GCC601X(W) Networking - User Manual

OVERVIEW

Overview Page

The overview page provides an overall view of the GCC601X(W)’s information presented in a Dashboard style for easy monitoring. Please refer to the figure and table below:

• Under Network Traffic and APP Traffic Statistics, the users can hover the mouse cursor over the graphs to display more details.
• Under Network Connection, the users can click on the “Zoom icon” to display a virtual GCC device with live LED indicators.

Overview page

Port Info

The Port Info page displays an overview of all ports status including the USB Port, Gigabits ports, and SFP ports, indicating the links up with a green color and links down with a grey color, furthermore, the user can click on the port icon to get more info about the select link, refer to the figure below:

Navigate to Overview → Port Info:

NETWORK SETTINGS

Port Configuration

To access port configuration, please access the user interface of the GCC601X(W) and then navigate to Network Settings → Port Configuration.

• Port Status

On the top, you can find the status of all the ports.

• Purple color: port speed is 2.5Gbps (works only with SFP ports and 2.5Gbps SFP module).
• Green color: port speed is 1Gbps.
• Light green color: port speed is 100Mbps/10Mbps.
• Grey color: link down.
• White color: port disabled.
• Internet icon: port connected to the internet (for WAN ports).

• Port Configuration

Port configuration page allows the user to configure the settings related to all the ports; this includes the gigabit Ethernet ports as well as the SFP ports. The settings that can be edited include flow control, speed and duplex mode.

Port configuration – part 2

• PoE Configuration

The user can also control the power limit on each PoE port of the GCC601X(W).

Port configuration – PoE configuration

WAN

The WAN ports can be connected to a DSL modem or a router. WAN port support also sets up static IPv4/IPv6 addresses and configures PPPoE.

On this page, the user can modify the setting for each WAN port and also can delete or even add another WAN, Adding a WAN port will reduce the LAN ports number. In the case where there is more than one WAN port, load balancing or backup (Failover) can be configured between multiple WAN ports.

Click on to add another WAN port or click on the “edit icon” to edit the previously created ones.

Please refer to the following table for network configuration parameters on the WAN port.

WAN Settings

LAN

To access the LAN configuration page, log in to the GCC601x(w) WebGUI and go to Network Settings → LAN. VLAN configuration such as adding VLANs or setting up a VLAN port can be found here on this page, as well as the ability to add Static IP Bindings, local DNS Records, and Bonjour Gateway.

VLAN

GCC601X(W) integrates VLAN to enhance security and add more functionalities and features. VLAN tags can be used with SSIDs to separate them from the rest, also the user can allow these VLANs only on specific LANs for more control and isolation and they can be used as well with policy routing.

• Add or Edit VLAN

To add or edit a VLAN, Navigate to Network Settings → LAN. Click on “Add” button or click on “Edit” icon.

Add/edit VLAN

PBX VLAN

PBX VLAN is a specific VLAN configured on a network to support a PBX system (SIP Trunking). It’s a dedicated VLAN used exclusively for the traffic associated with the PBX, separating it from other network traffic for security, performance, and management purposes. This segregation helps ensure that voice traffic from the PBX receives the necessary quality of service (QoS), minimizing potential interference or congestion from other network activities. Additionally, it can enhance security by isolating PBX traffic from other network traffic, reducing the risk of unauthorized access or eavesdropping.

This feature is very helpful in the case where ITSPs/ISPs provide Internet and SIP trunking services on the same network.

To add a PBX VLAN, navigate to Networking module → Networking Settings → LAN page → PBX VLAN tab. Click on “Add” button to add a PBX VLAN.

Specify a VLAN, name and then select the port as shown below:

VLAN Port Settings

The user can use LAN ports to allow only specific VLANs on each LAN port and in case there are more than one VLAN then there is an option to choose one VLAN as the default VLAN ID (PVID or Port VLAN Identifier). Click on to edit the VLAN Port Settings or click on to delete that configuration and bring back the default settings which is by default VLAN 1.

