Tag: firewall

Accessing Peplink Cloud Services from Private Networks

Peplink routers are renowned for their robust connectivity solutions, and for users venturing into private APNs, it’s essential to configure firewall rules to ensure seamless access to Peplink services. This guide outlines the steps to modify inbound and outbound firewall rules on the APN firewall/gateway, allowing a clear path for Peplink services to function efficiently. Those services include:

  • InControl
  • SpeedFusion Connect
  • Remote Web Admin access & InTouch services
  • Remote Access (for Peplink support)
  • Push Notification services (for the Router Utility app)
  • Automatic firmware check in

Here’s a guide to configuring firewall rules for specific Peplink services:

Refer to this JSON file for details on the services. Find the corresponding section where “system” refers to the service you require. 

For example, if you want to allow the InControl service, you’ll need to set up firewall rules to allow for the following:

  • Host Names*: ac1.peplink.com and ac2.peplink.com
  • Port: UDP 5246

*If specific IP addresses are required, the list is provided as well.

Configuring firewall rules for Peplink routers on private cellular networks is crucial to ensure uninterrupted access to essential services. By following these detailed steps for each specific service, users can optimize their Peplink experience while maintaining the security and integrity of their private APN connections. Stay connected with confidence using Peplink routers on your private cellular network.

By 5G , , , , , ,

Digi Empowers Customers with “Drop-in Mode” for Seamless Internet Connectivity

Digi International is always looking for ways to help evolve networking solutions. The Digi Accelerated Linux operating system (DAL OS) enables “Drop-in Mode,” which reshapes the way we perceive network connectivity. This feature offers customers the flexibility to harness the power of Digi routers while retaining their existing firewall or router. It simplifies the complex process of integrating multiple Internet connections without the hassle of reconfiguration.

Understanding the Vision

Digi’s goal with “Drop-in Mode” is crystal clear: to empower sites with multiple Internet connections without necessitating any alterations to the existing router/firewall configuration. Typically, businesses operate on a single Internet connection through a wired WAN with a static IP address. The challenge arises when they need to integrate additional Internet sources seamlessly. 

Digi’s solution involves inserting their advanced router between the existing infrastructure and the ISP gateway. This strategic placement enables the Digi router to manage the WAN connectivity of the existing router/firewall effectively. The traffic is then intelligently routed through various WAN Internet connections, including primary wired Ethernet WAN, cellular backup connection, or a WAN bonded tunnel, as per the requirements.

Creating a Seamless Bridge

“Drop-in Mode” operates similarly to a passthrough mode, but with an innovative twist – it acts as a transparent bridge between the client device/firewall and the ISP gateway while providing a failover connection. This transparent bridge is a testament to Digi’s commitment to delivering a seamless user experience. By employing this mode, Digi ensures that the client device’s traffic, along with the data behind it, is channeled effortlessly to the appropriate WAN Internet connection. This process is facilitated through Digi’s sophisticated networking functionality, allowing the traffic to be routed based on metrics, default routes, policy-based routes, or static routing entries.

Sample setup

The Impact of Digi’s Innovation

Digi’s “Drop-in Mode” has far-reaching implications for businesses. First and foremost, it eradicates the complexities associated with integrating multiple Internet connections. This simplicity translates into significant time and cost savings for businesses, as there is no need for extensive reconfiguration or downtime during the installation process. Furthermore, the flexibility offered by “Drop-in Mode” means that businesses can adapt to changing connectivity needs swiftly and seamlessly, ensuring that they stay ahead in an ever-evolving digital landscape.

Empowering Connectivity for All

The versatility of “Drop-in Mode” extends its benefits far and wide, catering to the diverse needs of individuals and businesses, regardless of their scale. Whether you’re managing a home office or steering a large enterprise, this innovative feature proves to be a game-changer in ensuring seamless network connectivity with all the benefits of the Digi hardware and software.

Home Offices

In the era of remote work, home offices have become the backbone of productivity for countless professionals. For individuals working from home, a stable Internet connection is not just a convenience; it’s a necessity. It ensures that home office setups remain robust and uninterrupted. “Drop-in Mode” also makes it easy for individuals to get themselves set up rather than relying on an IT professional. This allows remote workers to focus on their tasks without worrying about network or Internet connectivity issues.

Small and Medium Businesses

Small and medium-sized businesses often operate with limited resources, making efficiency crucial for their success. “Drop-in Mode” comes to the rescue by offering a hassle-free solution. Whether it’s processing online transactions, managing customer interactions, or conducting virtual meetings, businesses can rely on this feature to maintain a consistent and reliable Internet connection. The simplicity of implementation also means that business owners can save valuable time and resources, enabling them to focus on growing their ventures.

