P. 1
Edge Box User Manual 50

Edge Box User Manual 50

|Views: 129|Likes:
Publicado porvascocorreia

More info:

Published by: vascocorreia on Sep 24, 2010
Direitos Autorais:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

10/01/2013

pdf

text

original

Sections

  • 1 About edgeBOX
  • 2 Initial Configuration
  • 3 Dashboard
  • 4 Network
  • 5 VPN
  • 6 Security
  • 7 Office Servers
  • 8 IP-PBX and VoIP
  • box
  • mail
  • 9 Users
  • 10 System
  • RAID
  • 11 Reporting
  • 12 User Services and Applications
  • 13 Appendices

Dramatically simplifying voice and data networking

USER MANUAL V5.0

Disclaimer
Precautions have been taken to assure accuracy of the information written in this user’s manual. Typographic or pictorial errors that are brought to our attention will be corrected in subsequent issues. Product specifications in this manual are nominal and are provided for the convenience of our customers. They are all correct at the date of publication. Critical Links reserves the right to make product changes from time to time, without prior notification, which may change certain specifications or characteristics shown. We therefore recommend you to check for changes or updates before using for customer projects or further product developments No material will be accepted for return unless Critical Links grants permission in writing. The handling, installation and usage of the edgeBOX are applicable to certain environments and may be required for code compliance. Features of the device will not provide protection against abuse, misuse, improper installation or maintenance. It is important that installation, operation and maintenance are performed in accordance with instructions supplied in the manual. Electricity and electrical devices must always be treated with caution and respect.

Product Support
The edgeBOX software is distributed according to the End User License Agreement EULA included at the end of this User Guide. By using the software you agree to be bound by this EULA. If you do not agree to the terms and limitations of the EULA you should not use the software.

End User License Agreement
For product technical support please visit the following web site http://www.edgebox.com or contact us at the following email address: support@critical-links.com.

Critical Links, Inc
695 Route 46 West Fairfield, NJ 07004 USA Phone: 973.276.9006 Support Hotline: +1 888 433 4326 Website: www.critical-links.com Email: support@critical-links.com

4

edgeBOX 5.0 Help

Table of Contents
1. About edgeBOX 10

..................................................................................................................... 11 1.1. Introducing the award-winning edgeBOX ..................................................................................................................... 12 1.2. edgeBOX's main features 1.3. Unpack ..................................................................................................................... 13 and setup edgeBOX ..................................................................................................................... 14 1.4. Connecting to edgeBOX's web interface ..................................................................................................................... 16 1.5. Understanding edgeBOX's web interface ..................................................................................................................... 19 1.6. Connecting to edgeBOX's console ..................................................................................................................... 20 1.7. Working with edgeBOX's LCD panel ..................................................................................................................... 21 1.8. License, Hardware and Software

2. Initial Configuration 3. Dashboard 4. Network

22 26 29

..................................................................................................................... 30 4.1. Configure the internet connection (WAN interface)
......................................................................................................................................................... 30 through another device such as a cable modem or a router ......................................................................................................................................................... 31 through a DSL/PPPoE connection

4.2. Change..................................................................................................................... 32 the local network properties (LAN) 4.3. Change..................................................................................................................... 33 the DMZ settings ..................................................................................................................... 34 4.4. View and manage VLANs ..................................................................................................................... 35 4.5. Interfaces Physical and Logical Status 4.6. Monitor..................................................................................................................... 36 connections through edgeBOX 4.7. Change..................................................................................................................... 37 edgeBOX's hostname and network domain ..................................................................................................................... 38 4.8. View the system routes ..................................................................................................................... 39 4.9. Manage static routes ..................................................................................................................... 40 4.10. Wireless
......................................................................................................................................................... 41 Configure and turn on the wireless network ......................................................................................................................................................... 43 Indicate the type of authentication ......................................................................................................................................................... 46 Make the wireless network more secure ......................................................................................................................................................... 47 Make the wireless network public

..................................................................................................................... 47 4.11. Managing the DNS server
......................................................................................................................................................... 48 Adding or Editing DNS domains .................................................................................................................................................. 48 How to add a Master domain .................................................................................................................................................. 50 How to add a Slave domain .................................................................................................................................................. 51 How to add a Forwarder domain ......................................................................................................................................................... 51 Changing global DNS Settings ......................................................................................................................................................... 52 Managing DNS ACLs ......................................................................................................................................................... 53 Managing hosts on an existing domain

Critical Links, Inc.

Network

5

..................................................................................................................... 54 4.12. Use Dynamic DNS 4.13. Using ..................................................................................................................... 55 the DHCP service
......................................................................................................................................................... 56 Assign IP addresses using Ranges ......................................................................................................................................................... 57 Assign IP addresses using MAC-IP rules ......................................................................................................................................................... 58 Configure DHCP advanced settings ......................................................................................................................................................... 59 DHCP Leases

..................................................................................................................... 59 4.14. Manage the Webcache size and sites 4.15. Using ..................................................................................................................... 60 NAT and Port Forwarding 4.16. Using ..................................................................................................................... 61 QoS
QoS Upload......................................................................................................................................................... 63 configuration ......................................................................................................................................................... 64 QoS Download configurations ......................................................................................................................................................... 64 Service Classification ......................................................................................................................................................... 65 Internet and DMZ QoS statistics

5. VPN

67
General ......................................................................................................................................................... 69 Advanced .................................................................................................................................................. 70

5.1. IPSec ..................................................................................................................... 67

5.2. PPTP ..................................................................................................................... 71
......................................................................................................................................................... 72 PPTP Properties

5.3. L2TP

..................................................................................................................... 73

6. Security

75

..................................................................................................................... 75 6.1. Firewall
......................................................................................................................................................... 76 Securing the Internet and DMZ links ......................................................................................................................................................... 76 Securing Internal Connections ......................................................................................................................................................... 77 Using Advanced Firewall Rules

6.2. Setting ..................................................................................................................... 79 up a DMZ ..................................................................................................................... 80 6.3. Enabling NAT for the private networks ..................................................................................................................... 80 6.4. Using Port Forwarding ..................................................................................................................... 81 6.5. Website Access Restrictions
Domains ......................................................................................................................................................... 82 ......................................................................................................................................................... 83 Words in URL

..................................................................................................................... 83 6.6. Install and Manage Anti Virus Engines ..................................................................................................................... 83 6.7. Scanning Shared Folders for viruses ..................................................................................................................... 84 6.8. Scanning E-Mail for Viruses
Messages ......................................................................................................................................................... 85 ......................................................................................................................................................... 86 Actions Quarantine......................................................................................................................................................... 86

..................................................................................................................... 87 6.9. Scanning E-Mail for SPAM

7. Office Servers

89

..................................................................................................................... 89 7.1. Manage your web sites and intranets
......................................................................................................................................................... 90 Setting up multiple websites

..................................................................................................................... 92 7.2. E-mail Server and Webmail
......................................................................................................................................................... 92 E-mail Queue

Critical Links, Inc.

......... 126 .............................. IP-PBX......................... 100 ...................................................................... 93 Mailing Lists ......................................................................... Inc........................................................................................................................................................................................................ 130 Creating incoming call rules .........4................. 116 Connecting phones ........................................ 119 configuration of phone devices ......................................................................................................................................................................................................................................................................... 146 FXO-FXS 8.....6.............................................................................................................. 93 E-mail domains and Webmail Aliases and.................................................................................................................................................................................................................................................. 115 Analog phone extensions and fax machines ............................................................................................................................................. Windows Shared Folders Shares ..................................................... 150 Call Listening and Call Whispering .............................................................................................. 143 ISDN PRI................. 144 .............. 117 Connecting VoIP Phones ..................................................................................................................................................................................................................................................................................2............................................................................... 96 SMTP Access Control ..................................................... 143 ISDN BRI................................................................................................................................................................................ 106 Overview ..................................................................................................................................................................... 103 Temporary Shared Folders ....................................................................................................5...... 99 7............................................................................................................................. Define.............. 133 Defining Automated Attendant menus Schedules.............................. 149 Group Calls ............................................... 142 Remote Offices Hardware ...................... 146 How to change configuration mode (E1 / T1) Analogue........... 108 8......................................................................................................................................................................... 109 Understanding the Phones list ............................................................................................................................................................................................................................................................................................................................................................................................. 136 Rules Definition ... 129 8. 113 SIP and IAX phone extensions ...................................................................................................................................................................................................................................................................... Configuring incoming call rules ....................................................................................... Managing your phones .......................... 141 ENUM service .....................................................................4................ Windows Shared Printers 8........................................................................................................................................ 116 ISDN Phone extensions .. 94 Settings and Permissions ....................................................................................................... 123 Phone Groups and Access Control Twinning ......................................................................................................................................... 139 8.............................................................................................................................................................................................................................................................................................................................................................................................................................. 122 Auto Configuration Modes ......................................................................................................................................................................................................................................................................................................................................... 111 Creating phones .............................................................................................................................................. 140 VoIP Providers .......................................................................................................... 103 7............3....................................................................................................... 148 Blind and Supervised Transfers ................................................... IP-PBX and VoIP 105 8... 147 operations ........... 97 7.......................5................................................................................................................................................................................................................................................................................................................... 128 Internal Dial Plan ........................... 135 8...................................6 edgeBOX 5...................................................................................................................................................................... Configuring Voice Lines .....................................................................................1... 135 your outgoing call rules ...................................................................................................................................................................................... 151 Call Pick-Up Critical Links. Windows Server ........................................................................................................................................................................ 149 Intercom Calls .......................................................................................................................................................................... ............................................................... Phone.........................................3.....................................................................................0 Help ................................................................................................. 118 Connecting ISDN Phones Automatic....................................................................................................................................................................... 102 Setup Share Permissions ................................................................................................... 118 Connecting Analog Phones and FAX machines .................................................................................................................................... 136 Authentication ............. 138 Emergency number ...........................................................................................................................................................

............................................................................................................................................................................................................................................................................................ Delegate a Local Administrator ........ 186 9................ 159 8................................................................ 177 Importing and Exporting Users ....... 182 Using a remote LDAP Server ................................ Conference Rooms .................................. 162 ............................................................................................................... 165 Define Country Zone ..............................................................................................................................................................................CDR ...................9................. 166 G.. 179 Authentication ......................................................... 194 9.......................................................................................................................................................................................................................14............................................................................. 174 9......................................................................................... 153 Labeling CDR records with Cost Centers ............................................. 190 other VLANs ........ System 196 .............................. ............................................................... 191 9.............8........12................................................................................................................................................ Inc..................................................................................... Privileges .................................................................................................... 196 10..............................................................................IP-PBX and VoIP 7 Twinning ........................................................................................................................................................... Codecs ... 165 Echo Cancellation ...................................................................................................... 172 8................................. 155 8............................................. 152 ................................................................................................................................. 189 Fine tunning Internet and DMZ access Access to .......................................................................................................... 175 network users ..................................... 170 8.................................................. MailFax Service .........................................................................10................................................ Automatic Call Recording 8........................................................................................................................ 179 Default Quota Activating.............................................................. VoIP ................................................................................................................................ Music On-Hold ......................... Groups .................................................................................................................................................... 164 Sound Files ..................................................................................................................................................... 183 Using a remote AD Server Customize................................................................... 157 Settings for Queues .................... Advanced VoIP Options Voicemail ................................................................................................................................................................................................................................................................................................................... 163 Call Parking Operation.....................4.............................................................................................................................. Managing Call Queues Advanced.................................................................................................................................................. Authentication ........................................................................................................... 154 8................................. 194 9......................................................................................................................................................................................................................... 181 Using remote authentication .................................................................... Users 174 Managing ...11........................................ 168 NAT ................................................................... 161 How to send a fax using MailFax? ....................................................................................... Default Predefined Phone Numbers 9............. View currently Connected Users . 151 Follow Me ........................................... 166 Billing Service ........................................................................................................................................................................................... Adjusting Date and Time Critical Links................................................................................................................................................................... Configure authorized RADIUS clients 10.. 169 8.................................................................................1............7....................1.............................................. 153 One Touch Recording .............................................................................................................. 162 8..................................................................................................... 191 9......................................................................5................................................................................................13.....................729 Licensing ............. 181 Using a remote RADIUS Server ............................................... 184 the user login web page ................................................................................... 172 activity logs ..........................................................................2................................6................................ 158 8.............................................................................3..... 167 Manager Interface Advanced.................................................................................................................................................. 163 Key Codes Customize...........................15...

............................................................ SNMP . 243 Operator Panel (FOP) Critical Links.........................................................11..............................9............................. Temporary Shared Folders ... 226 HTTP Access ........................................... 199 10............................... Notifications ....1.............................................................................. User Services and Applications 237 ............ Reading and Managing System Logs .................................................................................... 242 12.............................................................................................15........................................................................................................................................................................................ 224 Disk Usage Interfaces............................ 221 CPU Memory ...................... 221 11.......................................0 Help ...................................................2...............13.........................................................................................................................................7...... 235 VoIP ............................... 226 11................................................................................ Remote Management 11............................................................................................................2.......................................... 208 software updates in a Hotbackup scenario ...... 201 10........................................................................................................... 228 ........................... 234 E-mail . 217 10................................. 232 ................................ 229 E-mail .......................................................................................................................................................... Diagnostic Tools ...................................................................................................... 222 ............................................................................. 211 10..........................................................................................................................................................................................................................................................................................................................6.... 231 VPN ................................................................................... Managing and Diagnosing RAID .......................................14.....................................................................12.......... 232 11........................................................................................................................................... 236 VPN 12... Reporting 221 ..............................................4.............................................................................................3..... Services Control Panel ............................................ .......................10.......... Managing Software Updates ....... 219 10......................................... 214 10....................................................................................................................................................................................................................................................................................... 227 Web Server Firewall ........ RADIUS Accounting ........................................................................................................................................................................8................................................... Flash.......................... 230 VoIP ............................... 225 ............................... 202 Backup Scheduled........................................................... 213 10................................................................................................... Maintenance .......................2................................................................................................................................1.....................................8 edgeBOX 5...................... Using HotBackup for redundancy Managing ........................................................................................................................................................... System ............................................................................................................................................ 223 Load ..................................... Users General ........ 205 10............ 210 10................................................. 212 Disk Notifications Replacing .................................................................................................................................................................................................................................................. Services ............................................................................... 234 HTTP Access ...... Inc.......................................................................................................................................... 203 Backups ............. Webmail 12...................... 216 10............................................................................................................................................................................................................................................. 233 Accounting ...................................................... 217 10............................... 238 12.................. Backup & Restore Immediate...................3.......................................................................................................................................................................3.........5......... 215 10......................................................................................................................................................................................................................................... Administration ..................... 198 10.............................................................................................................................................................................................................................. Hardware Monitor ............................................................................ 212 a faulty disk ..................................................... 218 10...

.......................... 248 Agent ..3.......................................................................... 265 VLAN Scenario 2 ...........................................................1x WPA .................................... ......................................................................................................................5................................................... 249 Queue Managment ................................................................................................. 247 External Calls Transfer a.................................................................. 246 Initiate a Call ......................... 251 Require users to login vs Privileges policies ...................................................................................................................................................................... 260 Adding a Windows Host to edgeBOX Domain Mapping a........... 251 13....................... 250 Typical Caller Scenario 13................................................................ 268 VLAN Scenario 4 ........................................................................... 256 ..............................................................................................................................................................................4..................................................................... 262 13............................. 260 13............................................................................................................. Appendix A: Authentication .................................................................................................................... Inc................. 251 Authentication architecture .................................................. 250 Conference Calls .......................................................................................................................... 269 13........................................................................................................................................................................................................................................................................................................................................................................................................................... Appendices 251 .......................................1.................. Appendix E: Factory Reset ........................................................................................ Appendix G: Usernames and Passwords Critical Links................................................................ 253 Putting it all together .................................................................................................................................................................... 244 ........................................................... 258 .......................................................................... Appendix C: Windows Integration ......................................User Services and Applications 9 FOP Login............................................................................................................... 248 call Barging .......................................... 264 VLAN Scenario 1 ........................................................................................................................................................................................... Appendix B: Connecting to Wireless 802............................................................ 271 13........................ 261 Shared Folder on Windows .................................................................................................................................................................................. 270 13.................................................. 253 Remote configuration .....................................6.................. Appendix F: edgeBOX Network Services ..................................................................................................................................................................................................... 249 Park-Unpark Calls ..........................2....... 248 Create an.......................................................................................................................................................................................... 254 13....................................................................................................................................................................................................7..................................................................................................................................................................................................... Appendix D: VLAN based Infrastructure ................................................................................................................................... 267 VLAN Scenario 3 .......................

Inc.0 Help 1 About edgeBOX Critical Links’ edgeBOX is a network appliance that consolidates the voice. data and IT functions at a Small and Medium Business (SMB) into one single appliance. network access profiles .10 edgeBOX 5. it provides IP-PBX and VoIP. comprehensive Networking. Security tools. Introducing the award-winning edgeBOX edgeBOX's main features Unpack and install edgeBOX to the network Connecting to edgeBOX's web interface Understanding edgeBOX's web interface Connecting to edgeBOX's console Working with edgeBOX LCD panel License.Privileges. Wi-Fi Access Point. Critical-Links' edgeBOX provides an unified architecture and delivers all this in a single product. Quality of Service (QoS). Windows Server . Hardware and Software Critical Links.with advanced File and Print sharing. . such as Anti Virus and Firewall and SMB Office Servers (e-mail / web server / windows server). While all this is commonly delivered using up to 8 different independent products/devices. Specifically.

T-1/E-1 etc). Increases Productivity and Convenience at the SMB · Provides the broadest range of voice. it also provides a customer the ability to customize the settings to support their environment. Now with the edgeBOX a customer can get a broad range of voice. data and IT capability · Managed through a simple. The edgeBOX: 1. Dramatically simplifies the SMB voice and data infrastructure · It replaces up to 8 independent products/devices with 1 device · Reduces maintaining & managing several devices (and vendors) 2. . Reduces initial investment & recurring operational expenses over 60% · Initial cost reduced to less than a third of a multi-device solution · Recurring costs are nominal. SMBs have had to incur a high degree of complexity (due to the many devices and vendors needed to be managed) and the attendant cost (due to expensive IT support) to get much needed voice and data features. Environmentally (and economically) friendly · Much smaller carbon footprint lower power/space consumption · Lower waste generated at end of life The edgeBOX eliminates the traditionally painful trade-off between features. Ethernet. simplified management 4.About edgeBOX 11 1. remote. The edgeBOX comes with a wide range of interfaces to connect to the Internet and the PSTN (such as FXO/FXS. Every edgeBOX has an intuitive GUI that allows the user to access the box and configure the various functions very easily. data Critical Links. ISDN PRI/BRI.1 Introducing the award-winning edgeBOX The edgeBOX appliance comes in 3 different form factors (with different redundancy & faulttolerance options). Inc. unified interface. even remotely 3. complexity and cost at a SMB. NOTE: The box already comes with a set of default configurations that will allow most customers to just literally power on the box and begin to use it.

Quality of Service (QoS). and making all of them work together. Inc.2 edgeBOX's main features · · Internet connections using ADSL. by integrating the voice. The edgeBOX.critical-links. In addition. More information on the edgeBOX: Critical Links. etc. 695 Route 46 West Fairfield. for example. The number of features available on the edgeBOX is unmatched competitively and it provides more voice and data services than most SMBs would require currently.0 Help and IT services for a fraction of existing costs. A remote based management system ensures remote provisioning. . have to also be usually configured. Content Management System (for managing website content). interoperability. All this can be done right in the edgeBOX appliance from a GUI and without having to concern about the peculiarity of different devices.973. based on open source standards. If a VoIP service is to be provisioned. further enhancing the user experience. also allowing the configuration of a registered domain name. NJ 07004 U.276.S. further simplifying and cost reducing maintenance. Critical Links. value-added application packages called edgePACKs. also ensures a best-of-breed solution that is competitively superior in terms of both feature richness and cost. The edgeBOX comes provisioned with a default configuration for the router/switch settings and also for commonly used SIP phones. are also available for specific vertical segments. Router tables.A +1. Inc. Supports dynamic and static IP Address assignment. The edgeBOX incorporates a set of functional capabilities that are necessary when provisioning voice and data services at a SMB. e-mail server. Firewall. This not only reduces the upfront cost but also speeds up service turn up. The edgeBOX is changing the rules of the game for the SMB.12 edgeBOX 5. calendar and content sharing). data and IT features. in one appliance and managed by a simple GUI dramatically reduces the complexity and brings down the costs. in addition to configuring the IP-PBX.com 1-888-4-EDGEBOX 1. Current edgePACKs include the Learning Management System (for academia). Cable modems or other WAN Broadband devices. monitoring and management of several edgeBOX appliances as well. and edgeExchange (for e-mail.9006 www. these further augment the networking services in the edgeBOX with application oriented capabilities. The SMBs can now focus on their core competence instead of worrying about the cost and complexity of managing their networking The edgeBOX.

Support for a dynamic Intranet with content management capabilities. 2. Supports optional RADIUS session servers. 3. such as voice traffic. Call Rules. Introduce you to all the edgeBOX components.1Q and Inter-VLAN access policies. 802. Hunt Groups. Supports Local User Authentication or Remote User Authentication using a RADIUS Server. Conference calls. IMAP and POP3 Servers. Group based access control for third part applications integrated with edgeBOX. Inc. Supports 802. Support for SMTP Relay for Road Warriors.About edgeBOX 13 · · · · · · · · · · · · · · · · · · · · · · · DHCP server on the Intranet side with optional automatic name range generation. Tell you how to connect edgeBOX to your Internet Modem and Ethernet Switch. Supports DynDNS or No-IP. VPN tunnels based on the IPSec standard or the PPTP protocol. Internet E-Mail Server with anti-spam control. Phone Auto Configuration. Full access control over the internal network services and the Internet access. Possibility of reserving bandwidth for important users in your company or for high priority traffic types. Show you how to power up the appliance. 4. VoIP Features.1x Port based authentication with Single Sign On. User time and traffic based accounting. Optional Wireless Network with edgeBOX's access point. DNS Server for both local private domain or as a master name server on the Internet. Explain the elements and connectors in the rear and front panels. including support for line fail over. Backup and Restore of edgeBOX's configuration and of users's data.3 Unpack and setup edgeBOX To install the edgeBOX onto your network please consult the Quick Start Guide flyer that was sent to you with your edgeBOX appliance. Fax2Mail and Mail2Fax. 1. Traffic control in inbound and outbound traffic. System updates from a remote server. User based access control to manage accesses to the network resources. with optional home pages for every user of the network. Sound Manager. etc. Critical Links. A web server on both the Internet and Intranet side. Dynamic DNS. VLAN aware router. . Interactive Services. The guide will quickly: 1. Integrated e-mail access using the internal web server. LDAP Server or using Active Directory. See who is on your network and from what IP address.

100.254 and DHCP is active. so that it meets your requirements.100. or · to a hub or a switch connected to edgeBOX's LAN interface. 2.254 for Default Gateway. With a browser. click the Login link. 192.14 edgeBOX 5.255.168.100.50).168.254:8011.com or https://192. use 192.168.0 for Subnet-Mask. · Or configure it with a static IP address: the IP address used must lie in the 192.0/24 range (ex.100.100. Typically. Critical Links.254 for Nameserver. Inc. Then. . to connect your computer to the edgeBOX: · Configure it to automatically obtain it's local network IP Address from the edgeBOX using DHCP (recommended).100. After the page opens. the first task after you connect the edgeBOX to the network is to change the default configuration.168. This way.255.168. open the webpage https://myedgebox. You can perform the initial configuration from a computer connected either: · directly to edgeBOX's LAN interface. The LAN interface is initially configured with the IP address 192.168.4 Connecting to edgeBOX's web interface The edgeBOX appliance is configured with a default factory configuration.0 Help 1. also 192. use 255. from the computer: 1.

Critical Links. When loading completes you will see the Dashboard page with a quick overview of some relevant edgeBOX variables and it's global status. System and Reporting sections and menus. Feel free to click the links and navigate the interface. please note it might take a few moments and you may have to accept one ore more warning messages due to the Java Platform. hit the Login button. The edgeBOX web interface will then start loading.About edgeBOX 15 edgeBOX initial page 3. for security reasons you should change it). Office Servers. Use admin for username and root for password to login (this is the default password. To use the edgeBOX web interface you'll need the Java Plug-in installed: Java Runtime Environment version 6. Inc. Security. . This will help you get familiar with edgeBOX. At the top you'll also find links to the Network. VPN. Users. IP-PBX.

Critical Links. popup dialogs and others. ready to start configuring it. This helps to improve the user's experience while maintaining overall coherence among similar operations and concepts across distinct panels and dialogs. When you see the Dashboard you are succesfully connected to edgeBOX's web administration interface. . 1.5 Understanding edgeBOX's web interface edgeBOX's administration web interface makes use of several common user interface concepts and resources . At this point you might want to: · have a look at the Understanding edgeBOX's web interface page of this manual. or · jump to the Initial Configuration section to get a an initial roadmap. Congratulations. Inc.0 Help edgeBOX webadmin initial page: the Dashboard That's it. buttons. This page introduces those common concepts and resources and explains their global meaning and usage scenarios.such as graphical symbols.16 edgeBOX 5.

Then. This gives you an alternate and useful navigation path. Service Status and Service Start/Stop The Service Status Bar [4] shows you the current operational status of the corresponding edgeBOX service: the green color indicates the service is active while gray is be used for services Critical Links. Sections are subdivided into Menus. . Related Topics In each Menu you'll find context specific links to other related configuration menus in the Related Topics corner [3]. Inc. select the configuration Menu from the menus list [2] at the left. Navigation is a two-step interaction: choose the Section you want from the sections bar [1] at the top and. Once there you get a summary overview with current configurations and the most relevant status variables concerning the topic involved. once that section loads. you can make any quick changes you need and get back to your starting point. If you click the links you'll get immediate access to those configurations in a new popup window.About edgeBOX 17 The following image displays most of these features and will be used as a starting point for further explanations below: Navigation The interface is divided into Sections.

we are busy". By entering the alv sequence our search is considerably narrowed and it's now easy to find the person we are searching for. At the right end. Edit allows you to change an existing entry and Delete let's you remove configurations. but also in other situations .Delete All over the interface these three operations [5] are executed in innumerous situations. For faster search. Inc. New lets you create new entries. Save applies . Glass Pane: in order to keep your interaction with edgeBOX even safer. press Cancel. By clicking them you actually instruct edgeBOX to change the administrative status of the service. the red color is used for error situations.0 Help that are not running. those lists include a filtering option [6] that lets you quickly search for specific entries. Lists with Filters Some of the lists presented may grow a lot as you add new entries. during the configuration sequences between the administration interface and edgeBOX itself . Critical Links. the Service Status Bar gives you control over the service by means of the Start Service and Stop Service options. you need to press Save at some point. On the left. In the example image above we are trying to search for a user called Alves.Cancel cancels While configuring edgeBOX you'll enter data into several dialogs. or if you're in doubt. Please note: these are global principles that should hold true in the great majority of the situations you might find. when in doubt. If you feel lost.usually when you press Save. this also means that. it's a way to say: "Please wait. an informative text message is displayed accordingly. please keep in mind: · none of the changes you made is actually applied to edgeBOX until you press Save. in order to apply your changes to edgeBOX.Edit . · in any situation. New .18 edgeBOX 5.the interface is covered with a Glass Pane that prevents you from pressing any buttons or interacting with the interface. In several situations the sequence of popups that need your input may even become a bit more complex. Depending on the complexity of the operations being executed you may need to wait a little bit. if you press Cancel the dialog is immediately aborted and no changes are propagated to edgeBOX. .

· SSH: you need to have SSH service active on your Firewall. Inc. use no hardware or software flow control. no parity bit. the Status Bar [8] shows you when the interface is busy interacting with edgeBOX. . from the internal network you can use the address myedgebox. the Privilege you are assigned to needs to have access to SSH. on Windows you can use Hyperterminal. on Windows you can use putty. on Linux open a terminal and use the ssh command (ex: ssh admin@myedgebox. You can acces the CLI in three diferent ways: · keyboard/VGA: connect a keyboard to the PS2 port or any of the USB ports located on the rear panel. 38400N8 (38400 bit/s.About edgeBOX 19 Context Sensitive Help Usually located at the top-right corner you will find the Help icon [7]. Rx and Tx wires are "crossed") serial cable to the serial port in the rear panel and the other end to your laptop's serial port. Now that you have a global understanding of the interface you can jump to the Initial Configuration section to get a roadmap. Entrer the usual admin username and it's password (root if not changed). on Linux you can use minicom.com).6 Connecting to edgeBOX's console It is also possible to connect directly to edgeBOX's console to manage the appliance using a Command Line Interface (CLI). At the eOS> prompt type help to get a list of available options. If the operation is successful a green V sign will be displayed. 1. The screen should display a prompt requesting a login/password to be entered. Critical Links. connect a monitor to the VGA port located in the rear panel. enter help <SOMETHING> to get specific help on <SOMETHING>. If edgeBOX encounters some error then a red X will be shown. if you have the Authentication service running. 8 databits). However. Status Bar Located in the lower-left corner. you will be confined to the limited set of commands available. Clicking it will open a new browser window directly into the correct page of this manual.com or the LAN interface IP Address. · Serial Port: connect a null-modem (also known as serial cross-over cable.

Then. service status will show you a list of services and their current and administrative operational status. · press the Power button again. Use the command line only if you are an advanced user. if it is disabled.The IP address of the Internal Network.Firewall On.The IP address of the Internet Connection.20 edgeBOX 5. · DMZ IP . · WAN IP . and edgeBOX will beep twice and start the shutdown process. edgeBOX's LCD panel View information about the network To see information about the network on the LCD panel. press the Up or Down buttons near the LCD screen. 1. · User Authentication Status . · Gateway Address . press the Power button. if the firewall is enabled or Firewall Off. · Firewall Status . Using it incorrectly may compromise edgeBOX's correct functioning or even stop it to work completely.7 Working with edgeBOX's LCD panel The edgeBOX LCD panel is a simple information panel available on Business and Enterprise appliances.DMZ IP address. The information available is: · LAN IP . Critical Links.Enabled (LAN based users are required to authenticate) or disabled (LAN based user are not required to authenticate) Shutdown the edgeBOX To shutdown the edgeBOX. . The DMZ is often used as an internal Server network. edgeBOX will beep.0 Help ex: help service shows you a usage summary of all commands starting with service.Default Gateway IP Address. Inc.

Build 1. 29/06/2009: software version.Administration section. each edgeBOX has a distinct license..0. To do this go to the Webadmin interface.8 License. · Network users limit: maximum number of users allowed for this licence. · License Serial Number: edgeBOX license. Wait. Inc." will be displayed in the LCD. edgeBOX will start the shutdown process and the message "Shutting down system.. · Version 5. . · Hardware Description: hardware reference and serial number. Critical Links.About edgeBOX 21 · or press the LCD Enter button. You can also shutdown the edgeBOX using the web interface. hardware settings and license definitions. 1. Hardware and Software By clicking the about link at the top-right corner. build number and build date. · Product Licensed to: licence owner (person or company). you'll get information about edgeBOX's software version. System .

for short . In seven simple configuration steps you'll understand the concepts and review the sections in this manual where the configuration details are covered. make VoIP calls to another country . send an e-mail.keep in mind: edgeBOX is the gateway to the outside world. laptops. each and every device interacting in a TCP/IP network. so.22 edgeBOX 5. First: you need to open the webadmin interface If you haven't done this before please follow the steps in the Connecting to edgeBOX's web interface section of this manual. they all communicate by connecting to the so-called TPC/IP Ethernet infrastructure and the messages thus interchanged are all identified with two distinguishing marks: the IP Address of the sender and the IP Address of the destination computer or server. and so does edgeBOX. you need to assign such an address to the LAN interface of edgeBOX . like yours.is composed of computers. the first step is to connect it's WAN interface to the internet. IP Phones and other miscellaneous IP devices like printers and so. .your LAN.WAN · Concept: edgeBOX is supposed to work as the main link between any devices/systems in your internal network and the Internet. Inc. you need to make an initial basic configuration so that edgeBOX can start managing your network and services. · Hands On: Configure the internet connection (WAN interface) Step 2: Setup your Internal Network . whatever you may do . all IP devices in your network will somehow find a way to make messages reach edgeBOX's LAN interface IP Address and edgeBOX will know how to send them back IP messages identified with it's own LAN IP Address.0 Help 2 Initial Configuration If you've just turned edgeBOX on for the first time.through this interface edgeBOX reaches all those LAN devices and all of them know how to reach edgeBOX if they need to. When you get connected you can jump to Step 1 and get started configuring edgeBOX Step 1: Connecting edgeBOX to the Internet .LAN · Concept: your internal network .access the Internet. edgeBOX is Critical Links. has it's own IP Address.

100. don't change it if you don't need to. then you can use that public domain. you can call eboxhead to the first and eboxbranch to the other. if you have a registered domain. several edgeBOX features rely on a correct Date and Time in order to operate in a timely fashion as expected by network users and other processes. a hostname is a descriptive name (gateway. then you can give your network the domain you want. but if you do.com. you can and should adjust Date and Time..loc. · Hands On: Change the local network properties (LAN) Step 3: Specify a hostname and a domain name · Concept: the hostname is the name by which the edgeBOX is known in the network (the name that the computers in the network use to refer to the edgeBOX). for example. it's very important that you consider always having your Firewall service up and running (don't turn it off unless you really need to). Inc. for example. . this domain will be private and visible only within your network.254 IP Address previously configured for you.Initial Configuration 23 shipped with the LAN 192.. · Hands On: Adjusting Date and Time Step 5: Overview your Firewall and secure your network · Concept: the Firewall is possibly the most important network security resource shipped with edgeBOX. fileserver. such as mycompany. then a possible domain could be megasoft. if you have two offices with an edgeBOX in each. change it to your location.168. if your company is called MegaSoft. printerhost). com. like critical-links. alone. as any other computer. edgeBOX is shipped with the Firewall service running and this. you can choose any name you want. that domain is visible to everyone in the world throughout the Internet. the domain is the name by which your network is known. additionally you should adjust your Timezone too: edgeBOX is shipped to use timezone Europe/London. keeps it's own date and time internally. is enough for providing a very high degree of Critical Links. edgebox. if you do not have a registered domain. · Hands On: Change edgeBOX's hostname and network domain Step 4: Check and adjust edgeBOX's Date & Time · Concept: edgeBOX.

Step 6: Add a User and a Phone · Concept: edgeBOX is for Users. . Users have needs. just jump to the Firewall section in this manual for the details ( don't start configuring the Firewall until you have read that section of the manual and you are confident on what you're doing). allowing access only to specific users gives your network more security. by default only Ping and Webadmin services are allowed from the Internet.. but let's leave it for later. right now you may just want to start configuring the Firewall. edgeBOX will automatically determine the best Firewall settings and use them. you need to manage (create. to follow this section through up to Step 7 to get the whole picture. Inc. Users want to use services. · Hands On: at this moment let's just take a look around to get familiar.. go to the Security section in the Webadmin interface. but. edit and delete users) them and setup authentication services. by default the list is empty: that means that. if you really wish to do it. to let only specific users access the network..24 edgeBOX 5. the fundamental concept you should keep in mind is: if my users don't need this service then I will make it unavailable at the Firewall or if that specific service is not supposed to be accessible to the Internet then the Firewall will block any requests to it. furthermore you need to consider Security: if you'll allow everyone to use your network or just let specific users to use it. nevertheless. you name it.. Users are central in edgeBOX. this is where you would add some service that you'dd wish not to be available internally. we advise you. edgeBOX Firewall working principle is the definition of Allow/Deny rules for specific network services and protocols. the Firewall menu will load by default. click the Internal Connections.. once you decide the services that should or shouldn't be available. access to the Internet. as more people join your company edgeBOX will always be ready to provide resources for them: a Phone. this could be good if you need to administer edgeBOX from home: later on you may come consider this unnecessary. a great deal of effort has been put into making edgeBOX a user oriented product.. well.. by default. Critical Links. this means that the administration web interface is available from the outside world. a personal web page.0 Help security for your network users and services. a personal Windows Share for documents. your internal users can access all edgeBOX services. link. to provide the maximum security possible to itself and to your network. Users want to share files and need Phones to chat internally or to make long distance calls. and you may wish to increase security even further by removing the Webadmin from the Internet allowed services.. Users want to make Phone calls. that is configuring your Firewall. a popup window will show you the list of forbidden services for your internal network. notice the services that have allowed access for connections from the Internet..

. · Hands On: in the Webadmin interface click the System section and choose the Administration menu.. Step 7: Change the webadmin password · Concept: you should change the password. or some place away from work. please review the following Next Steps and feel free to navigate around. · Hands On: go to the Users section in the Webadmin interface and follow the details here Managing Network Users.. concept. away from edgeBOX. yet very important.. Next Steps: how do I . please realize: adminroot is a very simple guess for most hackers and password exploits and attacks. you should change it. this is a simple..Initial Configuration 25 Authentication is actually a very important aspect but. follow the details here. At the end of Step 7. Inc.. adding a new User and a Phone for the new user is an easy task.. at home.. if you expose edgeBOX to the Internet this risk is even higher.. edgeBOX is shipped with a default password for the admin user: "root". let's leave it be. create Windows Shared Folders ? change User Privileges ? activate Webmail ? secure the Internet (WAN) interface ? configure the Firewall for internal connections ? enforce Authentication ? setup VLANs ? Critical Links.. . pick a password you can remember and write it down in some safe place. you have a pretty good picture of edgeBOX's basics. please change it immediately. the admin password is used to access the Webadmin interface. right now. go for it. To step into more advanced edgeBOX features you might need for your network.

The Dashboard is divided into: System · Date & Uptime: current Date and Uptime (time elapsed since last boot). Critical Links. Inc. 7/6/2009 17:13 and 14d 11h 32m in the picture. · Load . Information is provided in the form of values. 5 minutes and 15 minutes process load average). · Temperature: motherboard temperature (if available). . colors and icon behaviours and refreshed every 30 seconds.percent CPU usage (averaged over a 5 minutes interval).processor load indicator (from left to right: 1 minute.0 Help 3 Dashboard The Dashboard provides a quick summary overview of the most relevant edgeBOX variables and status informations in an intuitive graphical display.26 edgeBOX 5. · Memory: current instantaneous RAM usage/total and current instantaneous SWAP usage/ total. · Processor: · CPU usage .

then a red 'X' icon will be shown instead. 10. if WWW is accessible as depicted. as depicted. red otherwise.126. tells you if the User Authentication service is active.5. on the other hand. as in the picture. red otherwise. LAN · IP Address: the currently configured IP address for the LAN interface (default VLAN). gray-scale otherwise. · Connection Status: the red connection status icon (a red triangle with an exclamation mark ' ! ' inside) will show up if no LAN hosts are detected (see the also DMZ explanation). · WWW icon: colored. · Line Color: the line connecting edgeBOX to the LAN will be green. Inc. if your LAN seems operating normally (both LAN link is detected and LAN hosts activity is detected too). gray otherwise. if the Firewall service is running. red otherwise. if link is detected on the LAN connector (meaning that edgeBOX is actually connected to an active network device). If. if all three tests fail then a red 'X' icon will be shown instead.160 in the picture. in the situation depicted edgeBOX detects link on the LAN connector and active LAN hosts. · LAN icon: colored. gray-scale otherwise. · DNS Test: green if edgeBOX can access an operational DNS service. · Browsing Test: green if edgeBOX can actually browse the World Wide Web. if the three tests are successful it will not show up. that means you should try to diagnose the problem and take action to prevent any damage or operational instability. you should stay alert. as depicted. 192. WWW · WAN IP Address: the currently configured IP address for the WAN interface. . gray-scale otherwise. · Firewall: colored. as depicted. · Gateway Test: green if edgeBOX is able to ping the Default Gateway. you get persistent reds.5.Dashboard 27 · Storage: current instantaneous System Storage and Home Storage percent occupation/ total. · Connection Status: the red connection status icon (a red triangle with an exclamation mark ' ! ' inside) will show up if any of the three tests fails: something is not operating as expected. if no link is detected the line will change color to gray. · Line Color: green indicates edgeBOX considers the WAN connection is fully operational with respect to those 3 tests. · Authentication: On or Off. if the LAN connector does not have link (cable disconnected at one of the ends).51 in the picture. On in the Critical Links. as depicted.168. as depicted. If any of the horizontal bars changes to yellow. as depicted.

Please read them carefully.200. · Phones Online: the amount of phones currently active. software updates or other. DMZ · IP Address: the current IP address on the DMZ interface. the Wifi icon will show you: · Line Color: green if WiFi is enabled (as in the picture).0 Help picture. A new popup window will display them. such as system messages.. the picture shows that the DMZ connector is actually connected to some device . · Ongoing Calls: the amount of phone calls currently in progress. Wifi If your system has wireless.link detected. · Line Color: same behaviour as for the LAN. · Connected Devices: the number of wireless clients currently connected (6 in the picture).28 edgeBOX 5. · Connection Status: same behaviour as for the LAN. Inc. in the picture the ' ! ' sign is showing: that means that no hosts are being detected on that interface. 4 in the picture. Just click the Read Messages. . · Users Logged In: the amount of users currently authenticated. 2 in the picture. the information icon will show up in the lower-left corner..168. · SSID: the current wireless SSID is displayed within parentheses (mywifi in the picture). · DMZ icon: colored if link is detected and DMZ hosts activity is detected too. gray otherwise. link. gray-scale otherwise (as depicted).254 in the picture. 15 in the picture. Critical Links. 192. System Messages · There are new system messages: when new notifications arrive.

List web sites that you do not want the edgeBOX to cache. Setup and secure your Wifi network with WEP. view IP routes managed by the edgeBOX (system routes) and create and manage your own routes (static routes).DMZ for your Internet servers and other special purposes.QoS: assure bandwidth for services and users. Setup a Demilitarized Zone . manage DHCP. change the local network (LAN) properties. configure edgeBOX's DNS server: add and remove domains. Manage Quality of Service . overview your virtual networks (VLANs) and specify a domain and a hostname. · · · · · · Related Topics: · Cache Websites · Firewall Critical Links.Network 29 4 Network The Network section is where you can overview and configure most details and functionalities of your network. · · · · · · set the internet connection (WAN). Use Diagnostic Tools to solve connectivity issues.1x. manage access controls (ACLs) or use Dynamic DNS. Inc. Use Network Address Translation .Port Forwarding. edgeBOX includes a DHCP server that allows you to automatically assign IP Addresses to the computers in your network based on ranges of IP address or based on specific IP Addresses.to allow computers on the network to connect to outer networks like the Internet. Allow remote computers to access services on a specific host or hosts within your private network .NAT . WPA and 802. .

in your setup. The DNS servers configured.0 Help 4. button to select how edgeBOX connects to the Internet: · through another device such as a cable modem or a router or · through a DSL/PPPoE connection. If the DNS service is not running edgeBOX will use the DNS servers configured and displayed in the Internet Connection menu..1. because edgeBOX is actually not using them. for the Internet Connection will not be displayed here. . the Secondary DNS fields represented in the Internet Connection menu will automatically revert to the first and second entries in the Forward DNS Servers list. Inc. Related Topics: · Cache Websites · Firewall · NAT · Dynamic DNS · Internet Traffic · Diagnostic Tools 4.. If you change the Forward DNS Servers list and you have the DNS service running. There you will be able to change the configuration for the external WAN Interface. Click the Change.1 through another device such as a cable modem or a router If. edgeBOX will use these DNS servers for all external DNS queries. you can choose to: Critical Links.1 Configure the internet connection (WAN interface) To configure how edgeBOX connects to the Internet or to another wide area network you should choose the Internet Connection menu in the Network section. edgeBOX connects through another device such as a cable modem or a router. The Primary DNS and. statically or dynamically. if displayed.30 edgeBOX 5. Those settings override any static or dynamic DNS settings configured for the WAN interface in the Internet Connection menu.

MTU If your Internet Service Provider requests it. The edgeBOX will get all needed information from the DHCP server Use statically configured IP settings (Static) You need to provide the: · IP Address · Netmask · Gateway · Primary DNS (IP Address) · Alternative DNS (IP Address .optional).2 through a DSL/PPPoE connection If edgeBOX connects through DSL/PPPoE connection. 4.Network 31 Obtain the data for the connection automatically from the device (DHCP) If you chose the DHCP connection method. Advanced Options In the Advanced Options menus you should specify how your connection details will be configured Advanced Options Critical Links. you need to provide: Connection Settings For this type of connections you must type your username and password (please contact your Internet Service Provider in order to correctly determine these two settings). Activate the Override MTU check-box. you can change MTU (Maximum size of the packets).. Press Save. you don't need to enter any additional information. The primary and alternative DNS servers you type here will be added to the list of DNS Servers in the Forward DNS Servers list. Type-in the MTU size as agreed with your Internet Service Provider. button.1. 4. Advanced Options . Click the Settings. 3. press Ok.. 2. Inc. . 1.