Allowed VLANs	Choose the VLANS to be allowed on this port.
PVID	Select the Port VLAN Identifier or the default VLAN ID

Static IP Binding

The user can set IP static binding to devices in which the IP address will be bound to the MAC address. Any traffic that is received by the router that does not have the corresponding IP address and MAC address combination will not be forwarded.

To configure Static IP Binding, please navigate to Network Settings → LAN → Static IP Binding, refer to the figure and table below:

Static IP Binding

Local DNS Records

Local DNS Records is a feature that allows the user to a DNS records into the GCC601X(W) which can be used to map the domain name to an IP address. This feature can be used when the user needs to access a specific server using a domain name instead of an IP address when they do not want to include the entry in public DNS servers. To add a local DNS record, please navigate to Network Settings → LAN → Local DNS Records, then click “Add“

• Enter the domain name in “Domain“
• Then, enter the IP address to which the domain name will be mapped to.
• Toggle on the “Status” for the mapping to take effect.

Bonjour Gateway

The Bonjour service is a zero-configuration network that enables the automatic discovery of devices and services on a local network. For example: it can be used on a local network to share printers with Windows® and Apple® devices.

Once enabled, Bonjour services (such as Samba) can be provided to Bonjour supporting clients under multiple VLANs. Once enabled, configure the services of the VLANs and proxies that need to intercommunicate.

To start using Bonjour Gateway, Toggle ON or OFF the service first, then select the VLAN and the services as shown below:

IGMP

When IGMP Proxy is enabled, the GWN router can issue IGMP messages on behalf of the clients behind it, then the GCC601X(W) will be able to access any multicast group.

To start using IGMP Proxy:

1. Toggle ON IGMP Proxy first.
2. Select the WAN interface to be used from the drop-down list (Note: IGMP proxy cannot be enabled on a WAN port with bridge mode enabled)
3. Select the version, be default is Auto.

The user can also enable IGMP Snooping. Once enabled, multicast traffic will be forwarded to the port belonging to the multicast group member. This configuration will be applied to all LAN ports.

On the IGMP Multicast Group Table, all the active multicast groups will be displayed here.

Network Acceleration

Network acceleration allows the GCC601X(W) to transfer data at a higher rate when Hardware acceleration is enabled. This ensures a high performance.

• Hardware Acceleration: All the network traffic will use dedicated hardware acceleration. Once enabled, QoS, rate limit, traffic statistic will not take effect.
• Firewall Acceleration: Only IDS/IPS and app traffic authorize by the firewall will use dedicated hardware acceleration. Once enabled, QoS rate limit will not take effect.

VPN

VPN stands for “Virtual Private Network” and it encrypts data in real-time to establish a protected network connection when using public networks.

VPN allows the GCC601X(W) to be connected to a remote VPN server using PPTP, IPSec, L2TP, OpenVPN®, and WireGuard® protocols, or configure an OpenVPN® server and generate certificates and keys for clients.

GCC601X(W) supports the following VPN functions:

• PPTP: Client and server
• IPSec: Site-to-site and client-to-site (Beta)
• OpenVPN®: Client and server
• L2TP: Client
• WireGuard®: Server

VPN page can be accessed from the GCC601X(W) Web GUI → VPN.

PPTP

A data-link layer protocol for wide area networks (WANs) based on the Point-to-Point Protocol (PPP) and developed by Microsoft enables network traffic to be encapsulated and routed over an unsecured public network such as the Internet. Point-to-Point Tunneling Protocol (PPTP) allows the creation of virtual private networks (VPNs), which tunnel TCP/IP traffic through the Internet.

PPTP Clients

To configure the PPTP client on the GCC601X(W), navigate under VPN → PPTP → PPTP Clients and set the following:

1. Click on “Add” button.

The following window will pop up.

PPTP Client Configuration

PPTP Servers

To add a PPTP Server, please navigate to Web UI → VPN → PPTP page → PPTP Servers tab, then click the “Add” button.

PPTP Server

• Create the remote user credentials:

To create the remote user account which will be required to be entered on the client side and and authenticated on the server side, please refer to the Remote Users section.

