). · IP Address / Hostname: type-in the IP address or the FQDN of your provider. In the subsequent dialog choose Connect to a VoIP provider on the Internet and press Next. Step 1: in the first dialog you need to define the destination host and authentication for the connection. please load the Voice Lines dialog and click the New button. · Remote PBX: Lines connected to a PBX (includes ISDN BRI and ISDN PRI). supported signalling protocols are SIP and IAX2.. press the Settings. · Remote Offices: IP connnections to other office.0 Help · Public Lines: Lines connected directly to the PSTN (Public Switched Telephone Network). Authentication · Authentication is not required · Authenticate with credentials: if the provider requires authentication please fill in the Username and Password. How to create a VoIP Provider connection?. Calls received on this lines are considered internal calls. Inc. Calls received on this lines are considered internal calls.

· Manage Codecs to be used on this connection: select the codecs to be used (these codecs have to be supported by the provider). 3. Step 2: in the second dialog you will define codecs and other advanced options. . You may choose to provide: · Max Calls: maximum number of simultaneous calls allowed. 4. Select ENUM in the Route combobox. Double click the rule where you want to use ENUM (or create a new rule). 1. and enter the desired Outbound pattern. and if found the call will proceed as an URI call. Click Add. · Manage DTMF and other advanced options: · Disable NAT support · Disable Keep Alive · DTMF Mode: inband. you need to add ENUM line to your list of routes. you just need to add the ENUM line to your route. You can also select the preferred order of use. Critical Links. 5. 2. to send a query to each active ENUM server to try to lookup the called PSTN number. For more details about ENUM see Telephone Number Mapping. Go to IP-PBX > Outgoing Call Rules. Please note that calls coming through trusted SIP proxies are only trusted if the proxy name is equal to the FROM header. This will make for every call routed through that rule. which is a service to map PSTN telephone numbers into VoIP URLs. In edgeBOX ENUM service is conceptualized as a voice line. info and rfc2833 8. meaning that whenever you want a given Outgoing Rule to search and use ENUM service.2 ENUM service edgeBOX supports ENUM. Use the Up and Down buttons to place the ENUM at your desired execution order (typically it should come first).5. Inc. Once you're done. so if for a given Outbound Route you want ENUM service to be used. press Next. How to use ENUM service? ENUM service is used like a Voice Line.IP-PBX and VoIP 141 For convenience you can use the Test Connection button to validate the connection. For more information see Codecs section.

Use Add and Remove buttons to setup your ENUM servers. button and use the following dialog to enable/ Critical Links.org and e164. Calls between these devices benefit from an optimised connection. making call conferences. Click Save button. Now all the Outgoing Rules that you've configured to use ENUM will query the specified servers. In the subsequent dialog choose Connect to a Remote Office and press Next. Inc. If you need to use others follow the steps below: 1. please load the Voice Lines dialog and click the New button.. 8. A benefit of this configuration is that an extension from edgeBOX A is able to call an extension registered in edgeBOX B. Advanced Options · Manage Codecs: click the Codecs. Note that besides calling internal extensions. 5. 2.5. ).142 edgeBOX 5. Now. allowing you to make a conference call between two remote offices with no costs. To enable edgeBOX to connect to a Remote Office.3 Remote Offices The Remote Office functionality allows the creation of an IAX or SIP trunk between two edgeBOXs. Select Voice Lines option in Related Topics section. Go to IP-PBX > Outgoing Call Rules. Step 1: in the first step you need to define a name and a security key for the conection: Name: a descriptive name for the connection (such as office2..arpa).0 Help 6. for example). Double click the ENUM Service line. 4. outbound calls following this rule will be converted to URI Calls whenever the ENUM server returns a valid URI for the dialed number. 3. Authentication · Password: the password to use in the connection. all VoIP functionalities will be available for the remote edgeBOX users (making local calls. as if the phone was registered on edgeBOX A. How to configure ENUM service? By default edgeBOX comes preconfigured with two ENUM server (e164. resulting in a better use in bandwidth. Click Save button. . etc.

NT Mode . Step 2: in the second step you need to specify the Remote Office location: · IP Address / Hostname: type-in the IP address or the FQDN of the remote office IP-PBX. Simultaneous calls value. Click Next. All supported card types are displayed in the Voice Lines popup.. IP-PBX menu. Press the Finish button when done.IP-PBX and VoIP 143 disable and prioritize the application of audio and video codecs for this connection. · Manage Protocol (IAX or SIP): click the Protocol. Each card type has it's own specific set of configurations. Inc.4.4 Hardware edgeBOX supports automatic hardware detection. To access them. For each specific type follow the details below: · ISDN BRI · ISDN PRI · Analog FXO-FXS 8. ports in NT Mode are available when you configure your Incoming Call Rules. All supported VoIP card types are automatically detected and the system is automatically configured so these cards can be used by the IP-PBX. you can configure the following parameters: Mode Choose the desired operating mode: · This line connects to an ISDN Phone: if this line will be used to connect a phone. for SIP don't forget the Max.5. · Automatically configure remote server: check the box and type-in the administration password of the remote host. 8.. See Codecs section for more information.1 ISDN BRI When editing a BRI port. button and choose the protocol SIP or IAX. Critical Links. select the desired entry and click the Edit button.5. .

4. it allows edgeBOX to integrate with PBX's which work with overlap digits. it can be E1 or T1.2 ISDN PRI When editing a PRI port.0 Help · This line connects to an ISDN Line: if this line will be used to connect edgeBOX to the exterior using ISDN. PMP links allow to connect up to 8 terminals in parallel along the bus.144 edgeBOX 5. You can use this option to restrict the inbound calls you accept on this ISDN line. additionally the number of ports (31 ports in E1 mode. . NOTE: changing this option requires restarting edgeBOX's PBX and thus hanging-up all ongoing calls. TE Mode. How to change mode? Critical Links. PTP links allow only one TE to be connected. 22 ports in T1 mode). you get a two tabbed dialog window: General · Mode: shows you the current operating mode for the port. Connection Type Choose the desired connection type: Point to Multi-Point (PMP) or Point to Point (PTP). Edit and Remove buttons to manage the list of numbers to which this line accepts calls. · Point to Multi-Point (PMP) · Point to Point (PTP) MSN numbers The MSN numbers are your public phone numbers. Inc. Accepting calls restrictions: · Accept calls to any number · Accept only calls to the following numbers and ignore other calls: use the Add.5. this means that the inbound call rules and outbound call rules will not be applied to these calls. · Wait for all incoming digits before fallback to Dial Plan: select this option if you want to wait for all incoming digits before fallback to Dial Plan. Others Select the following two options as required: · Consider calls on this line as internal calls (Trusted Line): select this option if you want inbound and outbound calls through this line to be considered internal calls by edgeBOX. 8. ports in TE Mode are available as outbound routes when you manage Outgoing Call Rules.

it allows edgeBOX to integrate with PBX's which work with overlap digits. Note that this option is only displayed for cards that support echo cancellation. · Enable Echo Cancellation: select this option if you want the card to use the embedded echo cancellation mechanisms. used on the client side. the following settings may be changed: · SwitchType: switching used by the line. · QSIG. used on the network side. · E&M · Timing: · Primary Master · Secondar Master · Slave · Coding: · HDB3 · AMI Critical Links.IP-PBX and VoIP 145 · Ports: the current port assignment (example 5-35 for an E1). · Consider calls on this line as internal calls (Trusted Line): select this option if you want inbound and outbound calls through this line to be considered internal calls by edgeBOX. Advanced The advanced tab gives you access to further configuration details In the Advanced tab of the configuration details for PRI cards. Available options are: · CPE. · Group: the current Group. Available options are: · EuroISDN. · Signalling: signalling used by this span. this means that the inbound call rules and outbound call rules will not be applied to these calls. . · Wait for all incoming digits before fallback to Dial Plan: select this option if you want to wait for all incoming digits before fallback to Dial Plan. used in Europe. Inc. · NET.

please refer to your support service for more information on how to proceed.5. International. · Local Dial Plan: choose from Unknown.5. Be careful not to connect phone lines (PSTN lines) in the FXS port.146 edgeBOX 5. Local. Dynamic. National. · International Prefix: check the box and enter the desired prefix. edgeBOX supports TDM Digium cards.1 How to change configuration mode (E1 / T1) To change the mode from E1 to T1 (or vice-versa) you need to access the hardware and configure jumpers accordingly. you will have to reboot edgeBOX. Private. Inc. Private. 8. If you do so. the port will still not work. National.2. . allowing you to receive or make calls using the PSTN network.4. Even if you unplug the phone line cable and connect an analog phone into the port. When editing an FXO-FXS port you'll be prompted by a panel with two tabs: Critical Links.3 Analogue FXO-FXS To allow connection to analogue lines. Local. Customize National and International Prefixes · National Prefix: check the box and enter the desired prefix. International. · FXS Module: should be connected to an analogue phone or fax machine. To see more information about E1 and T1 see here. FXO and FXS modules may be installed in this card: · FXO Module: should be connected to an analogue line. 8. the port will stop working.0 Help ISDN Signaling · Dial Plan: choose from Unknown. Dynamic.4.

this will inform edgeBOX that the call was picked up and edgeBOX will stop ringing the other extension.. you need to select this option if you have Twinning enabled on your analog phone and you are not in the USA. so it is necessary to the user to press the # (cardinal) key after answering. only for FXO mode.. Advanced · Enable "#" confirmation for outgoing twinned calls: only for FXO mode. · Enable Echo Cancellation: only if card supports echo cancellation. edgeBOX is not able to know if the call was answered or not because it is an analog line. check then box and type-in the desired direct phone number for this line. · This line has a direct phone number assigned: only for FXO mode. Inc. · Sound Volume Gain (dBs): adjust the volume for transmission and reception on this line.IP-PBX and VoIP 147 General · Number: number of lines for this card. . · This line receives dialtone: select the period: immediately or up to n seconds. · Mode: FXO or FXS.6 Phone operations This section of the manual brings together hands-on information on how to execute several useful operations or configurations directly with your phone: · Blind and Supervised Transfers · Group Calls · Intercom Calls · Call Listening and Call Whispering · Call Pick-Up · Twinning · Follow Me Critical Links. 8. otherwise the extension will keep on ringing despite the call having already been answered by the user. when an analog phone is in Twinning. show me more details. if the call is answered on the twin phone.

you cannot check to see if the number you are transferring the call is busy or offline. . If the person says yes. it is also know as Attended Call Transfer.148 edgeBOX 5. inform the caller that you are going to transfer the call. You will hear the busy line tone.How to do it? 1. 2.1 Blind and Supervised Transfers edgeBOX allows you to execute Calls Transfers from your phone to other phones. Inc.6. After the person answers. but you can change it). inform the caller that you are going to transfer the call. 2. Critical Links. Dial the prefix for a supervised transfer (*2 by default.How to do it? 1. Dial the number of the phone number you wish to transfer the incoming call to. · Supervised Transfer: transfers a call to another phone by putting it on hold and allowing you to talk to the transfer destination phone. Blind Transfer . hang up your phone and the call that is on hold will be transferred to the recipient. 3. Also. 4. There are two major kinds of transfers: · Blind Transfer: immediately transfers the call to another number. before making the transfer. The caller is immediately connected to the number you transferred the call to. 4. 3. ask if you can transfer the call. Example: #12001 to forward the call to extension 2001. To do that use a Supervised Transfer instead. Dial the prefix for a blind transfer and the telephone number you wish to transfer the incoming call to. you and the caller will be disconnected from the original call. If the person says no wait until he/her hangs up. When you are answering a call. The caller will no longer be able to hear you. which means the transfer is complete and you can hang up. Supervised Transfer . The call on hold will be transferred back to you and you can inform the person holding that it is not possible to transfer the call. If you make a mistake when dialling the number you're transferring the caller to. this allows you to determine if the transfer will succeed and if the person at the other end will actually be able to accept the call. When you are answering a call.0 Help · One Touch Recording · Labeling CDR records with Cost Centers 8. for example.

The result of a call directed at a group extension is that all phones in that group will ring: that's a Group Call. Inc. Let's assume you've just created a new group of phones called whosincharge and you've chosen the 5432 extension for the group. then you added Mr. This also happens if that person answers the call but hangs up the phone before you do.2 Group Calls Group Calls are calls directed at a Group extension number (instead of a Phone extension number).How to do it? To end a Supervised Transfer and get back to the initial caller you can dial the Hangup Key Code (*0 is the default key code for Hangup but you can change it if you want to). the call is transferred back to you.3 Intercom Calls An Intercom Calls is a special kind of call for which the destination phone will automatically answer the call and go into loudspeaker mode. Mr Sousa's and Mr Carreira's phones will start ringing. When you create Groups of phones you are prompted for an optional Extension number to be assigned to the group..IP-PBX and VoIP 149 If the person to whom you've are transferred the call doesn't answer it in about 15 seconds. all three. Critical Links. Mr Alves'. Give me an example. . if Mr Carreira picks up his phone first you will start talking to him. or to try to reach someone that might be nera the phone but might not be authorized to answer it without being specifically requested to.6.6. When anyone picks up the call on any of the group's phones all the others stop ringing. if you dial 5432 from your phone. Mr. Alves' and Mr Sousa's phones will stop ringing. Mr Sousa's and Mr. The call will be listened to by the people near that phone. Alves'.. Related Topics: · Operation Key Codes (Prefixes) 8. Hangup a Supervised Transfer . Why is this useful ? This is useful for making quick announcements (for example: a short request for the sales team to gather for a quick meeting in the hall). Carreira's phones to the group. 8. that's how a Group Call works. That's the group's extension.

You need to dial *991*<extension number>: your phone will allow you to listen to the ongoing call at <extension number> and you will be able to "whisper" to that extension.150 edgeBOX 5. without B's knowledge (just like whispering in the A's ears). only the person at phone A. or Critical Links.0 Help To make an Intercom Call you need to dial *9<number> (if you dial *9 followed by a group number. Inc. . only phones with loudspeaker mode can receive such calls. while listening to the conversation between A and B. Additionally. instead of an extension number. then all phones that belong to the group will answer the call and go into loudspeaker mode). Call Whispering This feature consists in the ability to secretly talk to the person at phone A. To do this dial *990*<extension number>: you will listen the ongoing call at that extension.6.4 Call Listening and Call Whispering Call Listening This feature is gives you the ability of a user at a phone C to listen to a call between phone A and phone B. The availability of these features is restricted by the Phones Access Control policies and depends on the three phones involved: if any of the target phones can not be listened to. Phones currently supported for this feature are: · Snom · Linksys · Aastra · Grandstream · Polycom Related Topics: · Phones Access Control 8. The access to this feature is can be restricted based on the Phones Access Control policies. The person at phone B does not ear your voice.

.6 Twinning The Twinning feature can. · Disable twinning: dial *91. then none of this will be possible. disable and change the number of the phone the extension is twinning with.6. Related Topics: · Phones Access Control 8. For example. dial the Pick Up prefix *8 plus 2001: *82001. Your phone will be able to pick up calls: · by pressing *8: will pick-up any call that belongs to any of the groups the phone belongs to. Twining will be now enabled. Twinning will be disabled. Inc. to some extent. To: · Enable twinning: dial *90. to pick a call ringing at extension 2001. be managed directly through the phone: the phone user can enable. Call Pick-Up operations are bound to the limitations defined for the Groups the phone belongs to (please make sure to review those settings in the Groups section of this manual).IP-PBX and VoIP 151 your own phone can not listen to calls. · Change the phone your phone is twinning with: dial *92* followed by the phone Critical Links. · by pressing *8<phone extension number>: will pick-up a call to that specific extension.5 Call Pick-Up Call Pick-Up is the ability to grab a ringing call at a given extension. Make sure to check out the details at the Phones Access Control section in this manual. Related Topics: · Phone Groups 8. directly on the phone itself instead of the through edgeBOX (twinning must be allowed on that phone). · by pressing *8<group extension number>: will pick-up a call to that specific group.6.

7 Follow Me Follow Me . You can't do this operation in edgeBOX's interface. All calls that arrive at your extension will be forward to the meeting room phone.Allows you to forward calls that arrive at your internal extension to another extension or phone where you are at the moment. dial *93 and the call you are answering in the cell phone will continue in the network phone.Dial *13*. show me an example. first. *92*912154014 (to actually start the twinning process). and there is a phone there (extension 4002). Or you can indicate your personal cell phone number instead ( *14*912154103). you can pick up the call on any of them. this way all calls that arrive at your extension will be forward to your cell phone. and all calls that arrive at your extension will be forward to the meeting room phone. if you have a meeting on a meeting room. then. for example. · If you are close to the extension you want to forward calls to . . Critical Links. · Transfer an ongoing call from the cell phone to the work phone: on your cell phone.152 edgeBOX 5. For example.Dial *13* plus your extension number (example: *13*2013).Dial *14* plus the phone number or the extension number you want your calls to be forward to. For example. *90 (to enable twinning) and. pick up the meeting room phone and dial *12*2013. · If you are close to another extension . only in the network phones. from now on if your work phone rings your cell phone will ring too.. To disable Follow Me: · If you are close to your extension . Related Topics: · Twinning 8.. if you are on a meeting room and you want to forward calls that arrive at your extension (ext: 2013) to the phone that is on the meeting room. you should pick up your work phone and dial. Calls that arrive at your extension will not be forward to another phone anymore.Dial *12* plus your extension number. let's assume your cell phone is 912154014 and you want your work phone to twin with your cell phone. Inc.6. How to do it? To enable Follow Me: · If you are close to your extension . Calls that arrive at your extension will not be forward to another phone anymore.0 Help number to twin with. that you can pick up your extension and dial *14*4002.

IP-PBX and VoIP 153 8. The CDR files.6. Inc. additionally. The availability of the One Touch recording (OTR) feature for a given call is configurable on a per Group basis and depends on the phones at both ends: if the phone trying to use OTR belongs to a group that can not record calls then the recording will not occur. Related Topics: · Phone Groups and Access Control 8. After the call finishes the file with the call recorded will be available at the user's Voicemail.6.CDR Critical Links.9 Labeling CDR records with Cost Centers CDR Project Codes If. if the phone on the other end of the conversation belongs to a group that can not be recorded then the recording will not take place. are available through the logmaster FTP account. Related Topics: · Logs · VoIP activity logs . . during a call.8 One Touch Recording Users can start the recorder by pressing *9 during the call. An e-mail message will be sent to the user's e-mail account. the user dials #79<code> the call will be marked with that <code> in the corresponding CDR log line. Depending on global Voicemail configurations the sound file may or may not be attached to the e-mail.