Large Enterprises

In the complex landscape of large enterprises, where numerous departments and teams rely on interconnected networks, uninterrupted Internet connectivity is paramount. “Drop-in Mode” provides a streamlined approach to managing multiple Internet connections without the need for extensive reconfiguration. This is particularly valuable in mission-critical operations where any downtime could result in significant losses. Large enterprises can optimize their Internet usage, ensuring that each department’s specific requirements are met efficiently. This adaptability enables them to stay competitive, innovate, and respond swiftly to market demands without being hindered by connectivity issues.

Educational Institutions and Public Sector

Educational institutions and government agencies often have diverse Internet requirements due to the multitude of tasks they handle, from online learning platforms to administrative services. “Drop-in Mode” allows these entities to consolidate their Internet sources with nominal effort. By ensuring reliable connectivity, educational institutions can enhance their online learning experiences, while government agencies can streamline their services to the public. This approach not only improves efficiency but also contributes to providing better services to the community.

Is Drop-in Mode Right for You?

In essence, “Drop-in Mode” emerges as a universal solution, bridging the connectivity gap for individuals and organizations of all sizes. Its ability to adapt to various settings, from home offices to large enterprises, highlights its significance in the modern digital landscape. By offering a seamless and user-friendly approach to integrating multiple Internet connections, Digi International’s “Drop-in Mode” allows you to save time and focus on your business. 

To determine if this innovative feature is the right fit for your specific needs, consider your requirements for multiple Internet connections and the seamless integration of existing setups. Evaluating your Internet usage patterns, the complexity of your network, and your need for uninterrupted connectivity will guide your decision.

Contact a 5Gstore representative to learn more about Digi products and services, including “Drop-in Mode.” 

By 5G , , , , ,

Peplink 8.4.0 May Cause Issue with Google Drive

UPDATED 11/16/2023

After working with the Peplink support team, they found that the situation was related to the User Group change in firmware 8.4.0, not a bug in the Content Filtering. Since the number of User Groups increased (from 3 to 10), it caused a glitch in firmware 8.4.0 that made it unable to recognize the user group label in firmware 8.3.0 (or lower). Based on our Balance router’s configuration – Content Blocking settings, the users defined under the Manager group (that should be exempted) were not taking effect causing them to have to follow the selected Web Blocking categories, including “File Hosting”, hence, they are unable to access “drive.google.com”.

In order to resolve this, Peplink built a special firmware with a fix. All our team had to do was remove our whitelisted rule for “drive.google.com” and upgrade the firmware. We then tested access to Google Drive and confirmed it worked!

We extend our thanks to all Peplink staff that assisted with this fix!

Firmware updates are crucial for enhancing security, performance, and overall user experience. However, sometimes these updates might inadvertently lead to unforeseen issues. Recently, the 5Gstore team found themselves encountering a perplexing challenge after upgrading to the latest firmware version, 8.4.0. Specifically, accessing Google Drive became impossible for users. This prompted a quick investigation into the root cause and a subsequent solution.

The Challenge

Upon upgrading the 5Gstore warehouse network to Peplink’s 8.4.0 firmware, users were surprised to find a recurring error message while attempting to access Google Drive. The error was labeled as “ERR_CONNECTION_RESET” and stated “This site can’t be reached – The connection was reset. Try: Checking the connection or checking the proxy and the firewall.” This appeared consistently across multiple computers. Naturally, the first course of action was to ensure that the network connection was stable.

Diagnosis and Solution

After meticulous troubleshooting, the network team suspected that the firewall might be at the heart of the problem. Given the error message’s indication of a connection reset, it seemed likely that the firewall was blocking access to Google Drive. To test this hypothesis, the team made an insightful decision—they added an entry for “drive.google.com” to the content blocking exemptions list within the firewall settings.

Once the exemption was in place, Google Drive access was promptly restored across all devices on the network. This simple yet effective solution showcased the importance of a systematic approach to troubleshooting, ensuring that network administrators could swiftly resolve the issue and minimize downtime.

Reviewing the Fix

In order to fix the blocking issue, we logged into the web admin of the Peplink router. This can be done by connecting to the local network, or using the remote web admin access through InControl 2. 

Once you’re in the web admin, navigate to the Advanced tab and select Content Blocking on the left. From here, find the Exempted Domains from Web Blocking section and enter drive.google.com then click Save at the bottom of the page. Lastly, click Apply Changes at the top right. 