0 Help Click the Settings. this may be required by your Internet Service Provider (ISP). close your browser. Type the network mask in the field Subnet Mask.32 edgeBOX 5. as specified by the ISP. Type the desired IP Address for the edgeBOX (IP Address for the edgeBOX’s internal interface) in the IP Address field. to do it. your ISP may require this. you may loose access to the edgeBOX web management. type the VLAN.254. 2. in the VLAN field. in that case. 4. View example. you may need to ask the Critical Links. Choose the LAN network from the list and click the Edit button at the top of the Networks table. · Obtain DNS Servers automatically or specify the desired DNS servers. make sure you re-adjust your IP address (DHCP or static). button: Connection You should choose to: · Obtain the IP Address automatically or specify it yourself. · You may also need to change the properties of the network connection of the computer you are using to manage the edgeBOX.1. If you change the edgeBOX’s IP Address to 10. If your computer receives the IP dynamically from the edgeBOX. Packets · MTU: In this section you can override the MTU (Maximum size of the packets). 1. you should navigate to the Networks menu in the Network section. or simply to adjust your LAN interface IP address. select the option Override MTU and change the value in the text field to the value requested by your ISP. · You need to indicate the new address of the edgeBOX in the browser to connect to the edgeBOX’s web management. Inc. and you can proceed. if you select this option. type in your browser the address https://10. · PPPoE over VLAN: select this option if you belong to one of your Internet Service Provider's VLANs.1. View example.1. There you will find a list of all your networks (including VLANs)...1. If you change the local network IP address while you are accessing edgeBOX from the LAN segment. .254:8011. · Obtain the Gateway automatically or specify it yourself.2 Change the local network properties (LAN) To change the properties of your local (internal) networks.

1. 2. you need go change that address to a new IP address of the network. Related Topics: Critical Links. . 3. Inc. even if you have Firewall based DMZ services active. Select the Enable DHCP Server on this Interface if you wish to have DHCP also on the DMZ network. Or if you have defined a static address in the connections of your computer. Choose the DMZ network from the list and click the Edit button at the top of the Networks table. Related Topics: · Cache Websites · Firewall · NAT · Dynamic DNS · Internet Traffic · Network · Interfaces · DMZ · Diagnostic Tools 4. Please note: you can activate the DHCP service on the DMZ interface. Click the Apply button in the bottom right corner of the tab. There you will find a list of all networks currently managed by edgeBOX.Network 33 operating system to repair the connection to gets a new IP address.3 Change the DMZ settings To change the properties of your DMZ network you should navigate to the Networks menu in the Network section. Change the IP Address and the Netmask fields with the desired information.

Select the desired VLAN from the list and click the Edit button.34 edgeBOX 5.0 Help · DMZ Traffic 4.4 View and manage VLANs edgeBOX allows you to have up to five VLANs active on your network. Disable or enable a VLAN To disable an enabled VLAN select the desired enabled VLAN from the list and click Disable at the top of the list. separate users that have VoIP phones from users that do not have them. To manage VLANs navigate to the Networks menu in the Network section. VLANs will limit the broadcast only to the specified group of devices within a VLAN instead of broadcasting to all devices in the network. The VLAN status icon will become red. to: · Control bandwidth usage and make the network faster . · Increase security . 2. you have more than 200 devices on your local network and your local network is getting slower because there is too much broadcast traffic (data that is sent from one computer to all computers in the network). Change the desired properties of the VLAN: · Name – A descriptive name to allow you to identify each VLAN. Each VLAN tag must be different. The status icon will turn green. a VLAN can isolate those users from the remaining network so that information will not be accessible for other groups. Inc. Change the properties of a VLAN 1.For example. For more details on edgeBOX's VLANs and possible scenarios please refer to Appendix D: VLAN Based Infrastructure. Each computer on this VLAN will have an IP address in this segment. . · Tag – The number that will be used on the network packets to allow the edgeBOX to send the packet to the correct VLAN. for instance. Why to use VLANs? VLANs offer higher performance because they limit packet broadcasts in the network.If you have groups of users that need more security due to the type of information they share between each other. They also provide additional security by separating groups of devices. · Easily manage the network . You can use VLANs. Define the Guest VLAN Critical Links. To enable a disabled VLAN select it and click the Enable button.For example. Your switch should be configured accordingly · IP Address and Netmask of the VLAN – edgeBOX will be active on this VLAN with this IP address.

Network section. This VLAN usually has limited network privileges. the eth3 (AUX. Inc.. refered to as br0. operational or logical status of edegBOX's network physical or logical interfaces you need to load the Interfaces popup. Critical Links.1x authentication on your switch. If you don't wish to have a Guest VLAN make sure you select the Have no Guest VLAN option at step 2. 3. It is commonly used to display information about how the users can authenticate properly onto the network. 4. To configure the Guest VLAN: 1. Choose the Use as Guest VLAN the VLAN: and pick the VLAN to be used as Guest VLAN.. the Guest VLAN is the VLAN the network users are temporarily assigned to if they haven't authenticated yet or if they have introduced an incorrect username or password. they are assigned to their respective VLANs. Click the Define a Guest VLAN. if exists). · IP address: the current IP configuration (IP/netmask) of this bridged virtual interface. if available) and the ath0 (your wireless interface. option. logical or physical. to be treated transparently by edgeBOX kernel as your LAN. . thus. interfaces together: same as saying Bridges. The informations available are: · Interfaces: the current composition of the bridge (eth1. After they authenticate. It is divided into three major sections: Bridges Here you'll find virtual interfaces used by edgeBOX to logically "attach" several other. That's the case of the br0 interface: it commonly bridges together the eth0 (LAN). back in the Networks list the choosen Guest VLAN will be identified with an appropriate note. eth3. This panel is accessible in the Related Topcis corner of the Networks menu .. The information displayed is somewhat detailed in that it shows you how edgeBOX implements certain networking aspects using specific techniques like Bridging and VLANs. 2. form a virtual interface. This means that the br0 brings together those interfaces in order to.5 Interfaces Physical and Logical Status If you need to determine the current physical..Network 35 When you use 802. View an example where VLAN 6 is used as the Guest VLAN. Configure your switch accordingly: to do this you must configure you switch to use that VLAN as the Guest VLAN. ath0 for example).

Inc.. or hardware address. 4. eth2 and so. this Tag is the means by which your VLAN enabled switch or other VLAN enabled Ethernet devices can tell to which VLAN each packet belongs. Related Topics: · What are VLANs ? · How do I configure and manage VLANs in edgeBOX ? · I need more details on deploying VLAN based scenarios with edgeBOX. VLANs This section of the panel shows you your VLANs. for example.0 Help Physical Devices Shows you a list of physical network interfaces found in the system. The Network popup will help you with that. For each of them: · MAC Address: the interface physical address. this is a distinguishing marker identifying packets destined at a given VLAN. · IP address: the current IP configuration (IP/netmask) of this interface..6 Monitor connections through edgeBOX In certain situations you will need to determine exactly which network connections are actively passing through edgeBOX or determine if a given IP address is currently connected to some internet server. In that case the IP address you're searching for will be found in the respective entry in the Bridges section. If you don't find the IP address for some of these interfaces it just might happen that they are bridged. Critical Links.36 edgeBOX 5.1Q VLAN ID or Tag in use. . · Interface Status: you'll get a graphical indication of Up/Down status and the interface current connection bit rate in Mbps. if available. For example: eth0. For each of them: · Tag: the 802. like VLAN_D or SERVERS. Each is identified by it's assigned name. · IP address: the current IP configuration (IP/netmask) of edgeBOX in this VLAN.

button and type the new name in the hostname text box (the hostname must be less than 16 characters long).org. 4.org indentifies the host server1 within a network domain called mycompany. For each of them you can read the total bytes sent and received.com part is called a domain name.7 Change edgeBOX's hostname and network domain You can find the Hostname in the Hostname and Domain menu. A hostname is a descriptive name.. You can find the Domain of the network in the Hostname and Domain menu in the Network section. · Destination Port: transport protocol level destination port.. mycompany. the IP to which this connection is established. . · Source Port: transport protocol level source port. usually identified by a mnemonic indicating a well know network service like sip or http. if a username can be associated to this IP Address it will be displayed instead of the IP address for easier identification. Connections passing through edgeBOX This list shows you the network connections currently maintained by edgeBOX. Other hosts could exist in that same domain. within the Network section. Just click the Network link. · Destination IP: the other end of the connection. For each connection: · Source IP / User: the IP address that originated the connection.Network 37 You can find it in the Related Topics corner of the Networks menu in the Network section. Critical Links. john-laptop. You can choose any name you want. for example. Inc. server1. As example.org. like for example. What is the Hostname? The Hostname is the name by which the edgeBOX is known in the network (the name that the computers of the network use to refer to the edgeBOX). The mycompany. If you have two offices and two edgeBOXes managing each one you can call one edgebox1 and the other edgebox2. Status and traffic of edgeBOX's network interfaces The upper part of this panel shows you a graphical overview of your network interfaces: Internet Local Network and DMZ. What is the Domain? The Domain is the name by which your network is known.mycompany. To change the Hostname click the Change.

for example. This domain will be private and only visible within your network.100.0. .168.com. This menu shows you. for example. you have a VLAN named VLAN_B with the properties: 192. For example.0. the list should have a route with the following information: 192. 4.. in a simplified fashion.8 View the system routes In the Network section you will find the Routes menu.0/24. If your local network is 192.0.170.0.0 | WAN Critical Links. button and type the domain name you want in the Domain text box.100.255. The System Routes list should contain several entries.0 | DMZ · A route for every active VLAN (virtual local network VLANs interfaces). then you can use that public domain.255.255. An appropriate popup window will advise you of that need.0 | vlan3 (VLAN_B) · A route for the internet (WAN interface).168.0. You can not edit these entries because they are configured automatically by edgeBOX.0 | 0. like critical-links.0 | 255.255. Inc.168. bellow it you can find the System Routes table.168.38 edgeBOX 5.0 Help If you do not have a registered domain. edgeBOX does not update the reverse hosts files of the DNS Domains when you change the hostname and you have networks defined on the edgeBOX (the local network or the VLANs) that do not belong to network classes A.102.168. To change the domain of the network click the Change. If your local network is 192.0 | LAN · A route for your DMZ network.255. the contents of edgeBOX's IP routing table: at the top you'll find the Static Routes table.255. the list should have a route with the following information: 192.0.0. then you can give your network the domain you want. for example..additional routes that you can create and modify. the list should have a route with the following information: 192.255. if your company is called MegaSoft then a possible domain could be megasoft.168.254 | 255.0 | 255.102.200 | 255.254/32. If you need to add routes to other hosts or networks please see Manage Static Routes .100.100. for example. In the System Route table you should see: · A route for your local network (LAN interface).255 | 0. If the network is 192.255.200/24.0 | 0. If you change the hostname or the domain you need to reboot the edgeBOX so that the changes take effect.0.168.170.0/24 in the edgeBOX's vlan3 interface. B or C.com. for example. If.0 | 0.168. If you have a registered domain. the list should have a route with the following information: 192.

etc.170. Please note: all necessary routes should be created and managed automatically by edgeBOX. Specify the IP Destination Address of the destination network or host. Network section. the list should have a route with the following information: 0.0.0.0. on the Static Routes panel: 1. for example.255.routes that are created and managed automatically by the edgeBOX based on the settings your global LAN.100.0 | 0.12.0.168.9 Manage static routes If you need to manually configure routes on edgeBOX. and this IPSec tunnel gives you access to an example 10.255.0. use the Static Routes list in the Routes menu.254 | WAN · IPSec routes will be identified with the IPSec tag on the Interface column If your the remote IPSec gateway has the IP address 212. VLANs.12.0.0. 2. the address of the WAN interface – the gateway address).0 | lo · A default route (typically.0 | 255.100.12 | IPSec 4. If you need to enable access to other hosts or networks that are unknown to edgeBOX or aren't directly accessible.0. If your gateway has the IP address 192. the corresponding Destination Netmask and the Gateway (the secondary route through which edgeBOX will reach the destination network or host) The added route will appear in the Static Routes list. This panel displays also System Routes . You can: Create a new route To create a new route.0.0.12. for example. Click the New button.12.12.0 | 255.0 | 0. Critical Links. then you will need to add static routes.0 | 212.Network 39 · A route for the edgeBOX (Loopback route).254.0.170. The list should have a route with the information similar to: 127. Inc. It will open a new dialog window. the list should have a route with the following information: 10. A route that is used in case you do not have a connection to the exterior.0/24 remote network. WAN.0 | 192.168.0. You can assume that edgeBOX will create and manage automatically all routes needed for it's correct operation. .

0 Help 4. How does Wireless work on edgeBOX? edgeBOX provides a wireless LAN access to your office. Critical Links. edgeBOX cannot manage external access points.40 edgeBOX 5. Inc. . Configure and turn on the wireless Indicate the type of wireless authentication Make the wireless network more secure Make the wireless network public edgeBOX allows you to have a wireless network and define several configurations to make it more secure. Network section you can configure and change the properties of the wireless network. To manage these access points you need to use the specific access point's management interface.10 Wireless In the Wireless menu.1x Access Point controller if you use several external Access Points spread through the network. It can operate with an embedded Access Point or as an 802.

edgeBOX supports for WPA. 4. A short summary is provided. you can set several scenarios. By default. as integrated authentication using edgeBOX users' accounts or external authentication using a remote RADIUS server. you can immediately start providing wireless access on your office. as seen by wireless clients (SSID). please go to the Wireless menu in the Network section.10. This way. for quick reference: · Network Name: the network name. channel 11 and the WPA password is mydemokey.1x authentication.Network 41 As you can see in the image above.1 Configure and turn on the wireless network To review or change your Wireless network. . edgeBOX's wireless network is already running with a factory configuration defined: the network name is mybusiness. WEP or 802. As edgeBOX also provides IP-PBX features. without having to configure anything on the edgeBOX. you can combine them with the wireless features to create wireless VoIP phone access. Critical Links. Inc.

Port and Password).1x: with this option you can integrate your wireless network in RADIUS based authentication and accounting setups. · Security: you have 4 choices · None (Public Network): this operation is insecure.IP Address. · Hide Network: if you select this option the network will not appear in the list of available networks when users look for wireless networks in their computers. don't use this option unless you really need to and you understand the insecurity consequences. . it's preferable to use WPA instead).... WAP or 802. how to get the MAC address ? Critical Links. details are: Key . only the MAC addresses specified will be allowed in the Wireless network. details are: Key . button and specify the following: · Data Encryption: choose WPA or Dynamic WEP.. Port and Password).0 Help · Security: WEP.a 10 or 26 hexadecimal characters sequence . · WAP: Wi-Fi Protected Access. (WEP is considered deprecated and has been cracked.42 edgeBOX 5. · Allow only specific devices to use the wireless network: click the Add.. Inc.1x · Channel: the radio-frequency channel being used Hit the Change. also known as the SSID. if the network has no authentication then everyone will be able to connect to it. button to edit. grants a very high level of security and privacy. this is commonly referred to as the PSK (pre-Shared key).a 8 to 63 characters long sequence or a 64 hexadecimal characters sequence. the name of the wireless network is a name of your choice that will work as the public identifier of the network so users can connect to the network.choose from 1 to 4. · WEP: Wired Equivalent Privay. · Authentication: can be local (using edgeBOX) or remote (using the specified RADIUS server .and Key Position . · Accounting: you can choose to save user statistics and other accounting information in a remote RADIUS Accounting server (again by specifying it's IP Address. · 802.. ex: mywifi. A new window pos up with two tabs: General · Name: the name for your wireless network. Advanced · Channel: the radio-frequency broadcast channel to be used (from 1 to 11). hit the Change. button to add a new MAC Address to the list.

go to the Wireless menu in the Network section and hit the usual Stop Service. so you need to use WEP authentication to ensure compatibility with all devices. 00-0C-29-C5-91-9F. go to the Start menu and run the Command Prompt. . Critical Links. . per example. for example: Physical Address . when the black command line appears type ipconfig /all. To change the Channel of the edgeBOX's Access Point. other Access Point devices or other edgeBOXes. some smartphones or older network devices do not support WPA security yet. the MAC address is identified by the Physical Address. select a channel that is not used in the overlapping networks in the Channel Selection drop down list in the Basic tab when you are creating the wireless network.10. . to avoid conflicts with the other devices. . Change the Channel of the wireless network You will probably need to change the Channel of the wireless network if you have other devices than this edgeBOX providing wireless networks nearby. . you need to reboot edgeBOX after you added the card. If you wish to temporarily turn of the wireless network for any reason. . This step will ensure your network is.Network 43 On Windows computers. if you wish to make the wireless network available again just click Start Service. For example. Later on. protected against undesired users.2 Indicate the type of authentication When you create your wireless network you should configure the wireless Security option in the General tab. The wireless service will be stopped. . to some extent. Related Topics: Indicate the type of authentication for the network Make the wireless network public 4. If you add a wireless card to the edgeBOX. Inc. This is because each of the overlapping Access Points must have a different channel. or if you don't want to have a wireless network anymore. To secure edgeBOX wireless network you can use one of the following authentication methods (protocols): Which type of authentication should I use? The type of authentication you use depends on the devices that are going to access the wireless network. but the configurations will not be erased.

Indicate a key (passphrase or a pre-shared key) that will be used to authenticate to the network. WEP is relatively easy to break. You should try to always use secure passphrases and pre-shared keys to increase the network security.must be between 8 and 63 characters long and cannot contain spaces. 2. You can obtain random generated secure keys at the GRC website. This is not easy to accomplish if you have many users of the wireless network because you need to inform them all about the new active key each time you change it.0 Help If you don't need to grant compatibility to older devices. use WPA with a strong password instead because it is more secure. 2. . Go to the General tab and choose Security WPA.1x authentication is even more secure than WPA authentication.44 edgeBOX 5. then use the 10 hexa chars sequence. 3. avoid using WEP authentication. but if you need to ensure compatibility with devices that do not support it. Activate 802. Use static WEP keys authentication To use WEP authentication on the wireless network: 1. you should use the 26 hexa. How must the passphrase or the pre-shared key be? · Pre-shared Key . Use WPA security To use WPA authentication on the wireless network: 1. nor special characters like | \ / : * ? ! < > “. How must the key be? The key must be formed using groups of hexadecimal characters (A to F and 0 to 9) separated by '-'.1x authentication Critical Links. If you need to use WEP then change regularly the WEP keys. Example of a 26 chars key: ACBB-8EF2-3410-23AA-F8F0-EEEE-A2. You should indicate the passphrase or the pre-shared key to the users of your network you want to be able to access the wireless network.must be composed only of exactly 64 hexadecimal characters (A to F and 0 to 9) and cannot have spaces. · Passphrase . to grant a certain level of security. If all your devices support WPA authentication. WEP is relative relatively easy to break. Inc. Type-in a 10 or 26 hexadecimal characters long sequence. 802. It is normally used to secure wireless networks on workplaces. Go to the General tab and choose the Security WEP. then use WPA instead of WEP.

1x option and hit the Change. If you also wish to save information like the time the users were connected or what did they do. button. If you have devices that do not support WPA accessing the wireless network. Below the option. using the 802. Check box in the Accounting zone and indicate how edgeBOX can connect to the remote server (IP Address..1x authentication means that each user who wants to enter the wireless network has to login using its own username and password. instead of using a network key that is shared by everyone. in the Users section. edgeBOX will see if the username and password of the user exist in the edgeBOX's list of users and if they match. . 3.1x method. Select WPA in the Data Encryption section.Network 45 802. Check the option Authenticate Users on another RADIUS Server. you can save that information on a remote remote RADIUS server. a remote RADIUS server will validate the users' credentials instead of edgeBOX. Inc. port and password). For a user to be able to login. You can validate these credentials: · Locally on the edgeBOX It means that. Define the Authentication type: where users' username and password are validated when they try to login to access the wireless network.. This is normally called WPA-Enterprise. Related Topics: Make the wireless network more secure Make the wireless network public (with no authentication required) Critical Links. You can verify these settings in the Privilege user. This is the default option. Go to the General tab and choose the 802. To use 802. choose Dynamic WEP instead. fields to indicate how the edgeBOX can connect to the remote server will appear: IP address. · On a remote RADIUS server It means that.1x authentication on the wireless network: 1. 2.1x Access permissions. port and password for that server. the user needs to have 802.

Activate the Allow only specific devices to use the network option and add the desired MAC addresses to the list using the Add. hit the Change. button and select the Advanced tab. Network section. Why should I hide the wireless network? Hiding a wireless network is a way of improving the network's security. Even if you don't use this option you still have control over who accesses your wireless network because users still need to authenticate using a wep key..3 Make the wireless network more secure You can configure two settings on the edgeBOX to make your wireless network more secure. Activate the Hide Network option.10. Inc. Network section. To do that just enter the MAC Addresses (or Hardware Addresses) of the computers for which you wish to allow access to the network: in the Wireless menu. If you don't want a computer to belong to the list anymore. It makes difficult unauthorized access attempts.0 Help 4. To hide the network go to the Wireless menu. select the MAC Address of the computer from the list and click Remove . people won't try to enter a network if they do not know it exists in the first place.) button. Hide the network You can hide edgeBOX's wireless network from appearing in the list of available networks people see when they scan for available wireless networks they can connect to in they computers. to be able to connect to edgeBOX's access point. WAP.46 edgeBOX 5.. This option will restrict even further more the access to the network to specific devices. ... that is. they need will need to connect to the network manually. Related Topics: Indicate the type of authentication for the network Critical Links. button and select the Advanced tab.. (or Edit.. For your network users to use the hidden wireless network. hit the Change... or using 802. even if you are already using a secure type of authentication: Allow only specific devices to use the wireless network If you want just a list of specific computers and other network devices to be able to use the wireless network. This process differs according to the user's Operating System.1x.

unauthorized people can get access to the information on the computers on the network and use the connection to access the Internet. · · · Domains – Where you can indicate all the domains that the DNS server will know.11 Managing the DNS server If you need to configure DNS you should navigate to the DNS menu in the Network section. slave or forwarder type name servers.4 Make the wireless network public A public wireless network is a network with no authentication method.85. critical-links. If you don't protect the network. It is possible to: · · configure master. Related Topics: Critical Links.10. edgeBOX's DNS configurations are divided in the three first subtabs. For more information see Wikipedia DNS. edgeBOX supports DNS through the well-known named server. DNS is a network service that translates literal hostnames and domain names (such as webmail. grant query access from internal or external networks.com) into numeric IP addresses (such as 209. Related Topics: Configure the wireless network Indicate the type of authentication for the network 4.227. Always secure the wireless network if you don't want everybody to access it. Inc. It means that everyone who receives the radio signal will be able to enter it and use it. If you want to make your wireless network public: go to the Wireless menu in the Network section and select Security: None. . Avoid creating public wireless networks if you don't really want to make it available for everyone for a given reason. Settings – Shows the DNS status and the properties of the DNS server.103).Network 47 4. Access Control List – Defines access controls for the domains that the DNS server knows. There you can review and change edgeBOX's DNS Server configuration. Wireless networks are more vulnerable to hackers and malicious software because the signal is available for everybody nearby edgeBOX's access point.

There you will find the current DNS configurations table.48 edgeBOX 5. . using that database. this choice is only active if you have selected Manual for the Reverse DNS Management option in the global Settings tab. It will answer the queries for that domain.11. you should go to the DNS menu in the Network section.0 Help · Dynamic DNS 4. · Allow only internal hosts to query this domain: selecting this will restrict DNS answers to queries coming form your local networks. if you have a registered domain you will grant access to external networks to query this zone. otherwise for private domains you will most likely want to grant only to internal hosts for security reasons. · Resolution Type: choose Direct or Reverse. just follow these steps: Domain Tab · Name: the domain name. the host entries required (map IP's to names). B or C) of the IP segment for which this domain is valid.1 Adding or Editing DNS domains If you need to add new DNS domains. 4. Inc.1 How to add a Master domain If you need to add. If reverse is chosen. · Slave: a Slave DNS domain gets its zone file information from a zone master and it will respond as authoritative for those zones for which it is defined to be a 'slave' (it is sometimes referred to as a secondary).1. This option is not accessible if Critical Links. If Direct is chosen. Three possible Domain Types are available. These are: · Master: a Master domain server stores the domain database locally (also called authoritative domain for that domain). the forward entries are required (resolving names to IP's).11. · Network: IP address and the class (A. a Master DNS domain. This option is not accessible if you have selected Resolution Type Direct and the Manual Reverse DNS Management option · Name Server: here you specify the IP address of the name server. On the Domains Tab click New. · Forwarder: a forwarder type domain server does not answer queries directly: it will forward them to another name server. when hosts are added. or edit.

Here you can specify an Access Control List (ACL) of rules that will be pre-verified before the server determines if. Permissions Tab If you wish to have higher control of hosts. or how it will operate. . It might be a good idea to create that list first and. it will process the DNS queries. · Retry time: The time which the edgeBOX will wait before querying a Master (if the master fails to respond to a request) Critical Links. later. the user needs to add an ACL with the IP/Hostname of the the respective slave domain and allow the transfer option. Inc. and type bellow it the corresponding values for Network IP address and Netmask or Host IP address · Query Permissions: from the choice boxes displayed choose if you wish to: · Allow or Deny Queries: indicates if queries are allowed for this domain · Allow or Deny Transfers: determines whether other servers are allowed to copy the zone information from this server. and the next time it checks to see if it needs a new copy. Hosts Tab Managing the contents of the Hosts tab is explained in section Managing hosts on an existing domain.Network 49 you have selected Resolution Type Reverse and the Manual Reverse DNS Management option. or how. Please refer to that section. when creating or editing your DNS domains. or networks. Click the New button and specify the following: · Type: Choose Network or Host based access control rule. · Allow or Deny Updates: whether other servers are allowed to submit dynamic updates for this domain To add access from Slave domains to a master domain witch is configured to only let internal hosts make queries. If no match is found the default behaviour is to allow queries and transfers but to disallow updates. You can have several rules. re-use them here. Time Options Tab · Refresh time: The number of seconds between the time that a secondary name server (slave) gets a copy of the zone (or sees that it hasn't changed). you should use the Permissions Tab. for which this domain will be responsive. If a rule matches it will be applied. ACLs created in the Access Control List tab will be available to you in this process.

You can have several rules. · Network: IP address and the class (A. this choice is only active if you have selected Manual for the Reverse DNS Management option in the global Settings tab.0 Help · Expire time: The number of seconds that lets the secondary name server(s) know how long they can hold the information before it is no longer considered authoritative. Inc. B or C) of the IP segment for which this domain is valid. you should use the Permissions Tab. or how.1. · Query Permissions: from the choice boxes displayed choose if you wish to · Allow or Deny Queries: indicates if queries are allowed for this domain. a Slave DNS domain you need to provide: Domain Tab · Name: the domain name. Here you can specify Access Control rules that will be pre-verified before the server determines if. or how it will operate. and type bellow it the corresponding values for Network IP address and Netmask or Host IP address. · Allow only internal hosts to query this domain: selecting this will restrict DNS answers to queries coming form your local networks. You might wish to lower this if you are going to change your DNS entries and then increase it to a normal value after the changes have been made and tested 4. · Master Servers: here you specify the IP address(es) of Master DNS server(s) for which this domain is a Slave (from which it gets it's DNS database). · Allow or Deny Transfers: determines whether other servers are allowed to copy the Critical Links. or networks. it will process the DNS queries.2 How to add a Slave domain In order to add. if you have a registered domain you will grant access to external networks to query this zone.50 edgeBOX 5.11. Permissions Tab If you wish to have higher control of hosts. or edit. for which this domain will be responsive. · TTL time: Specifies the maximum amount of time other DNS servers and applications should cache the DNS record. · Resolution Type: choose Direct or Reverse. Click the New button and specify the following: · Type: Choose Network or Host based access control rule. otherwise for private domains you will most likely want to grant only to internal hosts for security reasons. .

4. Server Options The settings displayed can be changed by pressing the Change..1. · Zone Transfer Format: determines the format used by the server to transfer zones.2 Changing global DNS Settings In the DNS menu. 4. Instead. or edit a Forwarder domain you only need to enter it's: · Domain Name · Preferred DNS server and · Alternative DNS server (optional). only if you have entered forward DNS servers). Network section you will find the global DNS server options. To add. options are: Critical Links. See Forward DNS Servers below.Network 51 zone information from this server. Click the Settings tab. · if Remote is selected (this is an appropriate option. requests are made to the forwarder server(s) and. those queries will be forwarded to an alternate DNS server. ..11. button: · Reverse DNS Management · Automatic: the reverse domain is automatically created · Manual: the admin is responsible for creating the reverse domain (if a reverse domain is required) · Lookup Mode: determines the first nameserver to be consulted when a request is received. Inc.3 How to add a Forwarder domain DNS queries for a Forwarder type domain will not be answered by the DNS server.11. an attempt will be made to find an answer locally. the local consult will not be attempted. · if Local is chosen. if not answered.

· Max.11. Two tables are presented: the System ACLs table and the User ACLs table. ACLs names must start with a letter and can consist of only letters and digits. To do this you need to add one or several Access Control Lists (ACL). Go to the Network section. You can add several rules. Click the Add button if you wish to add more servers to the list. The System ACLs are managed automatically and can not be edited. The DNS servers configured. Zone Transfer Time: maximum time allowed for inbound zone transfers. for the Internet COnnection will not be displayed there. This will be the Name Server(s) used to resolve external domains. This setting overrides any static or dynamic DNS settings configured for the WAN interface in the Internet Connection menu. If the DNS service is not running edgeBOX will use the DNS servers configured and displayed in the Internet Connection menu.3 Managing DNS ACLs This section tells you how to allow/deny clients the use of your server to perform DNS lookups. statically or dynamically.0 Help · One at a time: will place a single record in each message. Use the Move Up and Move Down buttons to change the order of the entries. if displayed. . · Max. You need to provide an ACL Name and a set of rules. Rule Type · Use an existing rule: choose from Critical Links. You can add and edit User ACLs. Click the New button in the User ACLs table. 4. If you change the Forward DNS Servers list and you have the DNS service running. edgeBOX will use these DNS servers for all external DNS queries. the Secondary DNS fields represented in the Internet Connection menu will automatically revert to the first and second entries in the Forward DNS Servers list. The Primary DNS and. DNS menu and click the Access Control List tab. · Many: will pack as many records as possible into a maximum sized message. because edgeBOX is actually not using them.52 edgeBOX 5. Forward DNS Servers This list contains the servers to which queries will be forwarded if the domains queried are not in the current list of domains. Query Cache Time: maximum time requests are cached internally. Inc.

. MX. you can add or remove existing IPaddress-to-name and name-toIPaddress mappings (the management of the domain database).11. Go to the Network section. Inc. the localhost rule is considered an advanced rule and should only be used in specific situations). That is.Access to this domain is unavailable for IP's/Networks in this list. VLANs and DMZ networks).4 Managing hosts on an existing domain During the process of creating a new Master domain or editing an existing one. · Deny . available choices are A. you can manage the hosts on that domain. when you create or edit a DNS domain. a rule for Allow. · localhost: for edgeBOX's system internal localhost interface (please be very careful when using this one. in the Permissions tab. DNS menu. Select an existing Master domain (the same applies when creating a new Master domain). SRV and TXT. the ACL will deny the DNS service to that host. For large DNS deployments. if some host verifies a rule for Deny and.Access to this domain is available for IP's/Networks in this list. CNAME. That is. Note: Deny takes precedence over allow. Critical Links. · localnets (your LAN. 4. you should use localnets instead. The current hosts list is presented. NS. Action · Allow . You can create new entries or manage existing ones. if you mean 'the hosts on my local network'. The first thing you need to do is to choose the Type of DNS record you're adding (this option is only available when creating new entries). · Use IP Address: here you specify the hosts for this rule by typing-in a Host IP Address or a Network IP/Netmask pair. · any: for any host. Click on the Hosts tab. referring to your LAN/VLAN or DMZ hosts. simultaneously. all ACLs created here are made available to you. · Record Type: select from the list.Network 53 · none: for no hosts. For each of the record types a different set of data is required: · A: the Host Name and it's IP Address. · external (for networks external to edgeBOX).

the Time-to-Live. Weight (PWP). when you don't have static IP configuration on the WAN side) and you still want to access your host from external networks by a name of your choice. Weight. Thus. Weight: A relative weight for records with the same priority.org or www.0 Help · MX: the Domain Name (you need only to enter the left-most part) and the Priority field.54 edgeBOX 5. It's common to set this value to several hours normally. · SRV: the Service. What is the purpose of the PWP ? PWP (Priority.no-ip. · NS: the Name Server (you need only to enter the left-most part).dyndns. · TXT: the Hostname. Port/Protocol. Port/Protocol): used when more servers are providing the same service. You can use one of the two supported dynamic DNS services: · · DynDNS No-IP To see details on how to setup and manage an account on these services. Used in load balancing. lower value means more preferred. the e-mail server with a priority of 5 will be tried first. Inc.12 Use Dynamic DNS Dynamic DNS is a usefull service when you don't have a fixed IP Address to connect to the Internet (that is. the Domain Name. Priority: the priority of the target host. · CNAME: the Alias name and the corresponding existing Domain Name. Priority. What is the Time-to-Live for ? The Time-to-Live (TTL) allows you to specify how frequently domain data may change. The longer TTL means faster resolution times because of caching. the Target Host. if one e-mail server is set as 5 and the other as 10. Critical Links. 4. Port: the TCP or UDP port on which the service is to be found. . the Time-to-Live for this entry and the Text Message specific for this kind of entry. consult www.org. How does the Priority field work ? The lower this number. but to push it down 5 minutes when changes to DNS are expected. the higher the priority. but also means the data may be stale for longer.

possibly. laptops and phones on your internal networks: LAN. A table with three tabs will be presented: · IP Address Ranges: the ranges displayed will be used by your DHCP server to assign IP addresses to computers or phones that request them. such as maximum lease time and host configuration variables. · Advanced Options: here you'll find several global options the server will comply to. Managing your DHCP server To get an overview of the current status and configurations point your browser to the Network section.org or myserver. Critical Links.dyndns. your DMZ. DNS sever(s) and other TCP/IP related informations. · When you have that. browse to the Network section and click the Dynamic DNS entry on the Related Topics (at the lower-left corner of the browser window)..: mybusiness.13 Using the DHCP service The DHCP Service assigns IP configurations to hosts. . a Netmask. VLANs and. This process is accomplished with the Dynamic Host Configuration Protocol . IP phones and other devices will request the assignment of an IP Address. · Hostname: this is the name that you created when you set up the account of the service. a Default Gateway. e. 4.Network 55 Enabling Dynamic DNS · You need to have an account on either one of those services. A new popup dialog will show you the current configuration status of your Dynamic DNS service. computers. · Username: type the username given to you by the provider. in order to be able to actively participate in the network they are attaching to. a specific host is identified by it's MAC address. What exactly is DHCP ? Usually on boot. · Fixed IP Addresses: this section shows you the IP addresses that are automatically assigned to one specific host or phone. DHCP menu. this way you can have static MAC-IP assignments. · Password: the password given to you by the provider..DHCP (to learn more visit Wikipedia DHCP). button if you wish to configure it: · Provider: choose your service provider.no-ip. Inc. type-in the FQDN (fully-qualified domain name. Click the Configure.org).g.

Delete a range Critical Links.0/255.2.56 edgeBOX 5.10.3. 4.local.168. thus forming the hostname sent.2. see an example If you have a DHCP range from 1.255. View details about the prefix · Example .100 because it fits into one of your internal networks (the DMZ in this case).3. 2.168.200 because they overlap. see an example Let's use the following reduced scenario for simplicity: your LAN segment is 10.2. it will be prepended to the last portion of the IP assigned. On the dialog window indicate the lower IP address of the range in the Start IP Address field.0/255.255.0 Help Related Topics: · DHCP Leases 4. this range would not be used at all.200.10 to 192.70.50 to 1.2. the DHCP service will assign it an available IP address from one of the existing ranges.103. then a host to which the IP address 192. Optionally.0/255.3.loc.168. will also receive 'mobile200.3.1. on the other hand you can define a DHCP range like 192.10 to 1.168.20 because you do not have an internal network compatible with this range.0. Indicate the higher IP address of the range in the End IP Address field.168. · For each IP address interval you can define a prefix.If you enter mobile as the prefix and the domain if your network is local. 3.200.70. you have an active VLAN on the 192.13.If you have edgeBOX e-mail server running and you want to have domains or hosts in the SMTP Relay list. .255.255. When a computer in the network requests an IP Address.0 segment and your DMZ is 192.255. type the Prefix.168.200 is assigned.200. · Each DHCP range created must completely fit into one of the currently configured internal networks (LAN. in the e-mail server's Access Control definitions.255. Click the New button below the Ranges list in the DHCP tab.100.168.100.0. · E-mail Server .loc' as hostname. you will not be able to add another from 1. then you must indicate a prefix. · You can create several IP address intervals as long as they don't overlap.1 Assign IP addresses using Ranges Here you can define ranges of IP Addresses that will be assigned dynamically. Create a new range To create a new range of IP Addresses: 1. Inc. you will not be able to add a DHCP range from 192.50 to 192. VLANs or DMZ).

Enter the device's MAC address in the corresponding afield. Each time that specific host or phone requests an IP address to connect to the network. Click the Delete button below the list.13. Create a new MAC-IP Rule To assign a specific IP address to a specific device: 1. Related Topics: · Assign IP addresses using MAC-IP rules · Overview the settings of the DHCP service · Configure DHCP advanced settings · DHCP Leases 4. Click the New button. Type-in the IP address you want for the device in the IP Address field. Network section. . Be careful when deleting DHCP ranges. Other failure situations are possible.Network 57 To delete a range of IP Addresses: 1. Select the desired range from the Ranges list. the server will provide the IP address you specify. 3. 3. to a computer. Click the Apply button to save the changes. Inc. the computers that receive IP addresses from that range may not be able to connect to your network the next time they are turned on.2 Assign IP addresses using MAC-IP rules The Fixed IP Addresses tab. 2. To find the MAC address of a computer you can use the ipconfig /all command in the command line of Windows systems or ifconfig in the command line of Linux systems. If you delete a DHCP range. Related Topics: · Assign IP addresses using Ranges · Overview the settings of the DHCP service · Configure DHCP advanced settings Critical Links. allows you to assign always the same. 2. specific IP address. DHCP menu.

for short) hosts. The Advanced Options are separated into: Lease Time The Lease Time is the length of time for which the host can use the IP Address assigned by the DHCP Service before he is required to request it again from the DHCP Service. · Maximum Lease Time: hosts usually simply ask for an IP Address and use it for the default lease time. button and specify them manually by entering data into the desired text fiels.. will be provided on any network zone to which the DHCP service is reachable. the default configuration is to provide edgeBOX's LAN IP address.. To change any of them just hit the Change. it determines the domain to which the host belongs when getting it's IP configuration. the DHCP service will assign the IP address for the requested duration if it is smaller than the max. . will only be provided to internal network (LAN. · Default Lease Time: is the default duration. and thus. otherwise the maximum time will be used. button and type in the desired value(s). · DNS Server(s): this/these are the DNS servers the host should query in order to resolve names. Related Topics: Critical Links. a host can use the given IP Address.0 Help · DHCP Leases 4. in seconds.58 edgeBOX 5.. · Domain: this is the network domain to be provided.3 Configure DHCP advanced settings The Advanced Options tab allows you to further refine your DNS server's configurations. Gateway and DNS These settings control the Gateway. DNS and Domain Name that will be provided to the network hosts as part of their IP configuration. Inc. will be provided only to LAN and DMZ (if enabled) hosts requesting dynamic IP configuration. by default this is edgeBOX's LAN IP address. by default edgeBOX will take on that task.13. click the Change. If you need to change these default settings. in the popup dialog. In those cases. · Gateway: determines the Default Gateway to be provided to the hosts requesting the dynamic IP configuration.. in other situations they can ask for a specific lease time.

. option to get a list of leases considered expired. . edgeBOX acts a Transparent Proxy Caching Server... 4.13.To field .and end . the host's MAC Address. button. Indicate cache exceptions Critical Links.. Hit the Save. Change the size of the Proxy Cache 1. The Ping Status column will show you if that specific IP Address is currently present on the network: select an entry from the list and click the Ping button to update this field. please navigate to the Network section. 2. in the Related Topics corner.4 DHCP Leases The DHCP Leases popup is available in the DHCP menu.From field . Click the Change. It makes the webpages your network users consult more frequently to be loaded quicker..dates of each lease. Inc. also minimizing WAN bandwidth usage This is made by saving parts of the webpages in the edgeBOX. To do this. the Device Name (if available). button and select a value between 128MB and 8192MB in the Cache Disc Size drop down list.Network 59 · Assign IP addresses using Ranges · Assign IP addresses using MAC-IP rules · Overview the settings of the DHCP service · DHCP Leases 4.. and the start . Click the View expired DHCP Leases. It shows you the current list of IP addresses assigned to each computer in your internal network. About edgeBOX's cache. Network section. Follow the Cache Websites link in the Related Topics corner.14 Manage the Webcache size and sites You can specify websites which you don't want to cache of (cache exceptions). It shows you the IP Address assigned.

2. You can stop the service if you don't want edgeBOX to cache any websites. Click the New button. This is. Click OK. To start caching websites again. Do not cache websites / stop the Proxy-Cache Service By default edgeBOX caches the websites your network workers visit. . You can indicate websites that you don't want the edgeBOX to cache. To indicate to the edgeBOX not to cache a website: 1. edgeBOX caches all websites. Security section. If you stop caching websites. edgeBOX will not be able to block access to websites you may have blocked or block access to websites containing words and expressions you may have blocked in the Website Restrictions options. this traffic is not cached by the edgeBOX. Type the IP address of the website that the edgeBOX must not cache in the window that will pop up. Please refer to that section for details: NAT and Port Forwarding.60 edgeBOX 5. the Proxy Cache service is by default running. 4. To stop edgeBOX's proxy cache click the Stop Service link at the top.15 Using NAT and Port Forwarding The usage of NAT and Port Forwarding. If you have Premium traffic defined in the QoS section. like websites that are very dynamic and their content changes constantly. You can also delete and edit these entries. Inc.0 Help By default. Critical Links. 3. being mostly Firewall related. click Start Service. is fully covered in the Security section. It may be useful for some specific websites.

just by applying both configurations. Therefore. that is. all traffic is somehow included in a user privilege. otherwise.Network 61 4. we would need to classify the service by creating a rule to assign an assured rate to every ESP and GRE packets.16 Using QoS The edgeBOX QoS (Quality of Service) consists of differentiating the network traffic resulting from the activity of services and/or users. maximum delay variation and maximum packet loss. Nevertheless. In this case. maximum delay. given by a Privilege. Inc. As the Diffserv nomenclature is very technical. The edgeBOX provides a set of CoS according to the Diffserv model. On the other hand. Service classification 2. User Privileges 3. In this case. These two approaches have different purposes. Classification based on the packet DSCP mark Classification based on the DSCP mark will only be used when the authentication is turned off because. A CoS is deployed by a internal mechanism which shapes the network traffic in order to meet a set of expectations such as the minimum rate. . we may want both the scenarios. The order of packet classification is the following: 1. we just need to select an appropriate traffic profile and assign it to the users' Privilege. Moreover. service traffic differentiation requires service classification configuration. It is also important to keep in mind that service classification is always processed in the first place. we may not be concerned with a service in particular and we may just want to be able to grant Internet access to a certain group of users even if the network is overloaded. On the one hand. user traffic is much easier to configure as it only involves assigning a traffic behavior to a group of users. the edgeBOX provides the following CoS: CoS Olympic CoS Diffserv DSCP (hexadecimal) ToS (hexadecimal) Maximum Percentage Rate Critical Links. Classes of Service The differentiated traffic behavior is given by CoS (Classes of Service). Let's consider that we want to be able to use an IPSec tunnel no mater how much congested the network is. we chose to use a more user friendly one called Olympic. The process of service and user QoS configuration is different both in the concept itself and the difficulty to accomplish. This is possible. the IPSec tunnel and the users' Internet access when the network is congested. information about how the service packets may be recognized among all others on the network.