Dynamic Conference service To enable dynamic conferences you need to start the Dynamic Conference service in the usual service bar at the top of the page: you should click the Start Service/Stop Service links on the right and the bar will change color . If you want to. Conferences menu. The list of static conferences configured is displayed in the list at the bottom of the Conferences menu. . Static Conferences This other type of conference is created by the administrator.green or gray . or Conference Room Number) · Type: you need to choose from · Public: this conference will be accessible by anyone that tries to join it and you can not specify a moderator. · Static conferences: created by the administrator. · Security-enabled Conference: the access to this conference will be restricted to users that know the conference PIN. Critical Links. additionally you will have an option to choose a moderatror PIN. · Music On-Hold: choose the music Playlist for this conference. The default is 9000.to show you the current service administrative status. Two major types of conferences are supported: · Dynamic conferences: created freely by the users. To create a New static conference a two tabbed dialog window will show: General · Number: type-in the desired Conference Number (also known as the Room Number. other users should to dial the pre-defined dynamic conference extension and enter the conference room number. To join this conference. · Conference Pin: type the desired conference PIN. you can Change.0 Help 8. the number users dial to access the service..7 Conference Rooms You can setup edgeBOX's conference support in the IP-PBX section. Any registered user may dial the pre-defined dynamic conference extension (9000 by default) and create a conference just by dialing any desired number.. Inc.154 edgeBOX 5. That number will become the conference room number.

edgeBOX is shipped with a pre-configured Static Security-enabled conference for your convenience: · Number: 9010. While in a conference. mute. · Assign the calls to: this option allows you to specify the so-called Ring Strategy . · Have a moderator for this conference: check the box if you want a moderator and type-in the Moderator PIN and repeat for safety · Don't allow members to communicate until moderator joins the conference: check the box if you want this behaviour. The conference moderator has the same privileges as normal users plus Lock/unlock conference and Eject last user. In the General tab you'll find: · Name: type a name for the queue (when editing an existing queue you cannot change it's name). Configured queues are shown in a tabular manner. · Announce when a user joins or leaves the conference: select or deselect the check box. This popup contains two main tabs. .IP-PBX and VoIP 155 Advanced · Maximum: maximum number of simultaneous members the conference may accept. An appropriate dialog window will popup.the algorithm used to assign calls to agents.8 Managing Call Queues The Queues menu in the IP-PBX section allows you to manage edgeBOX's call queuing system. you can choose one of the following options: Critical Links. Inc. you can press the * to listen to the available options like increase/decrease volume. Creating Queues To create a new Queue you need to press the New button (to edit an existing Queue the operations are similar). and others. · Conference Pin: 9910. · Moderator Pin: 9911. 8.

An automated attendant will answer. select an extension from the list and hit Add. select the users you wish to assign to the queue and click the Next button. Inc. This agent login method is useful for agents that are not fully dedicated to answering queue calls. The status of the callback login service is controlled by the service bar at the top of the page where you can Start and Stop the service. . How can an agent login? The standard login for an agent is through the following steps. the last screen shows you this assignement. In the Advanced tab you get to configure several advanced features of edgeBOX's queues. when you click the Add button please choose: · Add Extension: this option allows you to add extensions to the Queue. followed by the # key. allowing them to have the phone on-hook as apposed to the standard method of having the call into the queue system always on going. which is the extension number of the callback login service. Callback Extension. a new popup will give you a list of users.156 edgeBOX 5. 2. Together with the status of the service there's also a parameter that you can change. then. Please follow the details here. users that don not have a PIN will be assigned one. · Add Agent: this options allows you to add users to the Queue. the extension where the agent has logged in will ring. CallBack Login Service CallBack agent service is a way for agents to be logged in. Critical Links. whoever is near that extension will now start receiving calls from this queue. these extensions will be used by the queuing system to assign calls to. 1. · Agents: since queued calls are answered by the queues's agents. without requiring the agent to have the phone off-hook (on call) to receive calls. · A random agent. this way you can assign calls to users in a way that is independent of the extension the user might wish to use when starting work. agents and/or extensions must be assigned to the queue. Using this service whenever a call from a queue needs to be delivered to an agent. · Each agent in turn. you can use the Add and Remove buttons to manage the contents of the Agents list for each queue.0 Help · The agent that picks up the phone first (all ring). in order for it to function correctly. Type your password (same as the User PIN number). Dial *22 followed by your by the User PIN number (see IP-PBX Authentication for more details). · The agent that answered less calls. · Each agent in turn but keep track of the order. · The agent that has been longer without calls.

Type the extension number where the calls to this agent shall be delivered. Type your agent number. When asked by the extension number. followed by # key. Type your password (same as the User PIN number).IP-PBX and VoIP 157 3. It will be logged in as long as the phone stays off-hook (on call). At this point the agent is logged in. Type your agent number. also remember to select the check box immediately below if you want the users to get also an estimate remaining time for the call to be answered. just type # key. 8. Critical Links. · Calls Hangup: · Hangup the calls in the queue when there are no agents online: check the box if you want this. followed by the # key. 4. Dial the Callback Login Extension (by default the number is 8000). Inc. 3. followed by the # key. 2. This method is very useful for "professional agents" that use an headset and are 100% dedicated to answering queue calls. An automated attendant will answer. which is the User PIN number (see IP-PBX Authentication for more details). .. 3. you should additionally specify: · Playlist: select the desired playlist from the drop-down list. Type your password (same as the User PIN number). followed by # key. · Indicate the postition in the queue every . and listening "Music on-hold". How can an agent logout through Callback Service? The steps for an agent to logout at the Callback Service are: 1. 4. Dial the Callback Login Extension (by default the number is 8000). 2.8. seconds: select this box and choose the time interval for edgeBOX to update the caller about his position on the queue.1 Advanced Settings for Queues In the Advanced tab you get to configure several optional features of edgeBOX's queues: · Waiting Sound: you can choose to · Play the regular ring tone. Calls delivered to the agent will be proceeded by a "bip" sound. An automated attendant will answer. or you can · Play music from the Music On Hold library: in this case the caller will listen to music while waiting. which is the User PIN number (see IP-PBX Authentication for more details). How can an agent login through Callback Service? The steps for an agent to login at the Callback Service are: 1.

3 users can simultaneously use the codec. which will then upload the file to the edgeBOX. seconds: please activate the box and choose the time in seconds if you want this behaviour for calls that don't get an answer in time. Critical Links. If there isn't a specific system requirement. the fourth person will not be able to use this codec. After downloading to your PC. x86-32 directory on the Digium site.711 (ULAW): Known as the native codec in modern communication lines.729: Offers good sound quality with conservative use of bandwidth. to be able to use it you have to activate it and purchase.0 Help · Hangup the calls that are not answered in . Each license you purchase allows a single simultaneous use of the codec.158 edgeBOX 5. After uploading the file.. by pressing the activate button. select the browse button and choose the codec file and then the upload button. However. This codec is selected by default in edgeBOX. a G.4. · Agent Answer Time 8. Thus. . Provides good quality sound. this codec uses a small amount of bandwidth providing an acceptable quality of sound. It is the codec used in PSTN and ISDN lines. Medium. the choice should be ULAW. · GSM: Usually used on European mobile networks. · G. well suited for VoIP. and as such. you will need to activate the license(s) (which will be locked to your edgeBOX hardware). High. The choice of the codec to be used usually results from a compromise between sound quality and bandwidth used. Very High.9 Codecs Codecs are used when converting an analogue voice signal to a digital one. How to activate G.711 version used in E1 European lines. It is the most commonly used codec for VoIP calls because. kept for compatibility with version 3 of edgeBOX. besides being supported by most VoIP providers. unless one of the current users has completed their call. Inc. The codec to purchase is: codec_g729a_v32_i386 in the asterisk-1. at the expense of bandwidth. it has the lowest latency as no type of compression is used. Audio Codecs · G. This codec is selected by default in edgeBOX. edgeBOX supports several types of codecs allowing a flexible client configuration. · Other Settings: · Maximum Number of simultaneous calls waiting · Relative priority of this queue: Low.729? You need to download the codec from Digium web site. because it is compatible with most phones and softphones available on the market. · Dialogic ADPCM: This is a legacy codec. if you purchase 3 licenses. · Speex: Audio codec designed specifically for speech. · G.711 (ALAW): Basically.

this is commonly known as HD-Voice.263: is a video codec designed by the ITU-T as a low-bitrate encoding solution for videoconferencing. 2. H.261: An 1990 ITU video coding standard originally designed for transmission over ISDN lines on which data rates are multiples of 64 kbit/s. Go to the MailFax Accounts menu. You may also send a fax via e-mail.264: Is a standard video codec capable of providing good video quality at substantially lower bit rates than previous standards (e. The standard supports CIF and QCIF video frames with resolutions of 352x288 and 176x144 respectively (and 4:2:0 sampling with chroma resolutions of 176x144 and 88x72. this is the number people use when they sent faxes to your company. for example. respectively). Fax E-mail Account: type the name of the e-mail address that will be used by the Critical Links. · H. FAX Number: the DDI associated to your FAX line. and PBX networks if the PBX networks are configured to support ADPCM. The e-mail will be converted to fax format and sent to the remote fax machine.g. Click the New button in the MailFax Accounts list. · H. RTSP (streaming media) and SIP (Internet conferencing) solutions as well. Video Codecs: · H. incoming faxes are converted by edgeBOX to e-mails and then delivered at this e-mail address. 4. half or less the bit rate of MPEG-2. you can. This fax is then converted to an e-mail and sent to the fax mail account. The data rate of the coding algorithm was designed to be able to operate between 40 Kbits/s and 2 Mbits/s. Create a new fax account 1. A dialog window will appear: FAX Account: Incoming Fax Settings 3.320 (ISDN-based videoconferencing). H. but has since found use in H. It was first designed to be utilized in H. · iLBC: Low bit rate · G. you will need to enter the License ID and other details which you entered when you purchased the License (as shown below). · G. E-mail address: enter the e-mail address account of the person of your company that will receive all incoming faxes.263. Inc. 8.323 (RTP/IP-based videoconferencing). FAX Account: Outgoing Fax Settings 5.722: High quality voice codec. You can find the MailFax Accounts menu in the IP-PBX section.324 based systems (PSTN and other circuit-switched network videoconferencing and videotelephony). PSTN. . Press Activate to complete the process. fill this field with the e-mail account of your company's receptionist.10 MailFax Service With the MailFax service you can send faxes (via a software modem) from a fax machine to edgeBOX's fax gateway.IP-PBX and VoIP 159 After pressing the Activate button.726: ADPCM can be interchanged between packet voice. or MPEG-4 Part 2).

by default. select the desired language for the mailfaxes Attachment format 5.com. if you type fax_account and the domain on edgeBOX is example. You can change the format the attachments and the language of the e-mails sent by edgeBOX. a new dialog will come up. indicate from which e-mail accounts users can send the emails and if they are required to indicate a password. 8. change the language or change the From field of the emails By default.0 Help network users to send e-mails that will be converted to faxes.160 edgeBOX 5. usually this will be the DDI you typed above. 3. but if they send the fax through a Gmail or Hotmail account or through an e-mail account of another edgeBOX. edgeBOX sends all the faxes it receives as e-mails to the e-mail account you specified in English language.com. then the fax server account will be fax_account@example. · Local + Password means that the users have to use the Webmail or the SMTP server of edgeBOX to send the e-mails and they also have to specify a password in the body of the e-mail to authenticate. · Local means the network users can only send e-mails from the Webmail or from the edgeBOX local SMTP server. Also. In the Authorization Type. Display Company Name: your company name to be displayed at the top of faxes sent bty edgeBOX. A short 3 fields summary displays the current configurations. button. however they have to specify a password on the body of the e-mail to authenticate. edgeBOX converts the received faxes to pdf files and sends them as e-mail attachments to the fax reception e-mail account you specified.. 6. Inc. click the Change. For instance. for example. Change the type of the attachments. the fax will be accepted. Go to the MailFax Accounts menu in the IP-PBX section. How to send a fax using MailFax service? Critical Links. . Display Number: your fax number. the fax will not be accepted. if they have their edgeBOX e-mail account configured on Outlook and they send a fax through it. To change any of these settings: 1. Please enter: E-mail Language 4. for example. Authentication 9.. 2. in the Incoming section: 7. · Password means the users can send e-mails from any e-mail account. choose PDF or TIFF From E-mail 6. The From field in the e-mails sent by edgeBOX with the incoming FAXes. Retry Attempts: the number of times edgeBOX tries to send a fax when the number it is trying to fax to is busy.

If authentication is required. type PASSWORD: plus the fax account password in the first line of the body of the message. Open an e-mail client as Thunderbird or Outlook or edgeBOX's Webmail and create a new email. 5. 4. A little while after. . you will receive an e-mail from edgeBOX indicating if edgeBOX was able to deliver the fax to the recipient or if it couldn't deliver it because of some error or because of the receiver fax being busy. it will convert the file in attach into a fax and try to send it to the phone number you indicated in the Subject of the e-mail. Inc.10. 6. Note that the document cannot have more than 25 pages. Convert the document you want to send to PDF or TIFF format and add it to the e-mail as an attachment. 3. Critical Links. 2.IP-PBX and VoIP 161 Related Topics: · Voice Lines · E-mail server 8. After edgeBOX receives this e-mail in the fax e-mail account. In the Subject type the fax number of your client. Enter the e-mail address of your edgeBOX fax account in the To field.1 How to send a fax using MailFax? Lets suppose you wish to send a invoice to a customer: 1. Send the e-mail.

· Voicemail · Call Parking · Automatic Call Recording · Operation Key Codes · Customize Sound Files · Define Country Zone · Echo Cancellation Options · G. wether edgeBOX sends the voicemail file attached on the e-mail warning about voicemail. · Name: the name to be used as the sender of the e-mail. several global options allow you to configure the way users access their voicemail and the way the feature works globally. if users experience instability or don't receive the e-mail warnings please make sure you are using a resolvable domain. Inc.. Analog or IAX phones you were prompted to configure individual Voicemail account for each. In the popup dialog please enter: Extension Type the extension to be used for users to listen to voicemail.0 Help 8. link to further specify other details.1 Voicemail When you created your SIP. Additionally.11 Advanced VoIP Options Several VoIP related advanced features are accessible via Options menu in the IP-PBX section. E-mail message from · Address: e-mail address to be used in the From field. E-mail body Critical Links. Go to the Options menu in the IP-PBX section. .729 Codec License · Billing Interface Service · Asterisk Manager Interface · Network Address Translation (NAT) 8. In Voicemail you'll fin the current settings for: · Voicemail Number: 9999 is the default value. or does not exist.11. this is important as some e-mail servers may reject this e-mail if the sending domain (the part at the right of the @ in the address you type) is unresolvable.162 edgeBOX 5. Click the Voicemail options. · Attach sound file: Yes or No..

in seconds.. The Operation Key Codes area shows you the current configuration for those operations. link and enter the values desired for: · Number to dial for parking: you need to dial this number for a call to be parked. park size. Critical Links. 703 as example.. The Phone Operations section in this manual shows you the details on the usage of these codes.. · Signature: signature of the notification messages. after this period the call is hungup. 8. Go to the Options menu in the IP-PBX section.2 Call Parking Call parking allows a person to put a call on hold at one telephone and continue the conversation from any other telephone set. This action transfers the current telephone conversation to an unused park extension number. if you wish to save your changes. . Voicemail quotas Click the Properties. · Max length of message: voicemail messages longer than this will not be saved. Inc. Pickup a call and Hangup operations. You can rise or lower the available parking base number and the park size.. but you can change this).. button and enter: · Max Messages: Maximum number of messages that a user can have in his/her mailbox. press the Save button. link and change the keycodes as needed. 8. You can up the parked call from another internal phone later on by dialing 703 on the desired phone. IP-PBX section.11. · Parking Max Time (seconds): enter the parking maximum time. Blind Transfer.. It is activated by dialing the parking number (by default 700. · Language: language used in notification messages. Hit the Change the keycodes. as usual. The pre-configured park numbers ranges from 700 to 714. · Parking available lines: total number of parking lines available. you can do it in the Options menu.IP-PBX and VoIP 163 · Attach sound file to e-mail: check this box if you want the voicemail file to be attached to the e-mail notification messages.3 Operation Key Codes If you need to change the current key codes for the Assisted Transfer. and immediately puts the conversation on hold. Click the Call parking options. In the end.11. · Min length of message: voicemail messages shorter than this will not be saved.

4 Customize Sound Files edgeBOX can use sound prompts in several situations such as the process of receiving and routing an external call to a Queue for example. Incoming Call Rules menu.. Select a sound bank file from your file system (. 7. The sound files are divided in three groups: · My Sounds: your own custom sounds. Click Open. 5.11. 5. edgeBOX will use the language pack correspondent to the Country Zone definition in the Options menu. Click Add.164 edgeBOX 5.. You can access it in the Related Topics area of the Incoming Call Rules menu or.gz or .tar. for convenience. The language pack will now be listed below System Sounds with the name of the language (like Portuguese). Enter a description for the file (usually a text script of what the sound says). Select the Sound Manager option at the Related Topics section.0 Help 8.. like the voicemail prompts. Go to the IP-PBX section. 4. The sound files used to accomplish this are accessible to you through the Sound Manager dialog. both in the IP-PBX section. you can reach it at the Customize Sound Files. · Language sounds: sound packages that contain system sounds translated for a given language. 4. 3.. Incoming Call Rules menu. 6. 2. and select Sound Bank option. · System Sounds: contains all sounds used natively by the PBX. Select My Sounds package. Critical Links. or Automated Attendants. You can now use this sound file when creating Incoming Call Rules. Inc. conferences. Select the Sound Manager option at the Related Topics section. In this process edgeBOX may be configured to playback instructions to the caller or warnings of several types. Upload a language sound bank 1. etc. Upload a custom sound file 1. Click Add button. Click the Browse button and select a sound file from your file system (. 2. link in the Options menu.zip format). Go to the IP-PBX section. 3. . Click Add button and select Sound File option. where you can upload new sound files to be used in Automated Attendants.gsm files).

The echo cancellation will only be applied to analogue phones. which have echo cancellation checked. edit as needed. · The language for the sounds prompts.IP-PBX and VoIP 165 8. · MG2: A variation of KB1 to solve some of the scenarios where KB1 fails. The software determines the best configuration from the initial line characteristics and preserves the settings for the period of the call. · International Prefix: may be filled by default.5 Define Country Zone To configure specific regional/country settings go to the IP-PBX section and click the Define Country (Zone). and it's considered the best configuration option for software echo cancellation.. This is the built-in Zaptel echo canceller since Zaptel v1..2. 8. and thus all CURRENT CALL WILL BE TERMINATED! Critical Links. edit as needed. This setting will apply country settings to three different areas: · The tone zone for all analog cards (if installed). . user must check the checkbox. The options are: · KB1: The default echo canceller. if not. · Language: User may want to selected a language for the sound prompts different from the country tones applied to the phones. Note that the soundbank for the selected country must be installed. It's an evolution of KB1 and MG2 using a different approach. Usually produces much better results where KB1 and MG2 fail. Inc. and selected a different language. · OSLEC: Stands for "Open Source Line Echo Canceller". A popup dialog will open: · Zone: choose the appropriate country/zone for your needs.11.6 Echo Cancellation This panel offers a range of choices to allow for software echo cancellation. This is important because the ring and busy tones may differ from country to country · The frequency of the generated tones for the PBX phones. If this is the case. · National Prefix: may be filled by default. Changing echo canceller will issue a restart of the VoIP service engine.11. link in the Options menu. the default sound bank will be used (system sounds).

