Transcript 欧州会議の目的、アウトプットに関して

Preliminary
NS1000 V3.0
- Maintenance Features Enhancement Rev0.7 22 July., 2013
1
Table of Contents
1. Overview
2. Features
3. How to program
Appendix
2
Chapter 1
Overview
3
1. Overview
Solution
Easy to install and maintenance
Features and Benefits >>
* Features New for V3
Built in Router for easy network connection set up *
Built in Router can be used as IP Trunk access router
and VPN for easy network connection.
User Profile setting enhancement *
- Add first and last name in User Profile as same as UM
- Can set contact and E-Mail information in User Profile menu
PBX and UM part programming unification *
PBX and UM parameter unified as follow
- Synchronize extension and mailbox number automatically
- Unify PBX and UM setting for same criteria such as Holiday Table, Operator Settings and
Class of Service
Improve Easy Setup Wizard*
User can set up IP related function by wizard by entering basic information
4
Chapter 2
Features
5
2. Features
2-1 Built in Router - Function Overview Main purposes of Built in Router are
1. Provide Access router functionality
- No need to install extra Router
- No complicated setting is needed
NS1000
(+built in Router)
IPsec VPN
VPN
2. VPN functionality
- Easy configuration for remote worker
- Easy SIP Softphone integration with
Smartphone environment
Cellular NW
VPN
Internet
VPN
H.323 QSIG
Router
VPN
SIP Soft phone
Integration
ITSP
Router
Router
Note: Maximum 32 sessions of VPN
connection can be established
at same time.
SIP Trunk
NS1000
(+built in Router)
NS1000
(+built in Router)
AK is required to use Built in Router. Also other additional AK is required to VPN connection separately.
No additional hardware is required.
6
2. Features
2-1 Built in Router - Function Overview The built-in router feature has following characteristic.
 IPv4 Access router
Ethernet to WAN interface with a gigabit, it is an access router that has the ability to
connect to broadband, such as PPPoE. The router with separation Voice / DATA is an
object, but has a simple function for data communication terminals accommodated.
 Featured VPN
The router has the feature of IPsec VPN. Target connection supports connections
between routers internal connection on each sites, and the smart phone.
The connection to other vender router is out of focus.
 Function of Firewall
The router has the feature of Firewall. It has a filtering feature of an access list filtering
of IP packet level. Also features of abnormal packet filtering, such as SPI (Stateful
packet Inspection) is supported.
 Easy setup
Taking advantage of the built-in features, such as open / close TCP / UDP ports on the
WAN side has a function of setting in conjunction with the NS1000.
7
2. Features
2-1 Built in Router – Feature Specification Following table shows Built in Router specification
Category
WAN interface
Router function
VPN
Other
Item
Support
Interface
Access Mode
QOS
Support Routing Version
Mac address Clone
Static routing
Dynamic routing
Firewall
NAT,NAPT
Path through(Bridge)
Support VPN
10/100/1000BASE-T
IPoE/PPPoE/DHCPc
Priority Queuing, Bandwidth control
IPv4
YES
YES(64 entry)
No
IPv4 ACL,DOS attack
NO for NAT, YES for NAPT
IPv6/PPPoE/PPTP/IPsec
IPsec VPN(PPTP & L2TP no support)
IPsec Version
VPN tunnel number
Encryption
IPsec+L2TP/IPsec+GRE
MAX throughput
Version2
32
DES/3DES/AES
No
500Mbps(Long packet Ideal
environment)
YES (Panasonic Global Server Only)
YES
YES
YES
NO
YES(echo request/Reply/other)
NO
DDNS
DNS Proxy/relay
DHCP relay agent
MIB(related router)
VRRP
ICMP, IGMP proxy
UPnP
Remarks
(TBD)
8
2. Features
2-2 User profile setting enhancement - Function overview Duplicated Data of User Profile and UM are unified as same setting as follow.
Menu (Tab)
User Information
Items
First Name
Last name
New spec.
Set User name for both of PBX and UM
<User Info>
<UM Configuration>
<PBX Configuration>
Copy to Extension Name field
as “First Name” + “Space” + “Last Name”
Note) Due to the maximum number of digits
is 20, If the number of digits in User Profile is
over 21 digits, the data is copied with
deleting overflowed digits from last digit.
The First Name is copied to First Name field and the
Last Name is copied to Last Name field as same as
current version.
9
2. Features
2-2 User profile setting enhancement - Function overview Duplicated Data of User Profile and UM are unified as same setting as follow.
Menu (Tab)
Contact
Items
Extension PIN
Email 1-3
New spec.
Set password for mailbox at the same time
Able to select which e-mail notification service
is applied.
<User info - Contact>
<UM>
Extension PIN is copied to Mailbox Password
automatically.