Implications and Recommendations

Peplink’s 8.4.0 firmware update is undoubtedly packed with various enhancements, but this incident highlights the necessity of vigilance during and after such updates. Users are encouraged to:

  1. Regularly Check for Firmware Updates: Keeping networking equipment up-to-date is crucial, but it’s equally important to be aware of potential issues that might arise after an update.
  2. Engage in Systematic Troubleshooting: When problems occur, a step-by-step approach to diagnosing the issue can lead to faster and more accurate solutions.
  3. Monitor Vendor Communications: Following Peplink’s official channels for announcements, updates, and user forums can provide valuable insights into known issues and their resolutions.
  4. Maintain a Backup and Rollback Plan: Having a backup of the previous firmware version and configuration, along with a rollback plan can be a lifesaver in situations where issues are not immediately solvable.
By 5G , , , , , ,

7 Tips for Ensuring a Secure Internet Connection

The internet has revolutionized the way we communicate, do business, and access information. However, the internet is also a hub of malicious activities, making it imperative to ensure a secure internet connection. Whether you are browsing the web, conducting online transactions, or accessing sensitive data, securing your internet connection is crucial. Let’s take a look at some of the ways we can help protect our connections. 

#1: Use a Virtual Private Network (VPN)

A Virtual Private Network (VPN) is an excellent tool to secure your internet connection. A VPN creates an encrypted tunnel between your device and the internet, making it difficult for anyone to intercept your data. This is particularly important when using public Wi-Fi, as these networks are often insecure and can be easily hacked.

When choosing a VPN, ensure that it uses strong encryption and has a no-logging policy. A no-logging policy means that the VPN provider does not store any of your internet activities, ensuring your privacy. Some popular VPN providers include ExpressVPN, NordVPN, and SurfShark.

#2: Keep your devices updated

Software updates are not just about new features and bug fixes; they also include security patches. Hackers are constantly looking for vulnerabilities in software to exploit. Thankfully, software updates often include security fixes that address these vulnerabilities. Keeping your devices updated ensures that you have the latest security patches, making it harder for hackers to exploit your devices.

Ensure that your operating system, antivirus software, and other applications are updated regularly. Most software updates can be set to automatic, making it easier to keep your devices updated.

#3: Use strong passwords and enable two-factor authentication

One of the most common ways hackers gain access to your online accounts is through weak passwords. A strong password should be at least eight characters long and include a mix of uppercase and lowercase letters, numbers, and special characters.

Using a different password for each account is also important, as it prevents hackers from gaining access to all your accounts if they manage to crack one password. Additionally, enabling two-factor authentication adds an extra layer of security by requiring a second verification method, such as a code sent to your phone, before allowing access to your account.

#4: Use a Firewall

A firewall is a security tool that monitors and controls incoming and outgoing network traffic. A firewall can help prevent unauthorized access to your computer by blocking incoming traffic from suspicious sources. Most operating systems come with a built-in firewall, but you can also install a third-party firewall for additional protection.

#5: Avoid suspicious websites and emails

Phishing attacks are a common way hackers use to gain access to your online accounts. Phishing emails often look legitimate, but they are designed to trick you into providing sensitive information, such as login credentials or credit card details. To avoid falling victim to phishing attacks, be cautious of emails that ask for sensitive information or come from unknown sources.

Similarly, malicious websites can also be used to steal your information or install malware on your device. Be cautious when clicking on links, and always verify that the website is legitimate before providing any sensitive information.

#6: Disable file sharing

File sharing is a convenient way to share files between devices, but it can also be a security risk. If file sharing is enabled on your device, anyone on the same network can access your files, including sensitive information. Ensure that file sharing is disabled when using public Wi-Fi or in any other situation where you do not trust the network.

#7: Use HTTPS

HTTPS (Hypertext Transfer Protocol Secure) is a secure version of HTTP, the protocol used to transfer data between your browser and websites. HTTPS encrypts your data and ensures that the website you are accessing is legitimate. You can check if a website uses HTTPS by looking for the padlock icon in the address bar. If the website uses HTTPS, you should see a padlock icon and the website address should start with “https://” instead of “http://”.

Using HTTPS ensures that your data is encrypted and secure, making it harder for hackers to intercept your data or manipulate the website you are accessing. It is particularly important when accessing sensitive information, such as online banking or making online purchases.

Maintaining Security on Your Network

In addition to the tips provided, utilizing a secure router is also advised as it adds another layer of protection. Most routers come with their own firewall as well as configuration settings that allow you to block certain devices from accessing your network. For example, you might set a configuration rule that blocks any device [from your network] that does not exist on a trusted list you’ve created. If any new devices need to connect, a secure guest network can be used rather than your primary network. Should you be in need of a secure router, just contact the team at 5Gstore and we’ll assist you in selecting the most appropriate solution based on your Internet connection(s), usage, and other requirements.  