To view the clients connected to this server, click on the “Client List” icon as shown below:

IPSec

IPSec or Internet Protocol Security is mainly used to authenticate and encrypt packets of data sent over the network layer. To accomplish this, they use two security protocols – ESP (Encapsulation Security Payload) and AH (Authentication Header), the former provides both authentications as well as encryption whereas the latter provides only authentication for the data packets. Since both authentication and encryption are equally desirable, most of the implementations use ESP.

IPSec supports two different encryption modes, they are Tunnel (default) and Transport mode. Tunnel mode is used to encrypt both payloads as well as the header of an IP packet, which is considered to be more secure. Transport mode is used to encrypt only the payload of an IP packet, which is generally used in gateway or host implementations.

IPSec also involves IKE (Internet Key Exchange) protocol which is used to set up the Security Associations (SA). A Security Association establishes a set of shared security parameters between two network entities to provide secure network layer communication. These security parameters may include the cryptographic algorithm and mode, traffic encryption key, and parameters for the network data to be sent over the connection. Currently, there are two IKE versions available – IKEv1 and IKEv2. IKE works in two phases:

Phase 1: ISAKMP operations will be performed after a secure channel is established between two network entities.

Phase 2: Security Associations will be negotiated between two network entities.

IKE operates in three modes for exchanging key information and establishing security associations – Main, Aggressive, and Quick mode.

• Main mode: is used to establish phase 1 during the key exchange. It uses three two-way exchanges between the initiator and the receiver. In the first exchange, algorithms and hashes are exchanged. In the second exchange, shared keys are generated using the Diffie-Hellman exchange. In the last exchange, verification of each other’s identities takes place.

• Aggressive mode: provides the same service as the main mode, but it uses two exchanges instead of three. It does not provide identity protection, which makes it vulnerable to hackers. The main mode is more secure than this.

• Quick mode: After establishing a secure channel using either the main mode or aggressive mode, the quick mode can be used to negotiate general IPsec security services and generate newly keyed material. They are always encrypted under the secure channel and use the hash payload that is used to authenticate the rest of the packet.

IPSec Site-to-Site

To build an IPSec secure tunnel between two sites located in two distant geographical locations, we can use the sample scenario below:

The branch office router needs to connect to the Headquarters office via an IPSec tunnel, on each side we have a GCC601X(W). Users can configure the two devices as follows:

The branch office router runs a LAN subnet 192.168.1.0/24 and the HQ router runs a LAN subnet 192.168.3.0, the public IP of the branch office router is 1.1.1.1 and the IP of the HQ router is 2.2.2.2.

Go under VPN → IPSec → Site-to-Site then click on to add a VPN Client.

○ Phase 1

○ Phase 2

After this is done, press “Save” and do the same for the HQ Router. The two routers will build the tunnel and the necessary routing information to route traffic through the tunnel back and from the branch office to the HQ network.

• Create the remote user credentials:

To create the remote user account which will be required to be entered on the client side and and authenticated on the server side, please refer to the Remote Users section.

IPSec Client-to-Site

Go under VPN → IPSec → Client-to-Site then fill in the following information:

OpenVPN®

OpenVPN® Client

There are two ways to use the GCC601X(W) as an OpenVPN® client:

1. Upload client certificate created from an OpenVPN® server to the GCC601X(W).

2. Create client/server certificates on the GCC601X(W) and upload the server certificate to the OpenVPN® server.

Go to VPN → OpenVPN® → OpenVPN® Clients and follow the steps below:

Click on button. The following window will pop up.

Clickafter completing all the fields.

OpenVPN® Client

OpenVPN® Server

To use the GCC601X(W) as an OpenVPN® server, you will need to start creating OpenVPN® certificates and remote users.

To create a new VPN server, navigate under Web UI → VPN → OpenVPN® page → OpenVPN® Servers tab.

Clickafter completing all the fields.

Refer to the table below:

Create OpenVPN® Server

• Create the remote user credentials:

To create the remote user account which will be required to be entered on the client side and and authenticated on the server side, please refer to the Remote Users section.

