Titan – Configuration: Firewall

Section to configure the security aspects of the router.

Firewall: NAT

This section will outline from where we can map ports to access, from external devices, internal devices that are connected to the router. For example, if there is an IP camera connected to the MTX-Router-Titan-3G‘s Ethernet port and we wish to have access from an outside computer, we should configure this section appropriately. We can create up to 10 rules.

  • Service name: name to describe the mapping rule
  • Protocol: indicates the protocol for port mapping. TCP, UDP or both
  • Input port: indicates the “listening” port for the MTX-Router-Titan-3G device
  • Output port: indicates the “listening” port of the device that is connected to the MTX-Router-Titan-3G which we wish to control externally; i.e. the data received in the router’s “input port” are redirected to the internal “output port”
  • Server IP address: IP address of the device to be controlled externally (for example, the camera’s IP address)

ADDITIONAL NOTES

  • Once the configuration is finished, click “SAVE CONFIG” to save the changes. Remember that the router should be restarted for the changes to take effect.
  • Also remember that to create a NAT correctly:

Firewall: Authorized IPs

This screen allows we to define, if we wish to, up to three authorized IP addresses to create WAN connections (using a 3G interface) in the different router services. For example, if we specify as an authorized IP address 90.166.108.200 (the office IP address), it will only be possible to access certain services from this IP address.

  • Authorized IP1: frst authorized IP address
  • Authorized IP2: second authorized IP address
  • Authorized IP3: third authorized IP address
  • Router configuration: specifies if remote connections to the web configuration environment of the 485 router will be from any IP address or only from those that have been authorized
  • Serial gateways: specifies if remote connections to 3G-RS232/485 gateway services will be accepted from any IP address or only from those that have been authorized
  • Remote console: specifies if remote connections to remote control services will be accepted from any IP address or only from those that have been authorized
  • NAT: specifies if remote connections to the router’s mapped ports will be accepted from any IP address or only from those that have been authorized
  • ModBus TCP slave: specifies whether remote connections to the Titan router’s Modbus TCP Slave are accepted from any IP address or only authorized IP addresses
  • SNMP: specifies whether remote connections to the Titan router’s SNMP service are accepted from any IP address or only authorized IP addresses
  • OpenVPN: specifies whether remote connections to the Titan router’s “OpenVPN Server” service are accepted from any IP address or only authorized IP addresses
  • Outgoing Connections: This allows the user to specify whether Internet Access can be provided to all IP addresses or only authorized IP addresses. For example, if we only want those Ethernet or WiFi devices that are connected to the Titan router to be able to send data to the server, this would restrict unauthorized use for any other activity (Internet browsing, etc.)

ADDITIONAL NOTES

  • Once the configuration is finished, click “SAVE CONFIG” to save the changes. Remember that the router should be restarted for the changes to take effect.
  • The IP restrictions are only for 3G connections. WiFi access remains protected by the WPA2 password. Therefore, if we have WiFi and require security, activate WPA2 in the section WiFi > Basic Settings.
  • If the “Outgoing connections” restriction is used, remember that the DNS server’s IP address must be specified if domain names are used instead of IP addresses.
  • If we need to authorize more than three IP addresses, we can specify more than one IP address in any box, separating them using a comma, as shown in the previous example.