Note) Should be assigned the mailbox number in Unified Message tab
before check the check box of “Automatic copy to Mailbox Password”.
10
2. Features
2-2 User profile setting enhancement - Function overview Duplicated Data of User Profile and UM are unified as same setting as follow.
Menu (Tab)
Contact
Items
Extension PIN
Email 1-3
New spec.
Set password for mailbox at the same time
Able to select which e-mail notification service
is applied.
<User info - Contact>
<UM>
Copy as below
Email1 -> Device No.1
Email2 -> Device No.2
Email3 -> Device No.3
Note)
1. Should be assigned the mailbox number in Unified Message tab before check the check box of
“Automatic copy to Mailbox Password”.
2. Activation Key (KX-NSU2xx) “Unified Messaging E-mail Notification” is required for this feature.
11
2. Features
2-3 PBX and UM part programming unification - Function Overview There was similar program items between PBX and UM configuration.
From V3.0, these settings are unified.
No.
Items
1
Integration of settings between PBX and UM configuration
2
Synchronization of database between extension number of PBX side and extension/mailbox
number of UM side
3
Automatic Fax Configurations
4
Two types of Automatic Mailbox Configuration
12
2. Features
2-3 PBX and UM part programming unification - Function Details 1. Integration of settings between PBX and UM configuration
Following settings are combined into one screen in PBX setting.
- Holiday Table
- Operator Settings
<PBX Setting>
<UM Setting>
The setting is copied to PBX side/UM side
automatically except time setting.
13
2. Features
2-3 PBX and UM part programming unification - Function Details 2. Synchronization of database between extension number of PBX side and
extension/mailbox number of UM side
 When extension number of PBX side are changed, extension number and mailbox
number (which is same as extension number) of UM side are changed automatically.
 After create the mailbox in UM configuration, the pair can be assigned to user profile.
User Profile
Extension No.
Mailbox No.
101→1001
101
101→1001
101
101→1001
101
101→1001
101
PBX Configuration
Extension No.
101→1001
UM Configuration
Extension No.
Mailbox No.
14
2. Features
2-3 PBX and UM part programming unification - Function Details 3. Automatic Fax Configurations
When Fax interface card is installed, the system is configured automatically to detect
incoming fax calls and receive faxes into General Delivery Mailbox (Message Manager
Mailbox).
UM Configuration - 5.System Parameters
- 4.Parameters - Fax Management
Automatic Transfer of Incoming Fax Call
-> Receive Fax
Mailbox Number
-> 998
Mailbox for Fax Receiving
-> 998
DISA Message - Fax Extension
-> 500
15
2. Features
2-3 PBX and UM part programming unification - Function Details 4. Two types of Automatic Mailbox Configuration
Followings are improved from Ver3.0
- User Profiles – Multiple Users
The restriction number of creating multiple users at once (current maximum
number is 500) will be removed, and users and mailboxes for all existing
extensions can be created at one time.
- UM Configuration – Auto Configuration
Mailboxes for ICDG extensions can be created by using this auto configuration.
16
2. Features
2-4 Improve Easy Set up Wizard - Function Overview Easy setup wizard is enhanced for installing IP-Trunk, SIP-Trunk and IP-Extension.
It will help installer to set up IP related setting.
When set up this data, Virtual card will be installed automatically.
This feature is allowed only for Mater Unit.
17
Chapter 3
How to program
18
3. How to program
3-1 Setting of WAN
 Connection Setting
This area is changed depend on
selecting the Connection Mode
19
3. How to program
3-1 Setting of WAN
 Network Monitor
The result is remained to Syslog file.
20
3. How to program
3-1 Setting of WAN
 Protocol Bridge
21
3. How to program
3-1 Setting of WAN
 Dynamic DNS
22
3. How to program
3-2 Setting of LAN
 IPv4
23
3. How to program
3-2 Setting of LAN
 DNS Server
24
3. How to program
3-3 Setting of Routing
 Routing
25
3. How to program
3-4 Setting of DMZ
 DMZ
26
3. How to program
3-4 Setting of MAC Address
 MAC Address
27
3. How to program
3-5 Setting of Firewall
 One Touch Security
28
3. How to program
3-5 Setting of Firewall
 Packet Filtering
29
3. How to program
3-6 Setting of VPN
 VPSS
30
3. How to program
3-6 Setting of VPN
 IPSec
31
3. How to program
3-6 Setting of VPN
 Pass Through
32
3. How to program
3-7 Setting of QoS
 QoS Setting
33
Appendix
34
Appendix - Built in Router WAN interface
Built-in router has 1-port Ethernet for a WAN port, and maintains a single IP address
1) Link control
Built-in router manages link status of LAN port and WAN port.
2) QoS control
<Priority control>
The ability to provide preferential treatment to a particular frame in WAN interface.
