Documente Academic
Documente Profesional
Documente Cultură
02
Contact details fdXtended bvba Verzusteringslaan 26 9100 Sint-Niklaas Telephone: +32 3 296 42 13 support@fdxtended.com
1. PODUCT OVERVIEW ........................................................................................................................... 1-6 1.1. 1.2. 1.3. 1.4. 1.5. 1.6. 1.7. KEY FEATURES: ................................................................................................................................. 1-6 INTRODUCTION ................................................................................................................................. 1-6 BILLING........................................................................................................................................... 1-6 MONITORING AND REPORTING ............................................................................................................. 1-6 HIERARCHICAL CONTROL ..................................................................................................................... 1-7 OTHER PRODUCTS ............................................................................................................................. 1-7 ABOUT ........................................................................................................................................... 1-7
2. GETTING STARTED WITH THE HSMX GATEWAY ................................................................................... 2-8 3. HSMX MODULES ................................................................................................................................ 3-9 3.1. THE LOGIN SCREEN............................................................................................................................. 3-9 3.2. THE MAIN SCREEN ............................................................................................................................3-10 3.2.1. Introduction ......................................................................................................................................... 3-10 3.2.2. Section Statistics .................................................................................................................................. 3-10 3.2.3. Section Monthly Statistics ................................................................................................................... 3-11 3.2.4. Health .................................................................................................................................................. 3-11 3.2.5. Active users history.............................................................................................................................. 3-11 3.2.6. Bandwidth report ................................................................................................................................ 3-11 3.2.7. User license.......................................................................................................................................... 3-11 3.2.8. Update ................................................................................................................................................. 3-11 3.2.9. Section Overview Locations ................................................................................................................. 3-11 3.2.10. Section Subscriber networks ............................................................................................................. 3-11 3.3. LOCATIONS .....................................................................................................................................3-12 3.3.1. Introduction ......................................................................................................................................... 3-12 3.3.2. Location Management ......................................................................................................................... 3-12 3.4. SUBSCRIBER NETWORK ......................................................................................................................3-13 3.4.1. Introduction ......................................................................................................................................... 3-13 3.4.2. Subscriber network -> Home ............................................................................................................... 3-13 3.4.3. Subscriber network -> Global Settings ................................................................................................ 3-14 3.4.3.1. Subscriber network -> Global Settings - Global Settings .................................................................. 3-14 3.4.3.2. Subscriber network -> Global settings - default settings.................................................................. 3-14 3.4.4. Subscriber network -> Network Settings ............................................................................................. 3-15 3.4.4.1. Subscriber network -> Network Settings - Network Interfaces........................................................ 3-15 3.4.4.2. Subscriber network -> Network Settings - Network Settings ........................................................... 3-16 3.4.4.1. Subscriber network -> Network Settings - Subnets .......................................................................... 3-17 3.4.4.2. Subscriber network -> Network Settings Static DHCP ................................................................... 3-17 3.4.4.3. Subscriber network -> Network Settings - DNS ................................................................................ 3-18 3.4.4.4. Subscriber network -> Network Settings VLAN definitions ........................................................... 3-18 3.4.5. Subscriber network -> AAA Settings .................................................................................................... 3-19 3.4.5.1. Subscriber network -> AAA Settings - UAM Server .......................................................................... 3-19 3.4.5.2. Subscriber network -> AAA Settings - RADIUS.................................................................................. 3-21 3.4.5.3. Subscriber network -> AAA Settings - Walled Garden...................................................................... 3-21 3.4.5.4. Subscriber network -> AAA Settings - Black list ................................................................................ 3-22 3.4.5.5. Subscriber network -> AAA Settings Filters ................................................................................... 3-23 3.4.6. Subscriber network -> Subscribers ...................................................................................................... 3-23 3.5. SUBSCRIBER MENU ...........................................................................................................................3-25 1-2 | P a g e
3.5.1. Introduction ......................................................................................................................................... 3-25 3.5.2. Subscriber menu overview .................................................................................................................. 3-25 3.5.3. Subscriber menu > add subscriber .................................................................................................... 3-26 3.5.4. Subscriber Menu > Activate subscriber ............................................................................................. 3-27 3.5.5. Subscriber Menu > Add MAC address ............................................................................................... 3-28 3.5.6. Subscriber menu > Create vouchers .................................................................................................. 3-29 3.5.7. Subscriber menu > Insert (Upload) subscribers................................................................................. 3-30 3.5.7.1. Subscriber menu > Insert (Upload) subscribers - add .................................................................... 3-30 3.5.7.2. Subscriber menu > Insert (Upload) subscribers customize csv ................................................... 3-31 3.5.8. Subscriber menu > Reload cards ....................................................................................................... 