Therefore. 0x70. 0x30. 0xe 0x28. 0x78 0xb8 Only the Premium class is configurable and cannot be classified directly neither by the users or by the services. The CoS provided for inbound and outbound traffic are not exactly the same. . then it will not use this hidden pipe anymore and will use the Gold for every VoIP packets class instead. Starting and Stopping QoS The QoS Service can be started and stopped on the service bar at the top of the QoS menu. VoIP QoS VoIP traffic classification is handled internally as a pipe. 0x14. for inbound traffic classification. 0x16 0x48. In this context. Furthermore. AF33 EF 0x1a. 0x1e 0x2e 0x68. AF32. only two of those classes are provided: BE and Premium. is a user defined traffic profile. However. there is an exception: if the VoIP QoS is set to 0. although premium has no pipes it can be classified directly. 0x50. AF22. 0x1c.WAN and DMZ (if available). VoIP audio (RTP) packets are classified as Premium and signaling (SIP. it is possible to decide whether to apply or not QoS on each interface . 0x38 Silver AF21. AF12. Thus a pipe. inheriting the Premium configuration except for the rate.0 Help BE DF 0x0 0x0 10% of non premium rate 20% of non premium rate 30% of non premium rate 40% of non premium rate User defined Bronze AF11. Inc. that is. Related Topics: · Privileges Critical Links. Actually.62 edgeBOX 5. 0xb. 0x58 Gold Premium AF31. that is. The only configuration required is setting the VoIP assured rate. The purpose of this class is to be used to build a set of high priority subclasses called pipes. rate is to be set by the user. AF23 0x12. Network section. IAX) is classified as Gold. AF13 0xa. the premium class cannot be assigned but pipes can.

packets will be classified and marked according to the Diffserv architecture.. Inc.. button opens another window with the advanced upload QoS settings. These settings consist of the following: · Mark DSCP: by checking this. Network section. · Premium Assured Percentage: sets the maximum percentage of the upload bandwidth assigned to the Premium CoS. this can be used to limit the upload rate for all the upload traffic. Critical Links. It includes: · the pipe's Name. enable this feature only if you have an SLA (Service Level Agreement) with your ISP. Otherwise unused Premium bandwidth will always stay unused. · VoIP Assured Percentage: sets the percentage of upload Premium bandwidth to be used for VoIP traffic. .1 QoS Upload configuration To set QoS upload configurations for the Internet (the same applies for the DMZ.Network 63 · Internet Traffic · DMZ Traffic 4..16.. button in the QoS menu. Advanced QoS Upload Configuration The Advanced Configuration. A new window with the QoS upload properties will be presented including the following parameters: · Maximum Rate: sets the maximum upload rate. · Pipes Management: by clicking on the New (or Edit) button a window will be presented with the Pipe configuration. · Allow other classes to borrow unused Premium bandwidth: selecting the option means that the Premium CoS will borrow bandwidth whenever it is requested by another CoS and if that premium bandwidth is not being used. if available) just hit the corresponding Change. · the Percentage of Premium assured rate assigned to the pipe.

Single IP Address or IP Address Range. LOCAL->DMZ..16. LOCAL->WAN. if supported. accepted values are TCP. The parameters which may be used in service configuration are the following: · Traffic Direction: sets the direction of the packet. accepted values are LAN->WAN. a port-range or a set of ports and port-ranges. just click the corresponding Change. options are options are Any IP Address. · Service Class: sets the CoS which will be assigned to the service. there are three packet classification strategies: · based on the service. Single IP Address or IP Address Range. · Destination Ports: sets the destination ports. WAN->LAN. Critical Links. It was also mentioned that the first has higher priority and it is always applied in the first place.16. edit or remove QoS service classification rules option. options are Any IP Address. QoS menu by clicking the Create. Download configuration includes the following parameters: · Maximum Rate: maximum download rate. button in the QoS menu. WAN->LOCAL. The service configuration panel is accessed in the Network section. · Source Address: sets the source IP address(es).2 QoS Download configurations To set the QoS download configurations for the Internet or the DMZ. Network section. Inc. DMZ>LOCAL (LOCAL referrers to packets going from or coming to the edgeBOX itself). GRE or ESP.0 Help 4. The available options depends on the traffic direction and on the pipes created.64 edgeBOX 5. UDP. · Protocol: protocol of IP packet. · based on the user privilege and · based on the packet DSCP field. Remember that there are only two classes in inbound (Best Effort and Premium) and no pipes. · Source Ports: sets the source ports. it accepts a single port. LAN>DMZ.3 Service Classification As mentioned before in this section of the manual. · Destination Address: sets the destination IP address(es). This parameter it's only visible for TCP and UDP protocols. a port-range or a set of ports and port-ranges. · Premium Assured Rate: percentage of the maximum download rate that will be used for the Premium CoS. .. 4. DMZ->LAN. it accepts a single port. This parameter it's only visible for TCP and UDP protocols.

In this case. 4. setting rule 2 priority higher than rule 1. the DMZ Traffic popup can identically be reached in the Related Topics. Network section. with the exception of port 22. rule 2 will never been reached because. upper corner panels show you the inbound and outbound current bandwidth usage and the current QoS Maximum Rate in Kbps: as example 235 Kbps of 20000 Kbps. will have a completely different result. Critical Links. DMZ menu. but each for it's corresponding network zone: Internet zone (WAN) or DMZ zone. to port 22.4 Internet and DMZ QoS statistics The Internet Traffic and DMZ Traffic popups are available in the QoS menu. Inc. let's consider the following two rules on the following order of priority: 1. port 22 is included in the port-range specified on rule 1 and as rule 1 has higher priority than rule 2. Security section. Only rule 1 will be used to classify these packets. from any IP address. specifying service classification rules demands special attention to these issues. classified as upGold. in the Related Topics corner. from 20 to 100. Similarly. These panels allow you to view traffic control statistics for the Internet Connection and for the DMZ interface. . inverting the priority. All TCP packets from LAN to WAN. the Internet Traffic popup can also be reached in the Related Topics corner of the Internet Connection menu in the Network section. from any IP address. On the other hand. Data is calculated for a period of 15 minutes using values that are collected every 2 minutes. All TCP packets from LAN to WAN. classified as upBE.Network 65 Service Rules Priority There may be conflicts between service classification rules. that is. to any IP address. 2. left and right. · Transmitted bytes: total transmitted bytes. In other words. Both display the same kind of information. to the port range 20-100. In this case. will be classified as BE. form any port. to any IP address. Therefore. For example. of course. is subsumed by rule 1. packets destined to port 22 will be classified as Gold and packets destined to the other ports. Upload Bandwidth and Download Bandwidth · the two.16. For convenience. Rules priority is changed by selecting a rule and clicking the Up and Down buttons on the toolbar. form any port.

Dropped Packets. Transmited Packets. · Dropped packets: total dropped packets. Inc. Silver. Dropped Packets. Transmited Packets. You can use the Reset button to bring all values to zero and restart statistics. Upload Bandwidth per class For each of Premium.0 Help · Transmitted packets: total transmitted packets.66 edgeBOX 5. Gold. Transmitted Bytes. Critical Links. Transmitted Bytes. Download Bandwidth per class For each of Premium and Default (BE) QoS traffic classes displays the same four values: Bandwidth Used. . Bronze and Default (BE) QoS traffic classes displays the same four values: Bandwidth Used.

1 IPSec IPSec VPNs are especially suited for establishing tunnels between two private networks over the Internet. using an available link through an unsafe network. edgeBOX currently supports three options for enabling VPN connections: · IPSec · PPTP · L2TP 5. Nevertheless edgeBOX also supports the RoadWarrior type. .VPN 67 5 VPN This section allows you to review and change VPN configurations · · · IPSec PPTP L2TP A Virtual Private Network (VPN) provides the means by which two private protected networks. can be made to communicate and interoperate. which is best suited for remote users to connect to a protected network. Inc. Critical Links. such as the public Internet. connecting them securely. thus providing safe connectivity for remote sites or users. This kind of IPSec VPNs is referred to as Net to Net IPSec. or a user and a private network. This is accomplished by the usage of authentication and encryption techniques which assure privacy and security form one end to the other.

IPSec Routes edgeBOX automatically generates and manages IP routing details necessary for the correct manipulation of IPSec traffic between the two tunnel endpoints.0 Help Net to Net IPSec VPN connecting two private networks To review or manage your IPSec tunnels. If that is not the case. Inc. Stop and refresh the Status of each tunnel. their details and their respective status. .68 edgeBOX 5. architecturally. Please note that the Status function's correct operation is. navigate to the IPSec menu in the VPN section. limited to situations where the edgeBOX have an interface directly connected to the tunnel local network. These routes are distinguished with a specific 'IPSec' identifier in the Device column of the System Routes panel in the the Network Critical Links. To Start or Stop the IPSec function globally you can use the usual Start Service and Stop Service options at the top of the menu. in the service status bar. you will need to choose among two kinds of IPSec: Net to Net and RoadWarrior. For tunnels that are running you can select the entry and right-click it with the mouse. You'll get access to a context menu with an option named View that allows you to view current details of the running tunnel. An overview is presented with a list of configured tunnels. the Status function will not produce a correct tunnel status information. Edit and Delete) you can also Start. The Configured Tunnels table shows you several details about each tunnel: · Name: the tunnel's name · Gateway: the tunnel's gateway IP address or the RoadWarrior indication · Networks: the two network endpoints · Status: the current operational status of each tunnel. To create a new IPSec tunnel. All other options are also available. Please note that the IPSec service can not be started if the WAN interface is not configured. In addition to the usual management operations (New.

255.255. could be your local LAN (ex. Depending on the type of VPN tunnel.100.Net to Net or RoadWarrior . If you need to review them or change them. RoadWarrior specific: · Remote Hosts: any or a specific host. 192.168.255.0/255. 192.0/255.1 General After clicking New and choosing the type of IPSec . · Shared Key: both local and remote ends of the tunnel must have the same key to initiate encryption. a number of networking and security related parameters are automatically set for you.you can configure several details for the tunnel: General Tab: The general tab allows you to configure a VPN tunnel with a minimum of information. That is. go to the Advanced Tab.0). the PSK should be generated from purely random characters.168.VPN 69 section. this key is the pre-shared secret (PSK). Critical Links. Net to Net specific: · Remote Network: IP Address and Netmask specifying the IP segment on the "remote" side of the tunnel (as will be "seen" locally). · Gateway: the IP Address of the IPSec server this tunnel is to be established to. Related Topics: · Routes 5.1.255.101.0) or any of your VLANs (ex. you should provide: · Tunnel Name: a name by which to identify this tunnel · Local Network: IP Address and Netmask specifying the internal segment on the "local" side of the tunnel. Inc. .

· Agressive Mode: Enables faster tunnel creation/operation as fewer messages are exchanged between peers. avoiding aggressive mode should be preferred when possible. usually set to on. The defaut values are: Proposals · Phase One · Encryption: Options are 3DES or AES (128 bit encryption) · Authentication: MD5 or SHA1 · SA Lifetime: 8 hours to 24 hours · DH Group: Options are Group2 (1024bit) or Group5 (1536bit) · Phase Two · Encryption: Options are 3DES or AES (128 bit encryption) · Authentication: MD5 or SHA1 · SA Lifetime: 1 hour to 8 hours · DH Group: Options are Group2 (1024bit) or Group5 (1536bit) · Perfect Forward Secrecy: provides additional security by preserving the security of your old encrypted data even with the private key compromised. a specific Configure.1.. but exposes identities of the peers to potential eavesdropping. . button exists in each of the four configurable sections.1. a FQDN or an e-mail address. Inc. Critical Links. generally speaking..0 Help 5. This tab shows you an overview of your current options. alternatively an IP Address. making it less secure. alternatively an IP Address. a FQDN or an e-mail address.70 edgeBOX 5. Please note: edgeBOX supports only AES-128. To let you fine tune them.. ID Information · Local ID: default local ID (IP Address) or. · Remote ID: default local ID (IP Address) or.1 Advanced You'll find all IPSec Advanced configurations in the Advanced Tab.

· Connected Users: a table where each connected user is listed as well as the IP address of the Critical Links.. 5.. PPTP tunnel connecting a host to a private network In the PPTP menu. you can grant or revoke access to services running on the edgeBOX for hosts in the remote network. VPN section.VPN 71 Tunnel Access Control · Incoming Access: list or rules specifying whether your hosts are. A short overview is provided: · Remote Users are authenticated by the: local authentication service or remote RADIUS server · IP Addresses are dynamically assigned between . you can review and change your PPTP configuration.2 PPTP PPTP is used to establish VPN tunnels across the Internet. Inc. by default all hosts in the network will be able to use the tunnel. Allowed Services · this add/remove service list provides the means by which edgeBOX services allowed/denied through the tunnel.. · Outgoing Access: list of rules blocking access of your hosts to the remote network. visible to remote hosts over the tunnel. This allows remote users to access the internal network from anywhere on the Internet. .. or aren't. and .

. This is because it makes more sense to access the internet via your local network. such as RADIUS user creation. button to edit these settings. Please review that option if you loose access to the Internet.2. · Authenticate the remote users using a remote RADIUS server: type the IP Address. No additional configuration is needed. The address range should not overlap the DHCP range. Access to PPTP is one of those features. You should keep in mind that edgeBOX manages all users permissions around the concept of Privileges. you will not be able to access the Internet via the PPTP connection. which reduces edgeBOX traffic and encryption overheads. You'll need to specify configurations for: User Authentication · Authenticate the remote users using the local authentication service: selecting this option means that the authentication will be performed by edgeBOX. Critical Links. Inc.0 Help client machine from where the connection was established. Click the Change..72 edgeBOX 5.. . nor should any static IP addresses in this range be defined.is or is not allowed to do it depends solely on the Privileges defined for that user.1 PPTP Properties To change the PPTP properties. The process by which edgeBOX determines if a given user .trying to establish a PPTP connection . When using PPTP with the (local PC) default remote gateway option checked (connection TCP/ IP options). IP Address Assignment These two fields allow you to set the IP address range which will be assigned to clients connecting through PPTP. go to the VPN section PPTP menu and click Change. the Port and Password for the RADIUS server.. and the time at which the connection was established. Authorization for PPTP VPN use is configured in the User Management panel. Related Topics: · Privileges 5..

which is the password for the Critical Links. Else.3 L2TP Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used by Internet service providers to enable the operation of a virtual private network (VPN) over the Internet. the privileges the user has are related to the access profile the user belongs to. L2TP menu. Please provide: · Server IP: IP address of server · Username: Username on the server used for authentication · Password: Password on the server used for authentication. A quick overview is provided stating the current tunnel status. If you need to configure L2TP go to the VPN section. then all the process is made in the Remote Server. Access Privileges using remote RADIUS authentication If you want PPTP users to authenticate in a remote RADIUS server instead of the edgeBOX. with access to the network services based on the profile policies he belongs to. edgeBOX verifies the access rules defined on the profile of the user to determine access to the LAN and VLANs. Inc. ..VPN 73 Please read on.. If the profile of the user has the Allow full access to LAN from PPTP connections option switched on then the user will have access to the LAN as if he was a regular LAN user. Related Topics: · Privileges 5. the user will have no access privileges at all besides the specific access rules defined in the Access Profile's Destination Access Policies list. so you don't need to create the users in the edgeBOX. Access Priviliges using Local Authentication When a user accesses the network using a PPTP connection. PPTP users that authenticate in a remote RADIUS server will always belong to the 'Default' access profile as it is impossible for the edgeBOX to know who they are. button. Click the Change.

Inc. Note: L2TP is not encrypted but simply allows the tunnel connectivity.0 Help above username · PSK: Pre-Shared secret key (must match the one on the server) · Keep Connection Alive: Polls the server to maintain the connection At the end make sure the L2TP service is running. . Critical Links.74 edgeBOX 5. Encryption/Privacy should be provided by higher protocol layers and/or applications.

prevents internal users from accessing edgeBOX's ftp service but still allows users to ftp. Enabling or disabling a service. There you can: · Apply Firewall settings for connections coming from the Internet and the DMZ · Adjust firewall blocking rules for Internal Connections · Fine tune your Firewall using Advanced Firewall Rules If you do not activate the Firewall service edgeBOX will be working in pure router mode – all services will be available. your network services and your users. ftp. to outside servers. If you wish to block user's connections to other servers besides edgeBOX then you should look at the user Privileges section. Related Topics: · Services Critical Links. Inc. allows or blocks access to that service on the edgeBOX. for example.Security 75 6 Security This section allows you to review and change Security related settings such as: · · · · · · Firewall: WAN and DMZ service access. SPI NAT and Port-Forward Website Access Restrictions Anti Virus Engines Shared Folders Scanning Mail Scanner 6. Go to the Firewall menu in the Security section. Internal Connections. Blocking. through the firewall. Advanced Firewall. .1 Firewall Configuring the Firewall is an important aspect in the global security of your network.

Click Save.1.. if the SNMP service is listed you need to remove it from the list (if not listed you're done here)...0 Help · Privileges 6. button.1 Securing the Internet and DMZ links The operation of your Firewall can be managed in the Security section. or · DMZ Network. 6. Inc. button and select the Internet tab. . A new dialog window will popup.2 Securing Internal Connections Clicking Internal Connections. Click it and click the Remove button. To add or remove a service from these lists click the Change. This panel allows you to review and manage your Firewall configuration. any connections coming from the Internet to the SNMP service are unallowed. The interface is similar.. Press Save in the end. Firewall menu. That's it: starting now.. See an example: If you wish to block any connections to your SNMP agent that originate in the Internet..76 edgeBOX 5. This menu shows you two horizontal panels: · Connections allowed coming from the Internet: connections originating in the Internet directed at edgeBOX will be allowed if listed.1. you gain access to a configuration panel that allows you to specify edgeBOX services that can not be accessed from the LAN and VLANs. In this new dialog please select the sub-panel you wish: · Internet (WAN). Then. the Firewall service is running and most services are forbidden from the outside: only Webadmin (https management) and Ping are allowed. Just Add and Remove items from the list. Please note that the services you add to this list will be unreachable from the LAN and VLANs (in the Internet and DMZ panel the rule logic was the oposite: to allow connections. and use the Add and Remove buttons to edit the allowed services list according to your needs (note that managing the firewall is only allowed if the service is running). · Connections allowed coming from the DMZ: connections originating in the DMZ directed at edgeBOX will be allowed if listed. By default. You need to press the Change. here the rule is "services added here are unallowed"). after installation. Critical Links.

Check the Use Advanced Firewall Rules option to activate the rules panel.. Now you need to add or edit rules. existing rules.. rules and Edit.. (blocking) list will be blocked to the LAN and VLAN users. a wizard-like sequence of dialogs will guide you through the creation/edition of your advanced firewall rules: Critical Links..1.. You can have distinct a Default Rule and a diferent SPI setting for each traffic direction. no matter what configurations you might add somewhere else. Inc. you can explicitly allow/ deny incoming/outgoing traffic based on the source. · Default Rule: click Allow or Deny to determine the default rule to be applied when no rule matches (a Red/Green icon will toggle indicating the current default rule). how can it be usefull for me ? A Statefull firewall raises the level of network security obtained because only packets matching a known connection state will be allowed by the firewall. Rules You can create New. or Delete. others will be rejected. For each rule. But if that is the case you can use the Advanced Rules.. You need to keep in mind that edgeBOX supports extensive mechanisms for granting and controlling Users and their Privileges. Using this.. link in the Network -> Firewall menu. · Stateful Packet Inspection: keep track of the state of incoming/outgoing network connections (analyse packets in packet context and in connection context). How do I fine tune and manage connections that originate in the internal network ? This is an important topic when configuring your edgeBOX. Configure: · Inbound Rules / Outbound Rules: to manage rules in each traffic direction.Security 77 Services added to the Internal Connections...3 Using Advanced Firewall Rules In most situations you should not need to add extra firewall rules. Even if you don't activate the User Authentication service you can manage which services your users have access to. Please refer to the Users section for detailed information. to learn more see Wikipedia Stateful Firewall. . The order by which rules will be verified can be changed with the Up and Down buttons.. This is actually an increase in network security because you increase the ability of the firewall to determine if a packet is or is not supposed to be allowed in. destination and protocol. 6.

So edgeBOX's default behaviour is not to block routing of incoming or outgoing packets based on the nature . Device (connections that originate in a specific IP Address). Step 3 Name nosmtp123. Private Network Routing.of WAN segment. menu.0 Help Step 1: Action and connection type · Allow/Block connections: choose if this rule is to Allow something or to Deny something. · To location: Any. Due to the fact that edgeBOX is designed to operate in a variety of network configurations. Step 2: Source and destination · From location: Any (connections that originate anywhere). as specified by an IP Address and a Netmask) and edgeBOX (connections originating in edgeBOX it self). routing information about private networks shall not be propagated on inter-enterprise links. Network. · Connection Type: All. Device.255. Inc. UDP (same as TCP) and ICMP.0/24 from sending any kind of e-mail through SMTP..2.0.78 edgeBOX 5. Critical Links. Step 3: Name and Summary · Name: a suggestive name for this rule. 22. and packets with private source or destination addresses should not be forwarded across such links". an overview of the rule. Step 2 From Network 1.2. Step 2 From: Any To: Device (that specific host IP Address).public or private . · Summary: at the end. you might wish to deny any kind of access to a specific host: Step 1 you'dd need to Block All. 80. RFC 1918 determines that "because private addresses have no global meaning. TCP (you can choose All destination ports or specify individual ports or even port ranges like 21. Step 3 name it forbidden... . This is how you'dd do it: Step 1 Block TCP port 25..3. If you need to implement such behaviour you should add specific firewall rules in the Advanced Rules.3. 500-600). Show me an example Lets imagine you need to prevent all computers from IP segment 1.0/255. edgeBOX (connections directed at this edgeBOX it self). Network (connections that originate in a specific segment.255. On the other hand. edgeBOX can have it's WAN interface attached to a public or private IP segment. To Any.

this range will be a public range. Inc. The rules are shown in a table which can be modified with the following options: New. A new DMZ rule is set up this way: · Destination IP: The host/range to which access will be granted. Edit and Delete. Make sure you configure an appropriate address range for the DMZ interface. a Corporate internal network) and an untrusted external network (such as the Internet).2 Setting up a DMZ A DMZ is a small sub-network that sits between a trusted internal network (for example. Next.. is being appropriately routed to edgeBOX.. DNS servers. and so your ISP must provide routing to it). via appropriate rules. · Port: If you select this option. you will have to explicitly grant access to hosts residing in it. e-mail servers). This kind of network is used as a buffer between the two networks: hosts placed in this network are accessible either from trusted and untrusted networks. we will show the options available for configuring a DMZ. To: if you select this option. you will need to specify the single port to which access will be granted. this kind of networks is used to house Internet servers (web servers. Choices available are TCP. . After checking this option you will need to create rules to grant access to hosts residing in this subnetwork. · Netmask: The netmask to be used. As usual you can start and stop the service on top. UDP. · From. Although this address space is accessible from the external network. but cannot access the trusted network. ICMP and ALL. This interface is configured with an IP address range accessible from the external network (in case the external network is the Internet. Enabling your DMZ Go to the DMZ menu in the Security section. Related Topics: · DMZ Traffic Critical Links. and that traffic with this subnetwork as its destination. you may specify a port range to which access will be granted · Protocol: The specific protocol to which access will be granted.Security 79 6. Usually.

. Type the IP address and the Netmask of the network for wich you want to have NAT working (most likely it's one of your internal networks. What is Port Forwarding? Critical Links. You can use Port Forwarding from the Internet (WAN interface) to your local network or from the DMZ to you local network. With NAT.10. in the Security section.4 Using Port Forwarding You can find edgeBOX's Port Forwarding functionality in the Port Forwarding table of the NAT menu. Inc. LAN or VLAN) 3. Show me an example. Security section.80 edgeBOX 5. by NAT'ing their IP addresses on the WAN segment.10. .255. you are able to use private addresses in your internal network. it is already configured for the LAN and for each of the VLANs.0/255. Click the New button and a dialog window will appear 2. without needed to configure anything. Also. If you use 10.. All requests made from internal hosts are seen by the external networks as being made by edgeBOX which then translates back the response packets' destination addresses to the originating internal host NAT is by default enabled on the edgeBOX.x IP segment to have access to the Internet or any other external network accessible through the WAN interface.10.3 Enabling NAT for the private networks In the NAT menu.0 Help 6. So you can connect to outer networks from the computers of your network immediately. Configure NAT on an internal network To configure NAT on an internal network: 1. by default.0 for Network IP/Netmask and WAN for the Interface. you can view and change NAT settings for your network.10. so that the computers can connect to outer networks like the Internet and have access to several services. Use the Drop-Down list to select the interface used to reach the network you just indicated. What is NAT ? NAT (Network Address Translation) translates the private IP addresses of computers in your internal networks to a single public IP address. 6.255. you are actually providing the means for the hosts on the 10.

Security 81 Port forwarding allows remote computers (e. Inc. Note: The web filtering service only blocks words in URL and domains in HTTP (port 80) traffic. · Single Port: to indicate the internal port. Add a port/service to Port Forward To make one or more internal services available to external networks click the New button to create a new entry in the Port Forwarding table. · Range of Ports: to indicate the start and end ports of the Range of external ports. · Internal Settings · Internal IP:address (in your local network) of the computer that is running the service you want to make available. where the traffic will be forwarded to. you can make a service run on an internal host visible to the outside world. like a web service or an e-mail service. . Filtering can be performed on either domain names or by checking URLs for certain keywords. public machines on the Internet) to transparently connect to a specific computer within your private networks so they can use services that your computer shares. Website Restrictions Critical Links. This is because Premium bandwidth HTTP traffic bypasses edgeBOX's Proxy. HTTPS and FTP traffic can not be checked. from that IP address. as if it was running on edgeBOX itself. To configure this service just point your browser to the Security section.5 Website Access Restrictions The edgeBOX provides a web page filtering service that can be used to block access to web sites. Also. A new dialog will appear. 6. alsonote that HTTP traffic that is configured to use Premium bandwidth cannot be blocked. With port forwarding. HTTP traffic that has QoS rules defined in the QoS Services panel cannot be blocked either. Please specify: · Interface: choose the interface where you want to make the port forward available ( WAN or DMZ). · Range of Ports: to use the same range of ports that was chosen in External Settings (this option is only available if you have selected Range of Ports in External Settings). · External Settings · Single Port: to indicate the external Port visible in the interface chosen or.g.

/](dog|cat) [-.com/help'. ./]dog[-. Critical Links.bat When adding a domain to the file.example.com'./] [-.net) Blocks domains containing the word dog (eg www.com' as well as 'new.5.verbad. or can contain regex expressions To find out more information about Regex exprssions./] *\.regular-expressions.example.example.mylocal. for example.com' or 'old. if you specify test. A domain preceded by a dot will match that domain and all subdomains. For example '.com/getit. visit: http://www.com) Blocks domains containing the word dog or cat (eg www.bad.net (eg www.catty.1 Domains File Format The format of the uploaded file is one entry per line. com'.net [-.net or https://www. www.pt) Note: There is no space before or after the | character Blocks. Each line in the file may be a domain to deny.exe or www. Inc.0 Help menu.com' and 'test.school.ttdoggy.pt/download/file. the following rules apply: A single domain will match all urls under that domain and is case-insensitive As an example. button you should choose the type of file you are uploading: · Domains list to be denied · Words-in-URL list to be denied After uploading any file you should enable/disable their usage by clicking the Enable/Disable buttons according to your needs.82 edgeBOX 5. it will match 'test. 6.(exe|bat) Block anything.. Clicking the New.info Some one-line examples for the domain file are: .com' will match 'example..

2 Words in URL File Format The format of the uploaded file is one entry per line.com and www. . When adding a word to the file. Select the desired Anti Virus engine and hit the Install or Update button. Click Change. and specify: Schedule Critical Links. the following rules apply: A single word will match all urls which contain that word. The rest of the task will be automatic. navigate to the Security section.5. support is available for three Anti Virus engines. It matches the second URL as it contains ToGoOver.Security 83 6. it will match 'google. either completely or as a substring. edgeBOX is not shipped with the Sophos or the McAfee Anti Virus engines installed. Inc.7 Scanning Shared Folders for viruses The Shared Folders Scanning menu in the Security section allows you to configure the shares scanner.pt/ToGoOver/help. McAfee and ClamAV. A summary of the configuration is displayed.. Currently the supported Anti Virus engines are: Sophos. Sophos. click the Mail Scanner menu. The Install dialog will require you to select the appropriate file from your computer. Related Topics: · E-Mail server 6. As an example. and then click the Anti Virus Engines link.myinfo.6 Install and Manage Anti Virus Engines Currently. as both URL's contain the word goo. if you specify 'goo'. McAfee and Clamav. 6. which contains the word GoO (recall that the word lists are not case sensitive). so you will have to buy the appropriate number of licenses to use and upload them to edgeBOX.. in the Related Topics list. To perform the installation and configuration of Anti Virus engines and update their IDE files.

84 edgeBOX 5. Just send me an e-mail notification Related Topics: · Anti Virus Engines · Windows Shared Folders 6. Inc..0 Help · Scan every day at: choose the time of day for the operation. McAfee or ClamAV (Sophos and McAfee engines are not shipped with edgeBOX. . button. so these choices are not available from the dropdown. please specify: · Anti Virus engine: choose one form the list · Notify sender: for the sender of the message to be notified · Notify to the specified e-mail address: and type an e-mail address. unless they are installed) · Also scan files when they are placed inside the shared folders (this option is only available for ClamAV).. Actions · Delete infected files found · Delete infected files and send me an e-mail notification · Don't delete infected files... · using: the Virus Scanning package to use. possible choices are Sophos. Click the Configure. Click the Anti Virus tab.8 Scanning E-Mail for Viruses In the Security section you'll find the Mail Scanner configuration menu. Basic Configuration Please select whether or not e-mail should be scanned for viruses. Advanced Configuration To access further Anti Virus operation details click the Advanced Configuration. button: · Messages: special options for detecting types of messages or scanning based on message Critical Links. If so.

decide to Forward the message(s).enable the conversion of Iframe and Object codebase tags into plain text. This is a good alternative to disallowing or leaving them untouched. to Delete it or to View Attachments. at this point.1 Messages Message characteristics · Allow partial messages . Quarantine If any e-mails were placed in quarantine you can inspect the by clicking View Quarantine. It will be up to the e-mail client to fetch the message body later. to Unblock it.allow messages where the body is stored in a remote server and not in the actual message. · Allow form tags . There is also a filter for faster search.allow messages that contain only a fraction of the attachments. As the scan is not performed on the whole message but on its fragments. MailScanner never scans the message body so it may allow viruses into your network.Security 85 characteristics.allow messages to carry Form tags. Setting this option is very dangerous as viruses may go undetected. · Convert dangerous HTML to text . Critical Links. · Allow external message bodies . · Allow iframe tags .allow messages to carry Object codebase tags. Inc. .allow messages to carry Iframe tags. You can. it will not be done properly. · Actions: for finer grained configuration of actions to be performed in case a virus is found. See more.8. This will give you access to the list of infected e-mail messages and their details. · Allow object codebase tags . Related Topics: · Install and Manage Anti Virus Engines · Administrator e-mail address · System E-mail aliases · E-Mail Server 6. Setting this option is particularly dangerous.

You can expand and browse through the folders to find the e-mails. If you select an e-mail. .86 edgeBOX 5.0 Help · Convert HTML to text .mark every message that is not scanned by MailScanner.DAT file. · Block encrypted messages . even if the addresses were chosen at random by the infected PC and did not correspond to anything a user intended to send. · Deliver unparsable TNEF .messages that originally contained a silent virus are still delivered. 6. If you expand an e-mail you will be able to see the sender and the receiver of the mail.enable blocking of encrypted messages.allow the delivery of Rich Text Format attachments produced by some versions of Microsoft Outlook that cannot be completely decoded at present.If you check this option MailScanner will mark every infected message and every message that. for some reason had its attachments removed. · Include warning as attachment . Inc. · Mark infected messages . · Block unencrypted messages .8. The e-mails are grouped by date inside folders in the list on the left. · Mark unscanned messages . · Expand TNEF . 6. If you don’t check this option then the filenames within the TNEF attachments will not be checked. If this option is not selected then the warnings will simply be included as inline text. · Sign clean messages . its attachments appear on the list on the right.3 Quarantine View the incoming or outgoing e-mails that are put under quarantine (blocked) by edgeBOX because they may contain files with virus.2 Actions Possible Actions: · Deliver disinfected messages .make MailScanner sign every clean message processed. · Quarantine infections .enable the conversion of all HTML tags into plain text.enable blocking of unencrypted messages.include warnings for dangerous or infected attachments will as an attachment. · Deliver silent viruses .enable expanding of TNEF attachments that are joined in one WINMAIL.infected attached documents are automatically disinfected and sent to the original recipients. Unblock a quarantined e-mail Critical Links.infected or dangerous attachments are stored in directories created under the quarantine directory.8.

2.Security 87 To remove a blocked e-mail from quarantine and deliver it to its intended receiver: 1. The e-mail will be sent to its original receiver. involves nearly identical messages sent to numerous recipients by e-mail. "UCE" refers specifically to unsolicited commercial e-mail. Forward an e-mail to another person If you want to send a blocked e-mail to a different person than its original receiver: 1. Please choose if messages will or will not be filtered for SPAM.. You can also make operations to the attachments of the e-mails. Select the e-mail to delete from the e-mails list. 3. . Inc. This is particularly useful to remove virus from the e-mails without deleting the e-mail. Make sure you remove all infected files of an e-mail before you unblock it. In the Security section you'll find the Mail Scanner configuration menu. also known as junk e-mail. Select the e-mail from the e-mails list. then specify: · Also log spam-related events: this will make spam related activity to show up in the logs. Definitions of spam usually include the aspects that e-mail is unsolicited and sent in bulk. If so. Click the Unblock and then the Apply button. Click Forward. Delete all attachments with viruses. A dialog window will appear. Delete an e-mail 1. · When spam is found: · · Deliver: The message is delivered to the recipient as normal. 2.. button. This way you can remove the files that are infected and then still deliver the e-mail to the receiver. Critical Links. 4. Spam usually confuses and annoys e-mail users. A common synonym for spam is unsolicited bulk e-mail (UBE). What is spam ? E-mail spam. 2. Click the Configure.9 Scanning E-Mail for SPAM E-mail can also be scanned for spam. 6. Click the Anti-Spam tab. Click OK and then Apply to forward the e-mail. Select the e-mail to unblock from the e-mails list. Delete: The message is silently discarded. Click the Delete and then the Apply button. Type in the e-mail address of the person you want to forward the e-mail to. A short summary is presented.

· RBL servers: this feature allows you to have a anti-spam protection based on existing spammers' databases (The Realtime Blackhole List . contains lists of internet servers that are considered to SPAMers or abusers. or DNSBL. After checking this option you will have to provide hosts serving these lists.org and bl. See details in http://en.88 edgeBOX 5. Inc.org/wiki/DNSBL Related Topics: · Install and Manage Anti Virus Engines · E-mail Server Critical Links.wikipedia. At the time of this publication examples of hosts providing such lists are: list.net.dsbl.spamcop. These lists are dynamic.0 Help · Attachment: The original message is converted to the attachment of the message. . What is an RBL server ? An RBL server.RBL).

Critical Links. Click Change. To do this just hit the New button at the top of the Websites managed by edgeBOX list and follow the details. the default configured value is 150 which should me more then enough for the majority of situations.like edgeBOX's .one or several .Office Servers 89 7 Office Servers This section allows you to explore and configure several services that enable communication between the people and integration of software resources in your company/office. Inc.you can setup and deploy any amount of virtual Internet or Intranet http servers transparently. . This important feature is usually referred to as Virtual Hosts: with a Virtual Hosts enabled web server .. you can safely lower this value. Changing global settings The Web Server menu displays a short summary of the global settings. these are all tasks for edgeBOX's Web Server...1 Manage your web sites and intranets Whether you need to bring up one or several web sites for you company or you want to configure a web-based intranet to propagate information throughout your company. to alter this: · Maximum Accesses: the maximum amount of simultaneous connections the web server will allow before starting refusing new connections. Adding new Internet websites or web-based intranets edgeBOX's internal Web Server can simultaneously serve and manage several distinct and separately configurable virtual webservers.. You may wish to: · Configure your company's . in the Office Servers section.websites and intranets · Setup your e-mail server and enable Webmail · Create Windows Shares for network file storage · Allow users to use edgeBOX attached Printers · Allow users to autonomously create public shared directories · Configure edgeBOX to act as a Windows PDC (Primary Domain Controller) 7.

or remind you that you will need to create one manually.local.somedomain. So.somedomain. and you add a virtual host for docs.somedomain. or edegBOX must translate it. simply because the DNS name-to-IP translation can not be performed. corresponding to these websites. under the public_html directory. Smith's webpage will be accessible at: · http://yourcompany. the user will be able to manage their personal webpage through FTP – after logging on. keep in mind that your Webmail users will lose access to the Webmail.. Please note: the Webmail service depends on the Webserver. · Website URL: the name of this virtual host such as mycompany. the 'webmaster' has FTP access and owns the directory tree for the Intranet and Internet websites. · Personal Webpages: check the box if users will be allowed to have personal web pages. then Mr.90 edgeBOX 5. they will automatically be placed in their directory. Inc. so. no one will be able to reach this website. or · the main edgeBOX http URL + "users/jsmith". Critical Links. then you need to a DNS entry for host docs pointing to edgeBOX’s IP Address. This account is initially disabled so you will have to set a password in order to use it.. edgeBOX will either create an appropriate DNS host entry for the domain. . if you stop the Webserver. Otherwise. in this case. if so. How do I access my personal page ? Let's assume user John Smith.loc.. a DNS related warning may popup. .loc. those pages will be located in the user's home directory. 7. with username jsmith.com..1. The user's personal webpage URL will be formed from the concatenation of: · the main edgeBOX http URL + "~jsmith".0 Help unless you plan to setup several web sites and expect to have considerable amount of traffic for all of them. if your domain is local. note well: you have just entered a name for a host. if the main URL is http://edgeBOX.mydomain. either this name is translated to IP in the outside world.1 Setting up multiple websites This panel allows you to configure one or several HTTP Virtual Hosts.com/~jsmith or · http://yourcompany.com/users/jsmith · Webmaster account: this option allows you to change the password for user 'webmaster'. the FTP root directory will initially contain two directories ("intra" and "inter"). just to remind you that an A or CNAME record needs to be added to the DNS for this setup to be complete. for example.com. but more may be created.

168. this website will correspond exactly to the given user's personal webpage. if someone tries to load an non- Critical Links... the administrator will be informed that the DNS entry needs to be added manually on the system which is hosting the domain. it will send the request to the proxy (as nominated in the URL field) and add the path (if there is one) to the request.. the webmaster must now access edgeBOX using FTP and transfer the website's files into the correct directory. the webmaster password must be activated before the account is created.. if the edgeBOX receives a request for the proxy domain.7/ and url=http://192.7/.100.clk. · Webmaster E-mail: the optional webmaster e-mail address. · Files Location: where this website's files (html pages. and Remove buttons to manage the list of redirection URLs.150.Office Servers 91 If the domain for the new web server entry does not exist: · and the edgeBOX is not the master domain. please refer to Webmaster Account in the previous section. Edit. · and the edgeBOX is the master domain.com/support will be redirected from the virtual host to the proxy at http://192. a request to the edgeBOX for www.168. other) will be stored. which is the filesystem directory where the webmaste user will be placed after logging on through FTP. For example. · In the directory: just type-in the name of a directory to store this site's files (if it does not exist it will be created). options are: · In the public_html directory: of a given user. this dir will be located under /home/wwwhost. be redirected to other URLs that you specify in the table below. · The files are not stored locally: this option enables you to setup a web site by aggregating several other sites solely by using redirection of requests. if Path=/support/4. then the new host for that domain will be added to the DNS domain and the administrator will be informed via a popup. png images.150/support/4. Inc.100. · Additional redirect requests: use the Add.. will actually. type the username. · Internal Website: if this website is only accessible internally (like an Intranet). The DNS entry will only be created if the above condition exists and if the condition shown in the following table is true: Internal Website DNS Domain Access = Internal Yes (LAN IP) Yes DNS Domain Access = External No Yes (WAN IP) Yes No DNS host information will not automatically be deleted when the web server host is deleted. all URLs accessible on this site. . or if it will be globally available.

0 Help existent URL.1 E-mail Queue Choose the Queue tab. · Forward: click the Forward button after selecting an e-mail. a warning page will be return with this e-mail address as footnote just in case the person wishes to get in contact. in the E-mail Server menu . for some reason (destination SMTP server temporarily unreachable. You can: · Deliver All: a delivery operation will immediately be attempted. despite edgeBOX tries to deliver all incoming and outgoing e-mails in queue every 10 minutes. · Enable and Disable Webmail. please note that the process of attempting delivery may take some time.Office Servers section.2. Related Topics: · Scanning E-mail for Viruses · Scanning E-mail for SPAM 7. 7. forward or delete e-mails currently in queue. .92 edgeBOX 5. or other reasons) are queued in edgeBOX's e-mail server awaiting delivery.2 E-mail Server and Webmail Please refer to the E-mail server menu in the Office Servers section if you need to: · Review. deliver. an e-mail is blocked in queue because its destination e-mail is invalid. · Add new e-mail domains. Critical Links. in the end some messages may still remain undeliverable. this options allows you to perform such attempt immediately. this can be useful when. Inc. for example. please be sure to reload this panel after some seconds or minutes (especially if there are many messages to be processes in the queue). so. The table presented shows you the queue of incoming and outgoing e-mails that edgeBOX e-mail server is processing at the present moment and also e-mails that. · Configure other settings and permissions like relay control and message size. you can forward queued e-mails to another receiver. · Add your own aliases and manage simple mailing lists.

3 Aliases and Mailing Lists Choose the Domains tab. Also note.Office Servers 93 · View Message: click the View Message button after selecting a message to get the details. Date.2 E-mail domains and Webmail Choose the Domains tab. in the E-mail Server menu . check Web Mail. so. Size and Status. for any of the domains specified. In this panel.. that the Web Server must be running to access Webmail.mybusiness. uncheck if you dont want webmail. edgeBOX will accept e-mail.Office Servers section. Just hit the New button and enter the desired domain. This topic is not related to domain relaying: see Access Control for details on relaying.2. Domains E-mail domains let you configure more than one virtual e-mail server for your company. 7. Webmail Only one domain may be a Webmail domain. For example you could receive e-mails being sent to: · @mother-house. if you stop the Webserver.com and · @spin-off. Subject.. E-mail aliases allow forwarding of e-mail to alternative e-mail recipients Critical Links. · Delete: to delete an e-mail. For details on using and accessing the webmail functionality. keep in mind that your Webmail users will lose access to their e-mail. . You can add as many domains as you wish. To specify the webmail domain click the Change.com. To.2. · Domain: choose the domain for which webmail will be accessible. directed at edgeBOX's users. 7. in the E-mail Server menu . From. Inc. you may edit the aliases' list.Office Servers section.mybusiness. button and: · Enable webmail for the specified domain: check this if you wish to have enable webmail.

. you gain access to some advanced configuration options for your E-mail server and users. type wecanfixit@niceandclean. The details are: Critical Links. Smith has determined that all e-mails requesting help will also be received by the guys at Nice&Clean. Just hit the New button and enter: · Alias: type-in the new alias help-24-7. That's it. Inc. Save all in the end. · E-mail addresses that will receive the messages: click Add and type jsmith. Creating a simple mailing list Following the above example. in the popup.94 edgeBOX 5. All e-mails sent to help-24-7 will actually be received by Mr. Smith instead (the help-24-7 account doesn't actually exist: it's an alias). let's say your company has hired the services of an external maintenance company called Nice&Clean. Creating a simple e-mail alias Lets imagine edgeBOX user jsmith is actually the person in charge of maintenance in your company. The panel shows you summarized information as a quick overview. Inc. 7. button... This table has some predefined aliases related with management that can not be deleted. You can create an e-mail alias for the maintenance service called help-24-7. Starting now.2.0 Help With this element you can provide alternate names for individual users. All you have to do is: select the help-24-7 / jsmith entry in the aliases table. all e-mails sent to the help-24-7 alias will be delivered to Mr. Mr. forward e-mail to another host or create mailing lists. so that they receive the messages. You can choose to redirect e-mail for these aliases to another user. hit the Add button.4 Settings and Permissions Choosing the Settings and Permissions tab.com in the text field. Office Severs section. hit the Edit button and. Server Settings To change any of these hit the corresponding Change. Smith and to the people at Nice&Clean. E-mail Server menu.

Office Servers 95 · Connections Limit: the maximum number of simultaneous connections. button and follow the details here. Inc. · Message Size Limit: e-mail messages with size greater than this value are not accepted. · Check the box if the SmartHost requires Authentication and type the Username and Password. connections will be rejected. instead of edgeBOX. please specify: · Hostname/IP: the hostname or IP Address of such server. above this value. your network users will typically interact directly (Webmail. You can also create advanced access control rules based on host. depending on your specific needs you might wish to limit the message size to. to change this. the default setting is None. · Whether e-mail from unresolvable domains is or is not to be accepted.. imap) with the storage server instead of edgeBOX. if you choose to Save e-mail data in an external server. in an example situation. to which the e-mail was originally sent. say.. SMTP. just check the Send messages through a SmartHost box and enter: · Hostname/IP: the hostname or IP Address of the SmartHost. despite the e-mail will be received. be preserved. · Whether users can send e-mail to external domains from outside (relay support). Critical Links. · Keep original e-mail envelope address: check this if you wish that the domain name. the default value is Unlimited. check the box and enter the value you need. from a distinct server. you can change this. . Click the Change. · SmartHost server: A SmartHost is an e-mail server through which outgoing e-mail is relayed: that host will actually perform delivery to the final destination e-mail server. domain. the default setting is Unlimited. edgeBOX will initially accept e-mail directed at any of it's e-mail domains and them forward those messages to the e-mail storage server. by the user.. · Storage Location: by default e-mail will be stored in edgeBOX. sender and receiver. some ISPs block outgoing e-mail traffic and require their users to send out all e-mail through the ISP's e-mail server: that server will be the SmartHost for edgeBOX.. E-mail permissions A short overview is presented: · Whether users can send e-mail to external domains from within the local network. pop. if you choose a different host for storing e-mail. check the box and enter the value you need. 10 MB or 50MB. these are typical values.