(Not available for LAN interface) NS1000 supports only PQ (Priority Queuing).
<Bandwidth control>
Ability to bandwidth allocation / limitation for each priority on WAN interface.
That each distributed priority based on an access list, such as ToS field, of priority control,
bandwidth control can be performed.
3) MAC address clone
The router has the feature changing MAC address of WAN interface.
35
Appendix - Built in Router WAN interface Layer3
As a communication method in WAN port has the following functions
Functions
Static IP configuration
IPoE
PPPoE
DHCP Client
-
Summary
Ability to set static IP address
Ability to get IP address dynamically by DHCP Client
feature in NS1000
Ability to get IP address dynamically by PPPoE Client
feature in NS1000
1) IPoE (IP over Ethernet)
As Layer 2 protocol that can be sent and received at the WAN interface, the router supports an
Ethernet, to communicate to encapsulate the IP packet in Ethernet frame. As a method of
controlling the address of IpoE at WAN interface, the router has static IP configuration and DHCP
client function.
<Static IP configuration>
Ability to set static IP address at WAN interface.
The router has the feature changing MAC address of WAN interface.
<DHCP Client>
The router gets an IP address dynamically from DHCP server by the DHCP client function to set at
WAN interface.
2) PPPoE client
The router builds a relationship of PPP (Point-to-Point Protocol) on internet and gets an IP
address dynamically from PPPoE server by PPPoE client function.
36
Appendix - Built in Router WAN interface Layer3
3) Pass through (Bridge)
The router can work as a bridge to protocols with following ether type.
- IPv6(0x86dd)
- PPPoE(0x8863,0x8864)
Ability to select Enable /Disable for Pass through to each type.
<IPv6 Pass through>
Ability to bridge IPv6 frame to WAN through LAN or LAN through WAN
<PPPoE Pass through>
Ability to bridge PPPoE frame to WAN through LAN or LAN through WAN.
4) Dynamic DNS
Ability to notify the IP address gotten dynamically to DNS server and update the DNS record for
each connection. At last the router can be connected by a unique host name even if a new IP
address is assigned to every connection / disconnection to the network.
37
Appendix - Built in Router LAN interface
NS1000 maintains an address at LAN interface and has following feature for it.
- Static IP configuration
And it has following features as network functions.
- DHCP server feature
- DHCP Relay agent feature
- DNS server (DNS Relay) feature
1) Static IP configuration
A single IP address can be assigned as static IP address for LAN interface
2) DHCP Relay agent
With the ability to receive on behalf of request from DHCP client that is broadcast on the network,
and then forwarded to the DHCP server on another network.
3) DNS server (DNS Relay)
The router relays the correspondence of the domain name and IP address to Content server or
DNS server.
38
Appendix - Built in Router Basic Network Feature
1) TCP/IP
The router supports the following RFC for IPv4
RFC
RFC791
RFC792
RFC1122
RFC1812
Content
Internet Protocol
Internet Control Message Protocol
Requirements for Internet Hosts - Communications Layer
Requirements for IP Version 4 Routers
It also supports TCP / UDP as the upper layer protocol.
TCP / UDP support the following RFC
RFC
RFC793
RFC3168
RFC768
Content
Transmission Control Protocol
The Addition of Explicit Congestion Notification (ECN) to IP
User Datagram Protocol
2) ARP
The router supports ARP, and resolves address from Layer3 to Layer2.
ARP supports the following RFC
RFC
RFC826
Content
An Ethernet address Resolution Protocol
* RARP is not supported.
39
Appendix - Built in Router Basic Network Feature
3) Gratuitous ARP
The router supports the Gratuitous ARP, it is sent when starting NS1000 or changing IP address.
4) ICMP
The router supports ICMP.
The following RFC are supported.
RFC
RFC792
RFC1122
RFC1812
RFC950
RFC1256
Content
Internet Control Messege Protocol
Requirements for Internet Hosts
- Communications Layer
Requirements for IP Version 4 Routers
Internet Standard Subnetting Procedure
ICMP Router Discovery Messages
Remarks
Address Mask
Router dvertisement
5) IGMP
The router supports protocol for controlling a group of hosts that are configured to receive the
delivery with IP multicast. It supports IGMPv2 and IGMPv3.
IGMP supports the following RFC.
RFC
RFC2236(RFC1112)
RFC3376
Content
Internet Group Management Protocol, Version 2
Internet Group Management Protocol, Version 3
6) MSS Clamp
The router has the ability to automatically optimize the value (Maximum Segment Size) MSS of the
TCP packet.
40
Appendix - Built in Router Routing
The router supports IPv4 routing between WAN I/F - LAN I/F.
The basic specifications for operating as a router are subject to the RFC below.