3-31 3.5.9. Subscriber menu > Voucher list ......................................................................................................... 3-32 3.5.10. Subscriber menu > Search ............................................................................................................... 3-32 3.5.11. Subscriber menu > Subscriber details ............................................................................................. 3-33 3.5.12. Subscriber menu > Subscriber update............................................................................................. 3-34 3.5.13. Subscriber menu > Active / Non-active sessions ............................................................................. 3-35 3.6. SETTINGS MENU ...............................................................................................................................3-36 3.6.1. Introduction ......................................................................................................................................... 3-36 3.6.2. Settings -> Group settings ................................................................................................................... 3-36 3.6.2.1. Settings > Group Settings - Groups ................................................................................................. 3-36 3.6.2.1. Settings > Group Settings group details....................................................................................... 3-36 3.6.3. Settings -> Location Scheduling ........................................................................................................... 3-37 3.6.4. Settings -> Room Settings .................................................................................................................... 3-37 3.6.4.1. Settings > Room Settings - Overview .............................................................................................. 3-37 3.6.4.2. Settings -> Room Settings - Floors .................................................................................................... 3-38 3.6.4.3. Settings -> Room Settings Guest Types ......................................................................................... 3-39 3.6.4.4. Settings -> Room Settings - Update .................................................................................................. 3-39 3.6.5. Settings > General Settings ................................................................................................................ 3-40 3.6.6. Settings > PMS Settings ..................................................................................................................... 3-43 3.6.6.1. Settings > PMS Settings - PMS ........................................................................................................ 3-43 3.6.6.2. Logical PMS settings ......................................................................................................................... 3-45 3.6.7. Connection PMS settings ..................................................................................................................... 3-47 3.6.8. Settings -> Credit card settings ............................................................................................................ 3-49 3.7. BILLING MENU .................................................................................................................................3-50 3.7.1. Billing > Billing plan ............................................................................................................................ 3-51 3.7.1.1. Billing ->Billing plan Add/Update pre-paid Billing Plan.................................................................. 3-51 3.7.1.2. Billing -> Billing plan Add/Update post-paid Billing Plan ............................................................... 3-53 3.7.1.3. Billing -> Billing plan Add/Update free-access Billing Plan ............................................................ 3-54 3.7.2. Billing > Calendar days ....................................................................................................................... 3-55 3.7.3. Billing > Free Access ........................................................................................................................... 3-56 3.7.4. Billing > MAC Based Authentication .................................................................................................. 3-57 3.7.5. Billing > Network Policies................................................................................................................... 3-57 3.8. LAYOUT MENU.................................................................................................................................3-58 3.8.1. Layout > Portal page .......................................................................................................................... 3-58 3.8.2. HSM portal ........................................................................................................................................... 3-59 3.8.3. External portal ..................................................................................................................................... 3-62 3.8.4. Custom HSM portal.............................................................................................................................. 3-63 3.8.5. Hospitality portal ................................................................................................................................. 3-65 3.8.6. Hospitality/Custom portal with SFTP or rsync ..................................................................................... 3-65 3.8.7. Banners ................................................................................................................................................ 3-65 3.8.8. Portal rules........................................................................................................................................... 3-66 3.8.9. Layout > Logout page......................................................................................................................... 3-68 1-3 | P a g e
3.8.10. Layout Logout console .................................................................................................................... 3-68 3.8.11. HSM logout console ........................................................................................................................... 3-69 3.8.12. Custom logout console ...................................................................................................................... 3-70 3.8.13. Layout Templates............................................................................................................................ 3-72 3.8.14. Layout Theme ................................................................................................................................. 3-72 3.9. EXTRA MENU...................................................................................................................................3-73 3.9.1. Extra > Logging ................................................................................................................................... 3-73 3.9.2. Extra > Summary ................................................................................................................................ 3-74 3.9.3. Extra > Currency................................................................................................................................. 3-74 3.9.4. Extra > Portal debug .......................................................................................................................... 3-75 3.9.5. Extra > Download log ......................................................................................................................... 3-76 3.9.6. Extra > Reports .................................................................................................................................. 3-76 3.9.6.1. Revenue ............................................................................................................................................ 