96 edgeBOX 5.ex. E-mail to external domains Check the corresponding box if you want to: · Allow users to send e-mail to external domains from within the local network · Allow users to send e-mail to external domains from within outside (relay support): by checking this option you are allowing relay to users authenticated while reading e-mail through pop3 (usually referred to as pop-before-smtp).0/16 segment.0 segment). Hit the Change. Critical Links. but some users travel and connect from other places and you want to let those users send (relay) e-mail through your server: whenever someone logs in via pop3. button. and permits relay from the IP for a limited period. IP addresses. and select source: · From specific domain: type-in the domain to which this rule applies.100.0 Help 7. senders and receivers.1 SMTP Access Control Choosing the Settings and Permissions tab on the E-mail Server menu . . as it will expire some time later. the e-mail's origin can not be verified. the server notes the IP address from which the connection was made.1 for a 10..2.100 for a 192. this a time limited authorisation.Office Severs section you can click the Change.4.1.ex.168.255. or 192. You'll get two lists: · Accept or Reject e-mails based on the connection · Choose action: Accept e-mails. for security reasons the default behaviour is not to accept. button in the E-mail Permission area: Unresolvable Domains When a sender domain can't be resolved. 10. this setting is particularly useful for users who are connecting from external networks (while traveling for example) and for which we want to allow relaying.0/255..168.com · From specific subnet: type-in the first 2 or 3 fields of the subnet address (p. Reject e-mails. criticallinks. check the box if you want to: · Accept e-mail from unresolvable domains. p... n ormally you only permit e-mails to be relayed (sent) from within your own network. Advanced Permissions Allows further refinement of acceptance/denial rules for incoming e-mail based on domains. this technique is widely used by spammers.255. Accept and relay e-mails. Inc.0.

Note: When entering a value (eg the address or IP).. The panel displayed shows you a summary of the current configuration. Inc. · Accept or Reject e-mails based on the sender/receiver · Choose action: Accept e-mails or Reject e-mails.Office Servers 97 · From specific e-mail address: type-in the sender e-mail address to which this rule applies. Besides the usual file/folder sharing and printer sharing services. edgeBOX can actually be the network's Primary Domain Controller or edgeBOX can just act as a Workgroup computer. a) users' desktop preferences can stored in edgeBOX and b) their home directory can be mapped to windows network drive Z: automatically. To set this up point to the Windows Server menu in the Office Servers section of edgeBOX's web based administration interface: Primary Domain Controller / Workgroup You have two main options for the behaviour of edgeBOX as part of the Windows network. personal webpage) in edgeBOX much simpler and intuitive (this setting is not represented in the panel summary). · Coming From / Going To: select and type the e-mail address to which this rule applies. this makes the task of accessing their files (ex: documents. When edgeBOX acts as a PDC and Roaming Profiles are enabled. edgeBOX may also act as a Primary Domain Controller (PDC) and WINS server. . Learn more. If a given domain is listed.3 Windows Server edgeBOX can interact with other hosts in your network just as if it was a regular Windows server. you may use wildcards (“*”). If edgeBOX is configured to belong to some workgroup it will be visible and accessible to other Windows Workgroup hosts. all sub domains will also be included in the rule. 7. You should use the Critical Links.. With the Advanced Settings you could come up with complex rule sets to meet very specific situations.

and · the users will have their home directory mapped onto drive Z: (if you choose not to select this option the user's home directory will still be available but not automatically mapped onto a drive). · store the user's Desktop preferences on the edgeBOX: · when logging into the Domain. · Domain SSID: this setting is not available for configuration.. More details. in this case the settings are: · Domain Name: enter the desired Workgroup Name. In the popup you can: · hit the Update button if you need to search for new hosts entering the domain or · the Remove From Domain button if you need to remove a host currently loggedin.. This happens because the trust relationship is still valid between the users and that machine. · Click the Computers of the domain link to review the workgroup computers currently connected. this is the Workgroup name that all computers on the network should use to associate to the Workgroup. Inc.98 edgeBOX 5.. If a given computer has been added to the edgeBOX domain and some users have successfully logged-in the domain from that computer. button to alter this behaviour or change any of the settings: · edgeBOX is the Primary Domain Controller of the Network. edgeBOX just belongs to the windows network. · Description: a descriptive identification string. .0 Help Change. it's created and managed automatically by edgeBOX and displayed in the initial panel for your convenience. the host will download the user's Desktop preferences from edgeBOX. those users will still be able to login in that computer even if you remove the computer from the popup list. · PDC support is disabled. Critical Links. · edgeBOX Description: enter a descriptive string for easy identification of edgeBOX in the network. you should specify: · Workgroup Name: enter the desired Workgroup Name (all computers with the same Workgroup name will be associated to the same network group and so will edgeBOX). How to add computers to the domain? See Appendix C..

Office Servers 99 WINS Support Provides the WINS service. Critical Links.wikipedia. and check the Provide WINS Support box if you wish to activate WINS.4 Windows Shared Folders The Windows Shared Folders functions.org/wiki/ Windows_Internet_Name_Service Click Change. What is WINS? WINS performs name registration and resolution. instead of using the usual broadcast method. · Server IP Address: type-in the remote WINS Server IP Address. Home Directories Access · If edgeBOX is not the PDC you can determine if you want or don't want users to be able to access their homes. · Relay registration and resolution requests to the remote server: with this option checked edgeBOX will just send the response from the remote server back to the original client.. Inc.. in the Office Servers section. with fine-grained control of permissions and ownerships. 7. . · If edgeBOX is the PDC. users always have access to their home directories and the Allow/ Deny button is not available. thus resulting in an improvement in performance (the hosts don't need to process broadcast packets). Windows clients can query a WINS server directly. are sub-divided into two major features: · Shares: shared network folders managed by the edgeBOX administrator. Options are: · Use edgeBOX as the WINS Server: edgeBOX will deal with all domain registration and resolution requests · Use a remote server as the WINS Server: if another WINS Server exists on your network and you wish edgeBOX to use it. use the Allow/Deny button to change this. To learn more http://en.

4.1 Shares To review the currently configured shares.to edit an existing share the interface is similar: Please note: · the setup of a shared folder will require the choice of a network user for the role of Share Owner and you can pick up specific permissions for specific users or specific Privileges. · moreover. please make sure that the Samba service is not listed in the Internal Connections. if you. for this to be possible. it should be related to the contents or the purpose of the share. Share Details · Share Name: type a name for the share. go to the Windows Shared Folders menu in the Office Servers section. blocked services list. . or change details. at any time.100 edgeBOX 5. some users actually using that Privilege.. For your convenience edgeBOX is shipped with a pre-configured shared folder named Public. disable the Samba service on any Privilege. network shared folders freely created by your network users. otherwise no access to shares whatsoever will be possible (the Firewall settings are always superimposed on anything else).. otherwise the dialog windows for configuration of the Share will not show you any valid entries to add. A list with currently active shared folders is presented. Inc. then none of this will be possible. · your Firewall may also come into play here: if the Firewall rejects access to the Samba service. it's users will loose access to the Shares (the Privilege setting is always superimposed on the Share permissions). add more Shares. · Description: a description string specifying any comment for further details (this will be visible only if the windows user selects the Details option when viewing his network resources) Critical Links. Related Topics: · Shared Folders Scanning 7. To add new Shares hit the New button .0 Help · Temporary Shared Folders: temporary and size-limited. if necessary. you must have at least one Privilege with access to the Samba service enabled and. This share is fully accessible to all users. if it is listed you need to remove it.

· check the box if you do not wish to adjust permissions for specific users or Privileges.. How do I map/mount an edgeBOX Share onto a X: drive on my Windows desktop ? Related Topics: · Users · Privileges Critical Links.. · Disable Write access for regular users. Inc. button to add or remove Administrators of this share. Share Options · Inherit Owner: new Folders and Files will be owned by the share owner.... button and follow the details here... check the box if you want this restriction. Read access will depend on each user's permissions. Only the Owner and the Administrators will be able to Write: other users will not be able to write on the Share.Office Servers 101 · Owner: the share owner. in this case please hit the Specify Users Permissions. Administrators · Select Administrators. · Inherit Permissions: new Folders and Files will always have the permissions defined in Share Permissions. button and pick-up a user from the list. . this user will be the share owner (the role of the owner in a share will be clear ahead) Share Permissions · All users can access this Share: · uncheck the box if you wish to adjust permissions on this share to specific users and/ or Privileges. click the Select Owner. · Hide Unreadable: do not show files users cannot read.. Administrators are users who have full control of a share.

Now. specify: · Read only access to this share: to Allow Read.102 edgeBOX 5. you get a list of Users and Privileges currently configured with permissions for this Share (please note the icons: Privileges are shown with a different icon than Users).. The details are: · User/Privilege: the name of the user or Privilege for which each permission applies.1. when a new Privilege is created users in that Privilege will have read access to all non-Public shares and Read-Write access to all Public shares.4. leave always selected at least one deny or allow option when editing the permissions of a user or an access profile. no user that belongs to that Privilege will be able to access the Share unless the user has a specific entry in the list. for the ones selected.0 Help If you change the properties of a shared folder using Windows XP or Windows Vista. · Write only access to this share: to Allow Write. On the other hand. Inc.. · Allow Read: a green check icon indicates Read permission for this User/Privilege on this Share · Allow Write: a green check icon indicates Write permission for this User/Privilege on this Share · Deny All: a green check icon indicates no Read nor Write access will be allowed for this User/ Privilege on this Share.1 Setup Share Permissions Setup Share Permissions By clicking the Specify Users Permissions. . His permissions will be defined by his Privilege permissions. The popup dialog will let you choose among remaining Users and Privileges and. If you remove a Privilege from the list. in the Security tab of the shares properties window. Please keep this in Critical Links. If you remove a user from the list. selecting any of the entries and clicking the edit button or clicking the New button you can reconfigure permissions. · Read and Write access to this share: to Allow Read and Allow Write. 7. the user may still have access to the Share. · Deny all access: to Deny All. Otherwise Windows will remove the user or access profile from edgeBOX share permissions' list.

These folders are deleted automatically after a while. minimum: 30 minutes. . · Maximum Number: the system will not allow the simultaneous existence of more than this maximum number of shared folders. Ex. all files and folders inside will be lost. you can choose from 8 to 1024 MB. · Status: Connected or Not Connected (if a printer is shared but not connected it will be displayed as Not Connected).. button. and set the values for: · Maximum Life Time: each folder will be automatically erased after this time. Power-up the printer and go to the Windows Shared Printers menu in the Office Servers section. click the corresponding Change. Note that these particular permissions do not override the general permissions of the Share. the user will still only be able to read the share.Office Servers 103 mind when creating new Privileges. How does one create a shared folder ? 7.2 Temporary Shared Folders Enabling Temporary Shared Folders allows users to dynamically create network shared folders to share files when necessary. if you use the Disable Write Access for regular users option and you give a specific Write access. The list displayed will show you your printer(s).5 Windows Shared Printers Printer sharing is an easy task in edgeBOX. You might need to come back to this section and change these default settings. If you want to use this feature please go to the Windows Shared Folders menu in the Office Servers section. At the bottom. For each of them: · Name: the printer's manufacturer and model. Simply connect the printer to one of edgeBOX's USB port (s). maximum 240 minutes. Check the Allow users to create temporary shared folders box.. Inc. you can choose from 1 to 20 maximum simultaneous folders. 7. Critical Links. · Maximum Size: the folder is limited in size to this value.4. if the limit is reached users will have to wait for any of the folders to be automatically erased before they can create any more folders.

just select it and press the Share button. . To stop sharing it hit the Unshare button. Critical Links.0 Help · Share: Shared or Not Shared. To start sharing a printer. edgeBOX supports any printer supported by the Common Unix Printing System.104 edgeBOX 5. Please note that the Windows Server must be running for the shared printers to be accessible on the network. Inc.

Defining Outgoing Call Rules: Every time a user makes a call to the outside world. DISA. outgoing call rules apply.Understand your phone system deployment: In this section you can see the overall phone system logical scenario. parking and forwarding. The fax documents will be sent and received through e-mail messages. including call conferences. type of call and time period. and those calls can't be always answered immediately then you should use queues. Call recording rules and others. Here you can define the flow of every incoming call depending on caller (CallerID) and callee (DID) numbers and time schedule. fallback to PSTN. The PBX allows for the integration of ordinary VoIP extensions with plain standard analogue or digital (ISDN) phone lines. · Incoming Call Rules . The queue will place the calls in music-on-hold until an agent is available to answer the call. · Managing Call Queues: Queues are perfect for Customer Support and Sales Departments. · Overview . · Phones . Tasks to configure your phone system To setup your VoIP system. Here you can also organize your phones into groups for better organization and access policy definition.IP-PBX and VoIP 105 8 IP-PBX and VoIP edgeBOX IP-PBX provides all the telephony features a small business needs. · Mailfax accounts: Mailfax provides a facility where you don't need an actual fax machine running in your company. Inc. Those messages will be converted to (and from) phone calls. calls. codecs.Managing your phones: In this section is where you define and configure everything about the phones. LCR. These tasks are accessible directly as main topics on the left menu of the UI's IP-PBX section.Defining Incoming Call Rules: Whenever the system receives a call from the outside world. and the automated conference rooms service. Voicemail main number. extensions and correspondent configurations like voicemail. . This is where you can define the route(s) and prefixes to use to make a call. together with the real time status of the phone system. You can divert the call to automated attendants. Identified system warnings will also be displayed providing a quick way to identify and follow up on potential system problems. You can also restrict access to calls based on dialed number. If you're using PSTN voice cards (ISDN or Analog) you shall setup the country settings since it may impact on the voice quality because some parameters vary from country to country. among others. configuration options are divided into categories having in mind the main tasks you need to perform. like connections. IVR and others. IVR. specific extensions. · Outgoing Call Rules . twinning. and others. · Managing Conference Rooms: This is where you create and manage conferencing rooms. Whenever you have a stream of customer calls to be answered. Call parking number. · Advanced Setup Options: In this section you will find advanced setup options like Country. voicemail. Critical Links. phones. ACD. incoming call rules apply.

· Flash Operator Panel: This is an application specifically for PBX receptionist/operator use. · edgeDESKTOP: This is an application that provides a self-service operations for the end user. calls add move calls to queues. forward. park and others. for example. Understanding the IP-PBX Overview panel The picture below presents the main areas and the correspondent information contained in each one. In this section you can see a complete list of phone operations and default keycodes. like connections. . Allows the Operator to view the current status of the PBX and can use drag and drop functionality to make.0 Help Working with the phone system Having the phone system setup and running. user's can start using it for daily work. Inc. See below the pointers to how users can interact with the phone system: · Phone Operations: The most basic tool to use the phone system is of course the phone itself. IAX and Analog phones. Critical Links. providing a number of keycode operations like transfer. calls. together with the real time status of the phone system.1 IP-PBX Overview When you load the IP-PBX section in the webadmin interface you get an overview display where can see the overall phone system logical scenario. 8. seamlessly integrated with the user's phone. All extensions and phone operations are available from the application's UI. edgeBOX supports SIP. Identified system warnings will also be displayed providing a quick way to identify and follow up on potential system problems. phones. twinning. and others.106 edgeBOX 5.

icon behaviours and tooltip texts. colors. Inc. Critical Links. the green/gray circles on the left show you the current administrative status of these services. The IP-PBX Overview is composed of the following major sections: Configuration Displays a summary with your current configurations regarding: · Phones and Faxes: m Phones and n Fax Accounts are currently configured. Realtime Status Shows you realtime status in terms of: · Calls Status: the counts displayed show you the current usage intensity of several of your PBX features. · Services: status and operational details regarding the Authentication for Outgoing Calls and Autoconfiguration services. .IP-PBX and VoIP 107 The IP-PBX Overview is refreshed every 30 seconds and gives you several useful informations in the form of values and labels. n groups and k queues are currently configured. Additionally. many of the values and labels displayed are actually hyperlinks to detailed information regarding the topic involved: clicking on them will load additional status panels and configuration menus concerning the topic clicked. · PBX: m conferences.

In any case.2 Managing your phones This section brings together several aspects related to the manipulation and configuration of your phones and the corresponding edgeBOX features. a red exclamation mark '!' tells you something is wrong concerning those types of connections. a red 'X' tells you there is no connectivity whatsoever in that(those) connection(s). gray will denote total failure or all connections bad. IAX. through a trusted ISDN Line. Analog and ISDN phone extenxions · Use Phones Automatic Configuration Critical Links.0 Help · Warnings: the warnings displayed help you diagnose the reds in the central synoptic. Up to four lines are displayed linking edgeBOX to the four possible outside world voice connection types: · Remote Offices: SIP or IAX connections to other remote edgeBOX's. BRI cards and others. you may get only a subset of the picture. . the red 'X' and '!' icons displayed tell you that something is not Ok. attempting to provide a quick grasp of their current operational status. From there you can acomplish the following goals: · Understanding the Phones list · Create SIP. the following global colouring rules apply: · Line Color: green will tell you that at least one of the connections of each type is healthy and working as expected. · Public Telefony Network: connections to the PSTN through FXO interfaces. Synoptic The central synoptic of the IP-PBX Overview focuses on the connections of your IP-PBX to the outside world. · PBX: connections to other PBXs. these Warnings give you a little more insight onto what is not ok. 8. Depending on the specific characteristics of your setup. in the IP-PBX section of edgeBOX's webadmin interface. Point your browser at the Phones menu.108 edgeBOX 5. for each type of connection. Topics are separated in a task oriented approach. from which edgeBOX accepts calls as internal. · Connections Status Icon: a green 'V' sign means everything is Ok. Inc. · VoIP Providers: connections to VoIP service providers on the Internet.

If this extension is currently assigned to a Critical Links. . this list may prove to be a useful diagnostic and overview tool for your installed VoIP infrastructure. The list provides information in the form of text labels.1 Understanding the Phones list The Phones list in the IP-PBX section displays a considerable amount of information about all phones configured in edgeBOX. Data is refreshed every 30 seconds. Inc. The list is divided into six columns: Extension This column displays the extension's number and name.IP-PBX and VoIP 109 · Create Groups of Phones and Manage Access control in bulk · Understand and Manage Twinning Related Topics: · Groups · Automatic Call Recording · Internal Dial Plan · Voice Lines · Network Users 8.2. This manual section helps you understand it fully as it may help you getting a quick overview of your phones status and also provide immediate detailed information regarding each of them. In conjunction with the Overview panel. colors and icon behaviours.

Inc. analog phones are identified with the ANALOG label. there is no twinned phone at this moment. The extension's name is poly607 and it is not assigned to any specific user. Let us consider extension 1607 in the screenshot above. this phone is twinned with the phone at number nnnn. indicating it's current connectivity status. if nnnn is missing then. other IP phones are simply identified by the VoIP (SIP) or VoIP(IAX) labels.0 Help specific user then it's username will be shown in shaded color below the number.. Ringing or Busy. Brand / Model The Brand and Model of supported IP Phones. Ringing or Busy. · Forward (nnnn): Follow Me is active for this extension. Online.110 edgeBOX 5. calls are being forwarded to number nnnn. . if known. Show me a detailed example. · Analog Phones: OnHook. A Port number in case of analog phones. a short status each of those features is added within parentheses: · Voicemail (m msgs): Voicemail is active for this phone and there are currently m new messages. A small green/ gray circle is displayed on the left. IP / Port / MAC The phone's IP and MAC addresses. despite the feature is enabled. The information displayed depends on the type of phone: · IP Phones (SIP or IAX): Offline.. Setup Mode The Setup column tells you if the phone is configured Automatically by edgeBOX or Manually by yourself. Down. Ringing or Busy. Configuration The Configuration column provides a quick summary of the most relevant configuration features currently active for each phone. In some cases. OffHook. The green circle at the left indicates the extension is online (meaning that edgeBOX can actually communicate with the phone over the Ethernet TCP/IP Critical Links. · Twinning (nnnn): Twinning is enabled for this extension. Status The Status shows you the current connectivity status and operational conditions of each phone. · ISDN Phones: Up.

· IAX: Used for IP Phones compliant with the IAX2 protocol. What are SIP URI calls? Critical Links. · Number: The number used to dial to the extension (like 2010). the phone is currently Busy . IAX. You can dial this name to call the extension. The Setup Mode is Automatic meaning edgeBOX will automatically configure this phone. There are four different types of phone extensions supported: · SIP: Used for IP Phones compliant with the SIP protocol. The phone is connected directly in one of the ISDN BRI ports in edgeBOX's back panel using an ISDN cable. The Configuration column tells you that this extension has Twinning and Voicemail configured. Manual Config and Phone-to-Extension Assignment buttons please refer to the Automatic Configuration section of this manual. Inc. Actually. For details regarding the Synchronize. You need the analog card option in your edgeBOX with FXS ports.IP-PBX and VoIP 111 infrastructure). Analog or ISDN) there's some information that is common among them.as displayed in the Status column. The Brand / Model is the text displayed in the 3rd column: it's a Polycom IP phone. for any phone you want to connect to edgeBOX you need an account (extension) to register into. · Analog: Used for Analog phones and Fax machines. The SIP protocol is the most widely available in IP phones. · This extension can be called directly through incoming lines (Publish Extension): When checked means that this phone will be able to receive SIP URI calls.101.2. The Phone's Ethernet Hardware Address is 00:04:F2:18:D3:E6 as and it's currently assigned IP Address is 192. When you call from this extension.2 Creating phones Extensions in edgeBOX work like phone accounts. · ISDN: Used for ISDN phones. To use ISDN phones you need to have an ISDN card with ports configured in NT mode.168.199. Contact your Reseller/Support before planning a ISDN Phones scenario. You need the ISDN BRI card option in your edgeBOX. . Common properties among all phone types Independently of the phone type (SIP. This requires hardware configuration. the name will be displayed at destination's extension. The phone (or fax machine) is connected directly in one FXS ports in edgeBOX's back panel using a RJ11 cable. There are three new messages in the Voicemail account. Follows a description of each one of them: · Name: This is the “friendly” name of extension (like John) and the login name for the VoIP account. 8.on a call or similar .

· Voicemail: The voicemail settings are also common among all extension types. · Phone "user" . You can enable or disable the ability of the user to have twinning. Usually identifies the person using the extension. Extension PIN: "1000".Extension Number: "1020". This field is placed in the advanced tab. The fields you need to provide are the PIN number to access extension's voicemail account an e-mail address were edgeBOX will send notification about new voicemail messages.. · Phone "room" . and by default is generated using the data introduced previously in the Name field. . or handed over to the voicemail system if voicemail is active for the extension. · Twinning: The twinning feature can be used with any phone type.112 edgeBOX 5. and to configure the number which will be used together with the extension. Please follow the links below for details: · IP Phone extensions · Analog Phones and FAXes · ISDN Phone extensions Default configured phones edgeBOX comes with 3 already configured example phones.0 Help SIP URI calls are calls made from IP SIP Phones using a URI (like john@mycompany. Related Topics: · Voice Lines · Groups · Automatic Call Recording · Network Users Critical Links. phone "desk" and phone "room". After this time the call will be finished automatically. · Phone "desk" . The other two phones.. Extension PIN: "1020". More details about Voicemail.Extension Number: "1000". · Ring Duration: Time the extension will ring without being answered. Extension Password: "1000". For more details see Twinning. Inc. are not associated with any user. com or 2010@mycompany. Extension Password: "1010". Extension Password: "1020". The phone "user" is associated with one of the example users that also exist by default.com) instead of using a number. Extension PIN: "1010". · Identification (Caller ID): The name and number by which calls will be identified to the called party.Extension Number: "1010".

IP-PBX and VoIP 113 8.2.2.1 SIP and IAX phone extensions SIP is the most widely available VoIP protocol in IP phones. Another protocol, called IAX is also supported by edgeBOX. Please navigate to the Phones menu in the IP-PBX section to create and manage SIP and IAX phones/extensions. Below you can find the most common operations regarding these types of IP phones. Quick steps to create a VoIP phone extension 1. Goto IP-PBX > Phones. 2. Click New, and select New SIP/IAX Phone. 3. Enter the number you want to assign in the Number field. This number will be used to dial to this extension. 4. Enter the name you want for your extension (like MeetingRoom) in the Name field. 5. Enter the password you want for this extension in the Password field, and repeat in Repeat Password field. When using Phone Auto-Configuration system in Callback mode for configuring phones, use numbers for the password instead of letters, it will be easier to enter when using the phone keypad. Phone Auto-Configuration applies only to SIP phones. 6. Click Add to save the phone settings. Only basic properties are mentioned above, those that are mandatory (an typically the the only ones you need), for a description of other properties see Common Properties and other Advanced Phone Properties below.

Configuring Codecs Codecs affect the quality and the bandwith consumption at the same time, higher quality means higher bandwidth consumption. In the Codecs tab of the new/edit VoIP phone extension dialog you can define the codecs allowed to be used by the phone using this extension. By default when you create a new VoIP extension G711 codecs are selected. As best practice use high quality codecs (like G711) for phones connected in the LAN, and low bandwith codecs (like GSM or G729) for phones connected in the WAN. This way you will provide high quality in your internal phones and avoid large Internet bandwith consumption by your external phones. You have to make sure that your phone is also configured to use the same audio codecs as the extension. For more information see Codecs.

Enabling Video Calls If you have a video enabled phone (or a softphone with video support and a video camera) you can make video calls using edgeBOX.

Critical Links, Inc.

114 edgeBOX 5.0 Help

In order to do that you must allow the extension to use video codecs (like H261, H263, H263p or H264) in the Codecs tab of the extension's properties dialog. You have to make sure that your phone is also configured to use the same video codecs as the extension. See your phone's manual for instructions.

Allow phones to connect in peer-to-peer mode (Can Reinvite) By default the voice traffic between two VoIP phones flows through the edgeBOX, meaning when a phone A is calling phone B, voice traffic flow is A > edgeBOX > B. You can change this flow to be A > B directly, thus reducing traffic and CPU consumption in edgeBOX. Peer-to-peer mode is specially relevant in scenarios where you have phones connecting from the Internet (registering through the edgeBOX's WAN port). Imagine the same two phones A and B in the WAN making a call between themselves, you'll have both of them consuming your Internet line, if they could connect directly your Internet line would not be used at all (except for residual SIP traffic). To allow phones to connect in peer-to-peer mode you need to enable the Can Reinvite option in the Advanced tab of the extension's properties dialog. In peer-to-peer calls DTMF shortcuts (like transfer or park) are not supported, because edgeBOX is not listening the tones anymore. In this case you need to use the correspondent special keys in your phone.

Other Advanced options · Disable NAT Support: to enable/disable this option; necessary when the phone is behind devices as a router or a firewall; see more in Advanced NAT; · Do not Send Keep alive packets to this phone: without this option selected edgeBOX will send keep alive packets to this phone every 2 seconds; · When not registered this phone is reachable at static IP Address: use this only if this phone will have a static IP address; · DFTM Mode: the way the client deals with DTMF signaling; this parameter should be the same as in the phone itself; options are: RFC2833 - selected by default; INFO; INBAND DTMF signaling within the call; note that this type of signaling is not supported by the GSM codec.

Critical Links, Inc.

IP-PBX and VoIP 115 8.2.2.2 Analog phone extensions and fax machines If your edgeBOX includes an analog card with FXS ports, you can connect your analog phones or fax machines directly to those ports.

If you are using analog phones connected through ATA (Analog Telephone Adapters) you must use SIP extension type instead of Analog. The ATA will connect into the LAN and will behave to edgeBOX as a SIP phone.

Please navigate to the Phones menu in the IP-PBX section to create and manage analog phones/ extensions. If your edgeBOX includes an analog card with FXS ports configured, you will see the New Analog Phone option when you click the New button in the Phones list. Below you can find the most common operations concerning analog phones. Creating an analog extension to connect a analog phone 1. Goto IP-PBX > Phones. 2. Click New, and select New Analog Phone. 3. Enter the number you want to assign in the Number field. This number will be used to dial to this extension. 4. Enter the name you want for your extension (like MeetingRoom) in the Name field. 5. Select the port number (like Zaptel/11 for port number 11) where you will connect the phone in Line (FXS) field. What is the port number? The Port Number will match the numbers written on the physical ports in the back of your edgeBOX. 6. Click Add to save the phone settings. Only basic properties are mentioned above, those that are mandatory (an typically the the only ones you need), for a description of other properties see Common Properties and Advanced Analog Phone Properties. Creating an analog extension to connect a fax machine An fax machine is connected to edgeBOX the same way as an analog phone, so the steps to create the extension are the same. However there's a very important detail when configuring the fax's extension, which is about echo cancellation. Fax machines are very sensitive to variations in the sound timings, and echo cancellation algorithms tweak those timings. So, in order to have a proper fax extension, make sure you disable the echo cancellation for the respective extension. To disable echo cancellation edit the phone extension, and in the Advanced tab uncheck the option "Use Echo Cancellation...". Advanced Analog Phone properties There are a couple of settings for analog phones that you shall have in mind at this time. This settings are available in the Advanced tab of the extension's properties dialog in edgeBOX. You can fine tune these parameters with a few test calls from the extension you're configuring. · Use Echo Cancellation: This enables/disables the echo cancellation algorithm for calls to this extension and by default it's enabled. Disable only if you are using a fax machine

Critical Links, Inc.

116 edgeBOX 5.0 Help connected to this extension and you're experiencing reception problems. · Transmission Gain: Amount of gain applied to sound transmitted from this extension. The variation is from -8db to + 8db being the default 0db (middle position of the slider). Increase when the other end (the callee) is barely listening; decrease if other end is listening too loud, with too noise or with echo. · Reception Gain: Amount of gain applied to sound received by this extension. The variation is from -8db to + 8db being the default 0db (middle position of the slider). Increase when the you can barely listen; decrease when listening too loud, with too noise or with echo. 8.2.2.3 ISDN Phone extensions Please navigate to the Phones menu in the IP-PBX section to create and manage ISDN phones. Below you can find the most common operations regarding this type phones. Quick steps to create an ISDN phone extension 1. Goto IP-PBX > Phones. 2. Click New, and select New ISDN Phone. 3. Enter the number you want to assign in the Number field. This number will be used to dial to this extension. 4. Enter the name you want for your extension (like MeetingRoom) in the Name field. 5. Select the Line to which you want to connect the ISDN Phone in the Line (BRI)/MSN field. 6. Click the Advanced Tab 7. Check the box if you allow the extension to be called directly through incoming lines 8. Select also the Ring duration. 9. Click Add to save the phone settings. Only some properties are mentioned above. For a description of other properties see Common Properties.

8.2.3 Connecting phones
The following sub-sections give you details on how to connect your: · VoIP Phones · Analog Phones and FAXes · ISDN Phones

Critical Links, Inc.

IP-PBX and VoIP 117 8.2.3.1 Connecting VoIP Phones VoIP phones are the most common phone types used today and the most flexible. You have available on the market a number of these phones with a wide range of prices. edgeBOX works seamlessly with Polycom, Linksys, Aastra and Granstream phones but any phone following the SIP standard protocol will be able to use edgeBOX. You have two options for VoIP phones, both suitable for use with edgeBOX: · Hardware phones, that work pretty much as a plain old phone, and · Software Phones that you can run in your laptop.

Manually configuring and connecting a SIP Phone The configuration of SIP phones is generally the same among all brands/models. Usually the configuration is done through a web page provided by the phone itself (open your browser at a url like http://192.168.100.195) or follow the built in menu on the phone. See your phone's user manual for more details, or look for a specific edgeBOX How-To document for you phone model. There are really only three fields you usually need setup: · SIP Proxy: this is the name (like sip.edgebox.com) or the ip address (like 192.168.100.254) of the edgeBOX. Pay attention were you are connecting your phone, in the LAN or the WAN. Usually you connect the phones directly in the LAN of the edgeBOX for local personnel and remote workers will connect to the WAN from the Internet. · Account: the Extension Name (like MeetingRoom) that you want your phone to use. · Password: the password of the extension. Other fields you may need to have in attention are: · DTMF: This is the type of Dual Tone Multi-Frequency, and affects the conversation with dial tones between the phone and edgeBOX. They must match in both sides (the phone and extension's properties in edgeBOX). The default value in edgeBOX is RFC2833, and that's usually the same in the phones. · Codecs: The codecs configured in the phone must match the ones configured in the extension properties in edgeBOX. The default codecs of a new extension are G711 a-law and G711 u-law and those are usually supported by default in the phones. Order the list of codec by preference, edgeBOX will always try to use the first, then the second and so on.

Automatic configuration of SIP Phones edgeBOX provides an automatic configuration system for Polycom, Linksys, Aastra and Grandstream phones (see more details here). When the auto-configuration system is enabled, at the moment you connect the phone's ethernet cable to the LAN of edgeBOX, the phone will be detected (by mac address) and displayed in the Available Phones list, you can then assign it to an extension.

Critical Links, Inc.

2. Disable only if you are using a fax machine connected to this extension and you're experiencing reception problems. Just plug the phone (or fax) RJ11 cable to the proper FXS port in the back panel of your edgeBOX. · Echo Cancel: This enables/disables the echo cancellation algorithm for calls to this extension and by default it's enabled. the edgeBOX Online Help or the Phone Configuration How To available in the edgeBOX documentation. These settings are available in the Advanced tab of the extension's properties dialog in edgeBOX.3 Connecting ISDN Phones ISDN Phones edgeBOX supports EuroISDN BRI phones seamlessly.0 Help See Phone Auto-Configuration How To guide. Contact your Support before planning an ISDN phone deployment. Critical Links. Increase when the other end (the callee) is barely listening.3. 8. The variation is from -8db to + 8db being the default 0db.2. Increase when the you can barely listen. with too noise or with echo. Inc. but there's a number of details and complexities arising from the underlying ISDN phone technology and the number of different proprietary signaling built by ISDN phone manufacturers. 8. decrease if other end is listening too loud. The variation is from -8db to + 8db being the default 0db. decrease when listening too loud. · Reception Gain: Amount of gain applied to sound received by this extension. · Transmission Gain: Amount of gain applied to sound transmitted from this extension. You can fine tune these parameters with a few test calls from the extension you're configuring. with too noise or with echo. .3. Analog phone settings There are a couple of settings for analog phones that you shall have in mind at this time.2 Connecting Analog Phones and FAX machines Analog Phones and Fax Machines Connecting analog phones or fax machines to edgeBOX is quite simple.118 edgeBOX 5.

Click Assign Extension to Phone button. a new file is generated and the phone is informed that a new file is available. SPA 932. Inc. New phones are detected upon the DHCP dialog between the Phone and edgeBOX. and reflects the configuration of the extension associated with the physical. Critical Links. 53i. it needs to be configured in order to make calls. IP601. SPA 922. When you connect a phone to the network for the first time.IP-PBX and VoIP 119 8. · Make sure the Phones Auto Configuration System is running (the service bar at the top of the panel must be green). How does it work? The Phone Auto Configuration allows you to configure VoIP phones directly on the edgeBOX. 480i. Only supported SIP phones can be configured directly on the edgeBOX . The currently supported phones are Grandstream GXP 2000. SPA 941. Learn more. In the popup window select the phone extension you want to assign and click Add button. . Select the phone in the list. just using the edgeBOX's web interface. Forcing the configuration of other models than the ones mentioned above may result in damage of the configuration of your phone. 2. Linksys SPA 901. Why the phone is not listed? · Phones that have been connected just a few seconds before may not be listed yet. IP670. Using the Auto Configuration System you can configure phones remotely. or. 360. thus only phones configured through DHCP will be automatically detected. avoiding this way. 3. Polycom SoundPoint IP320 IP330. At this point the phone reboots automatically and downloads the new configuration file. All the configuration of the phones is available through the IP-PBX > Phones panel. You can identify uniquely the phone by the MAC address. avoiding the users to have to configure the phones themselves. SPA 962. 57i and Snom 190.2. 51i. Configure a detected phone To configure a phone that was connected to the network: 1. This configuration is basically the configuration of the phones account to be used by the phone. Whenever you change the settings of the extension. avoiding the configuration on the phone itself. 4. Each phone downloads a configuration file from the TFTP (Trivial FTP) service. Aastra 9133i. wait a moment for the automatic panel refresh (up to 30 seconds). SPA 942. the configuration of each phone locally on the phone itself. This file is generated and maintained by edgeBOX based on the phone brand and model.Auto Phone Configuration.4 Automatic configuration of phone devices The Auto Phone Configuration allows you to configure VoIP phones of your network directly on the edgeBOX. Go to IP-PBX > Phones. You'll see the phone in a line with <not configured> in the column Extension. 55i.

At this point in the phones list the previously <not configured> phone is not listed anymore. 2. by using the Assign Extension to Phone button in the toolbar. IP and MAC addresses of the phone. 3. so it can work properly again. the phone may stop working properly. At this point edgeBOX will no longer try to configure this phone automatically.0 Help 5. Go to IP-PBX > Phones. To synchronize the phones configuration with edgeBOX's saved configuration: 1. 2. Go to IP-PBX > Phones. 3. Click Manual Config button in the toolbar. Select the desired phone in the list. Synchronize a phone's configuration with edgeBOX If. Go to IP-PBX > Phones. and the line corresponding to the extensions you've selected in step 2 contains the Brand. Critical Links. The Setup Mode will change to Manual. Select the desired phone in the list. 2. Ignore a phone You can ignore a phone so that edgeBOX doesn't try to send it configurations nor try to call it to start the Configuration Assistant. In these situations you don't want edgeBOX to be trying to send configuration information to those phones. Click Synchronize button in the toolbar. Inc. Stop ignoring a phone If you want edgeBOX to stop ignoring a phone and start sending configuration information again just proceed as if you would configure it from start. Remove the configuration of a phone To remove the configuration of a phone: 1. Depending on the Autoconfiguration Mode and the status of the physical phone you may need to reboot the before it gets the configured.120 edgeBOX 5. The phone will restart automatically and will get the original configuration upon boot. a user changes incorrectly the configuration of a phone. Click Unassign Phone from Extension button in the toolbar. In these cases you can resend the correct configuration to the phone. Why should I ignore phones? Ignoring phones can be usefully if you have some phones on your network being managed by a device other than the edgeBOX. To ignore a phone: 1. for example. . 3. Select the phone in the list.

the assistant call doesn't happen. Enter the new MAC address of the new phone in the MAC Address field. 2. 3. they will immediately receive the configuration you have defined and become configured and ready to use right away.IP-PBX and VoIP 121 4. 4. 4. Select the desired phone in the list (like 1020). The new phone will be configured automatically as soon as you connect it to the network. This item corresponds to the physical phone that was previously associated. Enter the MAC address of the new phone in the MAC Address field. The phone is now free of any configuration. Preprovisioned phones will be configured as soon as they connect to the network. When it arrives the end user just needs to plug it to the network and it's ready to use without further issues. 2. and another line corresponding with the extension (like 1020). and select New SIP Phone to create the a new extension). You can just create the phone in the system. Go to IP-PBX > Phones. or assign it to another extension. 6. This item corresponds to the physical phone that was previously associated. Replace a broken phone When a phone it's broken and needs to be replaced by another one proceed as follows: 1. At this point you'll see a new item in the list with <not configured> in the extension column. Go to IP-PBX > Phones. and then mail it to the office. and also in the package. Inc. When those phones are plugged in the network for the first time. Click Save button. Enable the option Assign a physical phone to this extension. you can delete it (if the phone was definitely removed from the network). meaning that when in Callback mode. Pre-provisioning is very useful when you're managing the office from a remote location and you need to install a new phone. 6. At this point you'll see a new item in the list with <not configured> in the extension column. Select the brand of your new phone in the Phone Brand field. You can pre-provision phone independently of your configuration mode (Callback or Silent). 5. Pre-Provisioning Phones You can also configure phones that haven't yet been connected but will be connected in the near future. 3. Click Unassign Phone from Extension button in the toolbar. Pre-provision a new phone 1. Edit the phone extension in the list (1020 in this example). Critical Links. Where can i find the MAC address? Usually the MAC address is printed in a sticker placed at the bottom of the phone. Select (double click) the desired phone in the list (or Click New. You can now physically replace the old phone by the new phone. Select the new brand of your new phone in the Phone Brand field. . 5.

and all the configurations are made through the administrator's panel. Your phone will be listed in IP-PBX > Phones panel as <not configured>. 2. Hang up the phone. 5. Press “1” to start auto configuration. Phone will reboot and start with the configured settings. 3. · When you don't know mac-addresses.4. Use Case for Silent configuration mode 1. Use the Callback configuration mode: · When you need your customer to configure the phones.2. Assign the phone to the extension by pressing the Assign extension to Phone button in the toolbar. The Silent mode doesn't use any interaction on the phone's end. Which configuration mode shall I use? Use the Silent Configuration Mode: · When you already have phones configured in the office.122 edgeBOX 5. Inc. 6.0 Help Related Topics: Auto Configuration Modes 8.1 Auto Configuration Modes edgeBOX provides two different operation modes for auto configuration of the phones. · When you know mac-addresses. At this point you should answer the call. 7. · When setting up a new office on the field. One mode (Callback) is focused in configuring the phone by using the phone itself. Plug the phone. 4. The configuration assistant calls the phone. the phone will receive a call with a configuration wizard where you can dial the extension to assign and respective password (numeric passwords only). . Plug/Restart the phone 2. Call phones when they are first connected and start the Configuration Assistant Critical Links. Dial number of an already existing extension. Restart/Replug the phone to get the new configuration. 4. Use Case for Callback configuration mode 1. 3. Dial password of the extension.

Go to IP-PBX > Phones 2. if they do not answer the Configuration assistant call) from a given phone to start the phone configuration process. If it is not running click Start Service.. 3. Select the option Do not make the Auto Configuration Assistant call. Click the Save button. Make sure the Auto Configuration System is running (you should see a green bar at the top of the panel). Critical Links. How to call the Configuration Assistant? To call the Configuration Assistant from a phone of the network. You or the network users can also call the Configuration Assistant at any time (for instance. 5. The same applies to Outgoing Call Rules. The phones access control mechanism has in it's base Groups of Phones. 4. Select the option Automatically call the phone and start the Configuration Assistant. you or the user need to dial 1234. Make sure the Auto Configuration System is running (you should see a green bar at the top of the panel). 3. . Do not call phones when they are first connected to start the Configuration Assistant If you don't want the user to receive the Configuration Assistant call when he connects a phone for the first time (Silent Mode): 1. Click button Change.2. 5.IP-PBX and VoIP 123 To configure the system to start the Configuration Assistant call each time a user plugs in a new phone in the network (Callback Mode): 1.. where you can specify to which Groups a specific rule is applicable to. Related Topics: Phone Auto Configuration 8.. Basically you need to create a Phones Group. Go to IP-PBX > Phones 2. to define access control policies restricting the operations and types of calls that user's or specific extensions can execute..5 Phone Groups and Access Control edgeBOX allows you as an administrator. If it is not running click Start Service. 4. and then define what operations that group can execute. Note: It is only possible to dial the Configuration Assistant if the configuration was interrupted previously due to some problem and needs to be finished to configure the phone. which is the configuration assistant number. Click the Save button.. Click button Change. Inc.

Call Listening and Call Recording. Call Pick Up policies With Call Pick Up you can specify the set of phones that can pick up calls on this group.124 edgeBOX 5. The policies are organized by the operations: Call Pick Up. . In this panel you can Critical Links. 2. The choices are: · any phone can pick up calls on this group (this is the default setting) · only the phones that belong to the group can do this · no phone. Enter a name (like Sales) in the Name field. Description of the Access Control policies The access control policies of a phones group are configured in the Access Control tab when you create or edit a group. 8. Click New button. To create a group of phones proceed as follows: 1. You can choose: · any network phone can initiate Intercom Calls to the phones on this group (this is the default setting) · only phones in the group can initiate Intercom Calls to each other · this group will not accept Intercom Calls Call Listening policies With Call Listening you can listen to ongoing calls on other extensions. 7. 5. Define the access control policies to apply to the phones in the group (see examples below for better understanding). Select the Access Control tab.0 Help About Phone Groups Basic steps to create a phones group. Click Add button. Inc. Intercom Calls. 4. 10. like calling all phones in the group at the same time. 9. 6. Go to IP-PBX > Phones. not even from the group.Click Save button. when defined enables Group Calls. can pick up calls ringing in this group Intercom Calls policies With Intercom Calls someone could make a phone call to this group in which the destination phone will go into loudspeaker mode and the call will be listened to by the people near that phone. select and add the phones to make part of the group (use Ctrl key to select multiple phones at the same time). Enter a phone number (like 450) for the group in the Extension field. Click Groups in the Related Topics section of the menu. Enter a description (like Sales Personnel) in the Description field. This number is optional. 3.