The codec to purchase is: codec_g729a_v32_i386 in the asterisk-1. for example.0 Help 8. as the time of the day a call was made. edgeBOX saves all important information about calls. To allow billing software to connect to edgeBOX go to the IP-PBX section. Activate the Allow computers with billing service to connect to edgeBOX option and fill in the rest of the deitails: Authorized Computers Only the IP address(es) specified will be allowed to access the Billing service: · Only from a specific computer: type in a host IP address. . Each license you purchase allows only one usage of the codec at a time.90. the duration of the call or the user that made the call. unless one of the 3 calls has finished. If it can only be used from a specific computer of the local network then you need to type the fixed IP address of that computer. Options menu. Thus.729 Licensing This panel allows you to add support for the G. 3 users can simultaneously use the codec.7 G. only this IP address will have access. to connect to edgeBOX's database. the line used. Show me an example If the billing software can only be used from computers on the local network. Billing software can connect to edgeBOX's calls database.com.11.255.729 installation wizard. In the following screen just fill in the license details as obtained from Digium and finish up the process. 8. 192. retrieve that information all calculate and the cost for a billing service.168..8 Billing Service Allow billing software.. the fourth person will not be able to use this codec.4. only hosts on this IP segment will be allowed. Inc. 192. such as Easylink for example. Click the Billing Interface Service options. if you purchase 3 licenses. then you have to indicate the IP address of your local network. Once there hit the Run the G. x86-32 directory on the Digium site. You need to download the codec from the Digium web site www. link.0. What is billing software? Billing software is an application used to calculate call costs. 255. You will be requested to browse your computer for the file and then you need to click Next. · Only from a specific network: type in a network IP address and a Netmask. After downloading the codec to your PC you can install it with the help of edgeBOX's webadmin interface.0.729 Codec License.11.168.digium. in the IP-PBX section and click the G.90.729 Licensing G.255. Critical Links. and then the netmask of your network. link. for example.. Please go to the Options menu.166 edgeBOX 5...729 codec..128.

. If at any time you don't need to allow the Billing Interface anymore just deselect the Allow computers with billing service to connect to edgeBOX option. you need to indicate: · The username and password you specified on edgeBOX when you activated the billing service.IP-PBX and VoIP 167 Authentication Here you must configure a username and a password for the manager software to be able to access edegBOX: · Username: a username to be accepted by edgeBOX used for authentication.Fields: all fields of the cdr table 8.Table: cdr . · The database structure: . . Authorized Computers Only the IP address(es) specified will be allowed to access the Manager Interface · Only from a specific computer: type in a host IP address. link and select the Allow computers with manager interface to connect to edgeBOX option.9 Manager Interface Manager If you enable the manager interface you will be able to establish a telnet connection to edgeBOX's IP PBX. only hosts on this IP segment will be allowed. In the end you will need to allow the Billing service in the Firewall. Configuring your billing software To connect the billing software on a computer to the edgeBOX. Follow the Asterisk Manager interface options.Database Model: Asterisk . · Password: the respective password. depending on the billing software you will use.. · Repeat Password: repeat for verification. · The port used for the billing service: TCP port 5432. This interface may be useful if you own some kind of monitoring software which you want to integrate with edgeBOX.11. Critical Links. Inc.Database Name: edgereporting . allowing you such diverse administration options as placing calls remotely or receiving events related to the state of calls and extensions. · Only from a specific network: type in a network IP address and a Netmask. To configure the Manager Interface go to the Options menu in the IP-PBX section. only this IP address will have access.

168 edgeBOX 5.0 Help

Authentication Here you must configure a username and its password for the manager software to be able to access edegBOX: · Username: a username to be accepted by edgeBOX used for authentication; · Password: the respective password; · Repeat Password: repeat for verification. In the end you will need to allow the CTI service in the Firewall. If at any time you don't need to allow the Manager Interface just deselect the Allow computers with manager interface to connect to edgeBOX option.

8.11.10 Advanced NAT
You need to configure Advanced NAT if you have a scenario where edgeBOX does not connect directly to the Internet but is behind a Router with NAT and Port Forward, and you want to allow remote phones (a phone you have at home, for example) to register in edgeBOX and behave as internal extensions.

That being the case, please go to the Options menu in the IP-PBX section and follow the Network Address Translation (NAT) options... link. The Advanced NAT settings dialog window will come up. To indicate that edgeBOX is behind a router: 1. Activate the My box is behind a router with NAT option. 2. Indicate in the following field below the router WAN IP address or its hostmane.

Critical Links, Inc.

IP-PBX and VoIP 169 3. If you have local networks that are managed by the router and you have phones on those networks, select the option I have additional networks with phones to be served, and then, in the table below add an entry for each of those networks. Learn More... edgeBOX can detect phones that are on its local networks (LAN, DMZ and the VLANs). However, as you have a router in front of edgeBOX you may also have local network managed by the router. And you may also have phones on those networks. edgeBOX cannot recognize these phones automatically because it is not managing these networks. So you need to indicate to edgeBOX the networks so it can recognize the phones and allow them to register.

4. Click the Save button to save the settings. 5. To finish, you need then to configure on the router port forward from port 5060 of the router to port 5060 of edgeBOX.

8.12 Music On-Hold
Music On-Hold (MOH) allows you to specify a number of Playlists to be used when putting calls on hold. Playlists are lists of sound files to be used in several possible situations: · Queues: you can specify the playlist to be used on a per-queue basis (see the Queues section); · Conferences: you can specify the playlist conference members will listen to while they wait for the conference to start (please refer to Conferences section); · ICR: you can choose the playlist to be used for each call (see Incoming Call Rules).

Critical Links, Inc.

170 edgeBOX 5.0 Help You gain access to the Music On-Hold (MOH) configuration popup from the Related Topics corner in the Queues, Conferences and Incoming Call Rules menus in the IP-PBX section. It displays the current playlists on the left side. If you click a paylist you'll get it's contents on the right side. You can upload your own MP3 sound files to edgeBOX. These sound files will be kept in edgeBOX's MOH Gallery. You'll be able to build your own playlists by choosing sound files from the Gallery. Managing Playlists To add a new playlist just hit the New button and select Playlist. A new dialog will ask you for: · Playlist: enter the desired name for you new play list; · Play tracks randomly: select this box if you wan the tracks from this list to be played randomly. To add tracks to the Playlist choose the play list you want to add files to, click the New button and choose Track. The Gallery pop's up. Just select the tracks you'dd like to add and press Ok. You've just added a new track from the Gallery to your playlist. For each sound file displayed you can execute several actions with the buttons at the top: remove that file from the list, bring that file to the top of the list, bring it up one position, bring it down one position and bring in to the bottom if the list. Managing the Gallery To access the Gallery click New button and choose Track. The Gallery window will popup: · Available Tracks: at the top, a list shows you the available sound tracks in the gallery; · Delete: deletes tracks from the gallery; select a track and hit Delete to remove a track from the gallery; · Upload Track...: use this button to search your computer for more MP3 files to add to the Gallery.

8.13 Automatic Call Recording
edgeBOX can record phone calls automatically. The recordings are kept in edgeBOX internal storage. You can, at any time, access the recordings by FTP, download them to your computer and erase them to avoid disk space saturation. If you wish to activate this service please go to the IP-PBX section and choose the Options menu. Once there, search for the Automatic Call Recording area. You get a short summary showing you: · Status: states witch types of calls are currently configured for automatic recording; the possibilies are: Not recording any calls, Record all calls, Record all incoming calls, Record all outgoing calls; · Disk Usage: a coloured horizontal bar will show you, in graphical form, the relative disk space your call recordings are currently taking up.

Critical Links, Inc.

IP-PBX and VoIP 171

Hit the Call Recording options... link to configure the service. The Automatic Call Recording popup appears. As usual, you can globally enable and disable the service by hitting the Start Service / Stop Service options at the upper-right corner.

Types of Calls and Maximum disk size The types of calls being recorded and your current disk occupation are shown just below the service status bar. Hit the Change... button to configure this: · Record incoming calls (includes internal calls): select this option to record incoming and internal calls; · Record outgoing calls: select this option to record incoming and internal calls; NOTE: Select both of the above options to record all types of calls; unselecting them both is the same as not recording any calls; · Maximum disk space for recordings: type in the maximum amount of storage space you allow for recordings; above this value edgeBOX will not record calls any more; All call recordings are made available through the logmaster FTP account. Through that account you can download and delete any call recordings. If the recordings take up more than the configured maximum space you need to remove the current recordings from edgeBOX. After removal the recordings will continue automatically.

Phones, Groups and Queues to be recorded The table shown, displays the phones, groups or queues currently configured for recording. Click Phones to filter table in order to show you only Phones; the same applies for Phone Groups and Queues. Click All to display all entries. You need to specify which phones, groups and queues you wish to record. To do this, click the Add button. From the drop-down list select Phone, Phone Group or Queue; from the list shown select the entries you want and click the Add button. Queues will only be recorded if the incoming/internal check box is selected. Please note that the permissions defined in Phones Group Access Control will be applicable, so if you have a group of phones with call recording disabled, those calls won't be recorded.

In order to remove an entry, or several entries, from the list, just select them and click the Remove button. The same goes for the process of adding new entries to the list.

Critical Links, Inc.

172 edgeBOX 5.0 Help

8.14 VoIP activity logs - CDR
You can obtain the VoIP activity log files (also known as CDR) via FTP with the logmaster account. They are stored with the filename Master.csv (the current log file). The log files are rotated daily (Master.csv.1-7) and kept for seven days, after which the oldest file is overwritten by the new log file. The entries in the Log file have the following meaning: accountcode src dst xt clid channel dstchannel lastapp lastdata start answer end duration billsec disposition amaflags uniqueid What account number to use (Only used when Authentication is enable) Caller*ID number Destination extension Destination context Caller*ID with text Channel used Destination channel if appropriate Last application if appropriate Last application data (arguments) Start of call (date/time) Anwer of call (date/time) End of call (date/time) Total time in system, in seconds (integer) Total time call is up, in seconds (integer) What happened to the call: ANSWERED, NO ANSWER, BUSY Flags used: DOCUMENTATION, BILL, IGNORE The unique ID for this call

8.15 Default Predefined Phone Numbers
The initial edgeBOX configuration uses a set of pre-defined phone numbers (that you may eventually change overtime). These are: · Voicemail: 9999

Critical Links, Inc.

Inc.715 · Conferences: 9000 · National Prefix: 0 · International Prefix: 00 · Emergency Number: 112 (for EU countries). Related Topics: · Voicemail · Parking · Conferences Critical Links. given the importance of the Emergency number .IP-PBX and VoIP 173 · Call Parking: 700 . . please make sure to review and configure it's Outgoing Call Rules.

such as access to the Internet.1 Authentication Authentication is the process by which your network users identify themselves before edgeBOX when using the network. Authentication and access Privileges .174 edgeBOX 5.managing network users is an essential part of edgeBOX. ability to make some or all kinds of phone calls. This process is fundamental for all subsequent access authorizations or denials in several possible situations.0 Help 9 Users In the Users section you can manage Network Users. and many more. This section lets you: · Add. Inc. remove or change network users · Assign a Phone to a user · Configure Privileges network and service access · Assign a configurable set of administration capabilities to a Local Administrator user · Manage User authentication locally or remotely with Active Directory. LDAP and RADIUS · Configure Groups · Customize the login page for user authentication Related Topics: · Connected Users · Groups · Local Administrator · Phones · RADIUS 9. Critical Links. .

The password is "password" for any of them. . Managing Authentication comprises several related aspects.. This permits an optimal usage of resources such as bandwidth and processing power. You might wish to: · Add or change a network user · Configure Privileges for users · Configure local authentication · Configure a remote Active Directory. Their usernames are "user" and "user2". or you can assign specific permissions for granting and revoking access to specific users or groups of users.1.1 Managing network users You can allow everyone to use your network and the network services. the All Users Privilege. Critical Links. Managing Network Users edgeBOX is shipped with two pre-configured users. More on this. RADIUS or LDAP server for autehtication Related Topics: · Connected Users · Local Administrator · Phones · Firewall · RADIUS · Groups 9. edgeBOX will still manage granting and revoking of access by means of a default access profile. You can use them to review their configurations and to do quick experiments. Why should I do this ? It renders your network more secure: access to the network and network services will be granted only if the user successfully logs-in.. furthermore. this additionally allows you to have specific users accessing specific services and other users being blocked and granted access to different sets of services. Inc.Users 175 Even if you choose not to use Authentication.

· User PIN Number: the pin to be entered if the IP-PBX authentication is turned on.. A short overview is provided with a summary of user details including phone extension and online status.. in this case the process is the same as in the IP-PBX section . When editing an existing user. Phone (VoIP) · Allow the user to make phone calls (VoIP): use the Select Phone... See details about the different edgeBOX solutions in edgeBOX's website.. This way the password will not be altered. to check which type of calls the user has permission to make. learn more about Privileges... To create or import new users on the edgeBOX you need to delete existing users first or upgrade your edgeBOX solution. what are the rules for choosing a username. you should choose among the Privileges in the drop-down list (as configured in the Privileges menu). and so on. International and All Types of Calls. like the services they can use or the type of internet access they get. button to immediately add a new phone. Sessions: users can be logged-in from 2 computers by default. · VoIP Call Permissions: please select the type of calls this user can make. . Local. Mobile calls include both National and Local calls. A three tabbed dialog appears: General · User Name: First and Last name (up to 127 ASCII characters are allowed). if you need.. leave the password field blank if you do not wish to change his password. Mobile. that means that each user may have 2 computers logged into the network with his credentials.. button to search the list of existent phones and assign one to this user. · Network Login Information: username and password. Critical Links. If you reach the maximum number of users your licence offers. ? and the password. National..see details.. if he tries to login from a thrid host he will not be able to. each of these types includes it's predecessors: National calls include Local calls.. you can change this: click Change Max. you won't be able to add or import any more users. you can rise or lower this value. Disk Usage · user's current disk usage and · maximum allowed.0 Help To add or manage existing users go to the Network Users menu in the Users section of the administration web interface. · Max. Disk Space. Inc. ? · Newtork Access Privilege: determines the network privileges plolicy for a group of users.. Click the New/Edit button.176 edgeBOX 5. options are Free. for convenience you can also use the Add Phone..

Users section. the file generated will be named Export_21-0609_11. You can add a number of network users to the edgeBOX by Importing them from a CSV file in your computer. click Next.1.1. The reverse operation is also possible...Users 177 9.if field is empty one will be provided · Extension Number · Extension Name · User PIN number Critical Links.. Export the users list onto a CSV file.csv Import An appropriate wizard-like dialog will popup with a detailed explanation of the process: · Step 1: read the specifications and Browse. a CSV file from your computer's hard drive.. see an example. . The Import function allows the import of users with the possible following settings: · Name (first and last) · Username · Password .. at any time. please wait. · Step 4: one last step will Export back to your computer a list of the Imports done. 2009. you'll find two buttons that allow you to Import and Export the users list. You can.. · Step 3: a final list with details about the users being imported is presented. This process may take a few minutes. the file name is automatically chosen. · Step 2: a list is presented with all the available and correct users found in the file.43. Export By clicking Export you'll trigger a dialog window asking you to select a Folder in your computer's hard-drive. Inc.1 Importing and Exporting Users In the Network Users menu. If you export you users at 11:43 on 21 June... Press Finish. select from the left the ones you wish to add and click the Add button to add them to the list on the right. hit Next. the process will create a new CSV file in this folder.

phonename..password. if possible): extensionnumber and extensionname....0 Help · Privilege Some of this fields are mandatory: Firstname + Lastname and Username. privilege About importing users: · You can only import users if you are managing the network users on the edgeBOX. Critical Links.username. firstname lastname. those entries will be ignored.username.username.178 edgeBOX 5. username.username. Inc. if you are not using Remote Authentication.username.pin. extension name will be equal to the username..phoneextension. depending on the existent users) If we try to import entries with duplicate PIN numbers.username.privilege firstname lastname.. firstname lastname.privilege firstname lastname.phonename.username.firstname lastname. you will be asked if you want to: · keep the existent user · replace the existent user with the new one · keep both and change the new username to "username1" (or "or username2".phonename. . How must the information be arranged in the CSV file? The available options are: firstname lastname.phonename.pin.phonename.phoneextension.password.password.phoneextension.. firstname lastname.phonename. duplicate extension names or duplicate extension numbers.username.. VoIP fields are only considered if they are valid and if both are present (if only extension number is provided.phoneextension...password.password. If we import entries were we have defined valid extensions (name and number) those extensions will be added to system and the extension's password will be equal to the user's passwords.phoneextension. that is..accessprofilefirstname lastname. If you try to import users with duplicate usernames.pin.username..privilege firstname lastname...phoneextension.. firstname lastname.. for instance. The other fields will only be taken into account if present and valid... as a LDAP server. etc...

9. If you Critical Links. all Users and Privileges are stored internally in edgeBOX's internal database. If the Firewall was already active. link below the Disk Space. this might be a good reason to configure it. System access Privileges with Authentication Active When you start the Authentication service the message below will be displayed.. But. Please read it carefully: You are about to Start the Network Users Authentication Service. button. Choose the Authentication Method you want from the Change. If you choose to authenticate users locally.2 Default Quota When creating new users a default quota is suggested. .1.1. regrading the usage of system access Privileges.. that's all the configuring you'll need. edgeBOX will grab these credentials and authenticate users using. one of the following methods: · locally: this is the default authentication method. Press Save and hit the Start Service option. · remotely using: · a remote Active Directory server. this might be a good time to review your Firewall settings as they may potentially interact with users Privileges. To activate authentication go to the Network Users menu in the Users section. · a remote LDAP server or · a remote RADIUS server. an appropriate dialog message will inform you that the Firewall will be activated. then again. Type-in the value you need.. If it is not already active. If you want to change it go to the Options menu in the Users section. Inc. at the upper-right.Users 179 9. Authentication requires Firewall: when starting the Authentication Service you'll also need to activate the Firewall service..2 Activating Authentication After you have setup your Users you might want to increase the security and manageability of your network by activating Authentication: users will be required to enter their username and password into a Web based authentication page. then you need not to worry because the Firewall settings will fallback to an "allow" approach. as configured. For the remote authentication methods please refer to Using Remote Authentication.1. Click the Change. If the Firewall wasn't previously active.

180 edgeBOX 5.0 Help proceed you have to take the following into account: 1. The "All Users" Privilege will not be displayed in the Privileges Panel since Network Users will be asked to authenticate themselves. 2. The "Not Authenticated Users" Privilege will be displayed in the Privileges panel. This Privilege will be applied as a default rule for all non authenticated users, so one must take into account that configurations of this Privilege may affect users that fail authentication or even before they are requested to authenticate. 3. If you have previously changed the "Not Authenticated Users" Privilege those changes will now be loaded. 4. Changes that you may have done to the "All Users" Privilege will be kept and will be loaded the next time you switch OFF the Network Users Authentication. 5. You may reset the "Not Authenticated Users" privilege by opening the Privileges panel and selecting "Reset Not Authenticated Users privilege to factory configurations".

