NS1000 V3.0 - Maintenance Features Enhancement -

1

NS1000 V3.0

- Maintenance Features Enhancement -

Rev0.7 22 July., 2013

Preliminary

2

Table of Contents

1. Overview2. Features3. How to program Appendix

3

Chapter 1Overview

4

1. OverviewEasy to install and maintenanceSolution

Built in Router for easy network connection set up *Features and Benefits >>

Built in Router can be used as IP Trunk access router and VPN for easy network connection.

User Profile setting enhancement *

PBX and UM part programming unification *

- 　 Add first and last name in User Profile as same as UM - Can set contact and E-Mail information in User Profile menu

PBX and UM parameter unified as follow - Synchronize extension and mailbox number automatically - Unify PBX and UM setting for same criteria such as Holiday Table, Operator Settings and Class of Service

* Features New for V3

Improve Easy Setup Wizard* User can set up IP related function by wizard by entering basic information

5

Chapter 2Features

6

Main purposes of Built in Router are 1. Provide Access router functionality - No need to install extra Router - No complicated setting is needed

2. VPN functionality - Easy configuration for remote worker - Easy SIP Softphone integration with Smartphone environment

Note: Maximum 32 sessions of VPN connection can be established at same time.

2. Features

2-1 Built in Router - Function Overview -

AK is required to use Built in Router. Also other additional AK is required to VPN connection separately. No additional hardware is required.

　　　　　　　　

　 NS1000 (+built in Router)

SIP Soft phone Integration

IPsec VPN

　　　　　　　　　

　　

　　

　　

　　

　

　　　　　　　　　

Router

VPN

Router

Router

InternetCellular NW

VPN

VPNVPN

NS1000 (+built in Router)

NS1000 (+built in Router)

H.323 QSIG

ITSPSIP Trunk

7

The built-in router feature has following characteristic.

IPv4 Access router Ethernet to WAN interface with a gigabit, it is an access router that has the ability to connect to broadband, such as PPPoE. The router with separation Voice / DATA is an object, but has a simple function for data communication terminals accommodated. Featured VPN The router has the feature of IPsec VPN. Target connection supports connections between routers internal connection on each sites, and the smart phone. The connection to other vender router is out of focus. Function of Firewall The router has the feature of Firewall. It has a filtering feature of an access list filtering of IP packet level. Also features of abnormal packet filtering, such as SPI (Stateful packet Inspection) is supported. Easy setup Taking advantage of the built-in features, such as open / close TCP / UDP ports on the WAN side has a function of setting in conjunction with the NS1000.

2. Features

2-1 Built in Router - Function Overview -

8

Category Item Support RemarksWAN interface Interface 10/100/1000BASE-T

Access 　 Mode IPoE/PPPoE/DHCPcQOS Priority Queuing, Bandwidth controlSupport Routing Version IPv4Mac address Clone YES

Router function Static routing YES(64 entry)Dynamic routing NoFirewall IPv4 ACL,DOS attackNAT,NAPT NO for NAT, YES for NAPTPath through(Bridge) IPv6/PPPoE/PPTP/IPsec

VPN Support VPN IPsec VPN(PPTP & L2TP no support)IPsec Version Version2VPN tunnel number 32Encryption DES/3DES/AESIPsec+L2TP/IPsec+GRE NoMAX throughput 500Mbps(Long packet Ideal

environment)Other DDNS YES (Panasonic Global Server Only) (TBD)

DNS Proxy/relay YESDHCP relay agent YESMIB(related router) YESVRRP NOICMP, IGMP proxy YES(echo request/Reply/other)UPnP NO

2-1 Built in Router – Feature Specification -

Following table shows Built in Router specification

2. Features

9

Duplicated Data of User Profile and UM are unified as same setting as follow.

2-2 User profile setting enhancement - Function overview -

Menu (Tab) Items New spec.User Information First Name Set User name for both of PBX and UM

Last name

<User Info>

2. Features

Copy to Extension Name field as “First Name” + “Space” + “Last Name” Note) Due to the maximum number of digits is 20, If the number of digits in User Profile is over 21 digits, the data is copied with deleting overflowed digits from last digit.

The First Name is copied to First Name field and the Last Name is copied to Last Name field as same as current version.

<PBX Configuration>

<UM Configuration>

10



Menu (Tab) Items New spec.Contact Extension PIN Set password for mailbox at the same time

Email 1-3 Able to select which e-mail notification service is applied.