3-77 3.9.6.2. Volume up......................................................................................................................................... 3-77 3.9.6.3. Volume down.................................................................................................................................... 3-77 3.9.6.4. Subscriber ......................................................................................................................................... 3-78 3.9.6.5. Sessions............................................................................................................................................. 3-78 3.9.6.6. Revenue export................................................................................................................................. 3-78 3.9.6.7. Subscriber export.............................................................................................................................. 3-78 3.9.7. Extra > Password policy ..................................................................................................................... 3-78 3.10. SYSTEM MENU ...............................................................................................................................3-79 3.10.1. System > Access control .................................................................................................................. 3-79 3.10.1.1. Point of Sales .................................................................................................................................. 3-81 3.10.2. System > Content Filter ................................................................................................................... 3-82 3.10.2.1. System -> Content Filter - update................................................................................................... 3-82 3.10.3. System > Network configuration ..................................................................................................... 3-84 3.10.3.1. System -> Network configuration - Network configuration ........................................................... 3-84 3.10.3.2. System -> Network configuration - Network ports ........................................................................ 3-85 3.10.3.3. System -> Network configuration - Routes .................................................................................... 3-86 3.10.3.4. System -> Network configuration - DNS Settings ........................................................................... 3-86 3.10.3.5. System -> Network configuration - DYNDNS Settings .................................................................... 3-87 3.10.3.6. System -> Network configuration - Black list.................................................................................. 3-87 3.10.3.1. System -> Network configuration Port forwarding ..................................................................... 3-88 3.10.4. System > Firewall settings ............................................................................................................... 3-89 3.10.5. System > Connection tracking ......................................................................................................... 3-89 3.10.6. System > Time settings .................................................................................................................... 3-90 3.10.7. System -> XML Server ........................................................................................................................ 3-91 3.10.8. System -> Ping.................................................................................................................................... 3-91 3.10.9. System -> Factory reset ..................................................................................................................... 3-91 3.10.10. System -> SNMP settings ................................................................................................................. 3-92 3.10.10.1. System -> SNMP settings SNMP settings ................................................................................... 3-92 3.10.10.2. System -> SNMP settings SNMP trap ......................................................................................... 3-93 3.10.11. System -> Custom DNS .................................................................................................................... 3-94 3.10.12. System -> Remote access ................................................................................................................ 3-94 3.10.13. System -> SSL settings...................................................................................................................... 3-94 3.10.14. System ->System backup ................................................................................................................. 3-96 3.10.14.1. System -> System backup - Backup settings ................................................................................. 3-96 3.10.14.2. System -> System backup - Backups ............................................................................................. 3-96 3.10.14.3. System -> System backup - Log handling...................................................................................... 3-96 3.10.14.4. System -> System backup - FTP Locations .................................................................................... 3-97 3.10.15. System -> Reboot server.................................................................................................................. 3-97 1-4 | P a g e
3.10.16. System -> Cluster settings ............................................................................................................... 3-97 3.10.16.1. System -> Cluster settings Cluster settings ................................................................................ 3-97 3.10.16.2. System -> Cluster settings Notifications .................................................................................... 3-98 3.10.17. System -> Health .............................................................................................................................. 3-98 3.10.18. System -> System settings ............................................................................................................... 3-99 3.10.19. System -> License........................................................................................................................... 3-101 3.11. LOGOUT ..................................................................................................................................... 3-101
1-5 | P a g e
1. Poduct Overview
1.2. Introduction
fdXtended HSMX Gateways are designed to easily manage access for small, medium sized and large networks. The HSMX is a ready-to-use gateway and makes it easy for subscribers to access the internet because there is no need to change any configuration settings. The gateways have an integrated high-level authentication and billing platform. Thanks to the included Lawful Intercept Module, you can safely offer internet to your customers.
1.3. Billing
The HSMX allows for individual and network wide rating and plans with room charge, credit card and prepaid voucher / e-voucher options. Full PMS integration allows for seamless hotel folio billing integration as well as loyalty program options. HSMX is capably of secure credit card clearing as well as printed e-voucher creation, production and management.
1-6 | P a g e
1.7. About
fdXtended is a leading provider of access management and marketing applications, systems and services. Focusing primarily on being a leader in its domain, FdXtended works with approved and trained regional and international partners to deliver quality systems and services to clients internationally. fdXtended is a privately held, profitable company with headquarters in Belgium.
1-7 | P a g e
Managing the HSMX is done via a web interface. Open an internet browser and enter the IP address of the HSMX appliance. The default login details are:
Username: admin Password: admin
2-8 | P a g e
When you load the HSMX web interface, you will see this login screen. Multiple administrators can login using their own username and password. Administrator rights are dependent on the username that is used when logging in. By default, the username is set to admin, and the password is also admin.