System access Privileges with Authentication Stopped When you stop the authentication service the message below will be displayed, regrading the usage of system access Privileges. Please read it carefully: You are about to Stop the Network Users Authentication Service. If you proceed you have to take the following into account: 1. The "Not Authenticated Users" Privilege will not be displayed in the Privileges Panel since now there won't be any unauthenticated users. 2. The "All Users" Privilege will be displayed in the Privileges panel. This Privilege will be applied as a default rule for all users, so one must take into account that configurations of this Privilege may affect users from other Privileges. 3. If you have previously changed the "All Users" Privilege those changes will now be loaded into system. 4. Changes that you may have done to the "Not Authenticated Users" Privilege will be kept and will be loaded the next time you switch ON the Network Users Authentication. 5. You may reset the "All Users" privilege by opening the Privileges panel and selecting "Reset All Users privilege to factory configurations"

Critical Links, Inc.

Users 181

9.1.3 Using remote authentication
edgeBOX allows you to use remote user authentication. With remote authentication, users are authenticated in a remote server instead of the edgeBOX when they try to login to the network. The whole process is transparent for the user as edgeBOX will do all the work. To activate remote authentication go to the Network Users menu, Users section. Choose the Authentication Method you want from the Change... button, at the upper-right. The currently supported methods are: · Authenticate users on a remote Active Directory Server, · Authenticate users on a remote LDAP Server, · Authenticate users on a remote RADIUS server. In each there's a convenience Test Connection button that allows you to verify basic connectivity to the specified server. When you're done press Save and hit the Start Service option. Please refer to Activating Authentication for common details about the Authentication service. Activating remote authentication will purge all your locally configured users. An appropriate warning, in red color, is displayed warning about this.

Related Topics:
Details about edgeBOX's authentication architecture

9.1.3.1 Using a remote RADIUS Server To authenticate users on a remote RADIUS server type-in: RADIUS Server · IP Address: type the IP address of the remote server; · Password: to be used to access the RADIUS server; · Port: the TCP port to be used on the RADIUS server (defaults to 1812); · Timeout: maximum time waiting for the RADIUS server (defaults to 5 seconds); Privileges Verification Choose if you wish that the access Privileges to the network services (E-mail, Internet, Secure

Critical Links, Inc.

182 edgeBOX 5.0 Help connections, etc.) are always verified in the remote RADIUS server and not locally. How to configure a RADIUS Server to perform users authentication and authorization? · Authenticate users on the remote server but verify the privileges in system · Verify also user's network privileges on the remote server Why is this useful ? This might be useful if your company is already using a RADIUS server for authorizing users on several other services, besides edgeBOX's ones; in this situation it makes sense to have all Authentication and Authorization relegated by edgeBOX into those servers As users login for the first time, and their authentication is verified in the Remote RADIUS Server, their information is saved in the edgeBOX users list. Still, each time the users tries to login, the authentication will be done in the remote server.

9.1.3.2 Using a remote LDAP Server Using an LDAP Server to authenticate the network users: there's an option to toggle between Basic Mode and Advanced Mode. Type-in:

LDAP Server Basic Mode · Domain: the LDAP domain; · Group: the optional LDAP Group; · Username: to be used by edgeBOX's LDAP client to access the LDAP Server; Advanced Mode · Base DN: see example below box; · Bind DN: see example below box; Common to both modes · IP Address: type the IP address of the remote server; · Password: to be used by edgeBOX's LDAP client to access the LDAP Server; · Port: the TCP port to be used on the LDAP server (defaults to 389); · Timeout: maximum time waiting for the LDAP server (defaults to 5 seconds);

Critical Links, Inc.

Users 183 Privileges Verification Choose if you wish that the access Privileges to the network services (E-mail, Internet, Secure connections, etc.) are always verified in the remote LDAP server and not locally in the edgeBOX. · Authenticate users on the remote server but verify the privileges in system · Verify also user's network privileges on the remote server Why is this usefull ? This might be useful if your company is already using an LDAP server for authorizing users on several other services, besides edgeBOX's ones; in this situation it makes sense to have all Authentication and Authorization relegated by edgeBOX into those servers. As users login for the first time, and their authentication is verified in the LDAP Server, their information is saved in the edgeBOX users list. Still, each time the users tries to login, the authentication will be done in the remote server.

When you are using remote LDAP, the network users have first to login one time using the LAN user authentication before they can login in the domain for the first time.

9.1.3.3 Using a remote AD Server Using a remote Active Directory Server to authenticate the network users: there's an option to toggle between Basic Mode and Advanced Mode. Type-in:

LDAP Server Basic Mode · Domain: the Active Directory domain; · Group: the optional AD Group; · Username: to be used by edgeBOX to access the Server; Advanced Mode · Base DN: see example below box; specify the active directory domain configured in the Base Name field; · Base DN 1, Base DN 2: You can set up two additional Base DN. Authentication System will try to search and authenticate users in these locations also. To enable the text fields

Critical Links, Inc.

184 edgeBOX 5.0 Help please select the check boxes on the right of each field; to Learn More... In more elaborate scenarios the Active Directory server might have users spread over serveral Organizational Units (OUs); if that is the case, edgeBOX can be configured to search users in all those OUs. An example follows, for a situation where users should be searched in three OUs (ouone, outwo and outhree), and the administrator user belongs to OU ouone: Base DN: OU=ouone,cn=local,cn=loc Base DN 1: OU=outwo,cn=local,cn=loc Base DN 2: OU=outhree,cn=local,cn=loc Bind DN: cn=administrator,OU=ouone,cn=local,cn=loc

· Bind DN: see example below box; Common to both modes · IP Address: type the IP address of the remote server; · Password: to be used by edgeBOX's LDAP client to access the AD Server; · Port: the TCP port to be used on the AD server (defaults to 389); · Timeout: maximum time waiting for the AD server (defaults to 5 seconds); · Copy the users information from the AD Server to the system's user list: check this if you'dd like edgeBOX to copy information from the AD server into the internal users list. As users login for the first time, and their authentication is verified in the Remote AD Server, their information is saved in the edgeBOX users list. Still, each time the users tries to login, the authentication will be done in the remote server. If the Active Directory server in not reachable, and only in this case, then, the authentication system will try to authenticate users locally.

When you are using remote AD authentication, the network users have first to login one time using the LAN user authentication before they can login in the domain for the first time.

9.1.4 Customize the user login web page
If your looking for information regarding Default User Quotas please follow this link. In the Users section - Options menu you can customize several aspects of the appearance of the login page the local users of the network will use to authenticate:

Critical Links, Inc.

· Upload a customized authentication page with your own style. Click the Upload button save the image to the edgeBOX. To show a welcome message and the company name in the login form 1. · The zip file can contain image files. View the changes To view the changes and the appearance of the login page. Network users will only see this page if they are required to login. go to a computer of the local network. and type and try to open a random website. Click the Select Image. one or more CSS files and one html file only. Use a custom login page Completely modify the look & feel of the login page by uploading your own HTML. To change your Company logotype 1. To do so: 1. create a Zip file (. All files must be all at the same level. Inc. Upload the files for a custom login page You can upload the files for your custom login page to edgeBOX to have a login page with a completely different appearance. 3. Click Change the Company Logo. · Change the company name and information text. Show the requirements of the files. · The zip file can not contain any folders or sub folders. Type-in the Company Name 4. your CSS file(s) and your images. The new login page with the changes you made will appear. Press Save. . open a web browser.Users 185 · Change the Company Logo.. this text can contain HTML. directly inside the zip file. 3. that is. See Activating Authentication for details. Click the Change the company name and information text 2.zip) with all these files. That is if the Authentication service is running. · You must include the code <!--AUTHENTICATION--!> in the place where you Critical Links. 2. All most common image formats are supported. if you enter HTML in this field the browser will display it correctly. Type-in the desired Information text.. After creating your HTML file. button and select the image with the logo from your computer. CSS and image files.

· Internet: here you determine how and when your users can reach the Internet (same as saying "the world beyond edgeBOX". Advanced and Devices: General · Name: the name by which this Privilege will be identified..0 Help want the login form to be placed in the HTML file. a list showing all current Privileges.h. · DMZ: same as for Internet.m and . button. 3. 2... 4. hit the Advanced Properties.. On the left. choose simple but meaningful names like 'no-restr'. Inc. This code will then be replaced by the necessary code for the login form.. . Click the New. Select the Upload a customized authentication page with your own style option. 'servers35' or 'vips'.. An overview table is shown. examples: a-b. Click the Save button to upload the zip file to the edgeBOX Related Topics: Manage the firewall properties 9. A dialog window will popup with four sections General.2 Privileges The Privileges menu. what are the rules for the Privilege name ? the name must start with a letter (lower or upper case). Allow access to the Internet between . "[a-zA-Z][azA-Z0-9]*[-]?[a-zA-Z0-9]*[a-zA-Z0-9]". Services. a single '-' can also be used excpet for the first and last postions. Click the Browse button and select the Zip file from your computer in the dialog window. the World Wide Web). Boss-10. by configuring access Privileges (policies) to which users will be assigned. to access further tuning details..m and Do not allow access to the Internet. a123. in the Users section provides the means for bulk management of your network users and to control their access to the services and areas your network offers. the basic options are to Allow access to the Internet.h.186 edgeBOX 5. Services Critical Links. after you can enter any sequence of letters and digits.. Click one of them to get a summary of it's configurations on the right panel.

These services will be available for those users if you choose the 1st or 2nd option. · Allow access to edgeBOX services listed between . Give me an example If you don't add the Samba service to the list of accessible services. additionally you may specify whether you wish to assign a specific VLAN for these users..Users 187 This panel is of utmost importance as it directly affects the way your users experience network access. this option is relevant only when you have a switch or switches in your network infrastructure that support dynamic VLAN assigment. workgroup or domain services). · IPSec: if these users will be able to access IPSec VPNs. · Remote Users: if these users will be allowed to connect to the PPTP VPN.. Please note: these are services running on edgeBOX. the edgeBOX services accessible by the users: · Allow access to edgeBOX services listed: users in this Privilege will have access to the services in the list.h. Inc. · VLAN Routing: a listo of rules specifying inter-LAN-VLANs routing permissions for these Critical Links. on a per-Privilege basis.1x authentication... every 5 minutes). not services provided somewhere else but accessible through the edgeBOX. additionally you should specify if they will have access to the LAN. . to this VLAN. while trying to use your network services. Use the Add and Remove buttons to edit the list (this list will not contain the DNS nor the Webadmin services as they are always accessible for host in the internal network). don't choose this option.1x Authentication: these users will be able to authenticate in edgeBOX be means of the IEEE802. Services not included in this list will not be accessible by users in this Privilege.h. with this feature active the switch will automatically move the switch port. where the user is connected and after a successful 802.. See edgeBOX services for a short description of all services available here. · Do not allow access to edgeBOX services: access is denied regardless of the composition of the list..1x. if you wish that the users of this access profile belong to the LAN network instead. This is where you determine. no users in this Privilege will be able to access any File Sharing related resources. Temporary Shared Folders or Windows Shared printers (Samba is a short term for any windows file sharing. that is because these rules are re-applied at most. The list below the three options shows the services available for the users with this Privilege. or limitations. to learn more. one of the supported L2 switches with this feature is the Procurve 2650. Advanced · 802.m and .m: same as the previous on but service is granted only within the given time of day period (please take into account that a delay of up-to 5 minutes may occur.

..0 Help users. How do I restrict access to certain types of web sites ? edgeBOX contains a web filter that allows you specify Website Restrictions based on words present in the website's URL or domain.. want all devices of a VLAN to be automatically authenticated. Related Topics: · Local Administrator · Firewall · RADIUS devices authenticating in edgeBOX · Remote Authentication and Authorization · Adding Users and changing their Privileges Critical Links.. for example. Use the left side buttons to manage the list. see details. Besides containing users.. without the usual login screen. Additionally. a profile may also contain IP addresses. Inc.188 edgeBOX 5. see details. that machine is allowed the access rights of the profile. see details. what type of traffic these users will be allowed to exchange with the other VLANs in edgeBOX. see more details. Indicating a range is most useful when you... This allows the machine to automatically authenticate with the edgeBOX. . If an IP is added. you can block overall access to certain IP addresses by using a block-all type rule in the Advanced Firewall Rules. You can indicate a specific IP address of a machine or you can indicate a range of IP addresses. How do I restrict access to services other than edgeBOX services ? You can block overall access to certain IP Addresses and/or Protocol services/ports by using the Advanced Firewall Rules.. Devices IP Addresses to which this Privilege will also be applied.

Device (connections to a specific IP Address).. 22.and network services allowance/denial . · Protocol: All. By default all outbound traffic is allowed. UDP (same as TCP) and ICMP. · Class of Service for Download Traffic: the choice here is Best-Effort or Premium. Click the Add button to add new rule or Edit to change an existing one. For each rule: Critical Links. · To location: Any (connections to any host). individual ports or even port ranges like 21. 500-600). This means that traffic from the internal network to the Internet is granted access. Here you can allow incoming traffic based on its origin. to learn more. port and/or protocol. Network (connections to a specific IP segment. The list will display all your rules in an easy to read manner. The sequence by which rules appear in the list can be relevant and you can use the Up and Down buttons to change it Inbound Rules By default all incoming Internet traffic is dropped: all connection attempts coming from the Internet are denied.Users 189 9. The approach is based on QoS aspects .2. Thres tabs are presented: This panel presents three tabs: Quality of Service · Class of Service for Upload Traffic: here you can choose to apply the usual Gold. Bronze and Best-Effort traffic classes or your own Pipes.somewhat similar to a Firewall configuration. if you have configured any. For each rule: · Policy: choose Allow Access or Deny Access (tipically you'll want to add Deny rules here). Silver.1 Fine tunning Internet and DMZ access This panel allows you Advanced Configuration options for defining how users access the Internet (same for the DMZ). 80. to learn more.assigning traffic classes to users . port and/or protocol. a short Description string should also be added. Inc. Outbound Rules Rules to control access to the Internet... as specified by an IP Address and a Netmask). Click the Add button to add new rule or Edit to change an existing one. You can allow or deny outgoing traffic based on its destination. .. TCP (you can choose All ports.

As for the outbound rules. · Protocol: All. 500-600). a short Description string should also be added. users in a given VLAN cannot communicate with users of other VLANs. individual ports or even port ranges like 21. TCP .190 edgeBOX 5.2 Access to other VLANs Inter VLAN Access By default. 22. The LAN is also know as default VLAN. 80. UDP and ICMP. if you have specific needs you can overcome this default behaviour by indicating exceptions: locations (services/ports) on other VLANs the users will be able to access even though not belonging to that specific VLAN. you can use the Up and Down buttons to change it. Device (connections to a specific IP Address). For each rule: · Protocol: All. Network (connections to a specific IP segment. individual ports or even port ranges (like 21. the sequence by which they appear in the list can be relevant and you can use the Up and Down buttons to change it. UDP (same as TCP) and ICMP.0 Help · Policy: choose Allow Access or Deny Access (tipically you'll want to add Allow rules here).2. It's good practice to keep your VLANs isolated from each other: that's one of the advantages of using VLANs. · From location: Any (connections from anywhere). The sequence by which they appear in the list can be relevant. as specified by an IP Address and a Netmask). Click the Add button to add new rule or Edit to change an existing one. Please note that controlling access for Inbound traffic may be particularly useful in some very specific scenarios such as situations where edgeBOX might act as a router for inbound traffic directed at specific IP addresses that might belong to each Privilege. · To Address: Any (connections to anywhere). Device (connections from a specific IP Address). Critical Links. Nevertheless. . · To Ports: if TPC or UDP are selected you can choose All ports. Network (connections from a specific IP segment. TCP (you can choose All ports. 500-600). This also includes the LAN. Inc. 22. Related Topics: · Firewall · QoS 9. 80. as specified by an IP Address and a Netmask).

. 2.4 Delegate a Local Administrator Go to the Users section. and Remove buttons to manage the contents of the list. If you want to create groups of users that have common privileges and types of accesses in your network. (or as an alternative. you should to use Privileges instead. this will be needed only if edgeBOX is not your DNS server) Critical Links. Click the Local Administrator option. open the webpage https://myedgeBOX. use the Add Users. users can be part of one group. Click the New.. .3 Groups You can use groups if you have edgeBOX third-party applications. in the Users section. their description and number of users in each. edgepacks. several groups or no group at all. 9.Users 191 9. Inc. Groups have no direct use in the edgeBOX or the network. With a browser.. A dialog window will popup: · Name: choose a name for this group · Description: Type-in a short description · Users: the list of users that belong to the Group.com.. Some examples are: edgeLMS and edgeDESKTOP. button. A short descriptive table is shown with the currently configured groups. How can local admin user access the edgeBOX web interface? To have access to the edgeBOX. in the Related Topics corner. Go to a computer of the local network (LAN). The local administrator is one of the users of your local network that you give the permission to manage parts of your network and configure some of your services. someone that can access some sections of the edgeBOX web interface. What are edgepacks? edgePACKs are optional modules for edgeBOX that add functionalities for particular markets or add a new set of features. Learn more details about edgepacks at edgeBOX's website. point the browser to the IP address of any of the WAN or LAN interfaces. the local administrator has to: 1. If you need to manage groups go to the Groups link in the Related Topics corner. Network Users menu.

192 edgeBOX 5. Type the username and password he uses to authenticate to the network. Each section (main menu option) of the edgeBOX is represented by a branch and the menus inside it are represented by subbranches. After the page opens. Create a local administrator of the edgeBOX To make a user of your network local administrator hit Select.0 Help 3. View an example Critical Links. 2. A tree like data structure is presented. Now you need to indicate the areas and functionalities of the edgeBOX the local administrator will have access to: 1. Inc. 5.. Click the Login button. you need to check the ones you want. You can collapse and expand the tree by clicking the '+' and '-' signs.. and choose from the list. . edgeBOX initial page 4. click the link Login. Check the areas you want the local administrator to have access to.

Remove the local administrator Just hit Remove on the dialog window If you restore an old backup. and a some time later you changed the local adminitrator to 'david_parker'. if your local administrator was 'john_simmons' and you made a backup of the edgeBOX at that time. . However. for security reasons local administrator settings are not saved in edgeBOX backups. Inc. edgeBOX has a backup and restore option that allows you to make backups of all the configurations and data.Users 193 3. View example For example. your local administrator will still be 'david_parker'. Critical Links. the local administrator will not change. Click the Save button. and now you restore that old backup you made.

You'll need to specify their IP Addresses and the type of device. It will show you a table with the list of users currently authenticated. · VLAN Assignement: check this if you want edgeBOX to assign a VLAN when performing Critical Links.5 View currently Connected Users If you need to get a list of Users connected to the system you can do it: just navigate to the Users section and click the Connected Users in the Related Topics corner. Inc.6 Configure authorized RADIUS clients When you need to authorize network devices to access RADIUS authentication in edgeBOX. · Login: the user's username (or login name). The details are: · Name: the user's full name. . · Name: the device's name.0 Help 9. · Privilege: the Privilege under which the user is logged. go to the Users section and hit the RADIUS option in the Related Topics area. · IP Address: the IP Address of the host/computer from which the user made his login. · Confirm Password: retype the password.194 edgeBOX 5. Related Topics: · How do I add more users ? · How do I configure network access privileges ? 9. · Password: the password edgeBOX will use to access the device and encrypt RADIUS packets. among other settings: · IP Address: the device's IP Address. · MAC Address: the hardware address of that host/computer. · Type of device: select the most appropriate from the drop-down list.