9. 7. Click Groups in the Related Topics section of the menu. 2. For the scenario above execute the following steps: 1.Click Save button. . default setting is 'no'). when using *8<phone extension number> the user will pickup the call ringing at the specific phone (*81001 will pick the call ringing at phone's extension 1001). 3. or specific extensions belonging to the group. depending on your company requirements. At the Call Pick Up section. Other phones not belonging to the group Support won't be able to execute pickup to the group. At this point any phone within the group Support. but they don't want other people outside the group to pick their calls. 8. Below you can find some examples of the most typical configurations. 6. and · if phones on this group can or can't be recorded (see Recording calls. default setting is 'no recording'). Click Add button. 5. select the option Only phones of this group can pick up calls ringing on these phones. This number will be used to identify the group from where to pickup the call.IP-PBX and VoIP 125 specify if: · if phones on this group can be used to listen to calls on other phones (default setting is 'no') · if calls on these phones can be listened (default setting is 'no') Call Recording policies The Call Recording settings for a group allows you to specify: · if these phones can record calls (see One Touch Recording. Configuration examples You can configure any number of phone groups. Enter a name (like Support) in the Name field. How to create a group of phones that can pickup calls only between them? In this example. 4. can pickup calls ringing at any phone of the group by dialing *8 followed by the group extension number (300 in the example). lets assume that you have a group of support personnel and they want to pickup calls that ringing in another extension of the team (because the person is not at his desk). When using the group's extension number like *8300 the user will randomly pickup a call ringing in the group. with many variations of access control policies building from the most simple to the most complex set of policies. Enter a phone number (like 300) for the group in the Extension field. Enter a description (like Support Personnel) in the Description field. 10. Critical Links. Select the Access Control tab. Go to IP-PBX > Phones. select and add the phones to make part of the group (use Ctrl key to select multiple phones at the same time). Inc. Click New button.

· The user can make calls with his cell phone as if he was on his extension at work. select both policies: . 2. Activate Twinning for an extension Critical Links. 3. as a cell phone for example.Calls on these phones can't be listened by other phones 4. . This will inform edgeBOX that the call was picked up and edgeBOX will stop ringing the extension of the user. In Access Control panel. 8. Otherwise the extension will keep on ringing despite the call had already been answered by the user.0 Help How to create a group of phones that can listen and whisper calls. Add to the group the supervisors phones. If you activate and configure twinning with. the user needs to press the # (pound) key after answering. at the Calls Monitoring section. To listen and give instructions at the same time (whisper mode) dial *991*1001. when a user goes out of office. The user can then make internal calls just by dialing the extension he wants to call or make outgoing calls that will appear to the recipient as being made by user's regular work phone. 6. This is useful. 5.These phones can be used to listen to ongoing calls on other phones . for example. Inc. while others can't? In this example. when the user answers a call on his cell phone that was sent by egdeBOX through an analog line. a cell phone: · When a call arrives at the network phone (for example.126 edgeBOX 5. At this point any phone within the group Supervisors. For the scenario scenario above do the following: 1. at the Calls Monitoring section leave both policies unselected. He is able to answer calls to his extension on his cell phone. even if he is at home. Create a group called Supervisors. In Access Control panel. Learn More. and give instructions to them during the call. The user just needs to dial the number of the company. The phone that will pick up the call is the one that will be first answered. can listen ongoing calls of any phone in the group Help Desk by dialing *990* followed by the extension number of the phone to listen (*990*1001 to listen phone extension 1001). extension 2001) then both the network phone and the cell phone will ring. The call will be answered by edgeBOX and the user will hear the dial tone again. However. for example. lets assume we have a group of supervisors that need the ability to listen ongoing calls in the Help Desk group.6 Twinning Twinning enables you to almost duplicate the behaviour of an extension of the network on another external phone.2. Add to the group the phones of the help desk team. Create a group called Help Desk.

3. Turn off twinning This is particularly useful when the user is close to both phones at the same time. Click Save button. 3. But to do so. twinning must be Active on that phone. · Disable twinning . Enter the new phone number in the Phone Number field. disable and change the number of the phone your extension is twinning with. Unselect the option Activate Twinning. In this cases. In the Twinning section you can see the number of the phone this extension is currently twinning with. Twining will be now enabled. 4. But you. 2. 3.on your phone. Change the twinned phone number 1. Configure Twinning using the phone The user of the phone with twinning can also enable. 4. To turn twinning off of a phone: 1. the network phone and his personal cell phone. can enable it again at any time. for example. . · Enable twinning . this phone is not twinning with another phone. directly on the phone itself instead of the edgeBOX. 2. To allow a phone to twin with another one: 1. Click Save button. Select the desired network phone from the phone list and click the Edit Phone button. Select the desired network phone from the phone list and click the Edit Phone button. · Change the phone your phone is twinning with . dial *90.on your phone.IP-PBX and VoIP 127 The twinning feature is defined at each specific phone. See Configure Twinning using the phone. Click Save button.on your phone. Select the option Activate Twinning. it is just not enabled at the moment. through edgebOX's interface. or the phone's user. Select the desired network phone from the phone list and click the Edit Phone button. Note that the feature is still allowed at the phone. Inc. Twinning will be disabled. or you can leave it blank for the user of the phone to configure it himself. so you can switch off twinning so just the company phone rings when a call is received. Enter the phone number to be twinned to in the Phone Number field. 2. through the phone. this is. By default phones are not allowed to twin with other phones like cell phones. for example. dial *92* Critical Links. dial *91. having both phones ringing at the same time is not really useful.

· with Caller ID: check the box and type-in the Caller ID if you wish to further specify that this applies only to that specific Caller ID. you can use the New button to add new extensions or the Edit button to change existing entries. · on the right: when you select an extension on the left. · Transfer an ongoing call from the cell phone to the network phone .on your phone. For example. For your convenience. Don't use the Internal Dial Plan for simple operations like the creation or removal of extensions. The Internal Dial Plan menu gives you access to a finer-grained control of the way edgeBOX processes calls: it allows you to route each call through a set of simple or complex sequences for each call processed. . Those operations should be performed in the Phones list.7 Internal Dial Plan The Internal Dial Plan popup window is accessible in the Related Topics corner of the Phones menu. You can consider the Internal Dial Plan as a set of individual Extension Dial Plans. if your cell phone is 912154014 you can dial *92*912154014. 8. the right-hand panel shows you the Extension Dial Plan: the configured sequence of actions the PBX will execute upon reception of a new call for this extension.2. in the IP-PBX section. The popup dialog shows you initially: · on the left: the list of Extensions currently active in the Internal Dial Plan: each new phone created is automatically added to the Dial Plan and each phone deleted is automatically removed. Critical Links. Inc. for a specific entry: · Extension: type-in the extension name to which this Extension Dial Plan applies. Configure the Extension Dial Plan This dialog lets you configure.128 edgeBOX 5. The Configure the Extension Dial Plan popup window will show.0 Help followed by the phone number you want to twin to. The Internal Dial Plan should only be used for advanced configurations. As usual. a Duplicate button is provided for quickly creating new entries based on the existing ones. dial *93 and the call you are answering in the cell phone will continue in the network phone.

· Answer: the call will be answered. · Forward to Group: here the call will be answered by some phone in the group you specify from the drop-down list. · Wait: this action makes the call wait for the specified number of seconds. · Define Schedules (or calendars). you may choose any extension with an active voicemail.3 Configuring incoming call rules Incoming Call Rules instruct edgeBOX on how to deal with a call coming from the outside world. · Hangup: the call will be hung-up. use the New and Delete buttons to manage the contents of the list. . Related Topics: Critical Links. · Forward to Conference: you can choose a conference number for the call to be forwarded to (see Conferences). the selected sound file will be played and all numbers entered by the caller will be ignored until the sound has finished (see here for details on sound files). use the Up and Down arrows to change the sequence. · Forward to Voicemail: the call will be forwarded to the chosen extension's voicemail. · Play: the caller will listen to the sound file you choose. The Incoming Call Rules menu is accessible in the IP-PBX section. · Forward to Queue: with this option the call will be forward to the queue you choose (see Queues). For each action you can: · Forward to Phone: this action forwards the call to a phone. Inc. · Forward to external number: this action forwards the call to an external number. 8. · Build Automatic Attendant voice menus. When configuring Incoming Call Rules you have at your disposal the following tasks: · Creating Incoming Call Rules.IP-PBX and VoIP 129 · Actions: an ordered list of actions edgeBOX will try to route the call through. you must select the phone from the drop-down list that appears below. you must specify the number you want in the text filed.

· rule actions. and how it's going to be answered. 8. Basic steps to create an Incoming Call Rule 1. Critical Links. 3. · a rule name. Conditions determine if the rule is to be applied or not not.3. Select an action in the Actions combobox. Enter the parameter value for the condition in the text field at right side of the condition. that define how the call is to be treated. A rule is composed by: · a rule priority.130 edgeBOX 5. 5. Click Add button to add the action to the rule. Repeat from step 4 for as many conditions as you need. which is a human readable name describing the rule. There are two default example rules: work-hours and after-hours. Select a condition in the Conditions combobox. 6. Each rule as a set of conditions and a set of actions. The Incoming Call Rules menu can be reached in the IP-PBX section. 2. Repeat from step 7 for as many conditions as you need. · rule conditions. to determine if the rule is to be applied or not not. It can be redirected to a specific extension. Click New button. Rules are applied in the order of appearance. to voicemail or to automated attendants. . Enter the name of the rule in the Rule name field. Inc. Enter the parameters for the action in the fields at right side of the action. Click on a rule and use the UP and Down buttons to change the order. to determine the order by which the rules are evaluated. 9. while the Actions specify how the call is to be treated. Go to IP-PBX > Incoming Call Rules.1 Creating incoming call rules Incoming Call Rules define how an incoming call is routed through the system. 4. Click Add button to add the condition to the rule.0 Help · Voice Lines · Groups · Sound Manager · Music On-Hold · Automatic Call Recording · Automatic Attendants · Schedules 8. 7.

use the Move Up and Move Down buttons in the toolbar to place the rule in the order you desire to be evaluated. You can: · Forward to Phone: this action forwards the call to a phone. · Forward to Voicemail: the call will be forwarded to the chosen extension's voicemail. This condition is useful for example when at work hours (or days) you want the call to be answered by a person. This condition is useful when you need to redirect a call based on who's calling. · Forward to Queue: with this option the call will be forward to the queue you choose (see Queues). · Forward to internal number: this action forwards the call to an internal number. you must enter the CallerID in the text field at the right side of the condition type. each one with a different destination department or receptionist. Rule Actions The Rule Actions determine the behaviour in case the rule conditions are met. So you could easily build up complex rules such as ''from this origin. Critical Links. · Calls to (DDI): This condition tries to match the destination number (DDI) of the call with the supplied value. · Forward to Group: here the call will be answered by some phone in the group you specify from the drop-down list at the right side.At the rules list. you must specify the number you want in the text filed that appears at the right. but out of hours (or at vacations periods or holidays) you want an automated attendant to answer. you must specify the number you want in the text filed that appears at the right. In a single rule you can use as many conditions as you want. the sequence of actions specified are executed. you must choose a Schedule from the drop-down list at the right side of the condition type. the conditions of each incoming call rule are evaluated. 11.IP-PBX and VoIP 131 10. if the phone is not answered then the next action will take place. The rule's actions will be executed if (and only if) all conditions together are true. · Answer: the call will be answered. you may choose any extension with an active voicemail. For the first rule to match all conditions. · Schedule: This conditions evaluates if the call is being made at a particular time or day (see Schedules for more details). to that destination within some period of time''. you must enter the DDI in the text field at the right side of the condition type.Click Save button to save the rule. Rule Conditions When a call is received by edgeBOX. · Calls from (CallerID): This condition tries to match the originating number (CallerID) of the call with the supplied value. This condition is useful when you have multiple public phone numbers. · Forward to external number: this action forwards the call to an external number. . you must select the phone from the drop-down list that appears at the right side. Inc. · Forward to Conference: you can choose a conference number for the call to be forwarded to (see Conferences). · Ring Phone: this action tries to forward the call to the specified phone by making it ring.

Critical Links. If the passcode is correct. · Play: the caller will listen to the sound file you can choose. If you do not enter a passcode. the user gets authenticated automatically. · DISA: Stands for Direct Inward System Access. In each call the XX sequence from the DDI will be evaluated and re-used in the action. · Change CallerID: to change the CallerID to a diferent one. you must type it on the right. when the action DISA is executed. If you select that option and indicate the passcode. · Change Music On Hold: to change the music to be played if the call is placed on hold. We advise you to ALWAYS enter a passcode.132 edgeBOX 5. in the same rule. you must type the code on the right. Rule actions can be moved Up and Down with the help of the corresponding buttons. you specify ''Calls From (DDI): 9876543XX'' you could latter. Inc. · Wait: this action makes the call wait for the specified number of seconds. You can add several rule actions. · Set Project Code: to label the call detail record (CDR) with the supplied code. for example. This way you could compose complex sequences for edgeBOX to execute on the call.0 Help · Hangup: the call will be hung-up. Use of pattern characters You can make use of patterns in your rules. first is asked the user to enter the passcode before getting dialtone. The DISA application may require the user to enter a passcode. Allows someone calling in from outside the telephone switch (PBX) to obtain an "internal" system dialtone and dial calls as if from one of the extensions attached to the telephone switch. wait for 10 seconds and then forward the call to some Conference. In this case a call from 987654321 would be forwarded to internal number 9921. if. the user will hear dialtone on which a call may be placed. . · Pattern 'X': each X accounts for exactly one digit. As an example you could play a sound. Is it secure? This type of access has SERIOUS security implications. the selected sound file will be played and all numbers entered by the caller will be ignored until the message has completed. and GREAT care must be taken NOT to compromise your security. when the DISA action is executed. · Pattern '*': the symbol * accounts for any digit sequence. followed by the pound sign (#). specify an action like ''Forward to Internal Number 99XX''. you can use constructs like "Ricardo Loureiro <916291182>" or even the usual * and X signs for field replacement (see more on this below). · Start Automated Attendant: this action will start the execution of the specified automated attendant menu.

Basic steps to create an automated attendant 1. Each child node is either an action or a condition which may be expanded to see it's underlaying actions. Automatic Attendant's Actions · Forward to Phone: this action forwards the call to a phone.Click Save button when finished. and click Add Action (steps 5 to 8). To change to action's order execution use the up and down arrow button in the toolbar. Click Automatic Attendants option in the Related Topics section of the menu 3. · Forward to external number: this action forwards the call to an external number. 7. you must select the phone from the drop-down list that appears at the right side. Click New button in the toolbar. or a number is dialed. 5. Inc. 4. fully integrating all of edgeBOX's VoIP PBX functionalities. Go to IP-PBX > Incoming Call Rules 2. 9. An automated attendant menu is built with actions and conditions: · Actions define what is to be done in the call. Select the desired action in the Action combo box. . Click Save to confirm the action. · Ring Phone: · Forward to Voicemail: the call will be forwarded to the chosen extension's voicemail.For actions to be executed when a condition is met. 12. select the condition in the list. you must specify the number you want in the text filed that appears at the right. Enter the parameter values for the action in the fields shown below the Action combo box. Critical Links. 10.Select the type of action desired. · Conditions are used to respond to user input. allowing the administrator to create response menus for a large range of applications. play sound files. you may choose any extension with an active voicemail. Enter a name to identify the automatic attendant in the Name field.2 Defining Automated Attendant menus edgeBOX provides a flexible Automated Attendant builder. Callers using a touch tone phone will be able to navigate these menus by pressing the appropriate numbers. 6. 11. 8.IP-PBX and VoIP 133 8. making it easy to understand the concept of flow of actions and conditions.3. like when a key is pressed. Automated Attendants are displayed as a tree structure. Click Add Condition button in the toolbar. Repeat from step 5 to add more actions. joining conferences or jumping to another automated attendant menu. Click Add Action button in the toolbar. like answer.

0 Help · Forward to Queue: with this option the call will be forward to the queue you choose (see Queues). additionally you can also choose the Internal Extensions option. the user will hear dialtone on which a call may be placed. This way you could compose complex sequences for edgeBOX to execute on the call. The DISA application may require the user to enter a passcode. · Play: the caller will listen to the sound file you can choose. first is asked the user to enter the passcode before getting dialtone. Is it secure? This type of access has SERIOUS security implications.134 edgeBOX 5. · Forward to Group: here the call will be answered by some phone in the group you specify from the drop-down list at the right side. If you do not enter a passcode. when the action DISA is executed. the drop-down list will show you all currently configured automated attendants for you to choose the one you want. We advise you to ALWAYS enter a passcode. . and will execute the underlying actions if the keys match the ones you specified on this condition. · Answer: the call will be answered. followed by the pound sign (#). the user gets authenticated automatically. · Play in background: similar to Play. in that case the caller will be able to dial the internal extension he wishes to reach. · Wait: this action makes the call wait for the specified number of seconds. Rule actions can be moved Up and Down with the help of the corresponding buttons. if the user didn't pressed any keys (after a 5 seconds timeout). wait for 10 seconds and then forward the call to some Conference. · Start IVR: this action will start the execution of the specified automated attendant menu (IVR). If the passcode is correct. and GREAT care must be taken NOT to compromise your security. if the sequence of keys pressed by the user is not matching any of the previous conditions. the selected sound file will be played and all numbers entered by the caller will be ignored until the message has completed. Automatic Attendant's Conditions Conditions are used to execute a set of actions based on the user's input. · DISA: Stands for Direct Inward System Access. instead of being forced to wait for the sound to finish. As an example you could play a sound. Inc. · If user pressed invalid keys: This condition will execute the underlying actions. · Hangup: the call will be hung-up. Critical Links. · If user didn't press any key: This condition will execute the underlying actions. You must enter the set of keys that should be pressed in the Keys field. You can add several rule actions. · Forward to Conference: you can choose a conference number for the call to be forwarded to (see Conferences). If you select that option and indicate the passcode. when the DISA action is executed. but in this case the user can press keys while listening. Allows someone calling in from outside the telephone switch (PBX) to obtain an "internal" system dialtone and dial calls as if from one of the extensions attached to the telephone switch. · If user pressed keys: This condition will compare the keys typed be the caller.

Click New button. Dialed Number and Time. 2. · Time: you can specify any time span within a day. Click the Schedules option in the Related Topics section of the menu. This is very useful to specify working hours. From that menu you can: · Configure edgeBOX to require PIN authentication for outgoing calls · Configure Outgoing Call Rules and Access Control policies for specific Groups or Devices · Configure the Emergency route Critical Links. You can do this based on: · Date: you can either specify a range of calendar days or a single day. Give me an example. · Days: you can either specify a range of week days or a single week day. from 0h0m up to 23h59m. 5.4 Define your outgoing call rules Outgoing Call Rules instruct edgeBOX on how to route calls to the outside world. reducing the overall cost of your voice communications. 3. 4. In that case the schedule will actually be defined as the superposition of all rules (logic AND). vacations. Next you must specify a set of time Rules. Please refer to the IP-PBX section's Outgoing Call Rules menu. Enter a name identifying the schedule in the Name field. As an example you could specify a three rules based schedule as: ''Date: from 1/7/2009 to 31/12/2009'' AND ''Time: from 9h00m to 18h59m'' AND ''Days: from Monday to Friday''. holiday periods that you can then easily use when defining your call rules. Usually Outgoing Call Rules are used with Least Cost Routing (LCR) in mind.3.3 Schedules Schedules allow you to define periods of time for executing rules in Incoming Call Rules. Inc.IP-PBX and VoIP 135 8. Go to the IP-PBX section. Incoming Call Rules menu.. since you can create rules based on destination number in order to use the least cost route for that destination. 8. You would call this schedule WorkHours2ndSemester09.. To define a schedule proceed as follows: 1. You can have distinct rules based on Phone Dialing. You can specify multiple rules for a schedule. .

As usual the green/gray colors are used to show the operational status of the Outgoing Calls Authentication service. 8. i.4. Local.2 Rules Definition An Outgoing Call Rule is defined by the following data: · Conditions: this is where you define the conditions when to apply the rule. Long Distance. but only to find the correct Route to use. here you can reuse pattern matches from the Inbound Pattern. In this mode of operation users are not required to supply a PIN when making calls. · Time of day: the period of the day for which this rule will apply · Routes: in the routes section you define · Route: which line (or lines) should be used to make the call · Outbound Pattern: the number to dial out. Click the Require users to authenticate/Don't require users to authenticate to change it.1 Authentication edgeBOX supports authentication of outgoing calls. When inactive. The Outgoing Call Rules menu in the IP-PBX section displays the current status of the authentication service at the top. · Type of call: Free. are also set on user creation. the system will still check the type of each call. the type of outgoing calls a user is allowed to make. Critical Links. Mobile.0 Help Related Topics: · Configuring Voice Lines · Phones Groups Access Control · Automatic Call Recording · Configure usage of ENUM routes 8.e. Inc. namely: · Inbound Pattern: the Dialed Number. When active the PBX will block outgoing calls if the user supplied invalid credentials or if the user doesn't have the necessary permissions to make the call.4.136 edgeBOX 5. Authentication is based on a PIN assigned on user creation. you can use patterns such as 123*: this will match all calls to numbers starting with 123. . more details below. Outgoing call permissions. International or Special Call.

. Classify the type of access level required to use this rule (like Free) in the Type of Call field.Click Add. More details. this would indicate a 9 followed by exactly 3 other digits (which may or may not include the digit 9) 9. 5. 12. Examples: The 9* indicates a digit 9 followed by any other numbers. check the Caller ID and enter the number (or text) you want in the CallerID field. Enter the number (pattern) that should be dialed (usually the same as the Inbound Pattern you entered in 3) in the Outbound Pattern field. Enter the dialed pattern (or number) you want as a condition to apply this rule (like 001* for all numbers started with 001. in the From and To fields. 3. in this case the Inbound pattern would be 0* and the Outbound pattern would be *. thus your inbound pattern would be 9* (all numbers starting with 9). In the both patterns (outbound and inbound) you can use two special characters: * matches all remaining digits. Inc. 6. 13. All these additional routes will be used if the previous one is not available or times out. Select the route (or line) you want the call to follow through in the Route field..If you want to enforce a specific Caller ID for the call. if you wish to transform the number.Repeat 7 to 11 adding all routes you wish to use as fall back routes. or 800XXXXXXX for all 10 digit numbers started with 800) in the Inbound Pattern field. One example is when you need to add prefixes to select a specific provider. in these cases edgeBOX will change it at the protocol level but produces no effect as the provider will override it. The rule is only applied to calls made during the specified time period. If you entered 9XXX. you may use several X characters to match a specific number of digits. Steps to create a new outgoing call rule 1. More details. 7. 2.Select the Access Control tab. · CallerID: outgoing caller ID. this route shall ring before ending the call (or falling to the next route if defined) in the Timeout field. Enter a name for the rule (like US_Calls) in the Name field. The 'X's must be uppercase. Click New button in the toolbar. Enter the amount of time in seconds (like 30). Caller ID is the identifier displayed (usually the number associated with the phone line) in the destination phone. 10. X matches exactly one digit. 11.. Critical Links. Goto IP-PBX > Outgoing Call Rules.IP-PBX and VoIP 137 · Timeout: timeout for this route. 8.. The outbound pattern may differ from the inbound. Other situation is when you want an outbound prefix like 0. This way you can have different rules in different time schedules to the same destination number.. 4. Enter the time period you want this rule to be applicable. say a prefix of 1010 needs to be added. Not all providers allow this to be changed. whilst your outbound pattern would be 10109*.

See more in Configuring Voice Lines. Thank you for calling. Inc. thus your edgeBOX needs a working internet connection for this test to work.Move the Groups and the Devices from Denied to Allowed.4. or if the call is coming from a Device in the Allowed area (like DISA). Critical Links. meaning that every connected phone (even phones in "not registered" state due to bad password) are allowed to make the call. Enter the emergency number (like 911) in the Emergency Number field. In a sentence this rule could be read as “Calls to number 123. for whom you want to be able to use the rule. the Default rule doesn't include any routes (lines) to the PSTN.g: 911 or 112) is dialed. . In a sentence this rule could be read as “Calls to any number (*). Default Outgoing Call Rules There are two pre-configured outgoing call rules in edgeBOX: · Demo rule: This rule is meant for testing purposes only. Steps to setup the Emergency call rule 1.3 Emergency number The Emergency rule is a special rule to be used when the emergency number (e. You can easily identify it by the red cross icon . 3. · Default rule: This rule is the most generic rule. and then the call will finish. 15.138 edgeBOX 5. The emergency rule it's a system rule and cannot be deleted. 2.Click Save to save the rule. If everything is working properly your call will be answered and you'll listen an automated attendant saying “Welcome. Note: When you first receive an edgeBOX. so you need to edit this rule and add the routes you've connected. demo-proxy is a ITSP connection to Critical Links data center for you to test your edgeBOX setup. Note: You can test the Demo rule by dialing 123 in one of the already connected phones. and will match all calls (except if rules with more specific conditions are applicable).0 Help 14. This rule behaves pretty much the same way as other rules but authorization and authentication policies are bypassed. made from any phone will follow demo-proxy route”. 8. Goto IP-PBX > Outgoing Call Rules. The rule will only be applied if the phone making the call belongs to a group in the Allowed area. at any time. at any time (00:00 – 23:59) made from any phone (Access Group Default) will follow routes specified”. Please note that this call is made through a connection to Critical Links servers. Select the rule Emergency and click Edit button in the toolbar (double mouse click also works). Goodbye”.

Voice lines are classified as follows: Critical Links. One example is when you need to add prefixes to select a specific provider. this route shall ring before ending the call (or falling to the next route if defined) in the Timeout field.5 Configuring Voice Lines edgeBOX can be connected to the public telephony network or to the IP network in a number of ways. say a prefix of 1010 needs to be added. Examples: The 9* indicates a digit 9 followed by any other numbers.. you may use several X characters to match a specific number of digits. 10. if you wish to transform the number. In the both patterns (outbound and inbound) you can use two special characters: * matches all remaining digits. More details. this would indicate a 9 followed by exactly 3 other digits (which may or may not include the digit 9) 6. If you want to enforce a specific Caller ID for the call. thus your inbound pattern would be 9* (all numbers starting with 9). The Voice Lines panel allows you to manage all these interfaces in a consistent unified approach. Caller ID is the identifier displayed (usually the number associated with the phone line) in the destination phone. Other situation is when you want an outbound prefix like 0. More details. the Outgoing Call Rules and the MailFax Accounts menus. Select the route (or line) you want the call to follow through in the Route field.. 8. check the Caller ID and enter the number (or text) you want in the CallerID field. You can reach the Voice Lines popup from the Incoming Call Rules . Please go to the IP-PBX section. When the panel loads you get a summary display of all your phone lines and corresponding status. 8. Repeat 5 to 8 adding all routes you wish to use as fall back routes.. All these additional routes will be used if the previous one is not available or times out. With edgeBOX you can manage your connections such as ISDN or FXO-FXS hardware.Click Save to save the rule. X matches exactly one digit. 7. whilst your outbound pattern would be 10109*. Enter the amount of time in seconds (like 30). The 'X's must be uppercase. Click Add. The outbound pattern may differ from the inbound. Not all providers allow this to be changed. in this case the Inbound pattern would be 0* and the Outbound pattern would be *. If you entered 9XXX. or pure VoIP interfaces such as SIP or IAX2.IP-PBX and VoIP 139 4. in these cases edgeBOX will change it at the protocol level but produces no effect as the provider will override it. in the Related Topics corner. Enter the number (pattern) that should be dialed (usually the same as the Emergency Number you entered in 3) in the Outbound Pattern field. . 5. 9. Inc..

The signalling protocol used is SIP (Session Initiation Protocol). additionally you can Customize Authentication Fields. where you can connect directly analog phones or fax machines. · Remote PBX: Lines connected to a PBX (includes ISDN BRI and ISDN PRI).1 VoIP Providers To enable edgeBOX to connect to a VoIP provider on the Internet. press the Settings. Please fill the details regarding your VoIP provider account: · Name: type in an identification name for this provider. · IP Address / Hostname: type-in the IP address or the FQDN of your provider. ISDN BRI and ISDN PRI.. Authentication · Authentication is not required · Authenticate with credentials: if the provider requires authentication please fill in the Username and Password.0 Help · Public Lines: Lines connected directly to the PSTN (Public Switched Telephone Network). button and type-in: · Register Name · Authentication Name · From User · From Domain · Outbound Proxy · Realm · Contact Critical Links. Calls received on this lines are considered internal calls. Inc. How to create a remote office connection? · All Lines: Display all the above mentioned connection types plus FXS lines. meaning that extensions can be called directly. Calls received on this lines are considered internal calls.140 edgeBOX 5. · Remote Offices: IP connnections to other office. Step 1: in the first dialog you need to define the destination host and authentication for the connection. meaning that extensions can be called directly. please load the Voice Lines dialog and click the New button. How to create a VoIP Provider connection?.5. In the subsequent dialog choose Connect to a VoIP provider on the Internet and press Next. supported signalling protocols are SIP and IAX2. 8. . · VoIP Providers: IP connections to VoIP providers.. The supported line types include FXO. The panel will automatically display all lines installed based on your hardware configuration.

. you need to add ENUM line to your list of routes. Click Add. info and rfc2833 8. so if for a given Outbound Route you want ENUM service to be used. which is a service to map PSTN telephone numbers into VoIP URLs. In edgeBOX ENUM service is conceptualized as a voice line. 5. You may choose to provide: · Max Calls: maximum number of simultaneous calls allowed. Inc. Double click the rule where you want to use ENUM (or create a new rule). · Manage Codecs to be used on this connection: select the codecs to be used (these codecs have to be supported by the provider). 2. For more information see Codecs section. 1. Please note that calls coming through trusted SIP proxies are only trusted if the proxy name is equal to the FROM header. Use the Up and Down buttons to place the ENUM at your desired execution order (typically it should come first). 3. This will make for every call routed through that rule.2 ENUM service edgeBOX supports ENUM. Step 2: in the second dialog you will define codecs and other advanced options. press Next. Go to IP-PBX > Outgoing Call Rules. Select ENUM in the Route combobox. · Manage DTMF and other advanced options: · Disable NAT support · Disable Keep Alive · DTMF Mode: inband. to send a query to each active ENUM server to try to lookup the called PSTN number. For more details about ENUM see Telephone Number Mapping. Critical Links.IP-PBX and VoIP 141 For convenience you can use the Test Connection button to validate the connection. How to use ENUM service? ENUM service is used like a Voice Line. You can also select the preferred order of use. Once you're done. and if found the call will proceed as an URI call. 4.5. and enter the desired Outbound pattern. meaning that whenever you want a given Outgoing Rule to search and use ENUM service. you just need to add the ENUM line to your route.

Now all the Outgoing Rules that you've configured to use ENUM will query the specified servers.org and e164. Use Add and Remove buttons to setup your ENUM servers. 2. as if the phone was registered on edgeBOX A.3 Remote Offices The Remote Office functionality allows the creation of an IAX or SIP trunk between two edgeBOXs. Note that besides calling internal extensions. Click Save button. Inc. A benefit of this configuration is that an extension from edgeBOX A is able to call an extension registered in edgeBOX B. Click Save button.. Step 1: in the first step you need to define a name and a security key for the conection: Name: a descriptive name for the connection (such as office2.0 Help 6. resulting in a better use in bandwidth. 3. for example). 8. . all VoIP functionalities will be available for the remote edgeBOX users (making local calls. Now. 4. 5. ). Select Voice Lines option in Related Topics section. Authentication · Password: the password to use in the connection. Advanced Options · Manage Codecs: click the Codecs.142 edgeBOX 5. making call conferences. Go to IP-PBX > Outgoing Call Rules.. How to configure ENUM service? By default edgeBOX comes preconfigured with two ENUM server (e164.arpa). Calls between these devices benefit from an optimised connection. In the subsequent dialog choose Connect to a Remote Office and press Next. outbound calls following this rule will be converted to URI Calls whenever the ENUM server returns a valid URI for the dialed number. Double click the ENUM Service line.5. If you need to use others follow the steps below: 1. please load the Voice Lines dialog and click the New button. To enable edgeBOX to connect to a Remote Office. etc. button and use the following dialog to enable/ Critical Links. allowing you to make a conference call between two remote offices with no costs.

4. for SIP don't forget the Max. IP-PBX menu. For each specific type follow the details below: · ISDN BRI · ISDN PRI · Analog FXO-FXS 8. NT Mode .5. · Manage Protocol (IAX or SIP): click the Protocol.1 ISDN BRI When editing a BRI port. Critical Links. Step 2: in the second step you need to specify the Remote Office location: · IP Address / Hostname: type-in the IP address or the FQDN of the remote office IP-PBX. Simultaneous calls value.4 Hardware edgeBOX supports automatic hardware detection. Press the Finish button when done. button and choose the protocol SIP or IAX. To access them.IP-PBX and VoIP 143 disable and prioritize the application of audio and video codecs for this connection.5. select the desired entry and click the Edit button. 8. All supported card types are displayed in the Voice Lines popup. Each card type has it's own specific set of configurations. ports in NT Mode are available when you configure your Incoming Call Rules. you can configure the following parameters: Mode Choose the desired operating mode: · This line connects to an ISDN Phone: if this line will be used to connect a phone. See Codecs section for more information. .. Click Next. Inc. · Automatically configure remote server: check the box and type-in the administration password of the remote host. All supported VoIP card types are automatically detected and the system is automatically configured so these cards can be used by the IP-PBX..

PMP links allow to connect up to 8 terminals in parallel along the bus.2 ISDN PRI When editing a PRI port. this means that the inbound call rules and outbound call rules will not be applied to these calls. Inc.0 Help · This line connects to an ISDN Line: if this line will be used to connect edgeBOX to the exterior using ISDN. . 22 ports in T1 mode). · Wait for all incoming digits before fallback to Dial Plan: select this option if you want to wait for all incoming digits before fallback to Dial Plan. 8.144 edgeBOX 5.4. You can use this option to restrict the inbound calls you accept on this ISDN line. you get a two tabbed dialog window: General · Mode: shows you the current operating mode for the port. ports in TE Mode are available as outbound routes when you manage Outgoing Call Rules. NOTE: changing this option requires restarting edgeBOX's PBX and thus hanging-up all ongoing calls. · Point to Multi-Point (PMP) · Point to Point (PTP) MSN numbers The MSN numbers are your public phone numbers. it allows edgeBOX to integrate with PBX's which work with overlap digits. Others Select the following two options as required: · Consider calls on this line as internal calls (Trusted Line): select this option if you want inbound and outbound calls through this line to be considered internal calls by edgeBOX. Connection Type Choose the desired connection type: Point to Multi-Point (PMP) or Point to Point (PTP). How to change mode? Critical Links.5. additionally the number of ports (31 ports in E1 mode. Edit and Remove buttons to manage the list of numbers to which this line accepts calls. PTP links allow only one TE to be connected. it can be E1 or T1. Accepting calls restrictions: · Accept calls to any number · Accept only calls to the following numbers and ignore other calls: use the Add. TE Mode.

. it allows edgeBOX to integrate with PBX's which work with overlap digits. Available options are: · CPE. used on the network side. · Enable Echo Cancellation: select this option if you want the card to use the embedded echo cancellation mechanisms. · Consider calls on this line as internal calls (Trusted Line): select this option if you want inbound and outbound calls through this line to be considered internal calls by edgeBOX.IP-PBX and VoIP 145 · Ports: the current port assignment (example 5-35 for an E1). this means that the inbound call rules and outbound call rules will not be applied to these calls. · NET. the following settings may be changed: · SwitchType: switching used by the line. Available options are: · EuroISDN. Advanced The advanced tab gives you access to further configuration details In the Advanced tab of the configuration details for PRI cards. · Group: the current Group. Note that this option is only displayed for cards that support echo cancellation. · QSIG. · Wait for all incoming digits before fallback to Dial Plan: select this option if you want to wait for all incoming digits before fallback to Dial Plan. · Signalling: signalling used by this span. · E&M · Timing: · Primary Master · Secondar Master · Slave · Coding: · HDB3 · AMI Critical Links. Inc. used on the client side. used in Europe.

To see more information about E1 and T1 see here. allowing you to receive or make calls using the PSTN network. Private. Private. National.146 edgeBOX 5. · International Prefix: check the box and enter the desired prefix. · FXS Module: should be connected to an analogue phone or fax machine. Dynamic. you will have to reboot edgeBOX. Local.5. Be careful not to connect phone lines (PSTN lines) in the FXS port.5.1 How to change configuration mode (E1 / T1) To change the mode from E1 to T1 (or vice-versa) you need to access the hardware and configure jumpers accordingly.2.3 Analogue FXO-FXS To allow connection to analogue lines. 8. Local. . 8. International. FXO and FXS modules may be installed in this card: · FXO Module: should be connected to an analogue line. Inc. If you do so. When editing an FXO-FXS port you'll be prompted by a panel with two tabs: Critical Links.4. Dynamic. the port will still not work. International. the port will stop working. National.4. Even if you unplug the phone line cable and connect an analog phone into the port. · Local Dial Plan: choose from Unknown. Customize National and International Prefixes · National Prefix: check the box and enter the desired prefix. please refer to your support service for more information on how to proceed. edgeBOX supports TDM Digium cards.0 Help ISDN Signaling · Dial Plan: choose from Unknown.

IP-PBX and VoIP 147 General · Number: number of lines for this card.. show me more details. 8. Inc.6 Phone operations This section of the manual brings together hands-on information on how to execute several useful operations or configurations directly with your phone: · Blind and Supervised Transfers · Group Calls · Intercom Calls · Call Listening and Call Whispering · Call Pick-Up · Twinning · Follow Me Critical Links. · Sound Volume Gain (dBs): adjust the volume for transmission and reception on this line. edgeBOX is not able to know if the call was answered or not because it is an analog line. only for FXO mode. · This line receives dialtone: select the period: immediately or up to n seconds. · This line has a direct phone number assigned: only for FXO mode. when an analog phone is in Twinning.. . you need to select this option if you have Twinning enabled on your analog phone and you are not in the USA. otherwise the extension will keep on ringing despite the call having already been answered by the user. · Enable Echo Cancellation: only if card supports echo cancellation. if the call is answered on the twin phone. so it is necessary to the user to press the # (cardinal) key after answering. Advanced · Enable "#" confirmation for outgoing twinned calls: only for FXO mode. this will inform edgeBOX that the call was picked up and edgeBOX will stop ringing the other extension. check then box and type-in the desired direct phone number for this line. · Mode: FXO or FXS.

you cannot check to see if the number you are transferring the call is busy or offline. 4. Inc. There are two major kinds of transfers: · Blind Transfer: immediately transfers the call to another number. Also. you and the caller will be disconnected from the original call. If the person says yes.6. 3. hang up your phone and the call that is on hold will be transferred to the recipient.1 Blind and Supervised Transfers edgeBOX allows you to execute Calls Transfers from your phone to other phones. The caller is immediately connected to the number you transferred the call to. Supervised Transfer . 3. but you can change it). To do that use a Supervised Transfer instead. ask if you can transfer the call. Example: #12001 to forward the call to extension 2001. for example. You will hear the busy line tone. 2.0 Help · One Touch Recording · Labeling CDR records with Cost Centers 8. The caller will no longer be able to hear you. . Dial the prefix for a supervised transfer (*2 by default. After the person answers. inform the caller that you are going to transfer the call. it is also know as Attended Call Transfer. If the person says no wait until he/her hangs up. Blind Transfer . 2. which means the transfer is complete and you can hang up. before making the transfer. inform the caller that you are going to transfer the call. this allows you to determine if the transfer will succeed and if the person at the other end will actually be able to accept the call. When you are answering a call. Dial the number of the phone number you wish to transfer the incoming call to. When you are answering a call.How to do it? 1. 4. Critical Links. If you make a mistake when dialling the number you're transferring the caller to. · Supervised Transfer: transfers a call to another phone by putting it on hold and allowing you to talk to the transfer destination phone.148 edgeBOX 5.How to do it? 1. Dial the prefix for a blind transfer and the telephone number you wish to transfer the incoming call to. The call on hold will be transferred back to you and you can inform the person holding that it is not possible to transfer the call.

. Mr Alves'.IP-PBX and VoIP 149 If the person to whom you've are transferred the call doesn't answer it in about 15 seconds. Carreira's phones to the group. . This also happens if that person answers the call but hangs up the phone before you do. The call will be listened to by the people near that phone. Mr Sousa's and Mr Carreira's phones will start ringing. Give me an example. the call is transferred back to you.6. all three. Alves' and Mr Sousa's phones will stop ringing. 8. The result of a call directed at a group extension is that all phones in that group will ring: that's a Group Call. then you added Mr. Alves'. Related Topics: · Operation Key Codes (Prefixes) 8.6. Mr Sousa's and Mr. Why is this useful ? This is useful for making quick announcements (for example: a short request for the sales team to gather for a quick meeting in the hall). if you dial 5432 from your phone. if Mr Carreira picks up his phone first you will start talking to him. that's how a Group Call works. When anyone picks up the call on any of the group's phones all the others stop ringing. Mr. That's the group's extension.2 Group Calls Group Calls are calls directed at a Group extension number (instead of a Phone extension number). When you create Groups of phones you are prompted for an optional Extension number to be assigned to the group.. Critical Links. or to try to reach someone that might be nera the phone but might not be authorized to answer it without being specifically requested to. Inc. Hangup a Supervised Transfer .3 Intercom Calls An Intercom Calls is a special kind of call for which the destination phone will automatically answer the call and go into loudspeaker mode. Let's assume you've just created a new group of phones called whosincharge and you've chosen the 5432 extension for the group.How to do it? To end a Supervised Transfer and get back to the initial caller you can dial the Hangup Key Code (*0 is the default key code for Hangup but you can change it if you want to).

To do this dial *990*<extension number>: you will listen the ongoing call at that extension. Call Whispering This feature consists in the ability to secretly talk to the person at phone A.0 Help To make an Intercom Call you need to dial *9<number> (if you dial *9 followed by a group number. only phones with loudspeaker mode can receive such calls. The person at phone B does not ear your voice. The access to this feature is can be restricted based on the Phones Access Control policies. The availability of these features is restricted by the Phones Access Control policies and depends on the three phones involved: if any of the target phones can not be listened to. Additionally. instead of an extension number. while listening to the conversation between A and B. You need to dial *991*<extension number>: your phone will allow you to listen to the ongoing call at <extension number> and you will be able to "whisper" to that extension.6. without B's knowledge (just like whispering in the A's ears). . only the person at phone A. Phones currently supported for this feature are: · Snom · Linksys · Aastra · Grandstream · Polycom Related Topics: · Phones Access Control 8. or Critical Links. then all phones that belong to the group will answer the call and go into loudspeaker mode).150 edgeBOX 5. Inc.4 Call Listening and Call Whispering Call Listening This feature is gives you the ability of a user at a phone C to listen to a call between phone A and phone B.

Related Topics: · Phones Access Control 8. . · by pressing *8<group extension number>: will pick-up a call to that specific group. disable and change the number of the phone the extension is twinning with. Call Pick-Up operations are bound to the limitations defined for the Groups the phone belongs to (please make sure to review those settings in the Groups section of this manual).IP-PBX and VoIP 151 your own phone can not listen to calls. dial the Pick Up prefix *8 plus 2001: *82001. Your phone will be able to pick up calls: · by pressing *8: will pick-up any call that belongs to any of the groups the phone belongs to. For example.6. Related Topics: · Phone Groups 8. Make sure to check out the details at the Phones Access Control section in this manual. Twining will be now enabled. · by pressing *8<phone extension number>: will pick-up a call to that specific extension. To: · Enable twinning: dial *90.6 Twinning The Twinning feature can. to pick a call ringing at extension 2001. be managed directly through the phone: the phone user can enable.5 Call Pick-Up Call Pick-Up is the ability to grab a ringing call at a given extension. then none of this will be possible. Inc. · Disable twinning: dial *91.6. directly on the phone itself instead of the through edgeBOX (twinning must be allowed on that phone). to some extent. · Change the phone your phone is twinning with: dial *92* followed by the phone Critical Links. Twinning will be disabled.

Critical Links.Dial *12* plus your extension number. How to do it? To enable Follow Me: · If you are close to your extension . Calls that arrive at your extension will not be forward to another phone anymore. from now on if your work phone rings your cell phone will ring too. show me an example.. and all calls that arrive at your extension will be forward to the meeting room phone. *90 (to enable twinning) and. pick up the meeting room phone and dial *12*2013. only in the network phones. All calls that arrive at your extension will be forward to the meeting room phone.6. you can pick up the call on any of them.. For example. For example. if you are on a meeting room and you want to forward calls that arrive at your extension (ext: 2013) to the phone that is on the meeting room.Dial *13* plus your extension number (example: *13*2013). Related Topics: · Twinning 8. dial *93 and the call you are answering in the cell phone will continue in the network phone. and there is a phone there (extension 4002). for example. *92*912154014 (to actually start the twinning process). · If you are close to the extension you want to forward calls to .Dial *13*. Calls that arrive at your extension will not be forward to another phone anymore.0 Help number to twin with. first. Inc. .152 edgeBOX 5. · Transfer an ongoing call from the cell phone to the work phone: on your cell phone. you should pick up your work phone and dial.Dial *14* plus the phone number or the extension number you want your calls to be forward to. Or you can indicate your personal cell phone number instead ( *14*912154103). that you can pick up your extension and dial *14*4002. then.Allows you to forward calls that arrive at your internal extension to another extension or phone where you are at the moment. · If you are close to another extension . this way all calls that arrive at your extension will be forward to your cell phone. let's assume your cell phone is 912154014 and you want your work phone to twin with your cell phone.7 Follow Me Follow Me . To disable Follow Me: · If you are close to your extension . You can't do this operation in edgeBOX's interface. if you have a meeting on a meeting room.