RFC
RFC1812
Content
Requirements for IP Version 4 Routers
1) Static routing
The router supports Static routing.
Route information can be manually set for Static routing, and the routing table entry supports 64.
2) Dynamic routing
Dynamic routing is not supported.
41
Appendix - Built in Router Firewall
The router has the ability to monitor the data flowing between WAN and LAN and detect / shut off
unauthorized access. In addition, it is possible to detect as well as DoS attacks and unauthorized
access to this system, make the appropriate defense, to operate more safely.
The router supports the following two Firewall features roughly.
Feature
IPv4 Packet filtering
One touch security
Summary
The ability to set the IPv4 packet filter rule manually
The ability to set protect features, such as anti-Dos attack and
anti-scan, by one-touch
1) IPv4 Packet filtering
The router has a function of filtering IP data packet addressed to the own device and the user IP
data.
In the packet to perform IP routing, this filtering of target, must also be encapsulated data flows
inside the tunnel, such as I Psec.
The target in this function is the packet to perform IP routing, and the data encapsulated inside the
tunnel flows, such as IPsec, is also included.
42
Appendix - Built in Router Firewall
2) One touch security
The router has the following features, and user can set Enable/Disable for them.
In addition, Log for following features can be collected, and user can set Enable/Disable for them.
Features
SPI
Dos protection
Restrict both way of access by private
IP address access
ICMP Echo Reply
Windows Shared Filter
Ability
Enable/Disable
Enable/Disable
Collect Log
Enable/Disable
Enable/Disable
Enable/Disable
Enable/Disable
Enable/Disable
Enable/Disable
Enable/Disable
Enable/Disable
43
Appendix - Built in Router NAT/NAPT
The router supports Dynamic NAPT (IP masquerade) and Static NAPT (Port mapping /Static IP
masquerade). And Static NAT and Dynamic NAT are not supported.
In NAPT, TCP / UDP port number can be changed in addition to the IP address.
1) Dynamic NAPT (IP masquerade/PAT)
IP address of local network (LAN) is changed to IP address of Internet (WAN) with mapping
as n:1 dynamically.
2) Static NAPT (Static IP masquerade)
The router supports Static NAPT (Static IP masquerade).
Received data from specified port can be transferred to specified IP address and port.
3) Simplified DMZ (DeMilitarized Zone)
Since the router does not have interface for DMZ, it supports simplified DMZ which can specify
the Client as a simple DMZ to allow access from the outside at all protocol.
4) Pass through
Static NAPT Settings prepared as pass through feature. With decide the combination of terminal
and the local network port number, and No conversion of ports at both transmits and receive to
the corresponding packet, the router realizes to ease of configuration by GUI.
The pass through feature is applied to the protocol shown in the table below
Application
IPsec
PPTP
Protocol number
50 : ESP
47 : GRE
Port number
UDP/500 : ISAKMP
TCP/1723 : PPTP
44
Appendix - Built in Router VPN
NS1000 can be combined as a single system NS1000 placed in different locations
by VPN. IPsec is used as Method of VPN to connect between NS1000s.
Ability to build a VPN for up to a maximum of 16 sites
Have a feature of ease to setup for connecting between NS1000s
Provide cooperation with Smartphone application, which is planed by PSN, to connect to
Smartphone.
Connected device
NS1000
Smartphone
Android(4.0) (TBD)
IOS(iPhone) (6.0)
Other vender VPN
router
Ability of number for VPN
Max.16 sites（15VPN）
Remarks
Support easeof setup
Ma. 16 terminals（16VPN）
Provide smartphone application for
ease of setup
N/A
N/A
45
Appendix - Built in Router VPN
1) IPsec
IPsec is a protocol to ensure the security of data flowing over IP network.
The router supports IPsec version2.
2) Mode
The router supports 2modes of "Tunnel mode" and "Transport mode".
- Transport mode
This mode is used for IPsec between target devices or between target device and NS1000.
- Tunnel mode
This mode is used for IPsec in the case of connection between NS1000s
3) Security Protocol
The router supports AH and ESP as communication protocol.
4) Ease of setup
The router provides initial configuration and GUI for ease of setup
Installer can setup with minimized program item, such as facing IP address and
shared security key.
5) Easy setup application for Smartphone
Application to set VPN for Smartphone is provided. Supported OS are Android 4.0 and iOS 6.0. (TBD)
6) UPnP
UPnP (Universal Plug and Play) is not supported.
7) IPv6
The router does not support IPv6 router function. But it supports Bridge (Pass through) for IPv6
packets, so that it is possible to communicate between IPv6 devices.
46
END
47
Modification
20130718-01 4 NS1000 V3.0 Maintenance Feature Enhancement_Rev0.5_18July2013.pptx
- Pre-release
48