Inc. Name is any text you wish to enter. If "VLAN assignment" is checked. The edgeBOX supports different types of 802. independently of the port the user is currently connected. the edgeBOX internal RADIUS server sends the correct VLAN id to the Switch or Access Point according to the User Access Profile. These are normally called NAS (Network Access server).1x Access Point or Generic 802.1x switches with dynamic VLAN assignment like the Procurve 2650 or the Procurve 420 Access Point for Wireless communications with multiple SSID and dynamic VLAN assignment. the edgeBOX internal RADIUS server sends the correct VLAN id to this switch according to the User Access Profile.1x Switch from the drop down list. the IP address is the IP of the Switch and the password the login password of the switch. If you select the Generic 802. independently of the port / SSID the user is currently connected.Users 195 authentication for this device.1x port based authenticators. . This option allows the Procurve switch to put the user in the correct VLAN. This page allows you to view. You must use a compatible port based authentication device. If you select the "HP ProCurve 2650" drop down. Some of the devices supported include 802. Critical Links.1x user authentication. and after a successful 802. If "Enable Dynamic VLAN assignment" is checked. Name is any text you wish to enter to identify this unit. This feature allows the remote port based authentication device to put the user in the correct VLAN. delete and add remote RADIUS clients for user authentication. the IP address is the IP of the AP/Switch and the password the RADIUS client password configured in the remote AP/Switch. Supported EAP methods: PEAP-EAP-MSCHAPv2 and EAP-TTLS.

Inc..0 Help 10 System The System menu allows you to configure a variety system related aspects of the edgeBOX: · Adjust the Date. . Date and Time menu. Otherwise just hit the Adjust.196 edgeBOX 5.. your Timezone or use an Internet time server · Change the language or the administrator's password and e-mail address · Shutdown or Reboot · Manage Software Updates .and receive related notifications by e-mail · Backup edgeBOX settings and user files to a secure medium. Critical Links. like fans. enter the desired Date and Time into the popup dialog and press Save.manually or automatically . perform Restore operations and scheduled Backups · Configure edgeBOX's Hotbackup redundancy system · Receive e-mails and SNMP Traps when relevant status changes occur · Review or download system logs and configure logging to a remote log server · Send user's Accounting records to a RADIUS server · Globally enable/disable the embedded SNMP Agent · Schedule regular maintenance operations to optimize edgeBOX's relational database performance · View and change the status edgeBOX's main network services · View the current status of your hardware devices. the current Time.1 Adjusting Date and Time To adjust time related settings please point the browser to the System section. In that case your Date and Time are adjusted automatically. button. There you can view and adjust edgeBOX's date and time and synchronize with a preferred Internet Time Server to keep the date and time always accurate. temperature and hard-disk usage statistics · Configure a Remote Management server 10. Adjusting date and time is not possible if you have configured an Internet Time server.

2..254. 2... Press Save. edgeBOX will try to synchronize with the selected server every day. Critical Links. For example. If edgeBOX's date and time is delayed more than 1000 seconds (17 minutes) edgeBOX will not synchronize and create an entry in the Log Viewer and send a notification by e-mail. To synchronize a device with edgeBOX's date and time: 1. button. Inc.168. Go to the device's date and time settings. 3. accurate. This way you can keep an the same. 3.100.100. then you can type ebox. Click Change. Indicate that the the time server you want to synchronize with is edgeBOX. To do that you can type in edgeBOX's IP address or edgeBOX's hostmane.. 2. The status/time of the latest synchronization is shown. if edgeBOX's hostname is ebox and the network domain is example. time on every device of your network. edgeBOX can also work as a Time Server so you can synchronize all your network devices as phones.com or 192.System 197 Time Zone Change the time zone 1. Internet Time Synchronize the date and time with a Time Server on the Internet You can use a time server on the Internet to keep date and time always accurate.254.com and edgeBOX's IP address is 192.. computers and servers with edgeBOX. Pick the world Zone from the list on the left and the City closest to edgeBOX from the list on the right. .example. Select the Syncronize edgeBOX date and time with a time server on the Internet option at the top. Hit the Change. Select the NTP server you want to synchronize with from the list. 1. 3.168. Search for the option to Synchronize with an Internet Time Server. How to synchronize all the network devices with edgeBOX's date and time Besides synchronizing its date and time with an Internet Time Server.

The default sender e-mail address edgebox@example.. at any time. A warning message will inform you of the fact.com. button..com is not a valid public domain and thus edgeBOX may find problems in delivery to the final domain. If you find that this password is not working correctly. Choose the Send system messages to: option and fill in your email address (this is the e-mail address to which edgeBOX will send system e-mail messages). It is made of the word edgebox and edgeBOX's default internal domain: example. by e-mail. the admin password is by default the word root..2 Administration To change edgeBOX administrations settings you need to navigate to the Administration menu in the System section. To change the password click Change Administrator's password. just choose the option you need and press Ok. Hit the Change e-mail. you need to edit it yourself. Inc.0 Help 10.. System E-mail Messages edgeBOX sends several types of system related messages . You can change it to a valid address so people can reply to those messages. If you do not wish to receive e-mail messages just choose the Do not send system messages option.. The browser will reload the management interface with the newly selected language.com is an invalid e-mail address. Language edgeBOX's web management interface supports several languages. example. The recipient of these e-mail messages is not specified by default. ..such as warnings or available software updates. Click Change language. shutdown or restart edgeBOX. then you should contact your reseller. Also. and type the desired new password in both the New Password and the Confirm text fields. How do I choose a good password ? Shutdown or Restart You can. you can change it to a valid e-mail to avoid problems with E-mail Servers because E-mail Servers usually perform validation of domains when they deliver e-mails. So.198 edgeBOX 5. Administrator Password When the edgeBOX is installed. and select the desired one from the list provided. Critical Links.

Automatic Updates You can manually check for and install available updates. You can also ask edgeBOX to check for updates and install them automatically. Software Updates menu. · install edgeBOX's third party applications . · have software updates managed and installed automatically. Inc. . download new software packages and.edgeBOX will let you install them manually. security updates or performance enhancements.System 199 10. button: · Disable Automatic Updates: edgeBOX will not try to check for updates. · Check and install updates automatically: this will make edgeBOX connect to the update server.the edgePaks.if updated software packages exist they will be automatically downloaded but not automatically installed . · Install Updates: installs available updates. · Check for updates automatically but let me install manually: edgeBOX will check for software updates . you will receive Critical Links.. Please go to the System section. · receive automatic e-mail messages with information about new software updates. · View Update Log: reports all the updates that have been applied to edgeBOX. Hit the Change.. if you need to: · get a list or install available software updates. But you can also make edgeBOX check for updates and notify you of the updates so you can install them yourself. the list can be cleared by clicking on the Clear Entries button.3 Managing Software Updates The updates available are new functionalities. Clicking on the buttons you can perform the following operations: · Check Now: will immediately check for new updates. without installing them. depending on your choice. · choose the Notify me when updates are available option to receive a graphical notification in the Dashboard. Status The menu displays a short summary information stating whether you should check for available updates or if there are already updates available (this second information is automatic if you configure automatic checking for updates).

Inc.and execute the installation manually (and any needed restarting. The following options are available: · Notify me when Updates are installed: in this situation edgeBOX will actually install the downloaded updates and. if necessary. if applicable. please note the following two options. · Notify me when Services restart is needed: you should choose this option if your network users can not tolerate any restarting of services or restarting edgeBOX itself. if no restarting whatsoever is needed. restart the services that need to be restarted. then nothing will be installed and you will receive a notification accordingly.System section . Critical Links.0 Help notifications. similar to the ones in the previous option. you will receive a notification. · Notify me when System reboot is needed: choose this option if don't mind that some services may need to be restarted but you don't want edgeBOX to perform a full restart automatically. all downloaded packages will be installed. if this is the case. Common Settings · Check every: you can choose to trigger the software updates check task every 6. starting at 13h15m. If an error occurs while edgeBOX is trying to update. navigate to the Software Updates menu .. if services restart is needed or if a full restart is needed nothing will be installed. you need to use the administration web interface to execute the installation manually (and the needed reboot as part of the process). you should go to the administration web interface. · Starting at: the base hour/minute at which the check will be started. a notification will be displayed in the web interface indicating you the problem and asking you to try to install the update again. execute a full restart or.. 13h15m and 19h15m. edgeBOX will check four times a day at 1h15m. If you want to check every 6 hours. 7h15m. as part of the process). 12 or 24 hours. this approach may not be the most appropriate for your needs. see example. in this situation. otherwise software updates will be installed and the needed restarting of services will be carried out.200 edgeBOX 5. . · Also notify me by e-mail: notifications configured in the previous options will also be sent by e-mail to the administration e-mail address.

pop and e-mail services are stopped when executing a Backup. · Local USB disks can not be formatted as NTFS.System 201 10. These backups can be stored either on a remote FTP server. an FTP server or a local Critical Links.. Backup Using the buttons provided you can choose to: · Backup Now. a remote FTP server.4 Backup & Restore edgeBOX can schedule backups to occur periodically at a predefined time. · Restore is supported from the same architecture to the same architecture only. The following notes aplly: · Backups may only be created/restored to/from a local USB disk. as the backup files have a unique prefix associated with an edgeBOX · Full backups and Incremental backups are supported · The backup can not be stored in the edgeBOX it self. remote a Windows File Share.. · Multiple edgeBOXes can use the same directory. or a Windows File Share. day and date. Please note: the imap.. this means that while the Backup is running edgeBOX will not be able to receive or send e-mails and users will not be able to read their e-mail. .7 to v4. if at any time you need to execute a Manual backup. · Both the Backup operation and the Restore operation cause edgeBOX to stop several system and application processes (eg VoIP and authentication). if you prefer a time based schedule of cyclic backup operations. · Restore is only supported from the same version of the Operating system to the same version (eg v4. additionally the Restore operation always requires a system reboot in the end. or on a USB disk connected to the edgeBOX.7). · Schedule. Restore Here you can manually restore backup files from either a Windows Share. Inc. It's important to setup a backup policy from the start.. to prevent the loss or corruption of data.

you should click Restore to perform the operation. Press the Change... The list on the left will show you all the available Full backups. Finally. edgeBOX will be rebooted. as example. the following backup policy: · Sunday: Full Backup · Monday to Saturday: Incremental Backup If you restore the Wednesday Incremental.1 Immediate Backup Manual backup allows you to undertake a backup immediately. It will not automatically create the folder. Lets assume. Inc. The options are: FTP Windows Share USB Critical Links. Once all the relevant fields have been entered. Click on View details to be assured of the details. If the folder specified (for the FTP server. Click any of them to get a list of the corresponding Backups points-in-time. press Save to immediatelly start the backup.202 edgeBOX 5. or Windows share or USB disk) does not exist. If you select an incremental backup. 10.0 Help USB disk.. Selecting one of the three possible backup destinations: · Use an FTP server from the network · Use a Windows Shared folder from the network · Use a USB Flash disk attached to edgeBOX It is not possible to save the backup locally on the edgeBOX itself. Give me an example. in the end. button to select the device where the files are stored and enter the appropriate details (the details needed are in all similar to those described for the backup operations).4. the system will restore a) this backup and b) all appropriate incremental backups and the c) the appropriate full backup. the system will also restore the Tuesday and Monday Incremental and the Sunday Full backup. the backup will fail.. . A dialog will popup with a confirmation telling you that.

. Port: FTP Port (usually 21) Folder: Which folder on the FTP Folder: Which folder on the server where the backups will be Windows Share will receive the stored backup files Use Authentication: If checked Use Authentication: If checked Folder: Which folder on the the username and password fields the username and password fields USB device. Critical Links.4.System 203 Method: FTP allows you to select Method: Windows Share allows an FTP server which will store the you to select a share from a backup files windows server. For full and incremental backups. Inc.. which will store the backup files Server: IP address of the FTP server Server: IP address of the Windows Server Method: USB allows you to select a local USB disk (Not NTFS formatted) which will store the backup files Refresh Devices: Will scan the local USB devices and present you with a drop down list to enable you to select the device which will store the backup files Device: The chosen device (You may have more than 1 USB disk connected) on which the backups will be stored Partition: If the device has more than 1 partition. you can select which one you will use to store the backup files. Backup Destination A summary information is displayed stating the current Backup destination details.. See examples.2 Scheduled Backups This panel allows you to specify a scheduled backup regime. where the backups will be active will be active will be stored Username: The username of the Username: The username of the account you are going to use on account you are going to use on the FTP server the Windows File server Password: The password of the Password: The password of the account which you are going to account which you are going to use on the FTP server use on the Windows File server 10.

so that you can fit the backup tasks to better suite your company's Backup policy.. to change the destination medium of your scheduled backups.0 Help · Backup destination: FTP server (212.. a Windows share or an external USB storage. The same options are available for Incremental as for Full Backups.55) · Backup destination: USB flash disk Hit the Change. you would schedule: · Full Backup: on Sundays at 04:00 and · Incremental Backup: at 04:00. Typically. at the top right corner. choose a day of the month (please note: if you select a day such as the 31st and the month has less than 31 days.204 edgeBOX 5.168. the backup will not take place). The scheduling possibilities are: · Day: · Every Day: the operation will take place every day. every day from Monday to Saturday The Full and Incremental backups should not be scheduled to occur at the same day and time (it does not make sense to execute both of them at nearly the same time as the Full backup will render the incremental backup useless or a waste of time and processing power). · Every Week: any day of week. If you schedule them at exactly the same time (hour and minute) the Full backup will take precedence and the Incremental backup will not occur. Critical Links. You can choose to perform backup operations onto an FTP server. Full Backup You may create (or disable) a schedule for full backups. Inc. The dialog presented for this purpose equal to the one in the Immediate Backup section. Incremental Backup Incremental backups backup the files which have been modified since the last Full or Incremental Backup.13. · Every Month :once a month.13. you can pick up exactly the day(s) you want the backup to be executed. button. .100.212) · Backup destination: Windows share (192. except if you have configured Incremental Backups: the execution of an Incremental backup assumes the execution of a Full backup at some point in time. Scheduling Several scheduling approaches are possible.

to manage the network and daily replicate its configuration and data to the other edgeBOX . The Slave edgeBOX works as a backup (hence the name Hotbackup). you should start the process on Sunday. Indicate below IP Address... button: 1. Assumptions and pre-requisites The stable operation of the Hotbackup feature assumes a set of pre-requisites which must be assured by the adminitrator: · The base hardware on both edgeBOXes must be exactly the same and the extra function cards installed on each must be identical and plugged into the same connectors. · The Slave and Master must have identical operating system releases and revisions. allows you to configure one of them .the Slave. edgeBOX's networking is reduced to a minimum necessary only for the Master to be able to access the Slave and replicate it's configs and data Critical Links. in the System section. To assure this. Netmask. 2. in Slave mode. Select the Configure this edgeBOX to act as the Hotbackup Slave option. Default Gateway and Nameserver to be used in Slave mode. Incremental backups taken before the first Full backup are invalid and should not be used. So if you plan on executing full backups on Sunday and incremental backups on all other days. See details. 10.the Master . Inc.System 205 · Hour and Minute: the exact time of day at which the task should be started.5 Using HotBackup for redundancy Using two edgeBOXes. Using Hotbackup Setting edgeBOX as Slave To set edgeBOX as a Slave edgeBOX (backup edgeBOX) hit the Change. the Hotbackup process will not be possible.. the Hotbackup menu. NOTE: incremental backups are valid only if there is already a full backup. ready to take over the Master's place if a failure occurs. if you update only the Master with a new revision of the edgeBOX's software. For example.. you should manage both edgeBOX's updates manually and not automatically. .

you will be able to access it using it's command line interface. the replication is made every day at that time. that's the interface to which you should connect your ethernet cable. for example. will help you determine and remember these settings.168. you can view an "M" in the top right corner of the LCD. in Slave Mode only the LAN interface is active and it's IP basic configurations are the four values you entered in the previous step.. validate it's configuration and start working as a Master edgeBOX. 2.100.206 edgeBOX 5. when edgeBOX has finished entering Slave mode an appropriate text mode screen. because. When you set edgeBOX in Slave mode. To make your edgeBOX run in Master mode. as long as the Master edgeBOX can access the Slave through TCP/IP. This way you will be able to perform a limited set of commands that are specific to the Slave Mode. It will only work as a backup for the Mater edgeBOX.254/255.255. keep in mind that this setup is not the only solution).0 Help onto it. please. Ethernet Wiring: you can choose any IP address you wish. in the VGA terminal. or remotely via ssh. Also. Indicate below the IP address of the Slave edgeBOX and the time of day at which you want to replicate the configuration and data from the master to the slave. Click the Save button. you can view an "S" in the top right corner of the LCD. edgeBOX will search for the Slave. either locally using a keyboard/VGA or a serial console.100. The most simple way to wire up this setup is to choose for the Slave an IP address which falls into the Master LAN segment.255. Set your edgeBOX as the Master edgeBOX You can only set your edgeBOX to run in master mode after you have an edgeBOX configured and working as a Slave edgeBOX. Critical Links. edgeBOX will reboot and run in Slave mode.168. indicating that the edgeBOX is running as a Hotbackup Slave. Choose a time of day when your network has less activity. the Master edgeBOX has to stop a considerable amount of services to grant that the configuration and information are correctly replicated. 3. If you have an edgBOX with LCD display. button: 1. Inc. during dawn. Click the Save button to start the process. For example.0.255. if you have an edgBOX with LCD display.255. Select the Configure this edgeBOX to act as the Hotbackup Master option.0 and connect the Slave LAN port the the same switch as the Master LAN port (but. you loose access to the web interface and you can no longer use the edgeBOX for managing your network. indicating that the edgeBOX is running as a Master edgeBOX. click the Change. the Slave must be accessible to the Master through the network.. it's a good idea to have a VGA and a keyboard connected to the Slave in order to get a better grasp of the process. in order to make the replication. 3. Still. . if your Master has LAN address 192. 4.253/255. then you could choose for the Slave 192.

edgeBOX will stop replicating to the slave edgeBOX. As a practical rule do not use the GUI or the CLI at replication hours. Note that. This operation may take a very long time. In the end you will bet an Ok saying that everything went all right. If the Master determines that the Slave is not reachable or inconsistently configured a detailed message will be displayed.. you loose access to the web interface. in normal situations you will get an Ok assuring you that everything is normal. Make sure that your network has few activity when you ask edgeBOX to replicate. Check the status of the Slave edgeBOX When you have an edgeBOX in Slave mode. the replication of the Master edgeBOX's configuration and data is made everyday at a given hour that you defined when you configured the Hotbackup process. check the status of the last replication in the Slave edgeBOX. there could occur severe damage to your edgeBOX compromising stability. Still you can check its connectivity status from the Master.System 207 Please note: you should avoid performing administrative tasks close to replication time. To do this just click the Replicate Now button. As stated above. to take over it's functions: 1. edgeBOX has to stop a considerable amount of network services. Inc. All other services will continue working normally. if the operation fails you will get a detailed diagnostic message. button and select the Disable Hotbackup option (this operatin will not perform any change of configuration in the Slave). . please consult the Slave's logs via CLI commands hotbackup view replica status or hotbackup view slave log. To do this just hit the Check Slave button. please avoid doing any other tasks while this one is running. Still you can ask the Master edgeBOX to replicate at any time. then hit the Change. Stop edgeBOX from being in Master mode If you have your edgeBOX running in Master Mode and you want to stop using HotBackup and make the edgeBOX run again in the default normal mode.. Manually replicate edgeBOX's configuration and data to the Slave edgeBOX In Hotbackup. Make the Slave edgeBOX take-over if the Master edgeBOX fails If your Master edgeBOX (the edgeBOX that is managing your network) is malfunctioning and you need the Slave edgeBOX (backup edgeBOX). Please wait. If you are configuring your Master and the replication procedure starts. in order to replicate correctly. if you have an LCD unit then just srcoll down Critical Links. Before initializing the process.