The availability of the One Touch recording (OTR) feature for a given call is configurable on a per Group basis and depends on the phones at both ends: if the phone trying to use OTR belongs to a group that can not record calls then the recording will not occur. the user dials #79<code> the call will be marked with that <code> in the corresponding CDR log line. Depending on global Voicemail configurations the sound file may or may not be attached to the e-mail. Inc. .6. if the phone on the other end of the conversation belongs to a group that can not be recorded then the recording will not take place.6. during a call. additionally.8 One Touch Recording Users can start the recorder by pressing *9 during the call. After the call finishes the file with the call recorded will be available at the user's Voicemail. An e-mail message will be sent to the user's e-mail account.CDR Critical Links. are available through the logmaster FTP account. The CDR files. Related Topics: · Logs · VoIP activity logs .9 Labeling CDR records with Cost Centers CDR Project Codes If. Related Topics: · Phone Groups and Access Control 8.IP-PBX and VoIP 153 8.

.to show you the current service administrative status. Two major types of conferences are supported: · Dynamic conferences: created freely by the users. or Conference Room Number) · Type: you need to choose from · Public: this conference will be accessible by anyone that tries to join it and you can not specify a moderator. · Static conferences: created by the administrator. The list of static conferences configured is displayed in the list at the bottom of the Conferences menu. · Music On-Hold: choose the music Playlist for this conference. To join this conference. additionally you will have an option to choose a moderatror PIN. Critical Links. Inc. Dynamic Conference service To enable dynamic conferences you need to start the Dynamic Conference service in the usual service bar at the top of the page: you should click the Start Service/Stop Service links on the right and the bar will change color . · Conference Pin: type the desired conference PIN. you can Change.green or gray .154 edgeBOX 5. . the number users dial to access the service. Static Conferences This other type of conference is created by the administrator.0 Help 8. That number will become the conference room number. Any registered user may dial the pre-defined dynamic conference extension (9000 by default) and create a conference just by dialing any desired number. · Security-enabled Conference: the access to this conference will be restricted to users that know the conference PIN.7 Conference Rooms You can setup edgeBOX's conference support in the IP-PBX section. other users should to dial the pre-defined dynamic conference extension and enter the conference room number. Conferences menu. To create a New static conference a two tabbed dialog window will show: General · Number: type-in the desired Conference Number (also known as the Room Number.. If you want to. The default is 9000.

the algorithm used to assign calls to agents. This popup contains two main tabs.IP-PBX and VoIP 155 Advanced · Maximum: maximum number of simultaneous members the conference may accept.8 Managing Call Queues The Queues menu in the IP-PBX section allows you to manage edgeBOX's call queuing system. · Moderator Pin: 9911. 8. . An appropriate dialog window will popup. The conference moderator has the same privileges as normal users plus Lock/unlock conference and Eject last user. · Have a moderator for this conference: check the box if you want a moderator and type-in the Moderator PIN and repeat for safety · Don't allow members to communicate until moderator joins the conference: check the box if you want this behaviour. and others. In the General tab you'll find: · Name: type a name for the queue (when editing an existing queue you cannot change it's name). edgeBOX is shipped with a pre-configured Static Security-enabled conference for your convenience: · Number: 9010. Creating Queues To create a new Queue you need to press the New button (to edit an existing Queue the operations are similar). · Assign the calls to: this option allows you to specify the so-called Ring Strategy . · Conference Pin: 9910. you can press the * to listen to the available options like increase/decrease volume. you can choose one of the following options: Critical Links. mute. Inc. · Announce when a user joins or leaves the conference: select or deselect the check box. While in a conference. Configured queues are shown in a tabular manner.

· The agent that has been longer without calls. Together with the status of the service there's also a parameter that you can change. whoever is near that extension will now start receiving calls from this queue. without requiring the agent to have the phone off-hook (on call) to receive calls. Type your password (same as the User PIN number). which is the extension number of the callback login service. . How can an agent login? The standard login for an agent is through the following steps. select the users you wish to assign to the queue and click the Next button. then. users that don not have a PIN will be assigned one. The status of the callback login service is controlled by the service bar at the top of the page where you can Start and Stop the service. 2. Critical Links. Please follow the details here. the extension where the agent has logged in will ring. Inc. Using this service whenever a call from a queue needs to be delivered to an agent. this way you can assign calls to users in a way that is independent of the extension the user might wish to use when starting work. allowing them to have the phone on-hook as apposed to the standard method of having the call into the queue system always on going. · Each agent in turn but keep track of the order. · Add Agent: this options allows you to add users to the Queue. these extensions will be used by the queuing system to assign calls to. a new popup will give you a list of users. · Each agent in turn. In the Advanced tab you get to configure several advanced features of edgeBOX's queues. Callback Extension. · Agents: since queued calls are answered by the queues's agents. in order for it to function correctly. · The agent that answered less calls. CallBack Login Service CallBack agent service is a way for agents to be logged in. An automated attendant will answer. 1. This agent login method is useful for agents that are not fully dedicated to answering queue calls. when you click the Add button please choose: · Add Extension: this option allows you to add extensions to the Queue. you can use the Add and Remove buttons to manage the contents of the Agents list for each queue. select an extension from the list and hit Add.156 edgeBOX 5.0 Help · The agent that picks up the phone first (all ring). · A random agent. agents and/or extensions must be assigned to the queue. Dial *22 followed by your by the User PIN number (see IP-PBX Authentication for more details). the last screen shows you this assignement. followed by the # key.

4.. At this point the agent is logged in.8. This method is very useful for "professional agents" that use an headset and are 100% dedicated to answering queue calls. Calls delivered to the agent will be proceeded by a "bip" sound. which is the User PIN number (see IP-PBX Authentication for more details). Type the extension number where the calls to this agent shall be delivered. which is the User PIN number (see IP-PBX Authentication for more details). Type your agent number.1 Advanced Settings for Queues In the Advanced tab you get to configure several optional features of edgeBOX's queues: · Waiting Sound: you can choose to · Play the regular ring tone. 2. Dial the Callback Login Extension (by default the number is 8000). seconds: select this box and choose the time interval for edgeBOX to update the caller about his position on the queue.IP-PBX and VoIP 157 3. also remember to select the check box immediately below if you want the users to get also an estimate remaining time for the call to be answered. Dial the Callback Login Extension (by default the number is 8000). Type your password (same as the User PIN number). 8. 3. How can an agent logout through Callback Service? The steps for an agent to logout at the Callback Service are: 1. Type your password (same as the User PIN number). · Indicate the postition in the queue every . 4. 2. Inc. When asked by the extension number. and listening "Music on-hold". Type your agent number. How can an agent login through Callback Service? The steps for an agent to login at the Callback Service are: 1. It will be logged in as long as the phone stays off-hook (on call). followed by # key. . Critical Links. An automated attendant will answer. followed by # key. followed by the # key. just type # key. or you can · Play music from the Music On Hold library: in this case the caller will listen to music while waiting. followed by the # key. An automated attendant will answer. 3. · Calls Hangup: · Hangup the calls in the queue when there are no agents online: check the box if you want this. you should additionally specify: · Playlist: select the desired playlist from the drop-down list.

Medium.729? You need to download the codec from Digium web site.711 (ULAW): Known as the native codec in modern communication lines.4. the choice should be ULAW. because it is compatible with most phones and softphones available on the market. However. you will need to activate the license(s) (which will be locked to your edgeBOX hardware).9 Codecs Codecs are used when converting an analogue voice signal to a digital one. . How to activate G. this codec uses a small amount of bandwidth providing an acceptable quality of sound. seconds: please activate the box and choose the time in seconds if you want this behaviour for calls that don't get an answer in time. High. the fourth person will not be able to use this codec.158 edgeBOX 5. Each license you purchase allows a single simultaneous use of the codec. and as such.0 Help · Hangup the calls that are not answered in . Provides good quality sound.729: Offers good sound quality with conservative use of bandwidth.711 version used in E1 European lines.. 3 users can simultaneously use the codec. select the browse button and choose the codec file and then the upload button. Thus. It is the codec used in PSTN and ISDN lines. kept for compatibility with version 3 of edgeBOX. Audio Codecs · G. well suited for VoIP. · G. This codec is selected by default in edgeBOX. · Dialogic ADPCM: This is a legacy codec. This codec is selected by default in edgeBOX. After uploading the file. The choice of the codec to be used usually results from a compromise between sound quality and bandwidth used. Inc. x86-32 directory on the Digium site. · G. to be able to use it you have to activate it and purchase. · Other Settings: · Maximum Number of simultaneous calls waiting · Relative priority of this queue: Low. It is the most commonly used codec for VoIP calls because. · Agent Answer Time 8. besides being supported by most VoIP providers. Critical Links. · Speex: Audio codec designed specifically for speech. Very High. by pressing the activate button. After downloading to your PC. it has the lowest latency as no type of compression is used. which will then upload the file to the edgeBOX. a G.711 (ALAW): Basically. at the expense of bandwidth. If there isn't a specific system requirement. The codec to purchase is: codec_g729a_v32_i386 in the asterisk-1. edgeBOX supports several types of codecs allowing a flexible client configuration. if you purchase 3 licenses. · GSM: Usually used on European mobile networks. unless one of the current users has completed their call.

263: is a video codec designed by the ITU-T as a low-bitrate encoding solution for videoconferencing.10 MailFax Service With the MailFax service you can send faxes (via a software modem) from a fax machine to edgeBOX's fax gateway. this is commonly known as HD-Voice. 4. E-mail address: enter the e-mail address account of the person of your company that will receive all incoming faxes. PSTN.IP-PBX and VoIP 159 After pressing the Activate button. FAX Account: Outgoing Fax Settings 5. · H.261: An 1990 ITU video coding standard originally designed for transmission over ISDN lines on which data rates are multiples of 64 kbit/s. for example.264: Is a standard video codec capable of providing good video quality at substantially lower bit rates than previous standards (e. · iLBC: Low bit rate · G.324 based systems (PSTN and other circuit-switched network videoconferencing and videotelephony). The standard supports CIF and QCIF video frames with resolutions of 352x288 and 176x144 respectively (and 4:2:0 sampling with chroma resolutions of 176x144 and 88x72. H. · H.g. Press Activate to complete the process. you can. Go to the MailFax Accounts menu. .320 (ISDN-based videoconferencing).323 (RTP/IP-based videoconferencing). fill this field with the e-mail account of your company's receptionist. respectively). half or less the bit rate of MPEG-2. but has since found use in H. or MPEG-4 Part 2). The data rate of the coding algorithm was designed to be able to operate between 40 Kbits/s and 2 Mbits/s. and PBX networks if the PBX networks are configured to support ADPCM.263. The e-mail will be converted to fax format and sent to the remote fax machine. H. Fax E-mail Account: type the name of the e-mail address that will be used by the Critical Links. RTSP (streaming media) and SIP (Internet conferencing) solutions as well. 2. this is the number people use when they sent faxes to your company. Create a new fax account 1. 8. This fax is then converted to an e-mail and sent to the fax mail account. incoming faxes are converted by edgeBOX to e-mails and then delivered at this e-mail address. Video Codecs: · H. You can find the MailFax Accounts menu in the IP-PBX section. Inc. It was first designed to be utilized in H. You may also send a fax via e-mail. · G.722: High quality voice codec. FAX Number: the DDI associated to your FAX line. A dialog window will appear: FAX Account: Incoming Fax Settings 3. you will need to enter the License ID and other details which you entered when you purchased the License (as shown below). Click the New button in the MailFax Accounts list.726: ADPCM can be interchanged between packet voice.

com. if they have their edgeBOX e-mail account configured on Outlook and they send a fax through it. however they have to specify a password on the body of the e-mail to authenticate.160 edgeBOX 5. For instance. the fax will be accepted. Please enter: E-mail Language 4. if you type fax_account and the domain on edgeBOX is example. You can change the format the attachments and the language of the e-mails sent by edgeBOX. the fax will not be accepted. Display Number: your fax number. choose PDF or TIFF From E-mail 6. for example. Also.. · Password means the users can send e-mails from any e-mail account. In the Authorization Type. Inc. edgeBOX sends all the faxes it receives as e-mails to the e-mail account you specified in English language.com. The From field in the e-mails sent by edgeBOX with the incoming FAXes. change the language or change the From field of the emails By default. A short 3 fields summary displays the current configurations. in the Incoming section: 7. 2. 3.0 Help network users to send e-mails that will be converted to faxes. How to send a fax using MailFax service? Critical Links. · Local means the network users can only send e-mails from the Webmail or from the edgeBOX local SMTP server. a new dialog will come up. Retry Attempts: the number of times edgeBOX tries to send a fax when the number it is trying to fax to is busy. then the fax server account will be fax_account@example. To change any of these settings: 1. usually this will be the DDI you typed above. click the Change. button. Authentication 9. select the desired language for the mailfaxes Attachment format 5. by default. for example.. 6. indicate from which e-mail accounts users can send the emails and if they are required to indicate a password. · Local + Password means that the users have to use the Webmail or the SMTP server of edgeBOX to send the e-mails and they also have to specify a password in the body of the e-mail to authenticate. edgeBOX converts the received faxes to pdf files and sends them as e-mail attachments to the fax reception e-mail account you specified. Change the type of the attachments. but if they send the fax through a Gmail or Hotmail account or through an e-mail account of another edgeBOX. 8. . Display Company Name: your company name to be displayed at the top of faxes sent bty edgeBOX. Go to the MailFax Accounts menu in the IP-PBX section.

If authentication is required. 6. In the Subject type the fax number of your client. A little while after. you will receive an e-mail from edgeBOX indicating if edgeBOX was able to deliver the fax to the recipient or if it couldn't deliver it because of some error or because of the receiver fax being busy. 2. Send the e-mail. 4. Critical Links. type PASSWORD: plus the fax account password in the first line of the body of the message. Note that the document cannot have more than 25 pages. 5. After edgeBOX receives this e-mail in the fax e-mail account. Inc.10. Convert the document you want to send to PDF or TIFF format and add it to the e-mail as an attachment. Enter the e-mail address of your edgeBOX fax account in the To field. Open an e-mail client as Thunderbird or Outlook or edgeBOX's Webmail and create a new email.1 How to send a fax using MailFax? Lets suppose you wish to send a invoice to a customer: 1. 3. it will convert the file in attach into a fax and try to send it to the phone number you indicated in the Subject of the e-mail.IP-PBX and VoIP 161 Related Topics: · Voice Lines · E-mail server 8. .

11. In Voicemail you'll fin the current settings for: · Voicemail Number: 9999 is the default value. Click the Voicemail options. In the popup dialog please enter: Extension Type the extension to be used for users to listen to voicemail. link to further specify other details.729 Codec License · Billing Interface Service · Asterisk Manager Interface · Network Address Translation (NAT) 8. Inc.1 Voicemail When you created your SIP.162 edgeBOX 5. several global options allow you to configure the way users access their voicemail and the way the feature works globally. or does not exist..11 Advanced VoIP Options Several VoIP related advanced features are accessible via Options menu in the IP-PBX section. E-mail body Critical Links. wether edgeBOX sends the voicemail file attached on the e-mail warning about voicemail. this is important as some e-mail servers may reject this e-mail if the sending domain (the part at the right of the @ in the address you type) is unresolvable. · Name: the name to be used as the sender of the e-mail. · Attach sound file: Yes or No. · Voicemail · Call Parking · Automatic Call Recording · Operation Key Codes · Customize Sound Files · Define Country Zone · Echo Cancellation Options · G. if users experience instability or don't receive the e-mail warnings please make sure you are using a resolvable domain. Additionally. Analog or IAX phones you were prompted to configure individual Voicemail account for each.. .0 Help 8. E-mail message from · Address: e-mail address to be used in the From field. Go to the Options menu in the IP-PBX section.

link and enter the values desired for: · Number to dial for parking: you need to dial this number for a call to be parked. Critical Links. 8.. The Operation Key Codes area shows you the current configuration for those operations. Inc.. as usual. but you can change this). after this period the call is hungup. 8. you can do it in the Options menu. Click the Call parking options. · Max length of message: voicemail messages longer than this will not be saved. · Min length of message: voicemail messages shorter than this will not be saved. 703 as example. You can rise or lower the available parking base number and the park size.. and immediately puts the conversation on hold. · Signature: signature of the notification messages. press the Save button. Hit the Change the keycodes.11. Pickup a call and Hangup operations. · Parking available lines: total number of parking lines available. if you wish to save your changes.. The Phone Operations section in this manual shows you the details on the usage of these codes. Go to the Options menu in the IP-PBX section. Blind Transfer. · Language: language used in notification messages. . It is activated by dialing the parking number (by default 700. This action transfers the current telephone conversation to an unused park extension number. Voicemail quotas Click the Properties. In the end..11. link and change the keycodes as needed.IP-PBX and VoIP 163 · Attach sound file to e-mail: check this box if you want the voicemail file to be attached to the e-mail notification messages. park size. You can up the parked call from another internal phone later on by dialing 703 on the desired phone. The pre-configured park numbers ranges from 700 to 714. · Parking Max Time (seconds): enter the parking maximum time.2 Call Parking Call parking allows a person to put a call on hold at one telephone and continue the conversation from any other telephone set. IP-PBX section.. button and enter: · Max Messages: Maximum number of messages that a user can have in his/her mailbox.3 Operation Key Codes If you need to change the current key codes for the Assisted Transfer. in seconds.

etc. 7. Select My Sounds package. You can now use this sound file when creating Incoming Call Rules. Incoming Call Rules menu. Select the Sound Manager option at the Related Topics section. 4.11. Incoming Call Rules menu. Select a sound bank file from your file system (... Upload a custom sound file 1. you can reach it at the Customize Sound Files. Upload a language sound bank 1. Select the Sound Manager option at the Related Topics section.gsm files). Enter a description for the file (usually a text script of what the sound says). Go to the IP-PBX section. Inc. 2.164 edgeBOX 5. . 5.4 Customize Sound Files edgeBOX can use sound prompts in several situations such as the process of receiving and routing an external call to a Queue for example. 3. You can access it in the Related Topics area of the Incoming Call Rules menu or. In this process edgeBOX may be configured to playback instructions to the caller or warnings of several types. 3. Click Open. Click the Browse button and select a sound file from your file system (.gz or . 4. Critical Links.zip format). · Language sounds: sound packages that contain system sounds translated for a given language. Click Add button. or Automated Attendants. 6. 5. The sound files are divided in three groups: · My Sounds: your own custom sounds.. for convenience.0 Help 8. link in the Options menu. 2. The sound files used to accomplish this are accessible to you through the Sound Manager dialog. Click Add button and select Sound File option.. both in the IP-PBX section. where you can upload new sound files to be used in Automated Attendants. conferences. edgeBOX will use the language pack correspondent to the Country Zone definition in the Options menu. and select Sound Bank option.tar. Click Add. like the voicemail prompts. The language pack will now be listed below System Sounds with the name of the language (like Portuguese). · System Sounds: contains all sounds used natively by the PBX. Go to the IP-PBX section.

. if not.5 Define Country Zone To configure specific regional/country settings go to the IP-PBX section and click the Define Country (Zone). Usually produces much better results where KB1 and MG2 fail. . This setting will apply country settings to three different areas: · The tone zone for all analog cards (if installed). If this is the case. Inc. · Language: User may want to selected a language for the sound prompts different from the country tones applied to the phones. user must check the checkbox. which have echo cancellation checked. It's an evolution of KB1 and MG2 using a different approach. and selected a different language. Note that the soundbank for the selected country must be installed.2. Changing echo canceller will issue a restart of the VoIP service engine. · National Prefix: may be filled by default. · The language for the sounds prompts. A popup dialog will open: · Zone: choose the appropriate country/zone for your needs. and it's considered the best configuration option for software echo cancellation. The options are: · KB1: The default echo canceller. This is important because the ring and busy tones may differ from country to country · The frequency of the generated tones for the PBX phones.11. the default sound bank will be used (system sounds).IP-PBX and VoIP 165 8. link in the Options menu. 8. · International Prefix: may be filled by default.11. · OSLEC: Stands for "Open Source Line Echo Canceller". · MG2: A variation of KB1 to solve some of the scenarios where KB1 fails.. and thus all CURRENT CALL WILL BE TERMINATED! Critical Links. edit as needed. The echo cancellation will only be applied to analogue phones. The software determines the best configuration from the initial line characteristics and preserves the settings for the period of the call. edit as needed.6 Echo Cancellation This panel offers a range of choices to allow for software echo cancellation. This is the built-in Zaptel echo canceller since Zaptel v1.

in the IP-PBX section and click the G. Each license you purchase allows only one usage of the codec at a time.128. Once there hit the Run the G. and then the netmask of your network. only hosts on this IP segment will be allowed. Options menu. In the following screen just fill in the license details as obtained from Digium and finish up the process.90. if you purchase 3 licenses.. for example.0.168..729 codec. 8.4. After downloading the codec to your PC you can install it with the help of edgeBOX's webadmin interface. retrieve that information all calculate and the cost for a billing service. only this IP address will have access. link. to connect to edgeBOX's database. edgeBOX saves all important information about calls. the fourth person will not be able to use this codec.7 G.168.729 Licensing G.255. Show me an example If the billing software can only be used from computers on the local network. unless one of the 3 calls has finished. Thus. What is billing software? Billing software is an application used to calculate call costs.com. If it can only be used from a specific computer of the local network then you need to type the fixed IP address of that computer. The codec to purchase is: codec_g729a_v32_i386 in the asterisk-1.0. Inc. You will be requested to browse your computer for the file and then you need to click Next.729 Licensing This panel allows you to add support for the G. · Only from a specific network: type in a network IP address and a Netmask...11..8 Billing Service Allow billing software.255. the duration of the call or the user that made the call. as the time of the day a call was made. link. 3 users can simultaneously use the codec. 255. To allow billing software to connect to edgeBOX go to the IP-PBX section.0 Help 8. Click the Billing Interface Service options. for example. You need to download the codec from the Digium web site www. . 192.11.729 installation wizard. Critical Links. the line used. such as Easylink for example.729 Codec License. Please go to the Options menu. Billing software can connect to edgeBOX's calls database.digium. Activate the Allow computers with billing service to connect to edgeBOX option and fill in the rest of the deitails: Authorized Computers Only the IP address(es) specified will be allowed to access the Billing service: · Only from a specific computer: type in a host IP address. x86-32 directory on the Digium site.90.. then you have to indicate the IP address of your local network. 192.166 edgeBOX 5.

Configuring your billing software To connect the billing software on a computer to the edgeBOX.. depending on the billing software you will use. This interface may be useful if you own some kind of monitoring software which you want to integrate with edgeBOX.11.. To configure the Manager Interface go to the Options menu in the IP-PBX section. only hosts on this IP segment will be allowed. allowing you such diverse administration options as placing calls remotely or receiving events related to the state of calls and extensions. only this IP address will have access. you need to indicate: · The username and password you specified on edgeBOX when you activated the billing service. link and select the Allow computers with manager interface to connect to edgeBOX option.Table: cdr . . Authorized Computers Only the IP address(es) specified will be allowed to access the Manager Interface · Only from a specific computer: type in a host IP address. · Password: the respective password. · Only from a specific network: type in a network IP address and a Netmask.IP-PBX and VoIP 167 Authentication Here you must configure a username and a password for the manager software to be able to access edegBOX: · Username: a username to be accepted by edgeBOX used for authentication.Fields: all fields of the cdr table 8. Critical Links.Database Name: edgereporting . · The database structure: . · Repeat Password: repeat for verification. If at any time you don't need to allow the Billing Interface anymore just deselect the Allow computers with billing service to connect to edgeBOX option. · The port used for the billing service: TCP port 5432. Inc.Database Model: Asterisk . In the end you will need to allow the Billing service in the Firewall. Follow the Asterisk Manager interface options.9 Manager Interface Manager If you enable the manager interface you will be able to establish a telnet connection to edgeBOX's IP PBX.

168 edgeBOX 5.0 Help

Authentication Here you must configure a username and its password for the manager software to be able to access edegBOX: · Username: a username to be accepted by edgeBOX used for authentication; · Password: the respective password; · Repeat Password: repeat for verification. In the end you will need to allow the CTI service in the Firewall. If at any time you don't need to allow the Manager Interface just deselect the Allow computers with manager interface to connect to edgeBOX option.

8.11.10 Advanced NAT
You need to configure Advanced NAT if you have a scenario where edgeBOX does not connect directly to the Internet but is behind a Router with NAT and Port Forward, and you want to allow remote phones (a phone you have at home, for example) to register in edgeBOX and behave as internal extensions.

That being the case, please go to the Options menu in the IP-PBX section and follow the Network Address Translation (NAT) options... link. The Advanced NAT settings dialog window will come up. To indicate that edgeBOX is behind a router: 1. Activate the My box is behind a router with NAT option. 2. Indicate in the following field below the router WAN IP address or its hostmane.

Critical Links, Inc.

IP-PBX and VoIP 169 3. If you have local networks that are managed by the router and you have phones on those networks, select the option I have additional networks with phones to be served, and then, in the table below add an entry for each of those networks. Learn More... edgeBOX can detect phones that are on its local networks (LAN, DMZ and the VLANs). However, as you have a router in front of edgeBOX you may also have local network managed by the router. And you may also have phones on those networks. edgeBOX cannot recognize these phones automatically because it is not managing these networks. So you need to indicate to edgeBOX the networks so it can recognize the phones and allow them to register.

4. Click the Save button to save the settings. 5. To finish, you need then to configure on the router port forward from port 5060 of the router to port 5060 of edgeBOX.

8.12 Music On-Hold
Music On-Hold (MOH) allows you to specify a number of Playlists to be used when putting calls on hold. Playlists are lists of sound files to be used in several possible situations: · Queues: you can specify the playlist to be used on a per-queue basis (see the Queues section); · Conferences: you can specify the playlist conference members will listen to while they wait for the conference to start (please refer to Conferences section); · ICR: you can choose the playlist to be used for each call (see Incoming Call Rules).

Critical Links, Inc.

170 edgeBOX 5.0 Help You gain access to the Music On-Hold (MOH) configuration popup from the Related Topics corner in the Queues, Conferences and Incoming Call Rules menus in the IP-PBX section. It displays the current playlists on the left side. If you click a paylist you'll get it's contents on the right side. You can upload your own MP3 sound files to edgeBOX. These sound files will be kept in edgeBOX's MOH Gallery. You'll be able to build your own playlists by choosing sound files from the Gallery. Managing Playlists To add a new playlist just hit the New button and select Playlist. A new dialog will ask you for: · Playlist: enter the desired name for you new play list; · Play tracks randomly: select this box if you wan the tracks from this list to be played randomly. To add tracks to the Playlist choose the play list you want to add files to, click the New button and choose Track. The Gallery pop's up. Just select the tracks you'dd like to add and press Ok. You've just added a new track from the Gallery to your playlist. For each sound file displayed you can execute several actions with the buttons at the top: remove that file from the list, bring that file to the top of the list, bring it up one position, bring it down one position and bring in to the bottom if the list. Managing the Gallery To access the Gallery click New button and choose Track. The Gallery window will popup: · Available Tracks: at the top, a list shows you the available sound tracks in the gallery; · Delete: deletes tracks from the gallery; select a track and hit Delete to remove a track from the gallery; · Upload Track...: use this button to search your computer for more MP3 files to add to the Gallery.

8.13 Automatic Call Recording
edgeBOX can record phone calls automatically. The recordings are kept in edgeBOX internal storage. You can, at any time, access the recordings by FTP, download them to your computer and erase them to avoid disk space saturation. If you wish to activate this service please go to the IP-PBX section and choose the Options menu. Once there, search for the Automatic Call Recording area. You get a short summary showing you: · Status: states witch types of calls are currently configured for automatic recording; the possibilies are: Not recording any calls, Record all calls, Record all incoming calls, Record all outgoing calls; · Disk Usage: a coloured horizontal bar will show you, in graphical form, the relative disk space your call recordings are currently taking up.

Critical Links, Inc.

IP-PBX and VoIP 171

Hit the Call Recording options... link to configure the service. The Automatic Call Recording popup appears. As usual, you can globally enable and disable the service by hitting the Start Service / Stop Service options at the upper-right corner.

Types of Calls and Maximum disk size The types of calls being recorded and your current disk occupation are shown just below the service status bar. Hit the Change... button to configure this: · Record incoming calls (includes internal calls): select this option to record incoming and internal calls; · Record outgoing calls: select this option to record incoming and internal calls; NOTE: Select both of the above options to record all types of calls; unselecting them both is the same as not recording any calls; · Maximum disk space for recordings: type in the maximum amount of storage space you allow for recordings; above this value edgeBOX will not record calls any more; All call recordings are made available through the logmaster FTP account. Through that account you can download and delete any call recordings. If the recordings take up more than the configured maximum space you need to remove the current recordings from edgeBOX. After removal the recordings will continue automatically.

Phones, Groups and Queues to be recorded The table shown, displays the phones, groups or queues currently configured for recording. Click Phones to filter table in order to show you only Phones; the same applies for Phone Groups and Queues. Click All to display all entries. You need to specify which phones, groups and queues you wish to record. To do this, click the Add button. From the drop-down list select Phone, Phone Group or Queue; from the list shown select the entries you want and click the Add button. Queues will only be recorded if the incoming/internal check box is selected. Please note that the permissions defined in Phones Group Access Control will be applicable, so if you have a group of phones with call recording disabled, those calls won't be recorded.

In order to remove an entry, or several entries, from the list, just select them and click the Remove button. The same goes for the process of adding new entries to the list.

Critical Links, Inc.

172 edgeBOX 5.0 Help

8.14 VoIP activity logs - CDR
You can obtain the VoIP activity log files (also known as CDR) via FTP with the logmaster account. They are stored with the filename Master.csv (the current log file). The log files are rotated daily (Master.csv.1-7) and kept for seven days, after which the oldest file is overwritten by the new log file. The entries in the Log file have the following meaning: accountcode src dst xt clid channel dstchannel lastapp lastdata start answer end duration billsec disposition amaflags uniqueid What account number to use (Only used when Authentication is enable) Caller*ID number Destination extension Destination context Caller*ID with text Channel used Destination channel if appropriate Last application if appropriate Last application data (arguments) Start of call (date/time) Anwer of call (date/time) End of call (date/time) Total time in system, in seconds (integer) Total time call is up, in seconds (integer) What happened to the call: ANSWERED, NO ANSWER, BUSY Flags used: DOCUMENTATION, BILL, IGNORE The unique ID for this call

8.15 Default Predefined Phone Numbers
The initial edgeBOX configuration uses a set of pre-defined phone numbers (that you may eventually change overtime). These are: · Voicemail: 9999

Critical Links, Inc.

715 · Conferences: 9000 · National Prefix: 0 · International Prefix: 00 · Emergency Number: 112 (for EU countries).IP-PBX and VoIP 173 · Call Parking: 700 . Inc. . Related Topics: · Voicemail · Parking · Conferences Critical Links. please make sure to review and configure it's Outgoing Call Rules. given the importance of the Emergency number .

managing network users is an essential part of edgeBOX. such as access to the Internet.1 Authentication Authentication is the process by which your network users identify themselves before edgeBOX when using the network.174 edgeBOX 5. This section lets you: · Add. This process is fundamental for all subsequent access authorizations or denials in several possible situations. Inc. LDAP and RADIUS · Configure Groups · Customize the login page for user authentication Related Topics: · Connected Users · Groups · Local Administrator · Phones · RADIUS 9. and many more.0 Help 9 Users In the Users section you can manage Network Users. ability to make some or all kinds of phone calls. remove or change network users · Assign a Phone to a user · Configure Privileges network and service access · Assign a configurable set of administration capabilities to a Local Administrator user · Manage User authentication locally or remotely with Active Directory. Critical Links. Authentication and access Privileges . .

furthermore. The password is "password" for any of them.. Critical Links. Inc. edgeBOX will still manage granting and revoking of access by means of a default access profile.Users 175 Even if you choose not to use Authentication. this additionally allows you to have specific users accessing specific services and other users being blocked and granted access to different sets of services.. Their usernames are "user" and "user2". RADIUS or LDAP server for autehtication Related Topics: · Connected Users · Local Administrator · Phones · Firewall · RADIUS · Groups 9.1 Managing network users You can allow everyone to use your network and the network services.1. You might wish to: · Add or change a network user · Configure Privileges for users · Configure local authentication · Configure a remote Active Directory. Managing Network Users edgeBOX is shipped with two pre-configured users. You can use them to review their configurations and to do quick experiments. Why should I do this ? It renders your network more secure: access to the network and network services will be granted only if the user successfully logs-in. Managing Authentication comprises several related aspects. More on this. This permits an optimal usage of resources such as bandwidth and processing power. or you can assign specific permissions for granting and revoking access to specific users or groups of users. the All Users Privilege. .

. you can rise or lower this value.. Mobile.see details... options are Free.. Mobile calls include both National and Local calls. ? · Newtork Access Privilege: determines the network privileges plolicy for a group of users. · Network Login Information: username and password. each of these types includes it's predecessors: National calls include Local calls. if you need. Local. button to immediately add a new phone.. you won't be able to add or import any more users.. Phone (VoIP) · Allow the user to make phone calls (VoIP): use the Select Phone. If you reach the maximum number of users your licence offers. · VoIP Call Permissions: please select the type of calls this user can make. This way the password will not be altered. ? and the password. · Max. A three tabbed dialog appears: General · User Name: First and Last name (up to 127 ASCII characters are allowed).0 Help To add or manage existing users go to the Network Users menu in the Users section of the administration web interface. International and All Types of Calls. · User PIN Number: the pin to be entered if the IP-PBX authentication is turned on.. button to search the list of existent phones and assign one to this user. to check which type of calls the user has permission to make. Click the New/Edit button.. leave the password field blank if you do not wish to change his password. When editing an existing user.176 edgeBOX 5. Disk Usage · user's current disk usage and · maximum allowed.. Critical Links.. like the services they can use or the type of internet access they get. See details about the different edgeBOX solutions in edgeBOX's website. that means that each user may have 2 computers logged into the network with his credentials. and so on. A short overview is provided with a summary of user details including phone extension and online status. if he tries to login from a thrid host he will not be able to. you should choose among the Privileges in the drop-down list (as configured in the Privileges menu). learn more about Privileges. National. Sessions: users can be logged-in from 2 computers by default. Disk Space. in this case the process is the same as in the IP-PBX section . Inc. for convenience you can also use the Add Phone... you can change this: click Change Max. what are the rules for choosing a username. To create or import new users on the edgeBOX you need to delete existing users first or upgrade your edgeBOX solution. ..

if field is empty one will be provided · Extension Number · Extension Name · User PIN number Critical Links. · Step 3: a final list with details about the users being imported is presented. the file generated will be named Export_21-0609_11. a CSV file from your computer's hard drive.. The reverse operation is also possible. Users section. If you export you users at 11:43 on 21 June. the process will create a new CSV file in this folder. you'll find two buttons that allow you to Import and Export the users list. the file name is automatically chosen.. 2009. · Step 2: a list is presented with all the available and correct users found in the file. see an example. at any time.. select from the left the ones you wish to add and click the Add button to add them to the list on the right.. Press Finish. · Step 4: one last step will Export back to your computer a list of the Imports done. You can add a number of network users to the edgeBOX by Importing them from a CSV file in your computer. Export By clicking Export you'll trigger a dialog window asking you to select a Folder in your computer's hard-drive. ..1. please wait.1 Importing and Exporting Users In the Network Users menu. click Next.43..1. This process may take a few minutes. hit Next. Inc.. Export the users list onto a CSV file. You can.Users 177 9. The Import function allows the import of users with the possible following settings: · Name (first and last) · Username · Password .csv Import An appropriate wizard-like dialog will popup with a detailed explanation of the process: · Step 1: read the specifications and Browse..

firstname lastname.phoneextension... The other fields will only be taken into account if present and valid. extension name will be equal to the username..phoneextension.178 edgeBOX 5.pin. for instance.accessprofilefirstname lastname.username.phonename. etc.username. If we import entries were we have defined valid extensions (name and number) those extensions will be added to system and the extension's password will be equal to the user's passwords. you will be asked if you want to: · keep the existent user · replace the existent user with the new one · keep both and change the new username to "username1" (or "or username2"..phonename.password. if possible): extensionnumber and extensionname.phonename..privilege firstname lastname. firstname lastname.username.. those entries will be ignored.username. Critical Links..pin.username. username...phoneextension..phonename. that is.phoneextension.. firstname lastname..password.privilege firstname lastname.firstname lastname. How must the information be arranged in the CSV file? The available options are: firstname lastname.password.phonename... duplicate extension names or duplicate extension numbers.username. If you try to import users with duplicate usernames. VoIP fields are only considered if they are valid and if both are present (if only extension number is provided. if you are not using Remote Authentication. privilege About importing users: · You can only import users if you are managing the network users on the edgeBOX. Inc..password.. as a LDAP server....pin. depending on the existent users) If we try to import entries with duplicate PIN numbers.. .0 Help · Privilege Some of this fields are mandatory: Firstname + Lastname and Username.username. firstname lastname.privilege firstname lastname.username.password.username.phonename.phoneextension.phoneextension.

. then you need not to worry because the Firewall settings will fallback to an "allow" approach. link below the Disk Space. Please read it carefully: You are about to Start the Network Users Authentication Service. Authentication requires Firewall: when starting the Authentication Service you'll also need to activate the Firewall service.1. an appropriate dialog message will inform you that the Firewall will be activated. regrading the usage of system access Privileges. . Type-in the value you need. this might be a good time to review your Firewall settings as they may potentially interact with users Privileges. one of the following methods: · locally: this is the default authentication method. that's all the configuring you'll need. If it is not already active. If you Critical Links..1.. edgeBOX will grab these credentials and authenticate users using.2 Default Quota When creating new users a default quota is suggested.Users 179 9. button. this might be a good reason to configure it. then again.1. at the upper-right. 9. · a remote LDAP server or · a remote RADIUS server. · remotely using: · a remote Active Directory server. Press Save and hit the Start Service option. For the remote authentication methods please refer to Using Remote Authentication. Inc. If the Firewall wasn't previously active. Choose the Authentication Method you want from the Change. Click the Change. If you want to change it go to the Options menu in the Users section.. as configured. If the Firewall was already active.2 Activating Authentication After you have setup your Users you might want to increase the security and manageability of your network by activating Authentication: users will be required to enter their username and password into a Web based authentication page. If you choose to authenticate users locally. System access Privileges with Authentication Active When you start the Authentication service the message below will be displayed. To activate authentication go to the Network Users menu in the Users section. But. all Users and Privileges are stored internally in edgeBOX's internal database.

180 edgeBOX 5.0 Help proceed you have to take the following into account: 1. The "All Users" Privilege will not be displayed in the Privileges Panel since Network Users will be asked to authenticate themselves. 2. The "Not Authenticated Users" Privilege will be displayed in the Privileges panel. This Privilege will be applied as a default rule for all non authenticated users, so one must take into account that configurations of this Privilege may affect users that fail authentication or even before they are requested to authenticate. 3. If you have previously changed the "Not Authenticated Users" Privilege those changes will now be loaded. 4. Changes that you may have done to the "All Users" Privilege will be kept and will be loaded the next time you switch OFF the Network Users Authentication. 5. You may reset the "Not Authenticated Users" privilege by opening the Privileges panel and selecting "Reset Not Authenticated Users privilege to factory configurations".

System access Privileges with Authentication Stopped When you stop the authentication service the message below will be displayed, regrading the usage of system access Privileges. Please read it carefully: You are about to Stop the Network Users Authentication Service. If you proceed you have to take the following into account: 1. The "Not Authenticated Users" Privilege will not be displayed in the Privileges Panel since now there won't be any unauthenticated users. 2. The "All Users" Privilege will be displayed in the Privileges panel. This Privilege will be applied as a default rule for all users, so one must take into account that configurations of this Privilege may affect users from other Privileges. 3. If you have previously changed the "All Users" Privilege those changes will now be loaded into system. 4. Changes that you may have done to the "Not Authenticated Users" Privilege will be kept and will be loaded the next time you switch ON the Network Users Authentication. 5. You may reset the "All Users" privilege by opening the Privileges panel and selecting "Reset All Users privilege to factory configurations"

Critical Links, Inc.

Users 181

9.1.3 Using remote authentication
edgeBOX allows you to use remote user authentication. With remote authentication, users are authenticated in a remote server instead of the edgeBOX when they try to login to the network. The whole process is transparent for the user as edgeBOX will do all the work. To activate remote authentication go to the Network Users menu, Users section. Choose the Authentication Method you want from the Change... button, at the upper-right. The currently supported methods are: · Authenticate users on a remote Active Directory Server, · Authenticate users on a remote LDAP Server, · Authenticate users on a remote RADIUS server. In each there's a convenience Test Connection button that allows you to verify basic connectivity to the specified server. When you're done press Save and hit the Start Service option. Please refer to Activating Authentication for common details about the Authentication service. Activating remote authentication will purge all your locally configured users. An appropriate warning, in red color, is displayed warning about this.

Related Topics:
Details about edgeBOX's authentication architecture

9.1.3.1 Using a remote RADIUS Server To authenticate users on a remote RADIUS server type-in: RADIUS Server · IP Address: type the IP address of the remote server; · Password: to be used to access the RADIUS server; · Port: the TCP port to be used on the RADIUS server (defaults to 1812); · Timeout: maximum time waiting for the RADIUS server (defaults to 5 seconds); Privileges Verification Choose if you wish that the access Privileges to the network services (E-mail, Internet, Secure

Critical Links, Inc.

182 edgeBOX 5.0 Help connections, etc.) are always verified in the remote RADIUS server and not locally. How to configure a RADIUS Server to perform users authentication and authorization? · Authenticate users on the remote server but verify the privileges in system · Verify also user's network privileges on the remote server Why is this useful ? This might be useful if your company is already using a RADIUS server for authorizing users on several other services, besides edgeBOX's ones; in this situation it makes sense to have all Authentication and Authorization relegated by edgeBOX into those servers As users login for the first time, and their authentication is verified in the Remote RADIUS Server, their information is saved in the edgeBOX users list. Still, each time the users tries to login, the authentication will be done in the remote server.

9.1.3.2 Using a remote LDAP Server Using an LDAP Server to authenticate the network users: there's an option to toggle between Basic Mode and Advanced Mode. Type-in:

LDAP Server Basic Mode · Domain: the LDAP domain; · Group: the optional LDAP Group; · Username: to be used by edgeBOX's LDAP client to access the LDAP Server; Advanced Mode · Base DN: see example below box; · Bind DN: see example below box; Common to both modes · IP Address: type the IP address of the remote server; · Password: to be used by edgeBOX's LDAP client to access the LDAP Server; · Port: the TCP port to be used on the LDAP server (defaults to 389); · Timeout: maximum time waiting for the LDAP server (defaults to 5 seconds);

Critical Links, Inc.

Users 183 Privileges Verification Choose if you wish that the access Privileges to the network services (E-mail, Internet, Secure connections, etc.) are always verified in the remote LDAP server and not locally in the edgeBOX. · Authenticate users on the remote server but verify the privileges in system · Verify also user's network privileges on the remote server Why is this usefull ? This might be useful if your company is already using an LDAP server for authorizing users on several other services, besides edgeBOX's ones; in this situation it makes sense to have all Authentication and Authorization relegated by edgeBOX into those servers. As users login for the first time, and their authentication is verified in the LDAP Server, their information is saved in the edgeBOX users list. Still, each time the users tries to login, the authentication will be done in the remote server.

When you are using remote LDAP, the network users have first to login one time using the LAN user authentication before they can login in the domain for the first time.

9.1.3.3 Using a remote AD Server Using a remote Active Directory Server to authenticate the network users: there's an option to toggle between Basic Mode and Advanced Mode. Type-in:

LDAP Server Basic Mode · Domain: the Active Directory domain; · Group: the optional AD Group; · Username: to be used by edgeBOX to access the Server; Advanced Mode · Base DN: see example below box; specify the active directory domain configured in the Base Name field; · Base DN 1, Base DN 2: You can set up two additional Base DN. Authentication System will try to search and authenticate users in these locations also. To enable the text fields

Critical Links, Inc.