By 5G , , , ,

Understanding Firewalls: The Key to Network Security

In today’s digital age, network security is more important than ever. With the rise of cyber threats such as malware, phishing, and ransomware, it’s essential to have robust security measures in place to protect your organization’s data and network resources. One such measure is a firewall.

What is a firewall?

A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on a set of predefined security rules. It acts as a barrier between a trusted, internal network and an untrusted, external network, such as the internet.

Firewalls can be implemented as hardware devices, software programs, or a combination of both. They typically work by examining the data packets that are being transmitted between networks and applying predefined rules to determine whether or not the packets should be allowed through. These rules can be based on various criteria, such as the source and destination IP addresses, the type of traffic (e.g. HTTP, FTP, etc.), and specific keywords or patterns in the data.

Why is a firewall important?

One of the key benefits of using a firewall is that it helps to protect a network from unauthorized access and malicious attacks. By blocking potentially harmful traffic and limiting access to certain network resources, a firewall can prevent unauthorized users from gaining access to sensitive data or disrupting network operations.

Firewalls can also be used to enforce corporate security policies and ensure regulatory compliance. For example, a firewall can be configured to block access to websites that are known to be sources of malware or other security threats, or to limit access to certain types of data to only authorized users.

Types of firewalls

There are several types of firewalls that are commonly used, each with its own strengths and weaknesses:

  • Packet-filtering firewalls: These firewalls examine individual packets of data as they are transmitted across a network and filter them based on specific criteria. Packet-filtering firewalls are relatively simple and efficient, but they may not provide sufficient protection against more sophisticated attacks.
  • Stateful inspection firewalls: These firewalls maintain a record of the connections that are being established between different network devices and use this information to make more informed decisions about which traffic to allow or block. Stateful inspection firewalls provide a higher level of security than packet-filtering firewalls, but they may be more resource-intensive.
  • Proxy firewalls: These firewalls act as an intermediary between a client and a server, and can be configured to filter and modify network traffic as it passes through. Proxy firewalls provide a high level of control over network traffic, but they may introduce additional latency and complexity into the network.
  • Next-generation firewalls: These firewalls combine traditional firewall functionality with additional security features such as intrusion prevention, malware detection, and application control. Next-generation firewalls provide the highest level of security, but they may be more expensive and complex to implement.

Choosing the right firewall

Choosing the right type of firewall for your organization depends on several factors, including the size and complexity of your network, the types of applications and data that you need to protect, and your budget and resource constraints.

It’s also important to configure your firewall properly to ensure that it provides maximum protection against cyber threats. This includes regularly updating your firewall software and security rules, monitoring network traffic for unusual activity, and conducting regular security audits to identify and address potential vulnerabilities.

Firewalls are an essential component of any network security strategy. They help to protect against unauthorized access and malicious attacks by monitoring and controlling network traffic based on predefined security rules. By choosing the right type of firewall for your network and configuring it properly, you can help to keep your organization’s data and network resources secure.

Need help finding a firewall with cellular connectivity? Look no further than 5Gstore.com. Our team is available to assist Monday through Friday 9am to 6pm CT by phone, email, or chat!

By 5G , , ,

Tech Tip: How to Troubleshoot Your Port Forwarding Issues

Port forwarding, or port mapping as it is sometimes referred to, is a routing feature that allows users to access devices on the Internet that are behind a firewall. Ports may also require mapping to allow applications on the Internet to function properly. Configuration requires multiple steps and may fail to succeed due to certain variables. See below for just a few common issues, then head over to our Support Portal for a full checklist of troubleshooting suggestions. 

  • Can you reach the WAN IP address from a remote connection?
    • Often, this means the destination device has a publicly-routable WAN IP. Note that the connection may be NAT’d and the address seen from the Web (e.g.: whatismyip.com) may not be the address on the WAN interface of the router. This is especially common for cellular connections.
      • These specific IP address ranges (RFC 1918) are reserved specifically as non-routable addresses to be used in private networks:
        • 10.0.0.0 through 10.255.255.255
        • 172.16.0.0 through 172.32.255.255
        • 192.168.0.0 through 192.168.255.255
      • If the router receives a WAN IP address within any of these private ranges, this means that connections originating from the Internet will not be able to get past the NAT router (without port forwarding) in order to actually reach the router’s WAN interface.
      • Cellular carriers may use addresses in the RFC 6598 space.
        • The RFC 6598 address space includes addresses from 100.64.0.0/10 to 100.127.255.255
  • Rule configured incorrectly
    • Check that you have the correct port(s) as well as protocol (TCP, UDP) and the Server’s LAN IP address (i.e. the device you are forwarding ports for).
  • Don’t have all the needed ports configured
    • Sometimes multiple forwarding rules are needed for the same address. Check with the manufacturer of the server device to confirm this if needed
    • Is a single port needed or should you use a Port Range?
  • Server is not responding locally
    • Try to communicate with the Server device locally first. If this does not work, remote access will not either.
  • Port conflict
    • There is already a rule that exists or another device on the LAN using the port(s) in question. 
  • IP conflict
    • The IP address used by the Server device also belongs to another device on the LAN.
By 5G , , ,