is a process that should be planned carefully. the following may be used as a step-by-step approach to executing the software update on the slave: a) Before proceeding with the upgrade of the Slave please note the following: Critical Links. Type in the command hotbackup returntonormalmode or hotbackup return to normal mode. . So. as it finishes the return to normal mode operation. The Slave edgeBOX will take over all services previously provided and managed by the Master. it becomes a perfect replica of the Master. · Slave software update The Slave edgeBOX is not able to execute nor to check for software updates by itself. 3. this is of utmost importance. ISDN. Software updates. Just follow the process described in the Software Updates menu. When you stop the Slave edgeBOX to work as a slave and make it take over the master. all subsequent replication attempts will fail. Analogue etc) to the Slave edgeBOX. This will not install anything but will periodically query the update server and send you notifications if needed. Please keep in mind that the slave. 2. · Master software update Updating the Master is quite straightforward. but you forget to update the other one. but do not select the option that installs software automatically. To login to the web interface. Inc. Open the slave edgeBOX's Comand Line Interface (CLI). You can activate the Check for updates automatically but let me install manually option in the Software Updates menu.5.1 Managing software updates in a Hotbackup scenario When you use the Hotbackup functionality. in the System section. you gain back access to edgeBOX's web interface. 10. Shutdown or power-off the Master. you should manage edgeboxes' updates manually and not automatically to grant that the Master and the Slave have identical software versions. 4. if you allow the Master to update automatically. Despite other/mixed approaches may be possible. The Master automatically detects that the Slave has a diferent operating system version/release and will refuse to proceed. Connect all Master's appropriate cables (eg ADSL.0 Help the menus in the Slave and you´ll get the Replica Status with a date and an Ok. The same happens if you update the any of them manually.208 edgeBOX 5. in the context of Hotbackup. 5. please follow the process until the end. use the password that you used to login on the Master edgeBOX (the administrator password is also replicated onto the Slave).

wait until edgeBOX is fully back in Slave mode (watch the VGA terminal. make sure no warnings popup and everything processes normally. this will surely frustrate the Slave's attempts to reach the update server. Inc. in Slave mode there is no DHCP server running. gateway and nameserver) and apply slave mode again. the laptop IP configuration must be manual. using the keyboard and VGA is also a good approach. After update is complete all connections may be brought back to normal and the Slave returns to Slave mode. 4.255. with. depending ion the type of update it may be necessary to reboot. 3. b) The steps to executed the software update on the Slave are: 1.70. to do this you can connect your laptop directly to the Slave's LAN connector (using a crossover cable. re-wire the slave's network cable(s) back as they were before. Connect to the Slave's WAN interface the cable that will provide internet connectivity (through the Master or directly through th ISP). if needed) and access the CLI by ssh/putty. when this command completes you will loose your connection. 2. in this case you really need to disconnect the Master's WAN interface. 5.168.200. 6. then the Slave's WAN interface will obtain an IP address in the Master's LAN segment. according to the example given. wait until the Slave has finished returning to normal mode of operation (you determine this by watching it reboot into normal mode from the VGA terminal). re-enter and double check the Slave Mode's IP settings (IP. 7. . for example192. Disconnect the Slave's WAN cable. In this scenario either the Slave's LAN IP address is temporarily changed or. in order to prevent double IP on same segment). Access the Salve's web interface and proceed as described in the Sofware Updates menu (assuming your laptop is still connected to the LAN interface you should point it to https:// LANIPADDRESS:8011.System 209 · As the Slave returns to normal mode it's LAN interface will have the same configuration as the Master. the Master is turned off and the Slave takes it's place for software upgrade (during the night or weekend). 8. Access the Slave's Command Line Interface (in Slave Mode there is no GUI). Critical Links. Netmask.0 (or any other subnet that does not collide either with the Master's LAN nor any of the VLANs involved). you need to re-configure your laptop manually. please change the Slave's LAN IP address by with the CLI command: lan static ip 192. this step is not needed at all if the Slave will connect directly to the internet without the Master involved (unless you have static IP configuration on the WAN and you are planning to share the same network segment for the upgrade. Disconnect any network cable which might be connected to the Slave's WAN interface.1/255. Access the GUI and reconfigure Hotbackup Slave Mode. if your laptop is connecte to the WAN segment of the Slave you should point to https://WANIPADDRESS:8011). Execute the hotbackup return to normal mode command in the Slave's CLI (putty/ssh or keyboard/VGA). it will tell you). so.168. This implies that the WAN and LAN interfaces in the Slave will have configurations "in" the same IP segment. simply. If the Slave is going to access the update server using the Master as default gateway.70. · If the Master is the default gateway of the network segment to which the Slave will connect in ordero to access the update server.255.

· Status . Inc. 10.6 Notifications You may find the need to receive notifications regarding Hardware events. · Receiver .Execute the "Replicate now" operation if you don not wish to wait for the up-coming daily replication. SNMP Traps You may Enable. RAID status and others. · E-mail Subject .in case you use SNMP to manage your network(s). Disable and Edit the details of SNMP Traps notifications: · Name · Hardware status changes: if you want to receive traps for temperature changes and other hardware issues. you can Start and Stop the Notifications service and an appropriate coloured status bar shows you the current operating status. E-mails You may Enable. please go to the Notifications menu in the System section.0 Help 9. Critical Links.210 edgeBOX 5. if you changed anything). As usual. go to the Master's GUI and execute the "Check Slave" operation.The subject of the e-mail message. · RAID if you want to receive e-mails about hard disk status related to RAID. To configure the system to send these specific e-mail notifications and SNMP traps. Disable and Edit the details of e-mail notifications: · Notification · Hardware status changes: if you want to receive e-mails for temperature changes and other hardware issues. Re-wire the Master back to the way it was before (that is.the e-mail address to which the notifications will be sent (leaving it as root@localhost will make the e-mail be delivered to the administrator e-mail address). .Whether each e-mail notification is active or not. 10. edgeBOX is able to detect such events and forward them to you by e-mail and by means of SNMP traps . the result must be "Ok".

· Trap Community . it is mirroring the disks · Degraded . · Object ID .Only Enterprise should be selected. RAID1 uses two (possibly more) disks which each store the same data..there is a faulty disk in the array · A list with the array disks · A button to add a disk to the array and another button to remove a disk from the array. Several different arrangements are possible.System 211 · Backup result summary: if you want to receive traps with the results of your scheduled backup operations. does not increase the chance of a failure or decrease the reliability of the remaining drives (second.The community which has been configured on the server which will receive the traps. Inc.SNMP versions 1 and 2c are available options . in the event of a hardware or software malfunction. · RAID if you want to receive SNMP traps about hard disk status informations related to RAID. Critical Links. etc). Currently. The failure of one drive.7 Managing and Diagnosing RAID A RAID array distributes data across several physical disks which look to the operating system and the user like a single disk.The SNMP Object Identifier configured on the server which will receive the traps. 10. only RAID1 is supported and it is managed by the RAID menu in the System section (this menu is only available if your system uses RAID). · Status . so that data is not lost so long as one disk survives. · SNMP Version . · Trap Type .the array is rebuilding. third.IP address of the SNMP management Server which will receive the traps. i.e. Total capacity of the array is just the capacity of a single disk.Whether each e-mail notification is active or not. · Trap Receiver . Generic will be included for a future release. . The panel has the following elements: · At the top the array status is presented and it may be one of the following: · Clean .all disks in the array are active · Recovering .

Start the system The new disk should synchronize with the active one. 4.7.An active disk in the RAID mirror has been marked as faulty. has lost a device and is no longer working as a RAID array · RebuildStarted .e. Inc. . Notification actions will occur under the following circumstances: · DeviceDisappeared .2 Replacing a faulty disk If the array becomes degraded the faulty disk should be replaced. it cannot have a larger or smaller disk capacity (in Bytes) Hot Spare If the box has more than two disks. Write down the serial number of the faulty disk 2.A spare disk (if one is available).The RAID array has started reconstruction (eg when a disk is replaced.7.A mirrored array which was previously configured.212 edgeBOX 5. This action is accomplished by the following steps: 1. 10. · DegradedArray. without the need of management intervention. has been successfully rebuilt and has been made active. There are different ways to perform disk replacement: No Hot Spare To replace a faulty disk automatically. one may not have to shutdown the system immediately.The (new) disk has either completed construction (and is now part of the RAID1 array) or the construction was aborted. · FailSpare . a notification action may be performed as defined on the Notifications panel. Note: The replacement disk must match the original disk. Highlight the faulty disk and press the "Remove" button Critical Links. · Fail . The array status may be checked on the RAID panel.The Array is degraded (eg disk failure) · SpareActive . Shutdown the edgeBOX at the earliest opportunity 3. i.the new disk must have the same capacity (in bytes) as the faulty disk.A spare disk (if one exists) which was being rebuilt to replace a faulty disk. which was being rebuilt to replace a faulty device has failed. just follow the steps: 1.0 Help 10.1 Disk Notifications If the status of the array changes. the new disk has to be reconstructed from the good disk to form the array) · RebuildFinished . A third disk (spare) may replace the faulty one. Replace the faulty disk (check the serial number) .

Clikc the Log viewer. Hotbackup. however the following precautions should be taken: · Write down all disks serial numbers and respective slot to know which disk is the faulty one. If a spare disk is available in the "Array Disks" panel. it will be automatically used to rebuild the RAID array in the event of a disk failure with one of the current RAID disks. select High or Low (changes will be applied to new log messages only). http logs. There you'll find: Log Viewer The Log Viewer lets you examine several application's logs with 2 levels of verbosity. Website Access Restrictions. Shut down the edgeBOX and remove and replace (if you wish) with a new disk which has the same Byte capacity as the faulty disk. Blacklist. Synchronization process progress may be checked in the RAID panel. · The faulty disk may be replaced without shutting down the system. among others). the available services are: Anti Virus. Critical Links. link.System 213 2. this setting is global to all services.8 Reading and Managing System Logs Reading system or services logs may become necessary as a way to understand or solve specific operational issues. Daemon. Kernel. Backup. highlight it and select the "Remove" button. voip's cdrs. Highlight the Spare Disk and press the "Add" button. · Verbosity: controls the level of detail of the messages displayed. In this case. Hardware Monitor. The Previous and Next buttons allow you to scroll chronologically through the pages (earliest messages are displayed first)... Each page displays at most 25 lines. Hotswap Hotswap is also supported in the Enterprise Appliance. Point your browser at the Logging menu in the System section. RAID. it would be prudent to add this replacement disk to the "Array Disk" panel for automatic replacement in the event of another disk failure. To replace the faulty disk. the new disk will be included on the RAID array and synchronization will begin. edgeBOX includes comprehensive solutions for accessing system and application logs (such as syslog. Inc. VoIP. 10. Mail. . Authentication. The Log Viewer panel will popup: · Service: select the service for which you wish to read logs.

and the first one to answer will store the data.0 Help Logs Destination edgeBOX can send logs to a remote logs server. · Port: the TCP/IP port number on which the server listens for log messages. If your edgeBOX is currently recording calls. Log manager password You should set the logmaster password from this panel. Inc. you'll find them inside the call-recordings FTP folder. 514 is the default. download and delete call recordings made by means of the Automatic Call Recording. The configured servers will be contacted in sequence. · Server address: the IP Address or host name (FQDN) of the server to which edgeBOX will send log messages. The accounting data applies only to the WAN interface. The table lists all the servers configured.214 edgeBOX 5.. The logmaster username gives you FTP access to edgeBOX's log files: · System Log Files (sys. this FTP access should be used to access. The default value is 1813. Password: The password used by edgeBOX's RADIUS client to access the server Confirm Password: Confirm the password you have entered Critical Links. 10. but another port may be used. Note that you can have authentication and accounting performed by the same server. To enable this behaviour click on the Change. button and specify: · Also store edgeBOX logs in a remote server: check this box.. .log) · HTTP/HTTPS Access Logs (access_log) · VoIP CDR's (Master.csv files) Additionally. To add a new RADIUS Accounting server you'll need: · · · · Server IP: The IP address for the new server. or have different servers for each purpose.9 RADIUS Accounting This menu option allows you to review and configure the RADIUS servers used for accounting. Server Port: The port used.

g. . e. “30 minutes” and “60 minutes”. See Authentication for details. Log Interval: possible values are “15 minutes”. “private” or ones that are easy to guess. · Enable Access to SNMP Agent . Avoid well known strings such as “public”.The name of the community used when requesting access to the SNMP agent.Enter an object identifier (OID).Enables the SNMP agent and allows read-only access to report the status of the edgeBOX. · Allow queries for . Critical Links. If this time is exceeded then the next server on the list (if any) will be contacted. This panel controls the SNMP agent running on the edgeBOX. This option allows you to control the period for which account information will be sent to the remote RADIUS accounting servers.Enable notifications to be sent. Inc. “edgeBOX”. 10. Access to objects below this level are not allowed. · Allow queries from: · Any device: edgeBOX's embedded SNMP agent will respond to SNMP queries coming form any device (with the correct community string obviouslly). · Community string . · Allow edgeBOX to send SNMP trap messages to a Trap manager .10 SNMP The status of the edgeBOX can be queried using the Simple Network Management Protocol. · Devices within the following network segment: edgeBOX will only respond to SNMP queries coming from this IP segment (as determined by the IP Address and Netmask pair). · A specific device: edgeBOX will only respond to SNMP queries coming from this IP address.System 215 · · Timeout: The maximum amount of time for connection setup with the RADIUS server. SNMP Agent Configures read-only SNMP access to the edgeBOX. SNMP Traps Configures the host (NMS) to which traps/notifications will sent. Note: Accounting is only available with authenticated user sessions. Specifically “public” is not allowed.

Inc. 10. · Receiver .216 edgeBOX 5. Hardware Monitor and RAID services. go to the Maintenance menu in the System section. The main reason to do this is to increase user responsiveness and overall usability. The performance can be significantly increased by simply enabling this feature. to know: · Every Week: Performs Database Optimization on a weekly basis. A short overview is provided with: · current configuration and · last database optimization execution date and time.11 Maintenance In the Maintenance module it is possible to schedule system database optimization in order to improve performance of VoIP service and the Reporting engine. sometimes in order of magnitude of 4000%.0 Help · Community .. Use the Change Schedule. The Database Optimization can be done in several recurrence patterns. · Every four weeks: Performs Database Optimization every four weeks. and Remove Schedule.The host name or IP address of a computer (NMS) to which notifications will be sent. · Every two weeks: Performs Database Optimization on a biweekly basis.. Critical Links.. For each previous recurrence pattern you should also set the · day of week and · time hour and minute for running database optimization. Some edgePakcs. buttons to edit or remove the configuration. To configure the type of traps/notifications sent by edgeBOX go to the Notifications section. These include the Backup..The name of the community used when sending a notification/trap. . which also depend on the system database. To enable this option. may also benefit from a periodically optimized database.

Number of sectors which are unusable. 10. To change status of a service click the service and hit the Start (green) or Stop (red) button at the top of the table. Inc.Yes or No. A very simple example. See an example. weekly..the administrative operational status of edgeBOX's main user services. Critical Links.start / stop . the CPU speed and several status of the hard disk(s). or when no services are being used to minimize the impact on services.System 217 When to schedule optimizations ? Database optimization may consume long periods of time (varying from a few minutes to some hours . Please schedule your data optimization for a period of day when there is no (or low) load on your box. · Description: the service's description. · Status: whether they are running or not.in very extreme situations). Note that. Adapt the best solution for each case.12 Services Control Panel For your convenience. . every Saturday at 4:00am. Avoid colisions with the Hotbackup replication hours and the Backupscheduled operations. or common abbreviation. This always depends on your service usage. It is determined by the monitoring software of the disc. · Bad Sectors Count . but mostly on the 'how long ago was the last optimization done?' or the 'was optimization ever done?'. This depends on the factors as the load of the edgeBOX and the amount of data being processed. is to set the edgeBOX database optimization tasks. changes made here will be effective even after a reboot. Hard disks information: · Overall Health ..13 Hardware Monitor Information of the velocity of edgeBOX's fans. It is updated every 15 seconds. · Temperature. based on the values of the parameters that follow next. For all services displayed: · Name: the service's name. the System section includes a Services panel where you can review and control . 10.

: · Method: · ICMP: adjust timeout and enter packet size in Bytes · UDP: with this option selected the ping method will send a udp packet to the remote host's echo port. · CRC Errors Count . For additional options press +Show options. this produces a Ping which will try each method sequentially (ICMP. You can receive e-mail notifications about changes detected in the Hardware Monitor. · SYN: adjust timeout and enter the TCP port to which to send the probes. · TCP: adjust timeout and enter the TCP port to which to send the probes.14 Diagnostic Tools You can reach the Diagnostic Tools menu from the System section. and so on. continues until either a successful reply is received or all methods have timed out.. . Critical Links. Inc. UDP. · Total Up Time .Number of errors when writing to the disk. If the syn packet was sent successfully..0 Help · Pending Sectors Count .. if the "SYN" protocol is specified. the other methods will not be attempted. If one of the methods receives a reply (eg ICMP).Number of hours since the disk has been switched on. · All: adjust timeout and enter the TCP port to which to send the probes. adjust timeout and enter packet size in Bytes. if no reply is received after the timeout. TCP then SYN). 10.218 edgeBOX 5. it will return a true value. otherwise it will return false. the next method will be attempted until another timeout elapses. choose the Hardware Status Changes type Notifications panel. Enter an IP Address or a FQDN and press the Ping button.Number of sectors waiting to be remapped to another part of the disk. It provides some basic network and connectivity diagnostics: Ping Tests for network connectivity. the ping method will only send a TCP SYN packet to the remote host then immediately return.