<User info - Contact>

2. Features

Extension PIN is copied to Mailbox Password automatically.

<UM>

Note) Should be assigned the mailbox number in Unified Message tab before check the check box of “Automatic copy to Mailbox Password”.

11



Menu (Tab) Items New spec.Contact Extension PIN Set password for mailbox at the same time

Email 1-3 Able to select which e-mail notification service is applied.

<UM>

2. Features

<User info - Contact>

Copy as belowEmail1 -> Device No.1Email2 -> Device No.2Email3 -> Device No.3

Note) 1. Should be assigned the mailbox number in Unified Message tab before check the check box of “Automatic copy to Mailbox Password”. 2. Activation Key (KX-NSU2xx) “Unified Messaging E-mail Notification” is required for this feature.

12

There was similar program items between PBX and UM configuration.From V3.0, these settings are unified.

2-3 PBX and UM part programming unification - Function Overview -

No. Items

1 Integration of settings between PBX and UM configuration

2 Synchronization of database between extension number of PBX side and extension/mailbox number of UM side

3 Automatic Fax Configurations

4 Two types of Automatic Mailbox Configuration

2. Features

13

2-3 PBX and UM part programming unification - Function Details -

2. Features

1. Integration of settings between PBX and UM configuration Following settings are combined into one screen in PBX setting. - Holiday Table - Operator Settings

<PBX Setting> <UM Setting>

The setting is copied to PBX side/UM side automatically except time setting.

14


2. Features

2. Synchronization of database between extension number of PBX side and extension/mailbox number of UM side

When extension number of PBX side are changed, extension number and mailbox number (which is same as extension number) of UM side are changed automatically. After create the mailbox in UM configuration, the pair can be assigned to user profile.

PBX Configuration

Extension No.101→1001

User Profile

Extension No.Mailbox No.

101→1001101→1001

UM Configuration

Extension No.Mailbox No.

101→1001101→1001

101101

101101

15


2. Features

3. Automatic Fax Configurations When Fax interface card is installed, the system is configured automatically to detect incoming fax calls and receive faxes into General Delivery Mailbox (Message Manager Mailbox).

UM Configuration - 5.System Parameters- 4.Parameters - Fax ManagementAutomatic Transfer of Incoming Fax Call-> Receive FaxMailbox Number-> 998Mailbox for Fax Receiving-> 998

DISA Message - Fax Extension-> 500

16


2. Features

4. Two types of Automatic Mailbox Configuration

Followings are improved from Ver3.0 - User Profiles – Multiple Users The restriction number of creating multiple users at once (current maximum number is 500) will be removed, and users and mailboxes for all existing extensions can be created at one time. - UM Configuration – Auto Configuration Mailboxes for ICDG extensions can be created by using this auto configuration.

17

Easy setup wizard is enhanced for installing IP-Trunk, SIP-Trunk and IP-Extension. It will help installer to set up IP related setting. When set up this data, Virtual card will be installed automatically.This feature is allowed only for Mater Unit.

2-4 Improve Easy Set up Wizard - Function Overview -

2. Features

18

Chapter 3How to program

19

3-1 Setting of WAN

3. How to program

Connection Setting

This area is changed depend on selecting the Connection Mode

20

3-1 Setting of WAN

3. How to program

Network Monitor The result is remained to Syslog file.

21

3-1 Setting of WAN

3. How to program

Protocol Bridge

22

3-1 Setting of WAN

3. How to program

Dynamic DNS

23

3-2 Setting of LAN

3. How to program

IPv4

24

3-2 Setting of LAN

3. How to program

DNS Server

25

3-3 Setting of Routing

3. How to program

Routing

26

3-4 Setting of DMZ

3. How to program

DMZ

27

3-4 Setting of MAC Address

3. How to program

MAC Address

28

3-5 Setting of Firewall

3. How to program

One Touch Security

29

3-5 Setting of Firewall

3. How to program

Packet Filtering

30

3-6 Setting of VPN

3. How to program

VPSS

31

3-6 Setting of VPN

3. How to program

IPSec

32

3-6 Setting of VPN

3. How to program

Pass Through

33

3-7 Setting of QoS

3. How to program

QoS Setting

34

Appendix

35

Appendix - Built in Router -

WAN interface Built-in router has 1-port Ethernet for a WAN port, and maintains a single IP address 1) Link control Built-in router manages link status of LAN port and WAN port. 2) QoS control <Priority control> The ability to provide preferential treatment to a particular frame in WAN interface. (Not available for LAN interface) NS1000 supports only PQ (Priority Queuing). <Bandwidth control> Ability to bandwidth allocation / limitation for each priority on WAN interface. That each distributed priority based on an access list, such as ToS field, of priority control, bandwidth control can be performed. 3) MAC address clone The router has the feature changing MAC address of WAN interface.