L2TP

To configure the L2TP client on the GCC601X(W) router, navigate under “VPN → VPN Clients” and set the followings:

1. Click on “Add” button and the following window will pop up.

L2TP Client Configuration

Click on “Save” button after completing all the fields.

WireGuard®

WireGuard® is a free and open-source VPN solution that encrypts virtual private networks, easy to use, high performance, and secure. GCC601X(W) series supports WireGuard® VPN with automatic peer generation and QR code scanning for mobile phones and devices with camera support.

To start using WireGuard® VPN, please navigate to the Web UI → VPN → WireGuard® page. Click on the “Add” button to add a WireGuard® server as shown below:

Please refer to the figure and table below when filling up the fields.

Add/Edit WireGuard®

Once finished configuring WireGuard®, click on the “Automatic peer generation” icon to generate peers very quickly and easily as shown in the figures below:

Enter a name and toggle status ON then click on the “Save” button.

Now, the user can either download the configuration file and share it, or download a QR code for devices like mobile phones to scan.

Peers

On the peers’ tab, the user can create peers manually by clicking on the “Add” button.

Please refer to the figure below when filling up the fields.

The user can download the config file after adding the peer.

Or scanning the QR code for devices with camera support.

Remote Users

To create the VPN user accounts, please navigate to VPN → Remote Users then click “Add”. The account configured will be used for the client to authenticate into the VPN server. The remote client user that can be created in this section is for PPTP, IPSec, and OpenVPN.

Add VPN Remote Users

To authenticate a remote user into the VPN server successfully, the username and password are used alongside the client certificate. To create a client certificate please refer to the Certificates section.

To configure the VPN clients for each VPN server type, please refer to the respective VPN client configuration above.

ROUTING

Policy Routes

In this section, the user can create a policy route to either load balance or backup (Failover) between 2 or more WAN ports. This feature allows a network administrator to make advanced routing decisions for traffic passing through the router and for high granularity control over policies that dictate what WAN port and even VLAN, traffic should use. Traffic controlled this way can be balanced across multiple VLANs.

Load Balance Pool

To create a load balance rule, navigate to the Routing → Policy Routes page → Load Balance Pool tab, click on the “Add” button, then select the mode (Load Balance or Backup), after selecting the WAN ports from the drop-down list and specify the Weight for each port added. Please refer to the figures below:

Policy Route

On the second tab (Policy Routes), the user can specify which Networks (VLAN) can use which Load Balance rule (must be created first), also the user can specify the protocol type, source, and destination IP and even assign a schedule for it.

To create a Policy Route, please navigate to Routing → Policy Routes page → Policy Routes tab, then click on the “Add” button as shown below:

Static Routes

Static routing is a form of routing by manually configuring the routing entries, rather than using dynamic routing traffic for any service that requires a static address that never changes.

GCC601X(W) supports setting manually IPv4 or IPv6 Static Routes which can be accessed from GCC601X(W)WebGUI Routing → Static Routing.

To add a new Static Route, the user needs to click on .

Add IPv4 Static Routing

TRAFFIC MANAGEMENT

Traffic Statistics

When traffic statistics are enabled, the GCC601X(W) will start identifying the traffic and generating statistics. The statistics will be represented graphically as shown in the screenshot below. The feature displays the name and the type of the service generating the traffic to easily identify which services are being used and which clients are using them.

To enable traffic statistics, navigate to the Traffic Management → Traffic Statistics page, on the top right corner, click on “Traffic Statistics Settings” as shown in the figure above, then toggle ON “Traffic Statistics“.

The users have also the option to enable AI Recognition, when enabled, AI deep learning algorithms will be used to optimize the accuracy and reliability of application classification, which may consume more CPU and memory resources.

QoS

Quality of Service (QoS) is a feature that allows the prioritization of the latency-sensitive traffic exchanged between the WAN and the LAN hosts. This will offer more control over the usage of a limited bandwidth and ensure that all application services are not affected by the amount of traffic exchanged.