: · Method: ICMP or UDP. Inc.. Type the IP Address or FQDN in the box and press the Trace button.fr and press the Lookup button.34. the type of packets used in the traceroute test. enter a domain name. For additional options press +Show options.org and press the Lookup button. · Mail Servers: allows you to determine the mailservers for a specified domain. · Domain Names: allows you do list DNS servers for a given domain. 10.fsf. To alter these settings press the Change. · IP Addresses: to determine the IP address for a specified domain name or FQDN. · Timeout: maximum time waiting for test results on each router along the way. · Timeout: maximum time waiting for test results..the IP address. A reference for how traceroute (tracert on Windows) works can be found at: Traceroute. . Critical Links. such as www. button and enter the values for: · Remote Management Server .23.. enter an IP address.. Depending on your Lookup for selection: · Host Names: allows you to determine the Name of a specified IP address.com and press the Lookup button. the edgeBOX default name server is used for the lookup. If not set. A short overview is shown with the current configurations. enter a domain name. such as google. Such a server allows the management of several edgeBOXes at the same time.: · DNS Server: allows you to specify a DNS Server (by IP or name) which will be used to resolve the IP address. Note: it may take more than 10 seconds to complete the task. For additional options press +Show options.System 219 NSLookup To diagnose DNS problems. enter a domain name.45 and press the Lookup button...15 Remote Management Allows communication between edgeBOX and a Remote Management server. such as critical-links. Traceroute Find the route that network packets follow to reach a specified host or IP address. such as 212.

in minutes. . Inc. Critical Links.time interval.220 edgeBOX 5. used to separate the emission of 'keep alive packets' to the Remote Management Server.0 Help · Keep Alive . The server will use this keep alive connection to warn administrators of potential problems with the edgeBOX.

11. a single day or hour. Critical Links. in percentage. Services and Users. You can drill down each line into each day to view the CPU usage just for the selected day. It can be a begin/end day.Reporting 221 11 Reporting View and export reports about edgeBOX's System. for automated processing. or into a CSV file.1 System Displays information regarding edgeBOX’s system usage: · CPU · Memory · Load · Disk Usage · Interfaces 11. . You can export the reports into a printable HTML page that you can print via a browser.1.1 CPU The CPU report shows edgeBOX's processor usage. depending on the report you are seeing. Inc. per type of process (user’s and system processes) and cpu idle time. For each report you can specify a Time Interval.

Critical Links.2 Memory This report shows used and free memory. Inc.0 Help 11.222 edgeBOX 5. in MB.1. Drill down in each day to view the memory usage for that day only. .

Inc. Drill down into each day to view the load of the CPU for each day. Load 5 min values indicate the average active processes in 5 minutes. Critical Links. Load 15 min values indicate the average active processes 15 minutes.Reporting 223 11. Load 1 min values indicate the average active processes in one minute.3 Load The Load report displays the load of the system through the number of active processes. .1.

Critical Links.0 Help Values below 1 represent good CPU load.224 edgeBOX 5. between 3 and 4 require you to monitor closely.4 Disk Usage This report displays the hard disk usage. per Storage. . 11. Inc. Drill down into each day to view usage for that day only. and values over 5 require you to take action because the CPU is overloaded.1. in percentage and in MB. Scroll down to view disk usage for both Storages.

Inc. LAN and DMZ interfaces.5 Interfaces Shows the traffic received and sent by edgeBOX in the WAN. 11.1. Scroll down to view information for the LAN and. · The Home Storage partition is used to save the user account folders and the network shared folders (Shares). . Drill down into each day to check the usage of the interface for that specific day. DMZ interfaces.Reporting 225 · The System Storage partition saves the runtime system data information (database and log information). Critical Links. if you have one.

. Critical Links. · HTTP Access · Web Server · Firewall · E-mail · VoIP · VPN 11.226 edgeBOX 5. You can drill down into each line to see daily HTTP accesses and sites visited. page hits and users yielding these accesses. This means. accumulated traffic in Mega Bytes. Inc.1 HTTP Access The HTTP Accesses report displays information about HTTP accesses through edgeBOX.2 Services Displays reports showing information about the service usage. the total number of sites.0 Help 11.2.

11.2 Web Server The Web Server report shows accesses to edgeBOX's web server. Critical Links.2. . Inc.Reporting 227 Please note: this report will contain no information if the Proxy Cache service is stopped. You can view the total number of visits to every page and the generated traffic. It is where the Intranet and Extranet websites and the users' personal webpages are storaged. in Mega Bytes to edgeBOX's web server. It is possible to drill down into each day to check the accesses on that specific day.

Critical Links. You can drill down each line to a specific time frame in order to identify actions applied to unauthorized network traffic.2.228 edgeBOX 5.0 Help 11. . Inc.3 Firewall This report shows Firewall related information as dropped and rejected (sent back) network packets grouped by day.

You can also view the amount of e-mails processed and. you can identify singular e-mail exchange info such as the sender or the receiver e-mail. This is. the size of the message and if it was infected with a virus.com part of the email address) are processed for the sent and received e-mail. Inc. how many of those where detected as being infected with viruses by the Mail Scanner. . if it was locally delivered to edgeBOX.Reporting 229 11. If you drill down in each line.4 E-mail The E-mail report shows e-mail service related information in the Services perspective.2. you can only see how many sender and receiver e-mail domains (the @mail. Critical Links.

calls received from outside edgeBOX's network to internal phones connected to the edgeBOX. Critical Links. Calls are grouped into: · Internal Calls .5 VoIP The VoIP report displays VoIP service usage. Inc.0 Help 11.230 edgeBOX 5. · Inbound Calls .calls made to external phones. .2.calls made between phones connected to edgeBOX. · Outbound Calls .

2. The information available includes the duration of the calls and number of calls made. Inc. number of users using the VPN service.Reporting 231 The image above is a drilled-down detailed of the Internal Calls.6 VPN The VPN report gives information about the PPTP VPN tunnels in use in the edgeBOX. the number of connections made. . Critical Links. and accumulated duration of connections per day. 11.

1 General The General report summarizes the activity of users. Tou can view the inbound and outbound traffic in Mega Bytes.3 Users Services data correlated with user information: · Accounting information · HTTP Access · E-mail · VoIP · VPN 11. .3. and external calls made and the duration of the calls. it is not possible to drill down inside each line as in other reports.232 edgeBOX 5. Critical Links. PPTP VPN tunnels and the total duration of these tunnels. Inc. The information is shown only in a tabular format.0 Help 11.

3.Reporting 233 11. You can drill down in each line of the table to view detailed information for each session of the users.2 Accounting The Accounting report shows network traffic and sessions made by the network users. LAN and DMZ). If you are not using authentication. . the user's IP Address is shown. You can check the amount of downloads and uploads that are being processed for the users in each network interface (WAN. instead of the username. Critical Links. Inc.

0 Help 11. You can also drill down in each line of the table to see the sites visited for each user.3. . Inc. 11. Critical Links.4 E-mail The E-mail report shows e-mail service related information for each e-mail address.234 edgeBOX 5. Please note: this report will contain no information if the Proxy Cache service is stopped. You can drill down in each line to view e-mail messages details for a particular e-mail account. The report details the total number of sites. HTTPS website accesses are not showed.3 HTTP Access The HTTP Accesses report displays information about HTTP website accesses made by the network users. accumulated download traffic in Mega Bytes and number of page hits.3.

3.5 VoIP The VoIP report displays VoIP calls for each phone or user.Reporting 235 11. If you select a user's calls yo ucan view calls to and from that user for the specified time period: Critical Links. Drill down into each type of calls to view the calls made for that type. Inc. . For all registered phones the Inbound. Outbound and Internal calls with their associated call duration is displayed.

3.6 VPN The VPN report gives a summary of the PPTP VPNs on edgeBOX. Inc.236 edgeBOX 5. It shows the number of connections and the total duration of the connections. Critical Links. .0 Help 11.

besides Login option.How do I get here ? Point your browser to https://myedgebox. on the left you'll find a list of accessible services: · Temporary Shared Folders Applications In the Applications section you'll find links to the following applications (if installed and/or configured).User Services and Applications 237 12 User Services and Applications On the initial page. or. these are browser based user-oriented. if from outside. https://LAN-IP-Address:8011 .com. Services Following the Services link. commonly accessible edgeBOX features. you will find the and Services and Applications options. Initial Page . https://WAN-IP-Address:8011 . Inc. you will enter the edgeBOX Services page (this option will only be available for users in the internal network). Follow the links bellow for details: · Webmail · Flash Operator Panel Critical Links. .

select "Create a new safe". the following conditions must be met: · · · The Windows Server service must be running. Follow the link "Public Folders". To create a new safe. To be able to use safes. Inc. The user must belong to Privilege with access to the Samba service.0 Help 12. The following page will be displayed. Any user on your network can ask for a box to store files and access it as a normal Windows share. as well as the maximum time the safe will be available.238 edgeBOX 5. select "Create safe". Currently available safes will be displayed. as well as the current safes' configuration parameters. Temporary Shared Folders must be active. Sizes available will always be less than or equal to the maximum size configured. Critical Links. . Select the desired settings for your safe. Any LAN user can request a safe accessing the utilities page (http://<lan address>:8011 and selecting the "Services" option). To create the safe.1 Temporary Shared Folders Safes are available only for LAN users and may be used when there's a need for a temporary space for storage.

User Services and Applications 239 Safe creation window If the safe was successfully created. . Critical Links. credentials to access it will be displayed. Inc. credentials to access the safe Selecting "Public Folders" again will now display the safe just created.

. Inc. access it like a normal windows share. Critical Links. entering the credentials supplied to authenticate.0 Help Public safes list To use the safe.240 edgeBOX 5.

Note: When a Folder is closed (manually or after the timeout). the folder and contents are deleted. .User Services and Applications 241 If you want to close the safe before its time expires. the message "Folder closed" will be displayed. go to the Services > "Public Folders" menu and follow the "Close this Folder" link next to the safe you want to close. Critical Links. If the operation completes successfully. Inc. You will need to supply the password for the safe.

select the Applications link and then Webmail (if Webmail is not available. this is because it has not been configured to. see E-mail domains and Webmail). Critical Links. Use the interface to send and read your e-mail.242 edgeBOX 5. You will be presented with the following screen.2 Webmail In the Initial Page of User Services and Application. . Inc.0 Help 12. Select your preferred language and login with your edgeBOX username and password.

Note that if there are more entries than can be shown on the screen. FOP allows you to view: · Which extensions are busy.User Services and Applications 243 12. ringing or available · Who is talking and to whom · SIP and IAX registration status (Greys out if offline) · MeetMe room status (number of participants) · Queue status (number of users waiting) · Parked channels · Logged in Agents Critical Links. for access and the Web Server must be running. Inc. causing the screen to scroll to the right (and vice-versa) You are reminded that you need to allow the FOP service on the Firewall Panel. the additional entries can be viewed by placing the mouse to the right of the screen. .3 Flash Operator Panel (FOP) Flash Operator Panel (FOP) is a switchboard type application which is able to display information about the PBX activity in real time.

.0 Help FOP allows you to perform the following actions: · Hang-up a channel · Transfer a call leg via drag and drop · Initiate calls via drag and drop · Barge in on a call using drag and drop · Drag and drop to create an agent · Manage queues · Park/Unpark calls 12. which should present you with the following Menu. Inc.3. Select the Applications menu and you should be presented with the following: Critical Links. enter the edgeBOX URL into your browser.1 FOP Login To Access the FOP Interface.244 edgeBOX 5.

User Services and Applications 245 (If Webmail is not present on the Menu. you will be presented with the following screen: The default Security Code login is: root To alter this password. please refer to the E-mail Server and Webmail for configuration instructions) When you select Flash operator. Inc. this is because you have not selected configured a Webmail Domain. enter username and Password as admin and root (respectively) and set a new password. . Critical Links.

If npem picks up the call.0 Help 12.3. by double clicking on the red LED. for example. as well as the duration of the call. simply drag the phone icon the person you wish to call. Inc. .246 edgeBOX 5. Critical Links.2 Initiate a Call To create a call. npem's phone will ring. Once the call is established. both phones will change their green 'LED' to red and the extension number of the caller will be shown. for the user of interest to the phone icon of If. jayme's phone will ring and the call is established. you drag the npem phone icon to the jayme icon. You may force the termination of a call.

Inc. Again. tags the incoming route with the callers number and also tags the person they have called.User Services and Applications 247 Note: If a phone is not currently registered with edgeBOX (as thus cannot be rung). the caller has rung alextalk via the BRI/1 2 connection (as they both have the same tel number tag of the external caller). with their telephone number. you may terminate a call by double clicking the red LED of the phone (or the line).3 External Calls A call which is from an outside line.3. In the large panel below. the icon will be greyed out. Critical Links. 12. .

248 edgeBOX 5.0 Help

12.3.4 Transfer a call
To transfer a call, you simply drag the icon to the panel where you wish to place the call. Thus you could drag a callers icon to a phone, or to a Queue, or park the call (etc).

12.3.5 Barging
Barging allows the operator to interfere with an active call. Thus if 2 users have established a call, you could (although this is not generally recommended) drag a phone to one of the phones which is already connected, to establish a new call (leaving one of the users with a disconnected call!).

12.3.6 Create an Agent
Assuming that you have configured a Queue, you can add phones to the Queue to act as Agents for the Queue. To add an Agent, simply drag the phone to the Queue (the phone LED will change from green to yellow).

To delete the Agent, drag the phone to the queue again (the LED will change from yellow to green).

Critical Links, Inc.

User Services and Applications 249

12.3.7 Queue Managment
Each Queue, consists of three panels, as shown below.

The top panel (Queue Support) shows the status of the queue (1 caller waiting for an Agent) and the queue name (support) The next two panels show the top two (longest in queue) clients in the queue.

To add a client to the queue, simply drag the ringing phone to the queue, or drag one of the phones which has established a phone connection. Note: You can reset a queue by double clicking on Queue's (top panel of the three) LED. If you do this, all callers in the queue will be removed.

12.3.8 Park-Unpark Calls
To park a call, simply drag their phone, or their incoming line, to the Parked queue.

Critical Links, Inc.

250 edgeBOX 5.0 Help

The phone/line will then show the their parked position. You can then drag the parked phone icon to a phone (or elsewhere) to establish a call.

12.3.9 Conference Calls
To enter a conference, simply drag the phone icon (or line) to the conference icon, which will cause the phone to ring.

The Conference will show the number of users of the conference.

12.3.10 Typical Caller Scenario
A typical scenario is as follows: · A caller (A) rings and is routed to the operator (B). They request C's extension. · The operator can see that C is not on a call and can drag the line icon to C's phone, or · The operator can put the caller on hold (by dragging the incoming line to the park icon) and drag the operator phone icon to C's icon to ring C and ask if they wish to take the call. · The Operator can now either drag the icon from park to C's icon or drag the park icon to their phone icon and explain that C cannot take the call.

Critical Links, Inc.

Appendices 251

13 Appendices
13.1 Appendix A: Authentication
edgeBOX runs several services under which you have to provide credentials. There are a several possible authentication scenarios and configurations. In this appendix, edgeBOX's authentication architecture will be explained. It is important to understand these concepts, as they will be needed if you want to deploy a remote authentication scenario. We will shown what happens when the "Require users to login" option is enabled. The complete sequence of events will be reviewed and detailed. Finally, some remote configuration examples will be shown.

13.1.1 Authentication architecture
Authentication (proving who you are) and authorisation (what you can do) are handled in a mixed manner in edgeBOX. Considering first a local authentication scenario, upon user creation you need to provide a password and define which services a user will be authorised to use. Services available in edgeBOX are: · Regular services, such as POP3, IMAP, FTP and Internet access for LAN users; · Windows use (Samba Print and Filesharing); · Allow authentication from wireless and wired 802.1x port based authentication devices on the LAN; · PPTP · VoIP. Internally, edgeBOX uses a RADIUS server, configured to use an LDAP backend.

13.1.2 Require users to login vs Privileges policies
Connections originating from the LAN to the Internet, to the DMZ network and to services running on edgeBOX are granted by default. But you may choose to limit this access by enforcing an access Privilege. This is done by activating the Authentication service - the Privilege policies will be enforced at the Firewall level. This is always the first level of access to be tested: when if users are required to login (LAN/VLAN

Critical Links, Inc.

252 edgeBOX 5.0 Help users), any connections are denied - they are in fact discarded by the firewall. If an user wants to access the Internet, the following steps must be taken: · The user accesses edgeBOX's authentication page or some website running on port 80 (which causes a redirection to edgeBOX's authentication page); · The user enters his credentials (username/password); · If the credentials entered were valid, the user may or may not be granted access, depending on his access Privilege. From this moment on, and if this user's policy grants him access to the Internet, he will be able to access any remote service. Furthermore, a pop-up window will be displayed, allowing him to log out. This pop-up window must be kept open to keep the user authenticated. If this window is closed and no network traffic is detected originating from this user's machine, the authentication will time out and the user will have to re-authenticate in order to access the Internet. The timeout is set to five minutes.

Privileges allow the following items to be configured: · QoS classes assigned to WAN/DMZ connections; · Access to the Internet: time interval and services; · Access to edgeBOX's services: time interval and services; · Access to the DMZ: time interval and services; · Inter VLAN access. · Access to IPSec VPNs. · Access to PPTP VPN sessions. As previously mentioned, the policies are handled at the firewall level. After an user authenticates, appropriate firewall rules are loaded in order to enforce his Privilege profile. A user authenticating from a PC in the LAN will in fact revert to an IP/MAC address pair, and each rule loaded will refer to this pair. If the profile to which the user belongs to was granted access to the Internet, a firewall rule will be loaded allowing all traffic originating from this host to the Internet. If a Privilege contains an IP address (see the Devices section in Privileges), then firewall rules reflecting this policy profile featuring this IP will automatically be loaded, making it a static entry. That is, if a user uses a machine with an IP in a profile, they will be automatically authenticated by the edgeBOX and will have the profile's privileges (rather than the users profile privileges). A typical use of this feature is to automatically allow servers to access the Internet. Suppose you have a Windows update server. By making its IP a member of a group with access to the Internet will automatically enable access to the Internet for this server.

Critical Links, Inc.

allowing for a multitude of different configurations and scenarios. 13. The user will have to reauthenticate. the authentication page is displayed. Due to the concept of system-wide authentication. edgeBOX's RADIUS server is queried. these two functions can be delegated on remote servers. access is granted (authorization AND authentication succeeded). containing a message indicating success and a logout button.4 Remote configuration So far we have assumed edgeBOX handles both authentication and authorization using its local RADIUS and ldap servers. the rules will be unloaded from the firewall and further connections denied.1. Otherwise. access is denied (authorization failed). The IP/ MAC address pair in these rules are the user's PC IP/MAC address pair. the user will be granted access according to his Privilege. · If the user closes the pop-up window and no network traffic is generated for 6 minutes. access will be denied. access is granted. · Otherwise. be it local or remote. · Otherwise (any other application). all services will be authenticated against the scheme chosen. if the user tries to access any website on port 80 or edgeBOX's authentication page. · Otherwise. rules reflecting this user's Privilege policy are loaded into the firewall. There are some services however.3 Putting it all together Suppose a user in the LAN tries to access the Internet or an edgeBOX service and the Authentication service is running. · If the user has requested a web page and his policy allows. if the password does not match. his browser will be redirected to the web page requested and a small window will pop-up. access is denied (authentication failed). · Otherwise. LDAP is queried. However. The following matrix displays the possible combinations for authentication/authorization schemes: Authorisation Local RADIUS Local RADIUS Local RADIUS Local RADIUS Remote RADIUS Remote LDAP Authentication Local LDAP Remote LDAP Remote AD Remote RADIUS Remote RADIUS Remote LDAP Critical Links.1. · Otherwise. access is denied by the firewall.Appendices 253 13. · After entering his credentials. Inc. · At this point. The complete sequence of events is as follows: · If the user tries to access edgeBOX's port 8010/8011. namely PPTP and Wireless that allow you to use another (RADIUS) server to perform authentication. . If a reject argument is found.