5Gstore Now Sells & Support Digi 4G/5G Routers

5Gstore is excited to announce we are now stocking and shipping new products from award winning Digi. Digi has been a pioneer in the M2M/ IoT market for over 30 years. In this time, their products have adapted to evolving network standards, and optimized data communications around the most advanced protocols and emerging technologies. From radio frequency modems to gateways, cellular routers, and networking devices, Digi’s solutions have continually grown to serve the full breadth of applications across the IoT landscape. New products will include: EX12, EX50, IX10, and IX20. 

EX12

We’d like to highlight the EX12 Cellular extender first. This is great for users wanting a failover solution for their small network (i.e. POS systems, ATMs, Kiosks, etc). The EX12 has a built-in, carrier certified Cat4 LTE modem with redundant SIM slots. This allows for an additional failover with the same or different cellular carrier. Deployments are streamlined with installation accessories including an optional Remote Mounting Kit with a disposable battery pack for site survey, mounting bracket and a passive PoE injector for optimizing placement for the best cellular reception. If needed, a serial port for Out of Band management is also available. 

EX12

EX50

Next, for the power user, we have the EX50, complete with a 5G modem and redundant SIM slots. WiFi support is with the newest, version 6, and Ethernet ports support up to 2.5Gbps. This means users can achieve the full benefits of the cellular bandwidth over wired and wireless connections. Extended temperature range and multiple mounting solutions gives this unit the flexibility to be installed in more industrial environments. 

EX50

IX10

For a more ruggedized and compact solution, check out the IX10. This router offers low-touch and no-touch provisioning and features a Cat4 LTE modem (with redundant SIM slots) along with a RJ-45 serial port supporting both RS-232 and RS-485. Its flexible power and connectivity options make it a versatile choice for industrial, digital signage, ATMs, kiosks and other unattended retail applications that need to provide secure transactions.

IX10

IX20

Similar to the IX10, but larger and more feature packed, we have the IX20 with or without WiFi. This is available with a FirstNet ready modem and is prepared for any application. Its compact size and rugged hardware give any user a simple, yet advanced option for securing their network and providing automatic failover. The router supports advanced security (stateful firewall, MAC filtering and VPN), cellular redundancy (via Digi SureLink®) and management (SNMP, event logging, analyzer trace and QOS), facilitating use in PCI or NERC-CIP compliant applications. 

IX20

Digi Remote Manager

For all Digi products you also have access to Remote Management via Digi Remote Manager. Digi RM is a cloud-based solution that facilitates easy setup, mass configuration, maintenance and support, even for thousands of devices. Digi Remote Manager lets you evaluate, update and configure your Digi enterprise routers and gateways — and the health of your network — at scale, after deployment. Digi RM also provides secure, out-of-band management access to Digi units through serial ports and command-line interface. 

Digi Remote Manager

Digi SureLink

In addition to Digi RM, all of Digi’s cellular products support the Digi SureLink “keep-alive” function. This makes sure the connection will be there when it’s needed. A programmable inactivity timer and a pro-active link integrity function are available. Digi SureLink includes link integrity monitoring, with three test options. 

Digi SureLink

5Gstore is delighted to bring you Digi products and is excited about this new partnership. If you are interested in these products and want to learn more, please reach out to the team at 5Gstore to learn more!

By 5G , , , , , , , , , , , , , , , , , ,

Adding Firewall Rules to Secure Your Peplink

Firewalls establish a security barrier between your devices and the Internet by using rules to allow or deny access in and out of your network. 

In the case of our Peplink routers, the firewall configuration may differ from other routers, but the result is always the same. 

You may want your network locked down from any incoming connections and only allow your personal devices access out to the Internet. Or you might have devices on your network separated in different VLANs. Should you need to allow communication with one of these devices, but deny other connections, set up an Internal network rule to accomplish this. 

For more information, check out our Peplink firewall demo video on YouTube. Have questions? Just reach out to your friends at 5Gstore today!

By 5G , , , , , ,