184 edgeBOX 5.0 Help please select the check boxes on the right of each field; to Learn More... In more elaborate scenarios the Active Directory server might have users spread over serveral Organizational Units (OUs); if that is the case, edgeBOX can be configured to search users in all those OUs. An example follows, for a situation where users should be searched in three OUs (ouone, outwo and outhree), and the administrator user belongs to OU ouone: Base DN: OU=ouone,cn=local,cn=loc Base DN 1: OU=outwo,cn=local,cn=loc Base DN 2: OU=outhree,cn=local,cn=loc Bind DN: cn=administrator,OU=ouone,cn=local,cn=loc

· Bind DN: see example below box; Common to both modes · IP Address: type the IP address of the remote server; · Password: to be used by edgeBOX's LDAP client to access the AD Server; · Port: the TCP port to be used on the AD server (defaults to 389); · Timeout: maximum time waiting for the AD server (defaults to 5 seconds); · Copy the users information from the AD Server to the system's user list: check this if you'dd like edgeBOX to copy information from the AD server into the internal users list. As users login for the first time, and their authentication is verified in the Remote AD Server, their information is saved in the edgeBOX users list. Still, each time the users tries to login, the authentication will be done in the remote server. If the Active Directory server in not reachable, and only in this case, then, the authentication system will try to authenticate users locally.

When you are using remote AD authentication, the network users have first to login one time using the LAN user authentication before they can login in the domain for the first time.

9.1.4 Customize the user login web page
If your looking for information regarding Default User Quotas please follow this link. In the Users section - Options menu you can customize several aspects of the appearance of the login page the local users of the network will use to authenticate:

Critical Links, Inc.

CSS and image files. 3. After creating your HTML file. The new login page with the changes you made will appear.zip) with all these files. Use a custom login page Completely modify the look & feel of the login page by uploading your own HTML. Show the requirements of the files. To do so: 1. this text can contain HTML. Type-in the desired Information text. that is. View the changes To view the changes and the appearance of the login page. Inc. . · Change the company name and information text. one or more CSS files and one html file only. if you enter HTML in this field the browser will display it correctly. Click the Change the company name and information text 2. That is if the Authentication service is running. 2. All most common image formats are supported. Click the Select Image. · The zip file can not contain any folders or sub folders. Upload the files for a custom login page You can upload the files for your custom login page to edgeBOX to have a login page with a completely different appearance. go to a computer of the local network. See Activating Authentication for details. open a web browser. directly inside the zip file. Type-in the Company Name 4. your CSS file(s) and your images. Click Change the Company Logo. · The zip file can contain image files. · Upload a customized authentication page with your own style. To change your Company logotype 1.. To show a welcome message and the company name in the login form 1.. 3. Network users will only see this page if they are required to login. · You must include the code <!--AUTHENTICATION--!> in the place where you Critical Links.Users 185 · Change the Company Logo. and type and try to open a random website. Click the Upload button save the image to the edgeBOX. button and select the image with the logo from your computer. All files must be all at the same level. create a Zip file (. Press Save.

examples: a-b. Click the New.m and . the World Wide Web). the basic options are to Allow access to the Internet. Inc. On the left.. 4.. An overview table is shown. Allow access to the Internet between ... choose simple but meaningful names like 'no-restr'. Advanced and Devices: General · Name: the name by which this Privilege will be identified.h.. by configuring access Privileges (policies) to which users will be assigned.186 edgeBOX 5. Click one of them to get a summary of it's configurations on the right panel.2 Privileges The Privileges menu. Services. Boss-10. "[a-zA-Z][azA-Z0-9]*[-]?[a-zA-Z0-9]*[a-zA-Z0-9]". Click the Save button to upload the zip file to the edgeBOX Related Topics: Manage the firewall properties 9. 'servers35' or 'vips'. hit the Advanced Properties. in the Users section provides the means for bulk management of your network users and to control their access to the services and areas your network offers. after you can enter any sequence of letters and digits. · DMZ: same as for Internet. 3.. · Internet: here you determine how and when your users can reach the Internet (same as saying "the world beyond edgeBOX".m and Do not allow access to the Internet. 2.0 Help want the login form to be placed in the HTML file. Select the Upload a customized authentication page with your own style option. A dialog window will popup with four sections General. Click the Browse button and select the Zip file from your computer in the dialog window.. a single '-' can also be used excpet for the first and last postions. a list showing all current Privileges. . to access further tuning details.h. Services Critical Links. This code will then be replaced by the necessary code for the login form. a123. button. what are the rules for the Privilege name ? the name must start with a letter (lower or upper case)..

· VLAN Routing: a listo of rules specifying inter-LAN-VLANs routing permissions for these Critical Links. while trying to use your network services. Please note: these are services running on edgeBOX. additionally you may specify whether you wish to assign a specific VLAN for these users. every 5 minutes).. on a per-Privilege basis. with this feature active the switch will automatically move the switch port.. additionally you should specify if they will have access to the LAN. · Remote Users: if these users will be allowed to connect to the PPTP VPN. .. one of the supported L2 switches with this feature is the Procurve 2650..1x. · Do not allow access to edgeBOX services: access is denied regardless of the composition of the list. to learn more... Services not included in this list will not be accessible by users in this Privilege. · Allow access to edgeBOX services listed between .h.Users 187 This panel is of utmost importance as it directly affects the way your users experience network access.1x authentication. Use the Add and Remove buttons to edit the list (this list will not contain the DNS nor the Webadmin services as they are always accessible for host in the internal network). Advanced · 802. this option is relevant only when you have a switch or switches in your network infrastructure that support dynamic VLAN assigment. This is where you determine. The list below the three options shows the services available for the users with this Privilege. Temporary Shared Folders or Windows Shared printers (Samba is a short term for any windows file sharing. if you wish that the users of this access profile belong to the LAN network instead. where the user is connected and after a successful 802. Give me an example If you don't add the Samba service to the list of accessible services. don't choose this option. or limitations. · IPSec: if these users will be able to access IPSec VPNs. See edgeBOX services for a short description of all services available here.1x Authentication: these users will be able to authenticate in edgeBOX be means of the IEEE802. the edgeBOX services accessible by the users: · Allow access to edgeBOX services listed: users in this Privilege will have access to the services in the list. to this VLAN.m and . These services will be available for those users if you choose the 1st or 2nd option.h. Inc. that is because these rules are re-applied at most. workgroup or domain services). not services provided somewhere else but accessible through the edgeBOX.m: same as the previous on but service is granted only within the given time of day period (please take into account that a delay of up-to 5 minutes may occur. no users in this Privilege will be able to access any File Sharing related resources.

Inc. How do I restrict access to certain types of web sites ? edgeBOX contains a web filter that allows you specify Website Restrictions based on words present in the website's URL or domain. see details. that machine is allowed the access rights of the profile.0 Help users. Indicating a range is most useful when you. Use the left side buttons to manage the list. If an IP is added. . what type of traffic these users will be allowed to exchange with the other VLANs in edgeBOX.. How do I restrict access to services other than edgeBOX services ? You can block overall access to certain IP Addresses and/or Protocol services/ports by using the Advanced Firewall Rules... without the usual login screen. you can block overall access to certain IP addresses by using a block-all type rule in the Advanced Firewall Rules.. want all devices of a VLAN to be automatically authenticated. see details. see details. see more details. Devices IP Addresses to which this Privilege will also be applied.. a profile may also contain IP addresses. Related Topics: · Local Administrator · Firewall · RADIUS devices authenticating in edgeBOX · Remote Authentication and Authorization · Adding Users and changing their Privileges Critical Links... Additionally. This allows the machine to automatically authenticate with the edgeBOX.188 edgeBOX 5.. Besides containing users. for example. You can indicate a specific IP address of a machine or you can indicate a range of IP addresses.

. as specified by an IP Address and a Netmask). 500-600). a short Description string should also be added. Network (connections to a specific IP segment.2. This means that traffic from the internal network to the Internet is granted access. 22.somewhat similar to a Firewall configuration. By default all outbound traffic is allowed.and network services allowance/denial . if you have configured any. Click the Add button to add new rule or Edit to change an existing one. to learn more. Bronze and Best-Effort traffic classes or your own Pipes.. Outbound Rules Rules to control access to the Internet. Click the Add button to add new rule or Edit to change an existing one. 80. Here you can allow incoming traffic based on its origin. You can allow or deny outgoing traffic based on its destination.assigning traffic classes to users . For each rule: Critical Links. port and/or protocol. TCP (you can choose All ports.. Silver. UDP (same as TCP) and ICMP. individual ports or even port ranges like 21. Thres tabs are presented: This panel presents three tabs: Quality of Service · Class of Service for Upload Traffic: here you can choose to apply the usual Gold. · Class of Service for Download Traffic: the choice here is Best-Effort or Premium. · Protocol: All. The sequence by which rules appear in the list can be relevant and you can use the Up and Down buttons to change it Inbound Rules By default all incoming Internet traffic is dropped: all connection attempts coming from the Internet are denied. to learn more. The list will display all your rules in an easy to read manner. port and/or protocol. · To location: Any (connections to any host).Users 189 9. The approach is based on QoS aspects . Device (connections to a specific IP Address). For each rule: · Policy: choose Allow Access or Deny Access (tipically you'll want to add Deny rules here).1 Fine tunning Internet and DMZ access This panel allows you Advanced Configuration options for defining how users access the Internet (same for the DMZ). Inc.. .

The LAN is also know as default VLAN. .2 Access to other VLANs Inter VLAN Access By default. as specified by an IP Address and a Netmask). users in a given VLAN cannot communicate with users of other VLANs. Click the Add button to add new rule or Edit to change an existing one. individual ports or even port ranges like 21. 500-600). UDP and ICMP. if you have specific needs you can overcome this default behaviour by indicating exceptions: locations (services/ports) on other VLANs the users will be able to access even though not belonging to that specific VLAN. Network (connections from a specific IP segment. Network (connections to a specific IP segment. 80.2. Device (connections to a specific IP Address).0 Help · Policy: choose Allow Access or Deny Access (tipically you'll want to add Allow rules here). · Protocol: All. the sequence by which they appear in the list can be relevant and you can use the Up and Down buttons to change it. TCP . The sequence by which they appear in the list can be relevant. as specified by an IP Address and a Netmask). Device (connections from a specific IP Address). UDP (same as TCP) and ICMP. · To Address: Any (connections to anywhere). Nevertheless.190 edgeBOX 5. Critical Links. · To Ports: if TPC or UDP are selected you can choose All ports. TCP (you can choose All ports. 80. This also includes the LAN. It's good practice to keep your VLANs isolated from each other: that's one of the advantages of using VLANs. 500-600). As for the outbound rules. 22. For each rule: · Protocol: All. Related Topics: · Firewall · QoS 9. 22. a short Description string should also be added. individual ports or even port ranges (like 21. Please note that controlling access for Inbound traffic may be particularly useful in some very specific scenarios such as situations where edgeBOX might act as a router for inbound traffic directed at specific IP addresses that might belong to each Privilege. · From location: Any (connections from anywhere). Inc. you can use the Up and Down buttons to change it.

Inc. If you want to create groups of users that have common privileges and types of accesses in your network. (or as an alternative. With a browser. Go to a computer of the local network (LAN). in the Users section. How can local admin user access the edgeBOX web interface? To have access to the edgeBOX. A short descriptive table is shown with the currently configured groups...com. Network Users menu. edgepacks. What are edgepacks? edgePACKs are optional modules for edgeBOX that add functionalities for particular markets or add a new set of features. this will be needed only if edgeBOX is not your DNS server) Critical Links. If you need to manage groups go to the Groups link in the Related Topics corner. their description and number of users in each. Learn more details about edgepacks at edgeBOX's website. A dialog window will popup: · Name: choose a name for this group · Description: Type-in a short description · Users: the list of users that belong to the Group. Click the New. Some examples are: edgeLMS and edgeDESKTOP. someone that can access some sections of the edgeBOX web interface.3 Groups You can use groups if you have edgeBOX third-party applications. Click the Local Administrator option..Users 191 9. you should to use Privileges instead. open the webpage https://myedgeBOX. users can be part of one group. button. the local administrator has to: 1.4 Delegate a Local Administrator Go to the Users section. Groups have no direct use in the edgeBOX or the network. The local administrator is one of the users of your local network that you give the permission to manage parts of your network and configure some of your services. 2. point the browser to the IP address of any of the WAN or LAN interfaces. in the Related Topics corner. several groups or no group at all. 9. . use the Add Users. and Remove buttons to manage the contents of the list..

2. Type the username and password he uses to authenticate to the network. 5. . Check the areas you want the local administrator to have access to. Each section (main menu option) of the edgeBOX is represented by a branch and the menus inside it are represented by subbranches.. View an example Critical Links. edgeBOX initial page 4. click the link Login. Create a local administrator of the edgeBOX To make a user of your network local administrator hit Select. and choose from the list. After the page opens.192 edgeBOX 5. you need to check the ones you want.0 Help 3.. A tree like data structure is presented. You can collapse and expand the tree by clicking the '+' and '-' signs. Inc. Now you need to indicate the areas and functionalities of the edgeBOX the local administrator will have access to: 1. Click the Login button.

and now you restore that old backup you made. edgeBOX has a backup and restore option that allows you to make backups of all the configurations and data. . Remove the local administrator Just hit Remove on the dialog window If you restore an old backup. your local administrator will still be 'david_parker'. for security reasons local administrator settings are not saved in edgeBOX backups. However. Click the Save button. the local administrator will not change. Inc. View example For example. if your local administrator was 'john_simmons' and you made a backup of the edgeBOX at that time.Users 193 3. and a some time later you changed the local adminitrator to 'david_parker'. Critical Links.

· Password: the password edgeBOX will use to access the device and encrypt RADIUS packets. You'll need to specify their IP Addresses and the type of device. Inc. · VLAN Assignement: check this if you want edgeBOX to assign a VLAN when performing Critical Links. · Privilege: the Privilege under which the user is logged. . It will show you a table with the list of users currently authenticated. · Type of device: select the most appropriate from the drop-down list. go to the Users section and hit the RADIUS option in the Related Topics area. · Name: the device's name. · MAC Address: the hardware address of that host/computer. The details are: · Name: the user's full name. · Confirm Password: retype the password.194 edgeBOX 5.5 View currently Connected Users If you need to get a list of Users connected to the system you can do it: just navigate to the Users section and click the Connected Users in the Related Topics corner. Related Topics: · How do I add more users ? · How do I configure network access privileges ? 9.6 Configure authorized RADIUS clients When you need to authorize network devices to access RADIUS authentication in edgeBOX.0 Help 9. · IP Address: the IP Address of the host/computer from which the user made his login. among other settings: · IP Address: the device's IP Address. · Login: the user's username (or login name).

You must use a compatible port based authentication device. the edgeBOX internal RADIUS server sends the correct VLAN id to the Switch or Access Point according to the User Access Profile. . independently of the port the user is currently connected. the edgeBOX internal RADIUS server sends the correct VLAN id to this switch according to the User Access Profile. delete and add remote RADIUS clients for user authentication. Inc.1x Access Point or Generic 802. Some of the devices supported include 802. the IP address is the IP of the AP/Switch and the password the RADIUS client password configured in the remote AP/Switch. Supported EAP methods: PEAP-EAP-MSCHAPv2 and EAP-TTLS. Name is any text you wish to enter to identify this unit. If you select the Generic 802.1x Switch from the drop down list. and after a successful 802. This option allows the Procurve switch to put the user in the correct VLAN. If you select the "HP ProCurve 2650" drop down. If "VLAN assignment" is checked. This feature allows the remote port based authentication device to put the user in the correct VLAN.1x switches with dynamic VLAN assignment like the Procurve 2650 or the Procurve 420 Access Point for Wireless communications with multiple SSID and dynamic VLAN assignment. If "Enable Dynamic VLAN assignment" is checked. independently of the port / SSID the user is currently connected. These are normally called NAS (Network Access server). the IP address is the IP of the Switch and the password the login password of the switch. Name is any text you wish to enter. This page allows you to view.1x user authentication. The edgeBOX supports different types of 802. Critical Links.1x port based authenticators.Users 195 authentication for this device.

There you can view and adjust edgeBOX's date and time and synchronize with a preferred Internet Time Server to keep the date and time always accurate.0 Help 10 System The System menu allows you to configure a variety system related aspects of the edgeBOX: · Adjust the Date. In that case your Date and Time are adjusted automatically. .. Adjusting date and time is not possible if you have configured an Internet Time server. your Timezone or use an Internet time server · Change the language or the administrator's password and e-mail address · Shutdown or Reboot · Manage Software Updates .and receive related notifications by e-mail · Backup edgeBOX settings and user files to a secure medium..196 edgeBOX 5. Date and Time menu. Inc. like fans. temperature and hard-disk usage statistics · Configure a Remote Management server 10. Otherwise just hit the Adjust. the current Time.manually or automatically .1 Adjusting Date and Time To adjust time related settings please point the browser to the System section. Critical Links. enter the desired Date and Time into the popup dialog and press Save. perform Restore operations and scheduled Backups · Configure edgeBOX's Hotbackup redundancy system · Receive e-mails and SNMP Traps when relevant status changes occur · Review or download system logs and configure logging to a remote log server · Send user's Accounting records to a RADIUS server · Globally enable/disable the embedded SNMP Agent · Schedule regular maintenance operations to optimize edgeBOX's relational database performance · View and change the status edgeBOX's main network services · View the current status of your hardware devices. button.

Click Change. Internet Time Synchronize the date and time with a Time Server on the Internet You can use a time server on the Internet to keep date and time always accurate.com or 192. Pick the world Zone from the list on the left and the City closest to edgeBOX from the list on the right. edgeBOX will try to synchronize with the selected server every day. To do that you can type in edgeBOX's IP address or edgeBOX's hostmane.100. Select the Syncronize edgeBOX date and time with a time server on the Internet option at the top. Indicate that the the time server you want to synchronize with is edgeBOX. 1.. if edgeBOX's hostname is ebox and the network domain is example..168.com and edgeBOX's IP address is 192. then you can type ebox.. How to synchronize all the network devices with edgeBOX's date and time Besides synchronizing its date and time with an Internet Time Server.254. edgeBOX can also work as a Time Server so you can synchronize all your network devices as phones. computers and servers with edgeBOX. If edgeBOX's date and time is delayed more than 1000 seconds (17 minutes) edgeBOX will not synchronize and create an entry in the Log Viewer and send a notification by e-mail. The status/time of the latest synchronization is shown.. 2. This way you can keep an the same. Search for the option to Synchronize with an Internet Time Server.254.example. Hit the Change.. Select the NTP server you want to synchronize with from the list. Press Save. 3.100. Inc. .168. Critical Links. To synchronize a device with edgeBOX's date and time: 1. accurate. Go to the device's date and time settings. time on every device of your network. For example.System 197 Time Zone Change the time zone 1. 3. 3. button. 2. 2.

at any time.. Critical Links. button. If you find that this password is not working correctly.. The recipient of these e-mail messages is not specified by default. example. then you should contact your reseller. and select the desired one from the list provided. System E-mail Messages edgeBOX sends several types of system related messages . Inc... So. by e-mail. the admin password is by default the word root. The default sender e-mail address edgebox@example. Click Change language. you can change it to a valid e-mail to avoid problems with E-mail Servers because E-mail Servers usually perform validation of domains when they deliver e-mails.2 Administration To change edgeBOX administrations settings you need to navigate to the Administration menu in the System section. Also. and type the desired new password in both the New Password and the Confirm text fields.com. shutdown or restart edgeBOX. You can change it to a valid address so people can reply to those messages.com is an invalid e-mail address.. Hit the Change e-mail.such as warnings or available software updates. Language edgeBOX's web management interface supports several languages.com is not a valid public domain and thus edgeBOX may find problems in delivery to the final domain.. Choose the Send system messages to: option and fill in your email address (this is the e-mail address to which edgeBOX will send system e-mail messages). If you do not wish to receive e-mail messages just choose the Do not send system messages option.0 Help 10. Administrator Password When the edgeBOX is installed.198 edgeBOX 5. A warning message will inform you of the fact. To change the password click Change Administrator's password. The browser will reload the management interface with the newly selected language. It is made of the word edgebox and edgeBOX's default internal domain: example. . you need to edit it yourself. How do I choose a good password ? Shutdown or Restart You can. just choose the option you need and press Ok.

System 199 10. without installing them.the edgePaks. · have software updates managed and installed automatically. Automatic Updates You can manually check for and install available updates.edgeBOX will let you install them manually. if you need to: · get a list or install available software updates. Software Updates menu. · receive automatic e-mail messages with information about new software updates. depending on your choice. Clicking on the buttons you can perform the following operations: · Check Now: will immediately check for new updates. · Check and install updates automatically: this will make edgeBOX connect to the update server. you will receive Critical Links. Please go to the System section. the list can be cleared by clicking on the Clear Entries button. You can also ask edgeBOX to check for updates and install them automatically. Inc. But you can also make edgeBOX check for updates and notify you of the updates so you can install them yourself. . Status The menu displays a short summary information stating whether you should check for available updates or if there are already updates available (this second information is automatic if you configure automatic checking for updates). · install edgeBOX's third party applications .3 Managing Software Updates The updates available are new functionalities. · Check for updates automatically but let me install manually: edgeBOX will check for software updates . button: · Disable Automatic Updates: edgeBOX will not try to check for updates.if updated software packages exist they will be automatically downloaded but not automatically installed . Hit the Change. · Install Updates: installs available updates.. · choose the Notify me when updates are available option to receive a graphical notification in the Dashboard. · View Update Log: reports all the updates that have been applied to edgeBOX.. download new software packages and. security updates or performance enhancements.

restart the services that need to be restarted. The following options are available: · Notify me when Updates are installed: in this situation edgeBOX will actually install the downloaded updates and. . execute a full restart or. if necessary. similar to the ones in the previous option. if no restarting whatsoever is needed. all downloaded packages will be installed. Common Settings · Check every: you can choose to trigger the software updates check task every 6. as part of the process). 7h15m. 12 or 24 hours. please note the following two options. · Also notify me by e-mail: notifications configured in the previous options will also be sent by e-mail to the administration e-mail address. if services restart is needed or if a full restart is needed nothing will be installed. · Notify me when Services restart is needed: you should choose this option if your network users can not tolerate any restarting of services or restarting edgeBOX itself..200 edgeBOX 5. starting at 13h15m. · Notify me when System reboot is needed: choose this option if don't mind that some services may need to be restarted but you don't want edgeBOX to perform a full restart automatically. If you want to check every 6 hours. navigate to the Software Updates menu . in this situation. you need to use the administration web interface to execute the installation manually (and the needed reboot as part of the process). if applicable. 13h15m and 19h15m. a notification will be displayed in the web interface indicating you the problem and asking you to try to install the update again. Critical Links.System section . you should go to the administration web interface. if this is the case. Inc..0 Help notifications. · Starting at: the base hour/minute at which the check will be started. otherwise software updates will be installed and the needed restarting of services will be carried out. If an error occurs while edgeBOX is trying to update.and execute the installation manually (and any needed restarting. see example. edgeBOX will check four times a day at 1h15m. you will receive a notification. this approach may not be the most appropriate for your needs. then nothing will be installed and you will receive a notification accordingly.

7 to v4. pop and e-mail services are stopped when executing a Backup. · Restore is only supported from the same version of the Operating system to the same version (eg v4. Inc. or a Windows File Share. or on a USB disk connected to the edgeBOX. if you prefer a time based schedule of cyclic backup operations. Please note: the imap. as the backup files have a unique prefix associated with an edgeBOX · Full backups and Incremental backups are supported · The backup can not be stored in the edgeBOX it self.. · Local USB disks can not be formatted as NTFS.4 Backup & Restore edgeBOX can schedule backups to occur periodically at a predefined time. day and date. · Both the Backup operation and the Restore operation cause edgeBOX to stop several system and application processes (eg VoIP and authentication). if at any time you need to execute a Manual backup. Restore Here you can manually restore backup files from either a Windows Share.System 201 10.. The following notes aplly: · Backups may only be created/restored to/from a local USB disk. . · Multiple edgeBOXes can use the same directory. to prevent the loss or corruption of data. this means that while the Backup is running edgeBOX will not be able to receive or send e-mails and users will not be able to read their e-mail. remote a Windows File Share. Backup Using the buttons provided you can choose to: · Backup Now. It's important to setup a backup policy from the start. · Schedule... These backups can be stored either on a remote FTP server. an FTP server or a local Critical Links. additionally the Restore operation always requires a system reboot in the end. a remote FTP server. · Restore is supported from the same architecture to the same architecture only.7).

Inc. .. the following backup policy: · Sunday: Full Backup · Monday to Saturday: Incremental Backup If you restore the Wednesday Incremental. Once all the relevant fields have been entered... The list on the left will show you all the available Full backups.. you should click Restore to perform the operation. as example.202 edgeBOX 5. button to select the device where the files are stored and enter the appropriate details (the details needed are in all similar to those described for the backup operations). It will not automatically create the folder. the system will restore a) this backup and b) all appropriate incremental backups and the c) the appropriate full backup.0 Help USB disk. If the folder specified (for the FTP server. 10. The options are: FTP Windows Share USB Critical Links.1 Immediate Backup Manual backup allows you to undertake a backup immediately. Click any of them to get a list of the corresponding Backups points-in-time. A dialog will popup with a confirmation telling you that. press Save to immediatelly start the backup.4. Lets assume. Selecting one of the three possible backup destinations: · Use an FTP server from the network · Use a Windows Shared folder from the network · Use a USB Flash disk attached to edgeBOX It is not possible to save the backup locally on the edgeBOX itself. edgeBOX will be rebooted. the system will also restore the Tuesday and Monday Incremental and the Sunday Full backup. the backup will fail. Finally. Press the Change. in the end. Give me an example. Click on View details to be assured of the details. If you select an incremental backup. or Windows share or USB disk) does not exist.

you can select which one you will use to store the backup files.. See examples.. For full and incremental backups. which will store the backup files Server: IP address of the FTP server Server: IP address of the Windows Server Method: USB allows you to select a local USB disk (Not NTFS formatted) which will store the backup files Refresh Devices: Will scan the local USB devices and present you with a drop down list to enable you to select the device which will store the backup files Device: The chosen device (You may have more than 1 USB disk connected) on which the backups will be stored Partition: If the device has more than 1 partition.System 203 Method: FTP allows you to select Method: Windows Share allows an FTP server which will store the you to select a share from a backup files windows server. where the backups will be active will be active will be stored Username: The username of the Username: The username of the account you are going to use on account you are going to use on the FTP server the Windows File server Password: The password of the Password: The password of the account which you are going to account which you are going to use on the FTP server use on the Windows File server 10. Backup Destination A summary information is displayed stating the current Backup destination details. Critical Links.2 Scheduled Backups This panel allows you to specify a scheduled backup regime. .4. Inc. Port: FTP Port (usually 21) Folder: Which folder on the FTP Folder: Which folder on the server where the backups will be Windows Share will receive the stored backup files Use Authentication: If checked Use Authentication: If checked Folder: Which folder on the the username and password fields the username and password fields USB device.

Incremental Backup Incremental backups backup the files which have been modified since the last Full or Incremental Backup. you can pick up exactly the day(s) you want the backup to be executed. If you schedule them at exactly the same time (hour and minute) the Full backup will take precedence and the Incremental backup will not occur.212) · Backup destination: Windows share (192.13. every day from Monday to Saturday The Full and Incremental backups should not be scheduled to occur at the same day and time (it does not make sense to execute both of them at nearly the same time as the Full backup will render the incremental backup useless or a waste of time and processing power). so that you can fit the backup tasks to better suite your company's Backup policy. at the top right corner.204 edgeBOX 5. . Inc. a Windows share or an external USB storage. You can choose to perform backup operations onto an FTP server. · Every Month :once a month.168.55) · Backup destination: USB flash disk Hit the Change. to change the destination medium of your scheduled backups. The dialog presented for this purpose equal to the one in the Immediate Backup section... button. Typically. Critical Links. Full Backup You may create (or disable) a schedule for full backups.100. you would schedule: · Full Backup: on Sundays at 04:00 and · Incremental Backup: at 04:00.0 Help · Backup destination: FTP server (212. · Every Week: any day of week. The same options are available for Incremental as for Full Backups. except if you have configured Incremental Backups: the execution of an Incremental backup assumes the execution of a Full backup at some point in time. choose a day of the month (please note: if you select a day such as the 31st and the month has less than 31 days. the backup will not take place). The scheduling possibilities are: · Day: · Every Day: the operation will take place every day.13. Scheduling Several scheduling approaches are possible.

2..5 Using HotBackup for redundancy Using two edgeBOXes. Using Hotbackup Setting edgeBOX as Slave To set edgeBOX as a Slave edgeBOX (backup edgeBOX) hit the Change. you should start the process on Sunday. To assure this. 10. Indicate below IP Address. .System 205 · Hour and Minute: the exact time of day at which the task should be started. edgeBOX's networking is reduced to a minimum necessary only for the Master to be able to access the Slave and replicate it's configs and data Critical Links. button: 1. So if you plan on executing full backups on Sunday and incremental backups on all other days.. the Hotbackup menu. allows you to configure one of them . you should manage both edgeBOX's updates manually and not automatically. in the System section. Inc. Assumptions and pre-requisites The stable operation of the Hotbackup feature assumes a set of pre-requisites which must be assured by the adminitrator: · The base hardware on both edgeBOXes must be exactly the same and the extra function cards installed on each must be identical and plugged into the same connectors. The Slave edgeBOX works as a backup (hence the name Hotbackup). · The Slave and Master must have identical operating system releases and revisions. if you update only the Master with a new revision of the edgeBOX's software.. Default Gateway and Nameserver to be used in Slave mode. ready to take over the Master's place if a failure occurs.the Master . NOTE: incremental backups are valid only if there is already a full backup.to manage the network and daily replicate its configuration and data to the other edgeBOX . the Hotbackup process will not be possible.the Slave. in Slave mode. Incremental backups taken before the first Full backup are invalid and should not be used. Netmask. See details. For example. Select the Configure this edgeBOX to act as the Hotbackup Slave option..

the Master edgeBOX has to stop a considerable amount of services to grant that the configuration and information are correctly replicated. you loose access to the web interface and you can no longer use the edgeBOX for managing your network.100. Select the Configure this edgeBOX to act as the Hotbackup Master option. keep in mind that this setup is not the only solution). .0 Help onto it. indicating that the edgeBOX is running as a Master edgeBOX.254/255. or remotely via ssh.255.168. in the VGA terminal. 3. the replication is made every day at that time. the Slave must be accessible to the Master through the network.255. For example. you will be able to access it using it's command line interface. Choose a time of day when your network has less activity. will help you determine and remember these settings. To make your edgeBOX run in Master mode. then you could choose for the Slave 192. If you have an edgBOX with LCD display. that's the interface to which you should connect your ethernet cable. Still. indicating that the edgeBOX is running as a Hotbackup Slave. edgeBOX will search for the Slave. it's a good idea to have a VGA and a keyboard connected to the Slave in order to get a better grasp of the process. validate it's configuration and start working as a Master edgeBOX. button: 1.253/255. Indicate below the IP address of the Slave edgeBOX and the time of day at which you want to replicate the configuration and data from the master to the slave. When you set edgeBOX in Slave mode. It will only work as a backup for the Mater edgeBOX. Click the Save button. if your Master has LAN address 192. edgeBOX will reboot and run in Slave mode. 4. for example.0 and connect the Slave LAN port the the same switch as the Master LAN port (but.168. during dawn. either locally using a keyboard/VGA or a serial console. 2. when edgeBOX has finished entering Slave mode an appropriate text mode screen. Also. Inc. Click the Save button to start the process. you can view an "S" in the top right corner of the LCD.. This way you will be able to perform a limited set of commands that are specific to the Slave Mode. you can view an "M" in the top right corner of the LCD. 3. Ethernet Wiring: you can choose any IP address you wish. The most simple way to wire up this setup is to choose for the Slave an IP address which falls into the Master LAN segment. because. Critical Links.255. Set your edgeBOX as the Master edgeBOX You can only set your edgeBOX to run in master mode after you have an edgeBOX configured and working as a Slave edgeBOX. in Slave Mode only the LAN interface is active and it's IP basic configurations are the four values you entered in the previous step.100.255. in order to make the replication.206 edgeBOX 5..0. please. if you have an edgBOX with LCD display. as long as the Master edgeBOX can access the Slave through TCP/IP. click the Change.

edgeBOX has to stop a considerable amount of network services. in order to replicate correctly. Make the Slave edgeBOX take-over if the Master edgeBOX fails If your Master edgeBOX (the edgeBOX that is managing your network) is malfunctioning and you need the Slave edgeBOX (backup edgeBOX). button and select the Disable Hotbackup option (this operatin will not perform any change of configuration in the Slave). Please wait. edgeBOX will stop replicating to the slave edgeBOX. Still you can check its connectivity status from the Master. This operation may take a very long time. Before initializing the process. if you have an LCD unit then just srcoll down Critical Links. If you are configuring your Master and the replication procedure starts. Make sure that your network has few activity when you ask edgeBOX to replicate. Check the status of the Slave edgeBOX When you have an edgeBOX in Slave mode. there could occur severe damage to your edgeBOX compromising stability.. you loose access to the web interface. to take over it's functions: 1. . Inc. All other services will continue working normally. then hit the Change. check the status of the last replication in the Slave edgeBOX. Still you can ask the Master edgeBOX to replicate at any time.. if the operation fails you will get a detailed diagnostic message. To do this just click the Replicate Now button. Manually replicate edgeBOX's configuration and data to the Slave edgeBOX In Hotbackup. If the Master determines that the Slave is not reachable or inconsistently configured a detailed message will be displayed. To do this just hit the Check Slave button. please avoid doing any other tasks while this one is running. Note that. As a practical rule do not use the GUI or the CLI at replication hours. the replication of the Master edgeBOX's configuration and data is made everyday at a given hour that you defined when you configured the Hotbackup process. Stop edgeBOX from being in Master mode If you have your edgeBOX running in Master Mode and you want to stop using HotBackup and make the edgeBOX run again in the default normal mode. In the end you will bet an Ok saying that everything went all right. in normal situations you will get an Ok assuring you that everything is normal.System 207 Please note: you should avoid performing administrative tasks close to replication time. please consult the Slave's logs via CLI commands hotbackup view replica status or hotbackup view slave log. As stated above.

3. you should manage edgeboxes' updates manually and not automatically to grant that the Master and the Slave have identical software versions. Open the slave edgeBOX's Comand Line Interface (CLI). this is of utmost importance. · Slave software update The Slave edgeBOX is not able to execute nor to check for software updates by itself. if you allow the Master to update automatically. You can activate the Check for updates automatically but let me install manually option in the Software Updates menu. but do not select the option that installs software automatically.208 edgeBOX 5. use the password that you used to login on the Master edgeBOX (the administrator password is also replicated onto the Slave). Analogue etc) to the Slave edgeBOX. Despite other/mixed approaches may be possible. ISDN. please follow the process until the end. Shutdown or power-off the Master. This will not install anything but will periodically query the update server and send you notifications if needed. 4. When you stop the Slave edgeBOX to work as a slave and make it take over the master.1 Managing software updates in a Hotbackup scenario When you use the Hotbackup functionality. Connect all Master's appropriate cables (eg ADSL. The Master automatically detects that the Slave has a diferent operating system version/release and will refuse to proceed. is a process that should be planned carefully. in the context of Hotbackup. 5. you gain back access to edgeBOX's web interface. Just follow the process described in the Software Updates menu. · Master software update Updating the Master is quite straightforward. Inc. in the System section. all subsequent replication attempts will fail.0 Help the menus in the Slave and you´ll get the Replica Status with a date and an Ok. 10. as it finishes the return to normal mode operation. To login to the web interface. Type in the command hotbackup returntonormalmode or hotbackup return to normal mode. The same happens if you update the any of them manually. The Slave edgeBOX will take over all services previously provided and managed by the Master. Software updates. it becomes a perfect replica of the Master. Please keep in mind that the slave. So.5. 2. . but you forget to update the other one. the following may be used as a step-by-step approach to executing the software update on the slave: a) Before proceeding with the upgrade of the Slave please note the following: Critical Links.

re-enter and double check the Slave Mode's IP settings (IP. if your laptop is connecte to the WAN segment of the Slave you should point to https://WANIPADDRESS:8011). Critical Links. the laptop IP configuration must be manual.System 209 · As the Slave returns to normal mode it's LAN interface will have the same configuration as the Master.255.168. when this command completes you will loose your connection. for example192. 8. 4. the Master is turned off and the Slave takes it's place for software upgrade (during the night or weekend). re-wire the slave's network cable(s) back as they were before.70. please change the Slave's LAN IP address by with the CLI command: lan static ip 192. After update is complete all connections may be brought back to normal and the Slave returns to Slave mode.200. make sure no warnings popup and everything processes normally. . to do this you can connect your laptop directly to the Slave's LAN connector (using a crossover cable. Access the Salve's web interface and proceed as described in the Sofware Updates menu (assuming your laptop is still connected to the LAN interface you should point it to https:// LANIPADDRESS:8011. this will surely frustrate the Slave's attempts to reach the update server. Inc. this step is not needed at all if the Slave will connect directly to the internet without the Master involved (unless you have static IP configuration on the WAN and you are planning to share the same network segment for the upgrade. Access the Slave's Command Line Interface (in Slave Mode there is no GUI). wait until the Slave has finished returning to normal mode of operation (you determine this by watching it reboot into normal mode from the VGA terminal). wait until edgeBOX is fully back in Slave mode (watch the VGA terminal. Disconnect the Slave's WAN cable. 6. gateway and nameserver) and apply slave mode again. If the Slave is going to access the update server using the Master as default gateway.70. In this scenario either the Slave's LAN IP address is temporarily changed or. Disconnect any network cable which might be connected to the Slave's WAN interface. This implies that the WAN and LAN interfaces in the Slave will have configurations "in" the same IP segment. in this case you really need to disconnect the Master's WAN interface. it will tell you).255. b) The steps to executed the software update on the Slave are: 1. then the Slave's WAN interface will obtain an IP address in the Master's LAN segment.0 (or any other subnet that does not collide either with the Master's LAN nor any of the VLANs involved). according to the example given. Netmask. you need to re-configure your laptop manually. 2.1/255. depending ion the type of update it may be necessary to reboot.168. simply. using the keyboard and VGA is also a good approach. Access the GUI and reconfigure Hotbackup Slave Mode. in Slave mode there is no DHCP server running. 5. 3. Connect to the Slave's WAN interface the cable that will provide internet connectivity (through the Master or directly through th ISP). · If the Master is the default gateway of the network segment to which the Slave will connect in ordero to access the update server. Execute the hotbackup return to normal mode command in the Slave's CLI (putty/ssh or keyboard/VGA). in order to prevent double IP on same segment). 7. if needed) and access the CLI by ssh/putty. so. with.

edgeBOX is able to detect such events and forward them to you by e-mail and by means of SNMP traps . Disable and Edit the details of SNMP Traps notifications: · Name · Hardware status changes: if you want to receive traps for temperature changes and other hardware issues. please go to the Notifications menu in the System section. 10. the result must be "Ok". E-mails You may Enable. · Status . you can Start and Stop the Notifications service and an appropriate coloured status bar shows you the current operating status.6 Notifications You may find the need to receive notifications regarding Hardware events.in case you use SNMP to manage your network(s). Disable and Edit the details of e-mail notifications: · Notification · Hardware status changes: if you want to receive e-mails for temperature changes and other hardware issues. if you changed anything). · RAID if you want to receive e-mails about hard disk status related to RAID. Re-wire the Master back to the way it was before (that is.210 edgeBOX 5. SNMP Traps You may Enable.Execute the "Replicate now" operation if you don not wish to wait for the up-coming daily replication. . Inc. · Receiver . go to the Master's GUI and execute the "Check Slave" operation.Whether each e-mail notification is active or not. Critical Links.the e-mail address to which the notifications will be sent (leaving it as root@localhost will make the e-mail be delivered to the administrator e-mail address). To configure the system to send these specific e-mail notifications and SNMP traps.The subject of the e-mail message.0 Help 9. RAID status and others. As usual. 10. · E-mail Subject .

· Trap Community . Critical Links.Whether each e-mail notification is active or not. only RAID1 is supported and it is managed by the RAID menu in the System section (this menu is only available if your system uses RAID). in the event of a hardware or software malfunction. RAID1 uses two (possibly more) disks which each store the same data.the array is rebuilding.IP address of the SNMP management Server which will receive the traps. .System 211 · Backup result summary: if you want to receive traps with the results of your scheduled backup operations. · RAID if you want to receive SNMP traps about hard disk status informations related to RAID. third. · Status . The failure of one drive. The panel has the following elements: · At the top the array status is presented and it may be one of the following: · Clean . Currently. does not increase the chance of a failure or decrease the reliability of the remaining drives (second.7 Managing and Diagnosing RAID A RAID array distributes data across several physical disks which look to the operating system and the user like a single disk. i. so that data is not lost so long as one disk survives. 10. · Object ID .e.The SNMP Object Identifier configured on the server which will receive the traps.Only Enterprise should be selected. Generic will be included for a future release.The community which has been configured on the server which will receive the traps. etc).SNMP versions 1 and 2c are available options .. Total capacity of the array is just the capacity of a single disk.all disks in the array are active · Recovering . · Trap Receiver . it is mirroring the disks · Degraded . Several different arrangements are possible. · Trap Type . · SNMP Version . Inc.there is a faulty disk in the array · A list with the array disks · A button to add a disk to the array and another button to remove a disk from the array.

A spare disk (if one is available).A mirrored array which was previously configured.The (new) disk has either completed construction (and is now part of the RAID1 array) or the construction was aborted. There are different ways to perform disk replacement: No Hot Spare To replace a faulty disk automatically.7.7. i.An active disk in the RAID mirror has been marked as faulty. Note: The replacement disk must match the original disk. Start the system The new disk should synchronize with the active one. This action is accomplished by the following steps: 1.e. · Fail . Replace the faulty disk (check the serial number) .1 Disk Notifications If the status of the array changes.the new disk must have the same capacity (in bytes) as the faulty disk. Highlight the faulty disk and press the "Remove" button Critical Links. one may not have to shutdown the system immediately. has lost a device and is no longer working as a RAID array · RebuildStarted . without the need of management intervention. a notification action may be performed as defined on the Notifications panel. Write down the serial number of the faulty disk 2.212 edgeBOX 5. A third disk (spare) may replace the faulty one. · DegradedArray. Shutdown the edgeBOX at the earliest opportunity 3.The RAID array has started reconstruction (eg when a disk is replaced. · FailSpare . Notification actions will occur under the following circumstances: · DeviceDisappeared . The array status may be checked on the RAID panel. . 4. has been successfully rebuilt and has been made active. it cannot have a larger or smaller disk capacity (in Bytes) Hot Spare If the box has more than two disks. 10.0 Help 10. just follow the steps: 1. the new disk has to be reconstructed from the good disk to form the array) · RebuildFinished . which was being rebuilt to replace a faulty device has failed. Inc.The Array is degraded (eg disk failure) · SpareActive .2 Replacing a faulty disk If the array becomes degraded the faulty disk should be replaced.A spare disk (if one exists) which was being rebuilt to replace a faulty disk.

the new disk will be included on the RAID array and synchronization will begin. Clikc the Log viewer. it will be automatically used to rebuild the RAID array in the event of a disk failure with one of the current RAID disks. To replace the faulty disk. Backup.System 213 2. There you'll find: Log Viewer The Log Viewer lets you examine several application's logs with 2 levels of verbosity. Mail. link.. however the following precautions should be taken: · Write down all disks serial numbers and respective slot to know which disk is the faulty one. select High or Low (changes will be applied to new log messages only). Inc. Each page displays at most 25 lines. Highlight the Spare Disk and press the "Add" button. . this setting is global to all services. RAID. edgeBOX includes comprehensive solutions for accessing system and application logs (such as syslog. the available services are: Anti Virus. Critical Links. voip's cdrs. If a spare disk is available in the "Array Disks" panel. The Previous and Next buttons allow you to scroll chronologically through the pages (earliest messages are displayed first). http logs. Hotswap Hotswap is also supported in the Enterprise Appliance. Daemon..8 Reading and Managing System Logs Reading system or services logs may become necessary as a way to understand or solve specific operational issues. In this case. Website Access Restrictions. highlight it and select the "Remove" button. among others). Authentication. · The faulty disk may be replaced without shutting down the system. Synchronization process progress may be checked in the RAID panel. Hardware Monitor. 10. Shut down the edgeBOX and remove and replace (if you wish) with a new disk which has the same Byte capacity as the faulty disk. · Verbosity: controls the level of detail of the messages displayed. Blacklist. it would be prudent to add this replacement disk to the "Array Disk" panel for automatic replacement in the event of another disk failure. The Log Viewer panel will popup: · Service: select the service for which you wish to read logs. Hotbackup. Kernel. VoIP. Point your browser at the Logging menu in the System section.