General Settings

On this page, the user will be able to allocate a percentage of the download and the upload bandwidth to 4 classes. These classes can be assigned to applications to determine which application traffic will be prioritized, this includes the inbound and the outbound traffic. Also, it’s possible to tag outbound traffic with DSCP tags for each class.

To set Upload/Download bandwidth percentage for each class, click on the edit button .

Edit Bandwidth limit

Click on bandwidth statistics icon to get a general overview of the upload/download bandwidth status.

APP Class

GCC601X(W) can prioritize the traffic of applications by category or individually. The priority level can be set in 4 classes, class 1 having the highest priority and class 4 having the lowest priority. To access APP Class settings, please access the web GUI of the router then navigate to Traffic Management → QoS → APP Class.

• Application Priority

Under Application Priority, the users can select a category then specify the priority (Highest, High, Medium, low or none), please check the figure below:

It’s also possible to select many categories and then click on “Batch Settings” to apply QoS Priority on all of them at once.

• Override the Application Priority

The previous option (Application Priority) applies the priority on the whole category, if the users want to make an exception or add a specific application, under “Override the Application Priority“, click on “Add” button as shown below:

Then, select the specific applications even from different categories, after that select the QoS priority from the drop-down list. This will override the Application Priority applied on the whole category.

Class Rules

QoS class rules are rules that set the QoS based on source and/or destination IP addresses, and source and destination ports.

QoS – Add Class Rules

VoIP Settings

VoIP Settings in QoS allow the user to identify and prioritize the VoIP traffic that is forwarded by the GCC601X(W). To configure this option, please access the web UI of the GCC601X(W) and navigate to Traffic Management → QoS → VoIP Settings, then toggle on the “VoIP Prioritization”, which specifies the SIP UDP port, by default the port number is 5060.

Bandwidth Limit

The Bandwidth limit feature helps to limit bandwidth by specifying the maximum upload and download limit, then this limit can be applied to each IP/MAC address or applied to all IP addresses in the IP address range. Navigate to Web UI → Traffic Management → Bandwidth Limit.

To add a bandwidth rule, please click on the “Add” button or click on the “Edit” icon as shown above.

Please refer to the figure below:

Intelligent Speed Limit

When intelligent speed limit is enabled, it automatically limits the speed of download or upload traffic when the CPU load is high.

To enable Intelligent speed limit, navigate to Traffic Management → Intelligent Speed Limit, then toggle ON the feature.

ACCESS CONTROL

SafeSearch

The GCC601X(W) offers a SafeSearch feature on Bing, Google, and YouTube. Enabling this option will hide any inappropriate or explicit search results from being displayed.

EXTERNAL ACCESS

By default, all the requests initiated from the WAN side are rejected by the GCC601X(W) external access features allow hosts located on the WAN side to access the services hosted on the LAN side of the GCC601X(W).

DDNS

1. Access to GCC601X(W) web GUI, navigate to External Access → DDNS, and click to Add Service.

2. Fill in the domain name created with the DDNS provider under the Service Provider field.

3. Enter your account username and password under the User Name and Password fields.

4. Specify the Domain to which the DDNS Account is applied under Domain.

DDNS Page

Port Forwarding

Port forwarding allows forwarding requests initiated from the WAN side of the GCC601X(W) to a LAN host. This is done by configuring either the port only or the port and the IP address in case we want to restrict access over that specific port to one IP address. Once the GCC601X(W) receives the request on the IP address, the GCC601X(W) will verify the port on which the request has been initiated and will forward the request to the host IP address and the port of the host which is configured as the destination.

Port forwarding can be used in the case when a host on the WAN side wants to access a server on the LAN side.

Navigate to External Access  → Port Forward:

Refer to the following table for the Port Forwarding option when editing or creating a port forwarding rule:

Port Forwarding page

DMZ

Configuring the DMZ, the GCC601X(W) will allow all external access requests to the DMZ host. This is

This section can be accessed from Web GUI → External Access  → DMZ.
GCC601X(W) supports DMZ, where it is possible to specify a Hostname IP Address to be put on the DMZ.