36


WAN interface Layer3 As a communication method in WAN port has the following functions

1) IPoE (IP over Ethernet) As Layer 2 protocol that can be sent and received at the WAN interface, the router supports an Ethernet, to communicate to encapsulate the IP packet in Ethernet frame. As a method of controlling the address of IpoE at WAN interface, the router has static IP configuration and DHCP client function. <Static IP configuration> Ability to set static IP address at WAN interface. The router has the feature changing MAC address of WAN interface.

<DHCP Client> The router gets an IP address dynamically from DHCP server by the DHCP client function to set at WAN interface. 2) PPPoE client The router builds a relationship of PPP (Point-to-Point Protocol) on internet and gets an IP address dynamically from PPPoE server by PPPoE client function.

Functions Summary

IPoEStatic IP configuration Ability to set static IP address

DHCP Client Ability to get IP address dynamically by DHCP Client feature in NS1000

PPPoE - Ability to get IP address dynamically by PPPoE Client feature in NS1000

37


WAN interface Layer3 3) Pass through (Bridge) The router can work as a bridge to protocols with following ether type. - IPv6(0x86dd) - PPPoE(0x8863,0x8864) Ability to select Enable /Disable for Pass through to each type. <IPv6 Pass through> Ability to bridge IPv6 frame to WAN through LAN or LAN through WAN

<PPPoE Pass through> Ability to bridge PPPoE frame to WAN through LAN or LAN through WAN. 4) Dynamic DNS Ability to notify the IP address gotten dynamically to DNS server and update the DNS record for each connection. At last the router can be connected by a unique host name even if a new IP address is assigned to every connection / disconnection to the network.

38


LAN interface NS1000 maintains an address at LAN interface and has following feature for it. - Static IP configuration And it has following features as network functions. - DHCP server feature - DHCP Relay agent feature - DNS server (DNS Relay) feature 1) Static IP configuration A single IP address can be assigned as static IP address for LAN interface 2) DHCP Relay agent With the ability to receive on behalf of request from DHCP client that is broadcast on the network, and then forwarded to the DHCP server on another network. 3) DNS server (DNS Relay) The router relays the correspondence of the domain name and IP address to Content server or DNS server.

39


Basic Network Feature 1) TCP/IP The router supports the following RFC for IPv4

RFC ContentRFC791 Internet ProtocolRFC792 Internet Control Message ProtocolRFC1122 Requirements for Internet Hosts - Communications LayerRFC1812 Requirements for IP Version 4 Routers

It also supports TCP / UDP as the upper layer protocol. TCP / UDP support the following RFC

RFC ContentRFC793 Transmission Control ProtocolRFC3168 The Addition of Explicit Congestion Notification (ECN) to IPRFC768 User Datagram Protocol

2) ARP The router supports ARP, and resolves address from Layer3 to Layer2. ARP supports the following RFC

RFC ContentRFC826 An Ethernet address Resolution Protocol

* RARP is not supported.

40


Basic Network Feature 3) Gratuitous ARP The router supports the Gratuitous ARP, it is sent when starting NS1000 or changing IP address. 4) ICMP The router supports ICMP. The following RFC are supported.

RFC Content RemarksRFC792 Internet Control Messege ProtocolRFC1122 Requirements for Internet Hosts

- Communications LayerRFC1812 Requirements for IP Version 4 RoutersRFC950 Internet Standard Subnetting Procedure Address MaskRFC1256 ICMP Router Discovery Messages Router dvertisement

5) IGMP The router supports protocol for controlling a group of hosts that are configured to receive the delivery with IP multicast. It supports IGMPv2 and IGMPv3. IGMP supports the following RFC.

RFC ContentRFC2236(RFC1112) Internet Group Management Protocol, Version 2RFC3376 Internet Group Management Protocol, Version 3

6) MSS Clamp The router has the ability to automatically optimize the value (Maximum Segment Size) MSS of the TCP packet.

41


Routing The router supports IPv4 routing between WAN I/F - LAN I/F. The basic specifications for operating as a router are subject to the RFC below.