.0 Help Logs Destination edgeBOX can send logs to a remote logs server. Server Port: The port used. · Port: the TCP/IP port number on which the server listens for log messages. button and specify: · Also store edgeBOX logs in a remote server: check this box. · Server address: the IP Address or host name (FQDN) of the server to which edgeBOX will send log messages. . The logmaster username gives you FTP access to edgeBOX's log files: · System Log Files (sys. you'll find them inside the call-recordings FTP folder. but another port may be used. 10. The configured servers will be contacted in sequence.214 edgeBOX 5. or have different servers for each purpose. The table lists all the servers configured. and the first one to answer will store the data.csv files) Additionally. To add a new RADIUS Accounting server you'll need: · · · · Server IP: The IP address for the new server. Password: The password used by edgeBOX's RADIUS client to access the server Confirm Password: Confirm the password you have entered Critical Links. The default value is 1813.. To enable this behaviour click on the Change. 514 is the default. The accounting data applies only to the WAN interface.log) · HTTP/HTTPS Access Logs (access_log) · VoIP CDR's (Master. If your edgeBOX is currently recording calls. this FTP access should be used to access. download and delete call recordings made by means of the Automatic Call Recording. Note that you can have authentication and accounting performed by the same server. Inc. Log manager password You should set the logmaster password from this panel.9 RADIUS Accounting This menu option allows you to review and configure the RADIUS servers used for accounting.

Critical Links. If this time is exceeded then the next server on the list (if any) will be contacted. · Allow queries from: · Any device: edgeBOX's embedded SNMP agent will respond to SNMP queries coming form any device (with the correct community string obviouslly). · Devices within the following network segment: edgeBOX will only respond to SNMP queries coming from this IP segment (as determined by the IP Address and Netmask pair). · Allow edgeBOX to send SNMP trap messages to a Trap manager . · Community string . · A specific device: edgeBOX will only respond to SNMP queries coming from this IP address. See Authentication for details.Enter an object identifier (OID). This panel controls the SNMP agent running on the edgeBOX.System 215 · · Timeout: The maximum amount of time for connection setup with the RADIUS server.The name of the community used when requesting access to the SNMP agent. “edgeBOX”. e. Note: Accounting is only available with authenticated user sessions. Specifically “public” is not allowed.Enable notifications to be sent. Inc. · Allow queries for .g. SNMP Agent Configures read-only SNMP access to the edgeBOX. Log Interval: possible values are “15 minutes”. . “30 minutes” and “60 minutes”. · Enable Access to SNMP Agent . 10.Enables the SNMP agent and allows read-only access to report the status of the edgeBOX. This option allows you to control the period for which account information will be sent to the remote RADIUS accounting servers. Access to objects below this level are not allowed.10 SNMP The status of the edgeBOX can be queried using the Simple Network Management Protocol. Avoid well known strings such as “public”. “private” or ones that are easy to guess. SNMP Traps Configures the host (NMS) to which traps/notifications will sent.

Critical Links..216 edgeBOX 5. The Database Optimization can be done in several recurrence patterns. The main reason to do this is to increase user responsiveness and overall usability. To configure the type of traps/notifications sent by edgeBOX go to the Notifications section. may also benefit from a periodically optimized database. Use the Change Schedule. sometimes in order of magnitude of 4000%. Inc. to know: · Every Week: Performs Database Optimization on a weekly basis.The host name or IP address of a computer (NMS) to which notifications will be sent. Hardware Monitor and RAID services.. · Receiver .0 Help · Community . go to the Maintenance menu in the System section.. which also depend on the system database. and Remove Schedule.11 Maintenance In the Maintenance module it is possible to schedule system database optimization in order to improve performance of VoIP service and the Reporting engine.The name of the community used when sending a notification/trap. buttons to edit or remove the configuration. Some edgePakcs. To enable this option. For each previous recurrence pattern you should also set the · day of week and · time hour and minute for running database optimization. . A short overview is provided with: · current configuration and · last database optimization execution date and time. These include the Backup. · Every two weeks: Performs Database Optimization on a biweekly basis. · Every four weeks: Performs Database Optimization every four weeks. 10.. The performance can be significantly increased by simply enabling this feature.

10. Avoid colisions with the Hotbackup replication hours and the Backupscheduled operations. Please schedule your data optimization for a period of day when there is no (or low) load on your box. · Status: whether they are running or not. See an example. It is updated every 15 seconds.. Note that. Inc. but mostly on the 'how long ago was the last optimization done?' or the 'was optimization ever done?'. or when no services are being used to minimize the impact on services.System 217 When to schedule optimizations ? Database optimization may consume long periods of time (varying from a few minutes to some hours . · Temperature.the administrative operational status of edgeBOX's main user services. A very simple example. . Adapt the best solution for each case. based on the values of the parameters that follow next.12 Services Control Panel For your convenience.13 Hardware Monitor Information of the velocity of edgeBOX's fans.start / stop . the System section includes a Services panel where you can review and control . For all services displayed: · Name: the service's name. · Description: the service's description. is to set the edgeBOX database optimization tasks. or common abbreviation.Yes or No. To change status of a service click the service and hit the Start (green) or Stop (red) button at the top of the table. changes made here will be effective even after a reboot.. This always depends on your service usage. weekly. · Bad Sectors Count . every Saturday at 4:00am. Critical Links. 10.in very extreme situations). It is determined by the monitoring software of the disc. Hard disks information: · Overall Health . the CPU speed and several status of the hard disk(s).Number of sectors which are unusable. This depends on the factors as the load of the edgeBOX and the amount of data being processed.

Number of errors when writing to the disk. if the "SYN" protocol is specified. it will return a true value. If the syn packet was sent successfully.14 Diagnostic Tools You can reach the Diagnostic Tools menu from the System section. · All: adjust timeout and enter the TCP port to which to send the probes. Inc. adjust timeout and enter packet size in Bytes. If one of the methods receives a reply (eg ICMP). and so on.0 Help · Pending Sectors Count . continues until either a successful reply is received or all methods have timed out... · TCP: adjust timeout and enter the TCP port to which to send the probes. the next method will be attempted until another timeout elapses.. this produces a Ping which will try each method sequentially (ICMP. Enter an IP Address or a FQDN and press the Ping button. choose the Hardware Status Changes type Notifications panel. · Total Up Time . · SYN: adjust timeout and enter the TCP port to which to send the probes. the other methods will not be attempted.Number of sectors waiting to be remapped to another part of the disk.: · Method: · ICMP: adjust timeout and enter packet size in Bytes · UDP: with this option selected the ping method will send a udp packet to the remote host's echo port. Critical Links. the ping method will only send a TCP SYN packet to the remote host then immediately return. .218 edgeBOX 5. TCP then SYN). if no reply is received after the timeout. It provides some basic network and connectivity diagnostics: Ping Tests for network connectivity. UDP.Number of hours since the disk has been switched on. 10. For additional options press +Show options. otherwise it will return false. You can receive e-mail notifications about changes detected in the Hardware Monitor. · CRC Errors Count .

com and press the Lookup button.the IP address.org and press the Lookup button. If not set. · Timeout: maximum time waiting for test results on each router along the way. such as 212. · IP Addresses: to determine the IP address for a specified domain name or FQDN. Type the IP Address or FQDN in the box and press the Trace button. Critical Links. button and enter the values for: · Remote Management Server . the type of packets used in the traceroute test.45 and press the Lookup button.fr and press the Lookup button.15 Remote Management Allows communication between edgeBOX and a Remote Management server. enter a domain name.fsf.System 219 NSLookup To diagnose DNS problems. Traceroute Find the route that network packets follow to reach a specified host or IP address. . enter a domain name. For additional options press +Show options. · Domain Names: allows you do list DNS servers for a given domain. such as google.. such as critical-links. such as www. enter an IP address. To alter these settings press the Change. A short overview is shown with the current configurations.: · DNS Server: allows you to specify a DNS Server (by IP or name) which will be used to resolve the IP address. 10..: · Method: ICMP or UDP..23. Depending on your Lookup for selection: · Host Names: allows you to determine the Name of a specified IP address. A reference for how traceroute (tracert on Windows) works can be found at: Traceroute. · Mail Servers: allows you to determine the mailservers for a specified domain. · Timeout: maximum time waiting for test results.. Note: it may take more than 10 seconds to complete the task.34.. the edgeBOX default name server is used for the lookup. enter a domain name.. For additional options press +Show options. Inc. Such a server allows the management of several edgeBOXes at the same time.

. Critical Links.220 edgeBOX 5. Inc. The server will use this keep alive connection to warn administrators of potential problems with the edgeBOX. in minutes. used to separate the emission of 'keep alive packets' to the Remote Management Server.0 Help · Keep Alive .time interval.

11. It can be a begin/end day. depending on the report you are seeing.1. for automated processing. . in percentage. Critical Links. For each report you can specify a Time Interval.1 System Displays information regarding edgeBOX’s system usage: · CPU · Memory · Load · Disk Usage · Interfaces 11.Reporting 221 11 Reporting View and export reports about edgeBOX's System. or into a CSV file. You can drill down each line into each day to view the CPU usage just for the selected day. Services and Users. You can export the reports into a printable HTML page that you can print via a browser. per type of process (user’s and system processes) and cpu idle time. a single day or hour.1 CPU The CPU report shows edgeBOX's processor usage. Inc.

0 Help 11. Critical Links. in MB. Inc.222 edgeBOX 5. Drill down in each day to view the memory usage for that day only.2 Memory This report shows used and free memory.1. .

Critical Links. Drill down into each day to view the load of the CPU for each day. Load 5 min values indicate the average active processes in 5 minutes.3 Load The Load report displays the load of the system through the number of active processes.1. Load 1 min values indicate the average active processes in one minute. .Reporting 223 11. Inc. Load 15 min values indicate the average active processes 15 minutes.

Scroll down to view disk usage for both Storages. .0 Help Values below 1 represent good CPU load.224 edgeBOX 5. between 3 and 4 require you to monitor closely. 11. Inc. Drill down into each day to view usage for that day only. and values over 5 require you to take action because the CPU is overloaded.4 Disk Usage This report displays the hard disk usage. Critical Links. in percentage and in MB. per Storage.1.

if you have one.Reporting 225 · The System Storage partition saves the runtime system data information (database and log information). · The Home Storage partition is used to save the user account folders and the network shared folders (Shares). Critical Links.5 Interfaces Shows the traffic received and sent by edgeBOX in the WAN. Inc. 11. Scroll down to view information for the LAN and. LAN and DMZ interfaces. DMZ interfaces.1. Drill down into each day to check the usage of the interface for that specific day. .

.2. page hits and users yielding these accesses. This means. the total number of sites.1 HTTP Access The HTTP Accesses report displays information about HTTP accesses through edgeBOX.0 Help 11. Critical Links. · HTTP Access · Web Server · Firewall · E-mail · VoIP · VPN 11. Inc. accumulated traffic in Mega Bytes.226 edgeBOX 5. You can drill down into each line to see daily HTTP accesses and sites visited.2 Services Displays reports showing information about the service usage.

Critical Links.2 Web Server The Web Server report shows accesses to edgeBOX's web server. You can view the total number of visits to every page and the generated traffic. . It is where the Intranet and Extranet websites and the users' personal webpages are storaged.2. It is possible to drill down into each day to check the accesses on that specific day. in Mega Bytes to edgeBOX's web server. 11. Inc.Reporting 227 Please note: this report will contain no information if the Proxy Cache service is stopped.

3 Firewall This report shows Firewall related information as dropped and rejected (sent back) network packets grouped by day. . You can drill down each line to a specific time frame in order to identify actions applied to unauthorized network traffic.0 Help 11.2. Critical Links.228 edgeBOX 5. Inc.

Inc.2. If you drill down in each line. you can identify singular e-mail exchange info such as the sender or the receiver e-mail. the size of the message and if it was infected with a virus. This is. how many of those where detected as being infected with viruses by the Mail Scanner. Critical Links. you can only see how many sender and receiver e-mail domains (the @mail.com part of the email address) are processed for the sent and received e-mail.4 E-mail The E-mail report shows e-mail service related information in the Services perspective. . if it was locally delivered to edgeBOX. You can also view the amount of e-mails processed and.Reporting 229 11.

Critical Links.0 Help 11. · Inbound Calls .calls received from outside edgeBOX's network to internal phones connected to the edgeBOX.calls made to external phones. · Outbound Calls .230 edgeBOX 5. .5 VoIP The VoIP report displays VoIP service usage. Calls are grouped into: · Internal Calls .calls made between phones connected to edgeBOX. Inc.2.

2.6 VPN The VPN report gives information about the PPTP VPN tunnels in use in the edgeBOX. Critical Links.Reporting 231 The image above is a drilled-down detailed of the Internal Calls. the number of connections made. and accumulated duration of connections per day. . number of users using the VPN service. Inc. 11. The information available includes the duration of the calls and number of calls made.

Tou can view the inbound and outbound traffic in Mega Bytes. Critical Links. Inc. it is not possible to drill down inside each line as in other reports. PPTP VPN tunnels and the total duration of these tunnels.1 General The General report summarizes the activity of users.3.0 Help 11.3 Users Services data correlated with user information: · Accounting information · HTTP Access · E-mail · VoIP · VPN 11.232 edgeBOX 5. and external calls made and the duration of the calls. The information is shown only in a tabular format. .

LAN and DMZ). Critical Links.2 Accounting The Accounting report shows network traffic and sessions made by the network users.Reporting 233 11. instead of the username. You can drill down in each line of the table to view detailed information for each session of the users. Inc.3. You can check the amount of downloads and uploads that are being processed for the users in each network interface (WAN. . the user's IP Address is shown. If you are not using authentication.

Inc. HTTPS website accesses are not showed.3.4 E-mail The E-mail report shows e-mail service related information for each e-mail address.3 HTTP Access The HTTP Accesses report displays information about HTTP website accesses made by the network users. Critical Links.3. . You can drill down in each line to view e-mail messages details for a particular e-mail account. You can also drill down in each line of the table to see the sites visited for each user. 11. The report details the total number of sites.0 Help 11. accumulated download traffic in Mega Bytes and number of page hits. Please note: this report will contain no information if the Proxy Cache service is stopped.234 edgeBOX 5.

Drill down into each type of calls to view the calls made for that type. If you select a user's calls yo ucan view calls to and from that user for the specified time period: Critical Links.3. . Inc. Outbound and Internal calls with their associated call duration is displayed.Reporting 235 11.5 VoIP The VoIP report displays VoIP calls for each phone or user. For all registered phones the Inbound.

.0 Help 11. Critical Links.6 VPN The VPN report gives a summary of the PPTP VPNs on edgeBOX. Inc.3.236 edgeBOX 5. It shows the number of connections and the total duration of the connections.

How do I get here ? Point your browser to https://myedgebox.com. these are browser based user-oriented. or. Initial Page . Services Following the Services link. https://LAN-IP-Address:8011 . commonly accessible edgeBOX features. Inc. you will find the and Services and Applications options. . https://WAN-IP-Address:8011 . Follow the links bellow for details: · Webmail · Flash Operator Panel Critical Links. on the left you'll find a list of accessible services: · Temporary Shared Folders Applications In the Applications section you'll find links to the following applications (if installed and/or configured).User Services and Applications 237 12 User Services and Applications On the initial page. besides Login option. if from outside. you will enter the edgeBOX Services page (this option will only be available for users in the internal network).

select "Create safe". . as well as the current safes' configuration parameters. the following conditions must be met: · · · The Windows Server service must be running. Critical Links. The user must belong to Privilege with access to the Samba service. To create the safe. Currently available safes will be displayed. Select the desired settings for your safe. To be able to use safes. Temporary Shared Folders must be active.0 Help 12.238 edgeBOX 5. as well as the maximum time the safe will be available. Follow the link "Public Folders". Sizes available will always be less than or equal to the maximum size configured. select "Create a new safe". Inc. Any LAN user can request a safe accessing the utilities page (http://<lan address>:8011 and selecting the "Services" option). To create a new safe. The following page will be displayed. Any user on your network can ask for a box to store files and access it as a normal Windows share.1 Temporary Shared Folders Safes are available only for LAN users and may be used when there's a need for a temporary space for storage.

Critical Links. . Inc. credentials to access the safe Selecting "Public Folders" again will now display the safe just created. credentials to access it will be displayed.User Services and Applications 239 Safe creation window If the safe was successfully created.

access it like a normal windows share.240 edgeBOX 5. Critical Links.0 Help Public safes list To use the safe. entering the credentials supplied to authenticate. . Inc.

Critical Links. go to the Services > "Public Folders" menu and follow the "Close this Folder" link next to the safe you want to close. Inc. If the operation completes successfully. the message "Folder closed" will be displayed. . You will need to supply the password for the safe. Note: When a Folder is closed (manually or after the timeout).User Services and Applications 241 If you want to close the safe before its time expires. the folder and contents are deleted.

Use the interface to send and read your e-mail. Critical Links. see E-mail domains and Webmail). Select your preferred language and login with your edgeBOX username and password. You will be presented with the following screen.0 Help 12. . this is because it has not been configured to.2 Webmail In the Initial Page of User Services and Application. select the Applications link and then Webmail (if Webmail is not available. Inc.242 edgeBOX 5.

Inc. . Note that if there are more entries than can be shown on the screen.User Services and Applications 243 12. FOP allows you to view: · Which extensions are busy. causing the screen to scroll to the right (and vice-versa) You are reminded that you need to allow the FOP service on the Firewall Panel.3 Flash Operator Panel (FOP) Flash Operator Panel (FOP) is a switchboard type application which is able to display information about the PBX activity in real time. ringing or available · Who is talking and to whom · SIP and IAX registration status (Greys out if offline) · MeetMe room status (number of participants) · Queue status (number of users waiting) · Parked channels · Logged in Agents Critical Links. the additional entries can be viewed by placing the mouse to the right of the screen. for access and the Web Server must be running.

enter the edgeBOX URL into your browser. Select the Applications menu and you should be presented with the following: Critical Links. which should present you with the following Menu.1 FOP Login To Access the FOP Interface.244 edgeBOX 5.0 Help FOP allows you to perform the following actions: · Hang-up a channel · Transfer a call leg via drag and drop · Initiate calls via drag and drop · Barge in on a call using drag and drop · Drag and drop to create an agent · Manage queues · Park/Unpark calls 12.3. Inc. .

User Services and Applications 245 (If Webmail is not present on the Menu. you will be presented with the following screen: The default Security Code login is: root To alter this password. this is because you have not selected configured a Webmail Domain. Inc. . Critical Links. enter username and Password as admin and root (respectively) and set a new password. please refer to the E-mail Server and Webmail for configuration instructions) When you select Flash operator.

2 Initiate a Call To create a call. you drag the npem phone icon to the jayme icon. . Once the call is established. jayme's phone will ring and the call is established. for example. both phones will change their green 'LED' to red and the extension number of the caller will be shown. as well as the duration of the call. If npem picks up the call. You may force the termination of a call.246 edgeBOX 5. for the user of interest to the phone icon of If. simply drag the phone icon the person you wish to call.3.0 Help 12. npem's phone will ring. by double clicking on the red LED. Critical Links. Inc.

. you may terminate a call by double clicking the red LED of the phone (or the line). the caller has rung alextalk via the BRI/1 2 connection (as they both have the same tel number tag of the external caller). with their telephone number. 12.User Services and Applications 247 Note: If a phone is not currently registered with edgeBOX (as thus cannot be rung). the icon will be greyed out. Again. tags the incoming route with the callers number and also tags the person they have called.3 External Calls A call which is from an outside line. In the large panel below.3. Critical Links. Inc.

248 edgeBOX 5.0 Help

12.3.4 Transfer a call
To transfer a call, you simply drag the icon to the panel where you wish to place the call. Thus you could drag a callers icon to a phone, or to a Queue, or park the call (etc).

12.3.5 Barging
Barging allows the operator to interfere with an active call. Thus if 2 users have established a call, you could (although this is not generally recommended) drag a phone to one of the phones which is already connected, to establish a new call (leaving one of the users with a disconnected call!).

12.3.6 Create an Agent
Assuming that you have configured a Queue, you can add phones to the Queue to act as Agents for the Queue. To add an Agent, simply drag the phone to the Queue (the phone LED will change from green to yellow).

To delete the Agent, drag the phone to the queue again (the LED will change from yellow to green).

Critical Links, Inc.

User Services and Applications 249

12.3.7 Queue Managment
Each Queue, consists of three panels, as shown below.

The top panel (Queue Support) shows the status of the queue (1 caller waiting for an Agent) and the queue name (support) The next two panels show the top two (longest in queue) clients in the queue.

To add a client to the queue, simply drag the ringing phone to the queue, or drag one of the phones which has established a phone connection. Note: You can reset a queue by double clicking on Queue's (top panel of the three) LED. If you do this, all callers in the queue will be removed.

12.3.8 Park-Unpark Calls
To park a call, simply drag their phone, or their incoming line, to the Parked queue.

Critical Links, Inc.

250 edgeBOX 5.0 Help

The phone/line will then show the their parked position. You can then drag the parked phone icon to a phone (or elsewhere) to establish a call.

12.3.9 Conference Calls
To enter a conference, simply drag the phone icon (or line) to the conference icon, which will cause the phone to ring.

The Conference will show the number of users of the conference.

12.3.10 Typical Caller Scenario
A typical scenario is as follows: · A caller (A) rings and is routed to the operator (B). They request C's extension. · The operator can see that C is not on a call and can drag the line icon to C's phone, or · The operator can put the caller on hold (by dragging the incoming line to the park icon) and drag the operator phone icon to C's icon to ring C and ask if they wish to take the call. · The Operator can now either drag the icon from park to C's icon or drag the park icon to their phone icon and explain that C cannot take the call.

Critical Links, Inc.

Appendices 251

13 Appendices
13.1 Appendix A: Authentication
edgeBOX runs several services under which you have to provide credentials. There are a several possible authentication scenarios and configurations. In this appendix, edgeBOX's authentication architecture will be explained. It is important to understand these concepts, as they will be needed if you want to deploy a remote authentication scenario. We will shown what happens when the "Require users to login" option is enabled. The complete sequence of events will be reviewed and detailed. Finally, some remote configuration examples will be shown.

13.1.1 Authentication architecture
Authentication (proving who you are) and authorisation (what you can do) are handled in a mixed manner in edgeBOX. Considering first a local authentication scenario, upon user creation you need to provide a password and define which services a user will be authorised to use. Services available in edgeBOX are: · Regular services, such as POP3, IMAP, FTP and Internet access for LAN users; · Windows use (Samba Print and Filesharing); · Allow authentication from wireless and wired 802.1x port based authentication devices on the LAN; · PPTP · VoIP. Internally, edgeBOX uses a RADIUS server, configured to use an LDAP backend.

13.1.2 Require users to login vs Privileges policies
Connections originating from the LAN to the Internet, to the DMZ network and to services running on edgeBOX are granted by default. But you may choose to limit this access by enforcing an access Privilege. This is done by activating the Authentication service - the Privilege policies will be enforced at the Firewall level. This is always the first level of access to be tested: when if users are required to login (LAN/VLAN

Critical Links, Inc.

252 edgeBOX 5.0 Help users), any connections are denied - they are in fact discarded by the firewall. If an user wants to access the Internet, the following steps must be taken: · The user accesses edgeBOX's authentication page or some website running on port 80 (which causes a redirection to edgeBOX's authentication page); · The user enters his credentials (username/password); · If the credentials entered were valid, the user may or may not be granted access, depending on his access Privilege. From this moment on, and if this user's policy grants him access to the Internet, he will be able to access any remote service. Furthermore, a pop-up window will be displayed, allowing him to log out. This pop-up window must be kept open to keep the user authenticated. If this window is closed and no network traffic is detected originating from this user's machine, the authentication will time out and the user will have to re-authenticate in order to access the Internet. The timeout is set to five minutes.

Privileges allow the following items to be configured: · QoS classes assigned to WAN/DMZ connections; · Access to the Internet: time interval and services; · Access to edgeBOX's services: time interval and services; · Access to the DMZ: time interval and services; · Inter VLAN access. · Access to IPSec VPNs. · Access to PPTP VPN sessions. As previously mentioned, the policies are handled at the firewall level. After an user authenticates, appropriate firewall rules are loaded in order to enforce his Privilege profile. A user authenticating from a PC in the LAN will in fact revert to an IP/MAC address pair, and each rule loaded will refer to this pair. If the profile to which the user belongs to was granted access to the Internet, a firewall rule will be loaded allowing all traffic originating from this host to the Internet. If a Privilege contains an IP address (see the Devices section in Privileges), then firewall rules reflecting this policy profile featuring this IP will automatically be loaded, making it a static entry. That is, if a user uses a machine with an IP in a profile, they will be automatically authenticated by the edgeBOX and will have the profile's privileges (rather than the users profile privileges). A typical use of this feature is to automatically allow servers to access the Internet. Suppose you have a Windows update server. By making its IP a member of a group with access to the Internet will automatically enable access to the Internet for this server.

Critical Links, Inc.

4 Remote configuration So far we have assumed edgeBOX handles both authentication and authorization using its local RADIUS and ldap servers. There are some services however. Inc. · Otherwise. containing a message indicating success and a logout button.Appendices 253 13. the rules will be unloaded from the firewall and further connections denied.1. Due to the concept of system-wide authentication. The complete sequence of events is as follows: · If the user tries to access edgeBOX's port 8010/8011.3 Putting it all together Suppose a user in the LAN tries to access the Internet or an edgeBOX service and the Authentication service is running. However. . if the user tries to access any website on port 80 or edgeBOX's authentication page. all services will be authenticated against the scheme chosen. 13. access is denied (authentication failed). The user will have to reauthenticate. If a reject argument is found. rules reflecting this user's Privilege policy are loaded into the firewall. the user will be granted access according to his Privilege. if the password does not match. the authentication page is displayed. · Otherwise. allowing for a multitude of different configurations and scenarios. his browser will be redirected to the web page requested and a small window will pop-up. namely PPTP and Wireless that allow you to use another (RADIUS) server to perform authentication. edgeBOX's RADIUS server is queried. · If the user closes the pop-up window and no network traffic is generated for 6 minutes. these two functions can be delegated on remote servers. The following matrix displays the possible combinations for authentication/authorization schemes: Authorisation Local RADIUS Local RADIUS Local RADIUS Local RADIUS Remote RADIUS Remote LDAP Authentication Local LDAP Remote LDAP Remote AD Remote RADIUS Remote RADIUS Remote LDAP Critical Links. · Otherwise. access is denied (authorization failed). · Otherwise (any other application). · At this point. access is granted. · If the user has requested a web page and his policy allows. Otherwise. be it local or remote. access is denied by the firewall. The IP/ MAC address pair in these rules are the user's PC IP/MAC address pair. access is granted (authorization AND authentication succeeded). LDAP is queried. access will be denied. · Otherwise.1. · After entering his credentials.

e.. You can have a remote configuration replicating this configuration. Some cards have their own managing software. only the native MS Windows client was used. Bear in mind that although a remote scheme is used. This can be useful if you want to set their service permissions beforehand (when using local authorisation) or to set the group to which they will belong (by default they are assigned to the generic group). they are not known to edgeBOX before they make their first successful login. it will be shown how to configure a MS Windows client station to connect to edgeBOX's wireless access point using 802. In the examples that follow. If you are not using local authorisation. if the Active Directory server is not reachable at a certain point the users will be authenticated locally. PPTP. Special remarks have to be made when you delegate authorisation/authentication on a remote LDAP or RADIUS or Active Directory (without "import users" checked) server.254 edgeBOX 5. he will be placed in the "Generic" privilege. In such a configuration. local accounts and entries will be created locally.0 Help The first line matches edgeBOX's local configuration (all local). AD (with user import) or Remote LDAP Remote RADIUS or AD (without user import) First Login using any service: FTP. Depending on the scheme used. i. you can still add local users before those users make their first login. POP3. you must start the "Wireless Zero Configuration" service. In this scenario.2 Appendix B: Connecting to Wireless In this appendix. having a LDAP backend performing authentication/authorisation. As users are remote. The next table displays this information: Authentication Sheme Used Local. in which RADIUS performs authorisation. Not all wireless cards will support these security schemes . Inc. you have the option to import the users. Critical Links. you will still be able to edit user's permissions.1x and WPA.a firmware upgrade may be needed in some cases. . WiFi or LAN only using LAN authentication. Before this happens no user account is created locally and the same applies for edgeBOX's local RADIUS and LDAP servers (edgeBOX always keeps a local copy). When using Active Directory as a remote authentication scheme. and will be granted permission to access the services configured in the "Generic" privilege. the way a user may perform his first login will vary. after an user logins in for the first time. To be able to have MS Windows controlling your Wireless connection. This schema works also in "fail-safe" mode. 13.

Inc.no Hardware Address based filtering will occur. later you can configure it. later you can activate this if you wish. Notice that windows is being used to configure wireless In the examples that follow. · Allow only specific devices to use the wireless network: not active . Critical Links.Appendices 255 Wireless configuration applet. . the following general configuration will be used by edgeBOX: · SSID: valebox · Channel: 1 · Hide Network: not active .this network will be visible for all wireless clients nearby.

Inc.0 Help 13. Make sure the SSID entered is consistent with that defined on edgeBOX (valebox on our example).1x authentication and accounting.256 edgeBOX 5. On MS Windows. Select then the "Authentication" tab.1 802. Critical Links. Choose "WPA" for "Network Authentication" and "AES" for "Data Encryption".2. . double-click the "Wireless Network Connection" icon and select the "Wireless Networks" tab.1x The following picture illustrates the configuration used by edgeBOX for 802.

Authentication Protected EAP Properties On the dialog window that pops-up. ." checkbox. Press "OK" on all dialogs to confirm this configuration. uncheck the "Validate server certificate" checkbox. uncheck the "Automatically use my Windows.Appendices 257 Wireless Network Connection Wireless Networks On the Authentication tab. and select "Secure password" as the Authentication Method. Critical Links.. Inc. select "Protected EAP (PEAP)" as the "EAP type".. Press the "Configure" button. On the dialog window that pops-up. Press the "Properties" button.

258 edgeBOX 5. If the connection was successful.0 Help If the configuration succeeds. Inc. Remember that if you choose to use Critical Links. the network key to be used must also be supplied. 13. Additionally.2 WPA If edgeBOX was configured to use WPA as the security scheme. Clicking on the balloon will display a prompt requiring you to enter the username and password for a user authorised to connect to the Wireless network. you should see a balloon warning you to enter credentials to connect to the wireless network. its status will appear as "Connected".2. the following settings must be configured on the client: · Network Authentication: WPA-PSK · Data Encryption: AES. .

asking you to supply the network key. when you try to connect to it a dialog window will be shown.com/passwords. if less than 64 characters. it must be 64 hexadecimal characters long.grc. it may be ascii or hex. Wireless Configuration Network key dialog Critical Links. htm. . Inc. If this connection is configured to be established manually.Appendices 259 a preshared key. You may obtain an automatically generate key from the website https://www.

join domain dialog Critical Links.3. select the "Domain" option and enter your domain name (in our example it was "mydomain").this assumes edgeBOX is running the Windows Server and acting as a Primary Domain Controller. Please make sure to catch all the details in the Windows Server section. namely.0 Help 13. you will be required to supply credentials of a user belonging to the domain administrator's group. and then select the "Computer Name" tab. Inc. how to: · Add a Windows computer to edgeBOX's Domain · Map an edgeBOX Shared Folder on Windows Remember that users can olny access these features if they belong to a Privilege for which the Samba service is accessible. In the dialog window that pops-up. Select the "Change" button. . In edgeBOX. After you select "OK" to confirm the domain change. which has the same password as the admin user (defaults to root). To add a windows host to edgeBOX's Windows Domain. select "System" under the Windows Control Panel. you have to specifically supply the username "Administrator".3 Appendix C: Windows Integration This appendix will shown you how to use some of edgeBOX's Windows Server features.1 Adding a Windows Host to edgeBOX Domain This section details the process of adding a windows host to the edgeBOX Windows Domain . 13. The windows host will be added to the Domian provided by edgeBOX.260 edgeBOX 5.

3. Inc. the following dialog will be displayed. Critical Links. The other directory shown (profile) is where the roaming profile data will be stored. In the picture bellow the user's directory content is shown. log on to edgeBOX's domain (it should be available on the domains' list). so the user will retain her desktop definitions after logging off.Appendices 261 change domain dialog If the operations was successful. 13. The user's home directory will be mounted as Z:. 2.2 Mapping a Shared Folder on Windows To map an edgeBOX shared folder on a virtual Drive 1. where the public_html directory can be accessed. This is the directory where the user's personal web page will be located. . Go to My Computer. Select the Tools menu and the Map Network Drive option. After rebooting the machine.

From a basic network infrastructure with generic 802. 802. .possible to specify which share to release. Critical Links. For advanced features like port based authentication. a broad range of scenarios are possible. dynamic vlan assignment. This will release all connections to shares. Type the IP address of edgeBOX.0 Help 3. followed by the name of the shared folder.1x with single sign on or automatic guest VLAN more advanced switches will be needed. 4. For example: \ \192. It's "net use" which will display which are the active shares and then "net use <share> / delete". Some of the supported features depend on the type of Switch or Wireless AP used for deployment.1Q Switches to full port based authentication devices with dynamic VLAN assignment.254\rui. It's possible to disconnect from a share using the command "net use * /delete". · For switches with L3 features it is important to disable inter vlan routing on the switch. · For basic VLAN scenarios any 802.1Q switch will work. Windows does not allow you to mount shares with different username/passwords. Select the character you to use for the drive.262 edgeBOX 5. Inter vlan routing is done in the edgeBOX with access profile enforcement. which will disconnect that particular share.90. Inc.4 Appendix D: VLAN based Infrastructure With the introduction of VLANs in the edgeBOX architecture the type of scenarios where an edgeBOX can be deployed has been significantly increased. via the command 13.168.

802. Dynamic VLAN assignment · D-Link DES-1252 .1x and dynamic VLAN assignment · Support for 802. No single sign on available. manual session timeout configuration · D-Link DES-1228 .Support for 802.1Q VLAN + 802.1x . manual session timeout configuration · SMC Tigerswitch 6726 AL2 .Appendices 263 Type of Authenticators supported: · Procurve 2650 Series .1x port based authentication · No Dynamic VLAN assignment · No native Guest VLAN on switch · VLAN Scenario 2 · Standard 802. .1x SSO. Inc.1Q.1x port based authentication · Support for Dynamic VLAN assignment – (HP Procurve switch) · No native Guest VLAN on switch Critical Links.1x Authentication only.1x Port based authentication.1Q VLAN .802.802. · Generic Wireless AP with 802. 802.1X. 802.2.802.1Q VLAN and 802.1x .802.2 or later) . No single sign on available.1Q VLAN only · Generic L2 switch with 802.1q compatible switch · No 802.1x · Support for 802.802.1Q.1q compatible switch with 802. You might wish to read them in order to get a better grasp of the concepts or to adapt them to your own needs: · VLAN Scenario 1 · Standard 802.1Q · Generic L2 switch with 802.1x supplicants tested (PEAP-EAP-MSCHAPv2): · Windows XP SP2 · MacOS X · Windows Vista · Windows Vista SP1 Please find below four possible VLAN deployment scenarios.1x SSO and Dynamic VLAN assignment · Procurve 420 Wireless AP (Firmware 2.1Q.802.1q compatible switch with 802.1x SSO.802.1x port based authentication · No Dynamic VLAN assignment · No native Guest VLAN on switch · VLAN Scenario 3 · 802. 802. Type of 802.1Q.

1x port based authentication · Support for Dynamic VLAN assignment – (HP Procurve switch) · Native Guest VLAN on switch – (HP Procurve switch) 13.1 VLAN Scenario 1 Characteristics of this scenario: · Standard 802.0 Help · VLAN Scenario 4 · 802. Inc.1q trunk. Critical Links.1q compatible switch with 802.1q compatible switch · No 802. The port on the switch must be configured as 802. .264 edgeBOX 5. allowing all configured VLANs to pass through the link. In this case the LAN port of the edgeBOX is connected to a trunk port in the switch.4.1x port based authentication · No Dynamic VLAN assignment · No native Guest VLAN on switch This is the most basic scenario when deploying VLANs with edgeBOX.1x and dynamic VLAN assignment · Support for 802.

4. then all traffic to and from this user will be filtered with the default rules for non-authenticated users.By default.Access Rules between VLAN segments can be configured per access profile in the VLAN tab. the firewall enforces the configured User Access Profile rules for WAN. Inc. DMZ and access to other VLAN segments. 3 . This means the edgeBOX firewall does not allow routing of traffic between VLANs unless the administrator configures it with different type of access rules. 13. 2 . If the user is not able to authenticate with success.The only type of user authentication available is Web Login. When a user authenticates successfully.2 VLAN Scenario 2 Characteristics of this scenario: · Standard 802.1x · Support for 802. all traffic between VLAN zones is blocked.Appendices 265 1 .1x port based authentication · No Dynamic VLAN assignment · No native Guest VLAN on switch Critical Links. . 4 . In most cases the VLAN 1 is the default VLAN on a new installed switch.When using VLANs. and this means all ports are by default configured as being part of that VLAN. the LAN zone is the same as VLAN 1 (id 1).1q compatible switch with 802.

1x protocol. At this point the client will get an IP address if configured with dhcp and the edgeBOX DHCP server is enabled. To enable support for 802. made by the Client PC supplicant.1x based switch.1x port based authentication we need to configure the switch to use the edgeBOX as the RADIUS server for authentication and enable the ports where we want this enforced. On the edgeBOX this 802. Both Windows XP and Vista include supplicants with native support for this authentication type.1x.266 edgeBOX 5. and this is done in System->RADIUS->Add. The edgeBOX supports protocol PEAP-EAP-MSCHAPv2. Support for Single Sign On (SSO) Scenarios based on 802. the RADIUS client. Inc. The only addition is that we have some or all ports on the switch configured for 802. .1x port based authentication. needs to be authorized.1x is that the user will not be able to access the network until he is able to get a successful authentication. The only requirement is that a Critical Links.0 Help This is basically the same as Scenario 1. The main advantage of using 802. the switch detects the presence of a client and initiates the 802. If the authentication is successful the switch will open the respective port and the client will be part of the static VLAN configured on that Port. will be forwarded by the switch to the configured RADIUS server for authentication. If the authentication is not successful then the port will be closed and the user will not get access to the network. The authentication request.1x include support for automatic user login. In this scenario. for a client PC connected to one of the switch ports configured with 802.

1q compatible switch with 802. 13.Appendices 267 supported 802.1x port based authentication · Support for Dynamic VLAN assignment – (HP Procurve switch) · No native Guest VLAN on switch This is scenario 3 with a switch that supports VLAN dynamic assignment. Without a successful authentication the port will be closed and the user wont be able to access the network. .1x authentication and on success. the switch moves the associated port to the VLAN configured for that user access profile. During 802. the RADIUS server sends additional attributes to the 802.3 VLAN Scenario 3 Characteristics of this scenario: · 802.1x switch is used to deploy those scenarios. Inc. after a successful authentication.4. the port based authentication is still done but the user will need to do a normal weblogin when accessing the Internet or services running on the gateway.1x switch does not support the calling station attribute.1x and dynamic VLAN assignment · Support for 802. The edgeBOX supports assignment of a VLAN per access profile.1x authenticator in the switch with information regarding the VLAN id for that particular user. The following is needed to deploy this feature: Critical Links. In this case. A supported switch includes the calling station MAC address in the RADIUS Access Request packet and is able to process session timeout. In case the 802.

0 Help 1. 13. The HP Procurve follows RFC2868 / 3580 with with Tunnel-Private-Group-ID of type string. Configure the RADIUS client as referred in Scenario 2.1x port based authentication · Support for Dynamic VLAN assignment – (HP Procurve switch) · Native Guest VLAN on switch – (HP Procurve switch) Critical Links.4 VLAN Scenario 4 Characteristics of this scenario: · 802. 3. Inc. See NAC->Access profiles>”Profile”->VLAN->VLAN Name. Configure the User Access Profiles with the correct VLANs. .1x and dynamic VLAN assignment · Support for 802.4. select the correct client type and enable Dynamic VLAN assignment. The advantage of this scenario is the fact that we can effectively do network access control by port and at same time we are able to put the user in the correct VLAN even if he does a login outside of is main work space.268 edgeBOX 5. The network infrastructure must be setup with Procurve 2650 or compatible switches in terms of RADIUS dynamic Vlan assignment. 2.1q compatible switch with 802.

the switch is not able to start a 802. user data and software updates since the first time the edgeBOX was installed.1x authentication takes place and the switch port is automatically configured for VLAN3. the user will be presented with the edgeBOX web login page when trying to access the Internet. Inc. · When Guest01 connects to port 5. This is similar with scenario 3 and the only difference is when the 802. without a successful authentication. These ports are located in a meeting Room.1x authentication and automatically opens the port on VLAN6. · Guest01 is a guest user with just a regular dhcp configuration on his laptop. Users in this profile are not able to access any of the other VLANs or LAN. a successful 802. the connected host is able to get an IP through DHCP. · Engineering profile has access to Internet. will be isolated in VLAN6. As soon as the switch assigns the unauthorized-client VLAN to that port.Appendices 269 This is scenario 4 with a switch that supports guest VLAN when operating with 802.1x Open VLAN mode in the Procurve 2650. In the end the system will reboot and the hard disks will be re-imaged with the original first install contents. the edgeBOX enforces the guest profile for this user and he is able to access the Internet but nothing else.1x authentication. configured for VLAN3 (see #3 in scenario 3). · When User01 connects to port 4. 13. User01 is able to work on his own VLAN and access any other places allowed by his Engineering access profile. Use the "system factory" command to initiate a factory reset. LAN and a few servers located in VLAN2.1x and VLAN dynamic assignment. · Guest profile is configured to have open access to the Internet only. A practical example: · Switch ports 4 and 5 are setup for 802. At this point the switch automatically configures the port to another VLAN – the Unauthorized-Client VLAN. At this point he is able to get an IP address through dhcp and when trying to access the Internet he will be presented with the authentication page.1x with Unauthorized-Client VLAN assigned to VLAN6.5 Appendix E: Factory Reset The factory reset option is only available through the CLI (Command Line Interface). IMPORTANT: be aware that this option erases all configuration. · Guest01 is a member of the guest profile. Critical Links. With a successful web login authentication. If the edgeBOX authentication is enabled. · User01 is a member of the engineering profile. · User01 has his laptop ethernet connection setup for 802.1x user is not able to authenticate. The unauthorized-client VLAN can be configured using the 802. · Any other user that tries to connect to one of these ports. .

Network devices monitoring · SSH .Secure Shell · TFTP .edgeDESKTOP interface · eMI .Network services monitoring · NTP .Phones Swicthboard · FTP .Authentication and Accounting · Samba .Date and Time Synchronization · POP3 .Network services monitoring · Nagios .Calls cost information · CTI .270 edgeBOX 5.Simple File transfers · VoIP .E-mail retrieving · RADIUS .0 Help 13.Network services monitoring · Munin . .6 Appendix F: edgeBOX Network Services edgeBOX Network Services list In several configuration situations .Web Server · IMAP4 .Windows Domain and File Sharing · SNMP .E-mail retrieving · LDAP . Inc.Domain and IP Address translation · edgeDESKTOP .VoIP Telephony Critical Links.Phone and Computer Integration · DNS .such as the Firewall or user Privileges .Remote Management Interface · FlashOperator .Authentication and Accounting · Monit .you'll be presented with or even need to select entries from edgeBOX network services list: · Billing .File Transfers · HTTP .

62}") · Password: · Size: from 1 to 127 · Characters ("[a-zA-Z0-9!"#%&'()*+. Don't use simple passwords. < = > ? @ [ ] _ ` { | } Specifically for the admin user: · Username: you can not change the administration username in edgeBOX. write your password down on a paper and store it at home. away from your usual work place. '+'.<=>?@[]_`{|}]{1. For regular users: · Username: · Size: from 3 to 64 · Characters ("^[a-z][a-z0-9-_.-. Use passwords with at least 10 characters. digits ("0-9") and any of ! " # % & ' ( ) * +./:. "_" and ".7 Appendix G: Usernames and Passwords The choice of Usernames and Passwords is a relevant topic when configuring edgeBOX. ..Appendices 271 13. . If you don't trust your memory. / : . numbers and special characters like '_'. Inc. it's always admin · Password: Critical Links." · up to 62 additional lower case letters and/or digits can be used ("[a-z0-9]{1.]{1. "-". with letters.127}"): · lower ("a-z") and upper ("A-Z") case letters. General Topics Change the password once in a while. The characters right above the numbers in your keyboard are all good candidates too.62}[a-z0-9]$") · must start with a low case letter "a-z" · the midle characters may additionally contain digits ("0-9"). See more specific details bellow.

272 edgeBOX 5. · Name and Password: · Size: from 1 to 20 · Characters ("[a-z0-9_-"): lower case letters. / : .<=>?@[]_`{|}]{1. Inc. digits and '_' and '-' Critical Links.127}") · lower ("a-z") and upper ("A-Z") case letters. one single leading '+' if needed./:. digits ("0-9") and any of ! " # % & ' ( ) * +. .-.0 Help · Size: from 1 to 127 · Characters ("[a-zA-Z0-9!"#%&'()*+.. . < = > ? @ [ ] _ ` { | } Specifically for phones: · Number: · Size: 1 to 20 · Characters: only digits ("0-9").

You're Reading a Free Preview

Descarregar
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->