Enabling the DMZ host function, the computer set as the DMZ host can be completely exposed to the Internet, realizing two-way unrestricted communication.

Refer to the below table for DMZ fields:

DMZ Page

UPnP

GCC601X(W) supports UPnP that enables programs running on a host to configure automatically port forwarding.

UPnP allows a program to make the GCC601X(W) open necessary ports, without any intervention from the user, without making any check.

UPnP settings can be accessed from GCC601X(W) Web GUI → External Access → UPnP.

UPnP Settings

When UPnP is enabled, the ports will be shown in the section below. The information shown includes the application name, IP address of the LAN host that has requested the opening of the port, the external port number, the internet port number, and the transport protocol used (UDP or TCP).

TURN Service

TURN stands for Traversal Using Relays around NAT and it’s a network service that helps establish peer-to-peer connections between devices that are behind a NAT or Firewall. Real-time communication like video conferencing, Voice over IP, etc benefit from TURN service to establish connections between peers when the NAT or the Firewall blocks or modifies the traffic.

Navigate to Web UI → External Access → TURN Service. The service is OFF by default, toggle Status ON to turn on the service. The default TURN Server Port is 3478, also it’s possible to add or remove a username and password by clicking on “minus” and “Plus” icons.

MAINTENANCE

GCC601X(W) offers multiple tools and options for maintenance and debugging to help further troubleshooting and monitoring the GCC601X(W) resources.

TR-069

It is a protocol for communication between CPE (Customer Premise Equipment) and an ACS (Auto Configuration Server) that provides secure auto-configuration as well as other CPE management functions within a common framework.

TR-069 stands for a “Technical Report” defined by the Broadband Forum that specifies the CWMP “CPE WAN Management Protocol”. It commonly uses HTTP or HTTPS as transport for communication between CPE and the ACS. The message exchange uses SOAP (XML_RPC) for the configuration and management of the device.

TR-069 page

SNMP

GCC601X(W) supports SNMP (Simple Network Management Protocol) which is widely used in network management for network monitoring for collecting information about monitored devices.

To configure SNMP settings, go to Web GUI → Maintenance → SNMP, in this page, the user can either enable SNMPv1, SNMPv2c, or enable SNMPv3, and enter all the necessary parameters.

To configure SNMPv1 or SNMPv2, please refer to the table below:

SNMP – SNMPv1 or SNMPv2

To configure SNMPv3, please refer to the table below:

SNMP – SNMPv3

System Diagnostics

Many debugging tools are available on GCC601X(W)’s Web GUI to check the status and troubleshoot GCC601X(W)’s services and networks.

To access these tools navigate to “Web UI → System Settings → System Diagnosis“

Ping/Traceroute

Ping and Traceroute are useful debugging tools to verify reachability with other clients across the network (WAN or LAN). The GCC601X(W) offers both Ping and Traceroute tools for IPv4 and IPv6 protocols.

Core File

When a crash event happens on the unit, it will automatically generate a core dump file that can be used by the engineering team for debugging purposes.

Capture

This section is used to capture packet traces from the GCC601X(W) interfaces (WAN ports and network groups) for troubleshooting purposes or monitoring. It’s even possible to capture based on MAC address or IP Address, once done the user can click on and the file (CAP) will start downloading right away.

External Syslog

GCC601X(W) supports dumping the Syslog information to a remote server under Web GUI → System Settings → System Diagnosis → External Syslog Tab

Enter the Syslog server Hostname or IP address and select the level for the Syslog information. Nine levels of Syslog are available: None, Emergency, Alert, Critical, Error, Warning, Notice, Information, and Debug.

ARP Cache Table

GCC601X(W) keeps an ARP table record of all the devices that have been assigned an IP address from the GCC601X(W). The record will keep the device’s information when the device is offline. To access the ARP Cache Table, please navigate to System Diagnostics → ARP Cache Table.

Link Tracing Table

The Link Tracing Table shows the flow of traffic by displaying the source IP address/Port (the green color) and the reply IP address/port (the blue color), also other information can be displayed like IP Family, Protocol Type, Life Time, Status, Packets/Bytes, etc.