If you are not using local authorisation.1x and WPA. The next table displays this information: Authentication Sheme Used Local. having a LDAP backend performing authentication/authorisation. To be able to have MS Windows controlling your Wireless connection.254 edgeBOX 5. Critical Links. they are not known to edgeBOX before they make their first successful login. only the native MS Windows client was used. Special remarks have to be made when you delegate authorisation/authentication on a remote LDAP or RADIUS or Active Directory (without "import users" checked) server. it will be shown how to configure a MS Windows client station to connect to edgeBOX's wireless access point using 802. local accounts and entries will be created locally. Bear in mind that although a remote scheme is used. This schema works also in "fail-safe" mode. Before this happens no user account is created locally and the same applies for edgeBOX's local RADIUS and LDAP servers (edgeBOX always keeps a local copy). you can still add local users before those users make their first login. . after an user logins in for the first time. you have the option to import the users. and will be granted permission to access the services configured in the "Generic" privilege. Some cards have their own managing software. In this scenario. 13. As users are remote. When using Active Directory as a remote authentication scheme. WiFi or LAN only using LAN authentication.2 Appendix B: Connecting to Wireless In this appendix. In such a configuration. i. in which RADIUS performs authorisation.0 Help The first line matches edgeBOX's local configuration (all local). AD (with user import) or Remote LDAP Remote RADIUS or AD (without user import) First Login using any service: FTP.e. Depending on the scheme used. the way a user may perform his first login will vary. Not all wireless cards will support these security schemes .a firmware upgrade may be needed in some cases. Inc.. In the examples that follow. This can be useful if you want to set their service permissions beforehand (when using local authorisation) or to set the group to which they will belong (by default they are assigned to the generic group). if the Active Directory server is not reachable at a certain point the users will be authenticated locally. you must start the "Wireless Zero Configuration" service. PPTP. POP3. he will be placed in the "Generic" privilege. you will still be able to edit user's permissions. You can have a remote configuration replicating this configuration.

Notice that windows is being used to configure wireless In the examples that follow. Critical Links. · Allow only specific devices to use the wireless network: not active . . later you can activate this if you wish.Appendices 255 Wireless configuration applet.this network will be visible for all wireless clients nearby. Inc.no Hardware Address based filtering will occur. the following general configuration will be used by edgeBOX: · SSID: valebox · Channel: 1 · Hide Network: not active . later you can configure it.

Inc.1x The following picture illustrates the configuration used by edgeBOX for 802. Select then the "Authentication" tab.0 Help 13.1x authentication and accounting. double-click the "Wireless Network Connection" icon and select the "Wireless Networks" tab. .1 802. Critical Links. On MS Windows. Make sure the SSID entered is consistent with that defined on edgeBOX (valebox on our example).256 edgeBOX 5.2. Choose "WPA" for "Network Authentication" and "AES" for "Data Encryption".

" checkbox.. uncheck the "Automatically use my Windows. Press the "Properties" button. select "Protected EAP (PEAP)" as the "EAP type". uncheck the "Validate server certificate" checkbox. Authentication Protected EAP Properties On the dialog window that pops-up.. Inc.Appendices 257 Wireless Network Connection Wireless Networks On the Authentication tab. Critical Links. . Press "OK" on all dialogs to confirm this configuration. Press the "Configure" button. On the dialog window that pops-up. and select "Secure password" as the Authentication Method.

its status will appear as "Connected". . Additionally. the following settings must be configured on the client: · Network Authentication: WPA-PSK · Data Encryption: AES. Remember that if you choose to use Critical Links. you should see a balloon warning you to enter credentials to connect to the wireless network.258 edgeBOX 5. Inc.0 Help If the configuration succeeds. the network key to be used must also be supplied. 13. If the connection was successful. Clicking on the balloon will display a prompt requiring you to enter the username and password for a user authorised to connect to the Wireless network.2 WPA If edgeBOX was configured to use WPA as the security scheme.2.

asking you to supply the network key. it must be 64 hexadecimal characters long. You may obtain an automatically generate key from the website https://www. Wireless Configuration Network key dialog Critical Links.Appendices 259 a preshared key. if less than 64 characters. it may be ascii or hex. Inc. . when you try to connect to it a dialog window will be shown.com/passwords. htm. If this connection is configured to be established manually.grc.

Inc.this assumes edgeBOX is running the Windows Server and acting as a Primary Domain Controller. select the "Domain" option and enter your domain name (in our example it was "mydomain").3 Appendix C: Windows Integration This appendix will shown you how to use some of edgeBOX's Windows Server features. The windows host will be added to the Domian provided by edgeBOX. Please make sure to catch all the details in the Windows Server section. you have to specifically supply the username "Administrator". you will be required to supply credentials of a user belonging to the domain administrator's group. In edgeBOX.3. how to: · Add a Windows computer to edgeBOX's Domain · Map an edgeBOX Shared Folder on Windows Remember that users can olny access these features if they belong to a Privilege for which the Samba service is accessible.260 edgeBOX 5. To add a windows host to edgeBOX's Windows Domain. Select the "Change" button. join domain dialog Critical Links. After you select "OK" to confirm the domain change. In the dialog window that pops-up. 13.0 Help 13. namely.1 Adding a Windows Host to edgeBOX Domain This section details the process of adding a windows host to the edgeBOX Windows Domain . select "System" under the Windows Control Panel. and then select the "Computer Name" tab. which has the same password as the admin user (defaults to root). .

In the picture bellow the user's directory content is shown. The other directory shown (profile) is where the roaming profile data will be stored. so the user will retain her desktop definitions after logging off. Inc. The user's home directory will be mounted as Z:. Go to My Computer. .3. After rebooting the machine. log on to edgeBOX's domain (it should be available on the domains' list). 13. the following dialog will be displayed. Critical Links. 2. This is the directory where the user's personal web page will be located.Appendices 261 change domain dialog If the operations was successful. where the public_html directory can be accessed.2 Mapping a Shared Folder on Windows To map an edgeBOX shared folder on a virtual Drive 1. Select the Tools menu and the Map Network Drive option.

which will disconnect that particular share. This will release all connections to shares.168. 4. Critical Links.0 Help 3. It's "net use" which will display which are the active shares and then "net use <share> / delete".90. Windows does not allow you to mount shares with different username/passwords. via the command 13. Inter vlan routing is done in the edgeBOX with access profile enforcement. Select the character you to use for the drive.262 edgeBOX 5.possible to specify which share to release. Inc. It's possible to disconnect from a share using the command "net use * /delete". 802.1x with single sign on or automatic guest VLAN more advanced switches will be needed. For advanced features like port based authentication. . Type the IP address of edgeBOX.254\rui. a broad range of scenarios are possible.1Q switch will work. From a basic network infrastructure with generic 802. · For switches with L3 features it is important to disable inter vlan routing on the switch. For example: \ \192. followed by the name of the shared folder.4 Appendix D: VLAN based Infrastructure With the introduction of VLANs in the edgeBOX architecture the type of scenarios where an edgeBOX can be deployed has been significantly increased.1Q Switches to full port based authentication devices with dynamic VLAN assignment. dynamic vlan assignment. · For basic VLAN scenarios any 802. Some of the supported features depend on the type of Switch or Wireless AP used for deployment.

· Generic Wireless AP with 802. 802. Dynamic VLAN assignment · D-Link DES-1252 .1x port based authentication · No Dynamic VLAN assignment · No native Guest VLAN on switch · VLAN Scenario 3 · 802. 802.1Q · Generic L2 switch with 802.1x Authentication only.802. 802.1x SSO and Dynamic VLAN assignment · Procurve 420 Wireless AP (Firmware 2.1Q VLAN and 802.1x .802.1Q.1x Port based authentication.Support for 802.2. manual session timeout configuration · SMC Tigerswitch 6726 AL2 .1x .802.1x SSO.1x port based authentication · Support for Dynamic VLAN assignment – (HP Procurve switch) · No native Guest VLAN on switch Critical Links. Inc. Type of 802.802. 802.1x SSO.1Q VLAN + 802.802. .1Q.1Q.802.802.1q compatible switch with 802.1x port based authentication · No Dynamic VLAN assignment · No native Guest VLAN on switch · VLAN Scenario 2 · Standard 802.1q compatible switch with 802.1X.1Q VLAN .Appendices 263 Type of Authenticators supported: · Procurve 2650 Series . You might wish to read them in order to get a better grasp of the concepts or to adapt them to your own needs: · VLAN Scenario 1 · Standard 802.2 or later) .1Q.1x and dynamic VLAN assignment · Support for 802.1x supplicants tested (PEAP-EAP-MSCHAPv2): · Windows XP SP2 · MacOS X · Windows Vista · Windows Vista SP1 Please find below four possible VLAN deployment scenarios.1q compatible switch · No 802. No single sign on available.1Q VLAN only · Generic L2 switch with 802. No single sign on available. manual session timeout configuration · D-Link DES-1228 .1x · Support for 802.

Critical Links.1x and dynamic VLAN assignment · Support for 802.1x port based authentication · Support for Dynamic VLAN assignment – (HP Procurve switch) · Native Guest VLAN on switch – (HP Procurve switch) 13. . The port on the switch must be configured as 802.264 edgeBOX 5.0 Help · VLAN Scenario 4 · 802.4.1 VLAN Scenario 1 Characteristics of this scenario: · Standard 802.1q compatible switch · No 802.1q compatible switch with 802. Inc.1x port based authentication · No Dynamic VLAN assignment · No native Guest VLAN on switch This is the most basic scenario when deploying VLANs with edgeBOX.1q trunk. allowing all configured VLANs to pass through the link. In this case the LAN port of the edgeBOX is connected to a trunk port in the switch.

then all traffic to and from this user will be filtered with the default rules for non-authenticated users. and this means all ports are by default configured as being part of that VLAN. . 3 .2 VLAN Scenario 2 Characteristics of this scenario: · Standard 802.By default.4. 2 . the LAN zone is the same as VLAN 1 (id 1).Appendices 265 1 . all traffic between VLAN zones is blocked. DMZ and access to other VLAN segments.When using VLANs. 4 . This means the edgeBOX firewall does not allow routing of traffic between VLANs unless the administrator configures it with different type of access rules.The only type of user authentication available is Web Login.1q compatible switch with 802.1x port based authentication · No Dynamic VLAN assignment · No native Guest VLAN on switch Critical Links. Inc.Access Rules between VLAN segments can be configured per access profile in the VLAN tab. 13. the firewall enforces the configured User Access Profile rules for WAN. When a user authenticates successfully. In most cases the VLAN 1 is the default VLAN on a new installed switch.1x · Support for 802. If the user is not able to authenticate with success.

To enable support for 802. The only requirement is that a Critical Links. On the edgeBOX this 802.1x is that the user will not be able to access the network until he is able to get a successful authentication. for a client PC connected to one of the switch ports configured with 802. the switch detects the presence of a client and initiates the 802. The edgeBOX supports protocol PEAP-EAP-MSCHAPv2. If the authentication is not successful then the port will be closed and the user will not get access to the network. In this scenario. needs to be authorized. If the authentication is successful the switch will open the respective port and the client will be part of the static VLAN configured on that Port.266 edgeBOX 5.0 Help This is basically the same as Scenario 1. Both Windows XP and Vista include supplicants with native support for this authentication type. made by the Client PC supplicant. Inc. Support for Single Sign On (SSO) Scenarios based on 802.1x port based authentication we need to configure the switch to use the edgeBOX as the RADIUS server for authentication and enable the ports where we want this enforced. At this point the client will get an IP address if configured with dhcp and the edgeBOX DHCP server is enabled. The only addition is that we have some or all ports on the switch configured for 802. The main advantage of using 802.1x. will be forwarded by the switch to the configured RADIUS server for authentication.1x include support for automatic user login. The authentication request.1x protocol.1x based switch.1x port based authentication. and this is done in System->RADIUS->Add. the RADIUS client. .

The following is needed to deploy this feature: Critical Links.4.3 VLAN Scenario 3 Characteristics of this scenario: · 802. 13. A supported switch includes the calling station MAC address in the RADIUS Access Request packet and is able to process session timeout.1q compatible switch with 802. In this case.1x switch does not support the calling station attribute. During 802. The edgeBOX supports assignment of a VLAN per access profile.1x switch is used to deploy those scenarios. In case the 802. Without a successful authentication the port will be closed and the user wont be able to access the network. the port based authentication is still done but the user will need to do a normal weblogin when accessing the Internet or services running on the gateway. Inc. the switch moves the associated port to the VLAN configured for that user access profile. the RADIUS server sends additional attributes to the 802.1x and dynamic VLAN assignment · Support for 802.1x authentication and on success. after a successful authentication. .1x port based authentication · Support for Dynamic VLAN assignment – (HP Procurve switch) · No native Guest VLAN on switch This is scenario 3 with a switch that supports VLAN dynamic assignment.1x authenticator in the switch with information regarding the VLAN id for that particular user.Appendices 267 supported 802.

.1x and dynamic VLAN assignment · Support for 802. 2. 3. 13.1q compatible switch with 802. Configure the RADIUS client as referred in Scenario 2. The HP Procurve follows RFC2868 / 3580 with with Tunnel-Private-Group-ID of type string.268 edgeBOX 5.1x port based authentication · Support for Dynamic VLAN assignment – (HP Procurve switch) · Native Guest VLAN on switch – (HP Procurve switch) Critical Links. The advantage of this scenario is the fact that we can effectively do network access control by port and at same time we are able to put the user in the correct VLAN even if he does a login outside of is main work space.4.4 VLAN Scenario 4 Characteristics of this scenario: · 802. select the correct client type and enable Dynamic VLAN assignment. See NAC->Access profiles>”Profile”->VLAN->VLAN Name. Configure the User Access Profiles with the correct VLANs. The network infrastructure must be setup with Procurve 2650 or compatible switches in terms of RADIUS dynamic Vlan assignment.0 Help 1. Inc.

With a successful web login authentication.1x with Unauthorized-Client VLAN assigned to VLAN6. will be isolated in VLAN6. As soon as the switch assigns the unauthorized-client VLAN to that port. · Any other user that tries to connect to one of these ports.1x user is not able to authenticate. These ports are located in a meeting Room. · Engineering profile has access to Internet.1x Open VLAN mode in the Procurve 2650. The unauthorized-client VLAN can be configured using the 802. In the end the system will reboot and the hard disks will be re-imaged with the original first install contents.1x authentication. · When Guest01 connects to port 5. User01 is able to work on his own VLAN and access any other places allowed by his Engineering access profile. · User01 is a member of the engineering profile. LAN and a few servers located in VLAN2. the edgeBOX enforces the guest profile for this user and he is able to access the Internet but nothing else. the user will be presented with the edgeBOX web login page when trying to access the Internet. user data and software updates since the first time the edgeBOX was installed. the switch is not able to start a 802.1x authentication takes place and the switch port is automatically configured for VLAN3.1x authentication and automatically opens the port on VLAN6. At this point the switch automatically configures the port to another VLAN – the Unauthorized-Client VLAN. without a successful authentication. IMPORTANT: be aware that this option erases all configuration. If the edgeBOX authentication is enabled. · User01 has his laptop ethernet connection setup for 802. . a successful 802. · Guest01 is a member of the guest profile. Use the "system factory" command to initiate a factory reset. · Guest01 is a guest user with just a regular dhcp configuration on his laptop. Critical Links. Inc.Appendices 269 This is scenario 4 with a switch that supports guest VLAN when operating with 802.1x and VLAN dynamic assignment. At this point he is able to get an IP address through dhcp and when trying to access the Internet he will be presented with the authentication page. A practical example: · Switch ports 4 and 5 are setup for 802. the connected host is able to get an IP through DHCP. 13. · Guest profile is configured to have open access to the Internet only. Users in this profile are not able to access any of the other VLANs or LAN. This is similar with scenario 3 and the only difference is when the 802. · When User01 connects to port 4.5 Appendix E: Factory Reset The factory reset option is only available through the CLI (Command Line Interface). configured for VLAN3 (see #3 in scenario 3).

E-mail retrieving · LDAP .Simple File transfers · VoIP .Network devices monitoring · SSH . Inc.Calls cost information · CTI .Remote Management Interface · FlashOperator . .Secure Shell · TFTP .edgeDESKTOP interface · eMI .E-mail retrieving · RADIUS .270 edgeBOX 5.Date and Time Synchronization · POP3 .6 Appendix F: edgeBOX Network Services edgeBOX Network Services list In several configuration situations .Network services monitoring · NTP .Web Server · IMAP4 .Network services monitoring · Nagios .Authentication and Accounting · Samba .such as the Firewall or user Privileges .Domain and IP Address translation · edgeDESKTOP .File Transfers · HTTP .VoIP Telephony Critical Links.Phone and Computer Integration · DNS .you'll be presented with or even need to select entries from edgeBOX network services list: · Billing .Windows Domain and File Sharing · SNMP .Phones Swicthboard · FTP .Authentication and Accounting · Monit .Network services monitoring · Munin .0 Help 13.

/ : . General Topics Change the password once in a while." · up to 62 additional lower case letters and/or digits can be used ("[a-z0-9]{1. Inc. it's always admin · Password: Critical Links.62}") · Password: · Size: from 1 to 127 · Characters ("[a-zA-Z0-9!"#%&'()*+. The characters right above the numbers in your keyboard are all good candidates too. Don't use simple passwords.<=>?@[]_`{|}]{1. Use passwords with at least 10 characters. See more specific details bellow.-. "_" and ". write your password down on a paper and store it at home.. digits ("0-9") and any of ! " # % & ' ( ) * +.]{1. For regular users: · Username: · Size: from 3 to 64 · Characters ("^[a-z][a-z0-9-_. . . "-". with letters./:. numbers and special characters like '_'.Appendices 271 13.127}"): · lower ("a-z") and upper ("A-Z") case letters.7 Appendix G: Usernames and Passwords The choice of Usernames and Passwords is a relevant topic when configuring edgeBOX. away from your usual work place. < = > ? @ [ ] _ ` { | } Specifically for the admin user: · Username: you can not change the administration username in edgeBOX. '+'. If you don't trust your memory.62}[a-z0-9]$") · must start with a low case letter "a-z" · the midle characters may additionally contain digits ("0-9").

. digits and '_' and '-' Critical Links. / : . Inc.272 edgeBOX 5.<=>?@[]_`{|}]{1. .0 Help · Size: from 1 to 127 · Characters ("[a-zA-Z0-9!"#%&'()*+.. one single leading '+' if needed. digits ("0-9") and any of ! " # % & ' ( ) * +.-. < = > ? @ [ ] _ ` { | } Specifically for phones: · Number: · Size: 1 to 20 · Characters: only digits ("0-9")./:. · Name and Password: · Size: from 1 to 20 · Characters ("[a-z0-9_-"): lower case letters.127}") · lower ("a-z") and upper ("A-Z") case letters.

You're Reading a Free Preview

Descarregar
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->