RFC ContentRFC1812 Requirements for IP Version 4 Routers

1) Static routing The router supports Static routing. Route information can be manually set for Static routing, and the routing table entry supports 64. 2) Dynamic routing Dynamic routing is not supported.

42


Firewall The router has the ability to monitor the data flowing between WAN and LAN and detect / shut off unauthorized access. In addition, it is possible to detect as well as DoS attacks and unauthorized access to this system, make the appropriate defense, to operate more safely. The router supports the following two Firewall features roughly.

1) IPv4 Packet filtering The router has a function of filtering IP data packet addressed to the own device and the user IP data. In the packet to perform IP routing, this filtering of target, must also be encapsulated data flows inside the tunnel, such as I Psec. The target in this function is the packet to perform IP routing, and the data encapsulated inside the tunnel flows, such as IPsec, is also included.

Feature SummaryIPv4 Packet filtering The ability to set the IPv4 packet filter rule manually

One touch security The ability to set protect features, such as anti-Dos attack and anti-scan, by one-touch

43


Firewall 2) One touch security The router has the following features, and user can set Enable/Disable for them. In addition, Log for following features can be collected, and user can set Enable/Disable for them.

Features Ability Collect LogSPI Enable/Disable Enable/DisableDos protection Enable/Disable Enable/DisableRestrict both way of access by private IP address access Enable/Disable Enable/DisableICMP Echo Reply Enable/Disable Enable/DisableWindows Shared Filter Enable/Disable Enable/Disable

44


NAT/NAPT The router supports Dynamic NAPT (IP masquerade) and Static NAPT (Port mapping /Static IP masquerade). And Static NAT and Dynamic NAT are not supported. In NAPT, TCP / UDP port number can be changed in addition to the IP address. 1) Dynamic NAPT (IP masquerade/PAT) IP address of local network (LAN) is changed to IP address of Internet (WAN) with mapping as n:1 dynamically. 2) Static NAPT (Static IP masquerade) The router supports Static NAPT (Static IP masquerade). Received data from specified port can be transferred to specified IP address and port. 3) Simplified DMZ (DeMilitarized Zone) Since the router does not have interface for DMZ, it supports simplified DMZ which can specify the Client as a simple DMZ to allow access from the outside at all protocol. 4) Pass through Static NAPT Settings prepared as pass through feature. With decide the combination of terminal and the local network port number, and No conversion of ports at both transmits and receive to the corresponding packet, the router realizes to ease of configuration by GUI. The pass through feature is applied to the protocol shown in the table below

Application Protocol number Port numberIPsec 50 : ESP UDP/500 : ISAKMPPPTP 47 : GRE TCP/1723 : PPTP

45


VPN NS1000 can be combined as a single system NS1000 placed in different locations by VPN. IPsec is used as Method of VPN to connect between NS1000s. Ability to build a VPN for up to a maximum of 16 sites Have a feature of ease to setup for connecting between NS1000s Provide cooperation with Smartphone application, which is planed by PSN, to connect to Smartphone.

Connected device Ability of number for VPN RemarksNS1000 Max.16 sites （ 15VPN ） Support easeof setupSmartphone Android(4.0) (TBD) IOS(iPhone) (6.0)

Ma. 16 terminals （ 16VPN ） Provide smartphone application for ease of setup

Other vender VPN router N/A N/A

46


VPN 1) IPsec IPsec is a protocol to ensure the security of data flowing over IP network. The router supports IPsec version2. 2) Mode The router supports 2modes of "Tunnel mode" and "Transport mode". - Transport mode This mode is used for IPsec between target devices or between target device and NS1000. - Tunnel mode This mode is used for IPsec in the case of connection between NS1000s 3) Security Protocol The router supports AH and ESP as communication protocol. 4) Ease of setup The router provides initial configuration and GUI for ease of setup Installer can setup with minimized program item, such as facing IP address and shared security key. 5) Easy setup application for Smartphone Application to set VPN for Smartphone is provided. Supported OS are Android 4.0 and iOS 6.0. (TBD) 6) UPnP UPnP (Universal Plug and Play) is not supported. 7) IPv6 The router does not support IPv6 router function. But it supports Bridge (Pass through) for IPv6 packets, so that it is possible to communicate between IPv6 devices.

47

END

48

20130718-01 　 4 NS1000 V3.0 Maintenance Feature Enhancement_Rev0.5_18July2013.pptx 　 - Pre-release

Modification

Documents

NS1000 V3.0 - Maintenance Features Enhancement -