Users/Administrators can also delete the flow of certain IP addresses/Ports (Source and Destination) or then click on the “Delete” button to clear the link tracing statistic.

Network Diagnostics

The Network Diagnostics feature allows the user to quickly diagnose the connection link on a specific WAN interface.

PoE Diagnostics

The PoE Diagnostics page offers insight about the ports and their components as well as the power used and the temperature. The information provided can be useful when the user encounters an issue with the PoE function of the GCC601X(W).

Cloud/Manager Connection Diagnostics

When the GCC601x(W) device is added to GWN.Cloud or GWN Manager, users can check the connection status (connected or not) and even diagnose the problem.

Alerts & Notifications

Alerts

The Alerts page displays alerts about the network, the user can specify to display only certain types like (System, Performance, Security, or Network) or the levels. To check the alerts that have been generated, please navigate to Maintenance → Alerts & Notifications page → Alerts tab.

The alerts can be displayed either by type or level. However, that is not the only way to display them. The user can filter through the alert log using a date interval or search by MAC address or device name.

Alerts Types

The available types are System, Performance, Security, and Network, or the user can choose to display all the types.

Alerts Levels

The user can filter the alert level by the following levels: All Levels, Emergency, Warning or Notice.

Alert Notification Settings

To enable the notifications on the Alerts tab, please click on the “Alert Notification Settings” button as shown below:

The figures below show all the possible alert notifications that the user can enable on the Alerts tab, organized into 4 categories: System Alert, Performance Alert, and Network Alert.

Please refer to the figures below:

E-mail Notifications

On this tab, the user can set up the E-mails that will receive the notifications, once the feature is enabled, then the user can fill up the fields according to SMTP parameters. Refer to the figure below:

It’s possible to add more than one receiver E-mail address as shown in the figure above.

• Click on the “Minus” icon to delete the receiver’s E-mail address.
• Click on the “Plus” icon to add the receiver’s E-mail address.

E-mail Notification Settings

To select what notifications will be sent to the receiver’s E-mail addresses, please click on the “E-mail Notification Settings” button as shown below:

The figures below show all the possible E-mail notifications that the user can send to the pre-configured receiver E-mail Addresses, organized into 4 categories:

• System
• Performance
• Network

SYSTEM SETTINGS

Certificates

CA Certificates

In this section, the user can create a CA certificate. This certificate will authenticate the user when connected to the VPN server created on the device. This authentication will ensure that no identity is being usurped and that the data exchanged remains confidential. To create a certificate, please access the web GUI of the router and access System Settings → Certificates → CA Certificates then click “Add” and fill in the necessary information.

Add CA Certificate

Certificate

In this section, the user can create a server or a client certificate. To create a certificate please access the web UI of the device, then navigate to System Settings → Certificates → Add Certificate, click “Add“, then enter the necessary information regarding the certificate.

Add Certificate

Certificates Backup and Restore

To back up the created certificates, first select all the desired certificates, then click on the “Backup” button and enter a password to protect it as shown below:

To restore a certificate, click on the “Restore” button, then upload the file and enter the password.

File Sharing

The GCC601X(W) devices have a USB port that can be used for file sharing, either using a USB flash drive or a Hard Drive, enabling clients with Windows, Mac, or Linux to access files easily on the local network. There is also an option to enable a password for security reasons.

Navigate to System Settings → File Sharing.

RADIUS

RADIUS is a distributed, client /server information exchange protocol that can protect the network from unauthorized access. It is often used in various network environments that require high security and allow remote users to access it. This protocol defines the UDP-based RADIUS packet format and its transmission mechanism and specifies destination UDP ports 1812 and 1813 as the default authentication and accounting port numbers, respectively.

Radius provides access services through authentication and authorization and collects and records the use of network resources by users through accounting. The main features of RADIUS protocol are client/server mode, secure message exchange mechanism, and good expansibility.

To add a RADIUS to the GCC Networking module, navigate to Networking → System Settings → RADIUS, then click on the “Add” button to add a new RADIUS.

Add RADIUS