3-9 | P a g e
This is the overview page of the HSMX. You can personalize this page by clicking on the jigsaw in the right corner. There you can add the following sections:
Section statistics Section monthly statistics Health Active users history Bandwidth report User license Update
3.2.2.
Section Statistics
Here you can see the amount of subscribers divided in different categories: Active subscribers Pending subscribers Idle subscribers Expired subscribers Unused subscribers Blocked subscribers
3-10 | P a g e
3.2.3.
This section shows an overview of following data of the last months. Data transferred up Data transferred down Total revenue Subscriber sessions
3.2.4.
Health
This will show the current situation of the system, remaining disk space, amount of connections and CPU load.
3.2.5.
In this section we can see a graph of the active users in the past hour. If you click on the calendar, you can generate a day,month or year graph.
3.2.6.
Bandwidth report
Here you can see the bandwidth report of the default WAN interface. By pressing on the calendar you can generate a day, month or year graph.
3.2.7.
User license
This pie diagram will show how many subscribers are online, the maximum of users that can be online and the percentage that is used of your user license.
3.2.8.
Update
3.2.9.
Here you can see a list with active and idle users for the available locations on the HSMX. For more information see chapter 3.3. Locations.
3.2.10.
Here you see a list of all defined subscriber networks that are added to this site. For more information see chapter 3.4. Subscriber network.
3-11 | P a g e
Locations are logical divisions in your site. In the Home screen, you can add locations by clicking the Add location button. You need to specify the gateways and/or VLANs that point to this location. In a location, you can see the active / idle users from this specific location and you can take reports from this location.
3.3.2.
Location Management
In the overview of the location, you have a section called Location management. In this section, you can add / delete gateways and VLANs. All users that are/were active in one of these VLANs will show active or idle in this location. They will appear in the reporting of this location. It is also possible to charge,open or close a location in the AAA setting section.
Charge Users will be redirected to the portal page. Open Users will be redirected to the the internet. Close Users will not be able to go online in this location.
3-12 | P a g e
It is possible to run multiple instances of the gateway daemon to control different parts of the network. You can run multiple instances by specifying different LAN network ports or by running the instances on different VLANS. You can add a Subscriber network configuration to a site by clicking the add subscriber network in the overview of the site. To update or see the details of a subscriber network, go to the home screen and click on a subscriber network in the bottom of the home screen.
3.4.2.
This screen gives you an overview of the name, daemon and IP-address of the s. To restart the subscriber network, just click on: restart process.
3-13 | P a g e
3.4.3.
Subscriber network -> Global Settings Subscriber network -> Global Settings - Global Settings
3.4.3.1.
In the global settings menu you can enable or disable the subscriber network. In Location name you can change the name of the subscriber network. Since you can configure a subscriber network per VLAN or per physical network port the name should clearly identify the exact location.
3.4.3.2.
In the default settings menu you can change the values by default for: idle time-out: The amount of time that the subscriber must remain idle before automatically being logged of bandwidth up: Available bandwidth for uploading in Kbytes/s bandwidth down: Available bandwidth for downloading in Kbytes/s
3-14 | P a g e
3.4.4.
In this menu you will find the configuration settings specific to the network: Network interfaces LAN-settings DHCP-settings Static IP settings DNS settings
3.4.4.1.
In the Network interfaces screen you can attach the LAN Interface and WAN interface to a specific port or VLAN in your network. Only the default WAN interface is available unless load balancing is enabled (System -> Network Configuration load balancing).
3-15 | P a g e
3.4.4.2.
In the network settings tab you can confirm the global network, DHCP and Any IP settings. Global Settings Here you specify the IP pool to be used for your clients. You just have to fill in the LAN IP and LAN subnet and the system will automatically generate the pool that can be used. Any IP settings is only important to support clients with a static IP address (even when they are not in this range). DHCP Settings Here you can configure which IP addresses will be used for your clients. DHCP Relay This setting will use the settings of another DHCP server, if you wish to use this option, you need to give the gateway IP and port of the DHCP server and the public WAN IP from the appliance (relay agent). Any IP Settings Set the amount of IPs that should be reserved. Enable this feature by activating Allow any IP.
3-16 | P a g e
3.4.4.1.
Here you can add multiple subnets. (Only 1 public pool allowed).
3.4.4.2.
In this tab you can add a static DHCP address to a specific MAC.
3-17 | P a g e
3.4.4.3.
In the DNS tab you need to configure DNS related settings. You can configure the domain that will be used during the DHCP address assignment. You can also set a login, logout,recovery and upgrade domain. The login domain is the logical name that the users will see in the URL of their internet browser when they are redirected to the portal. This doesnt have to be an existing DNS name since this is only used locally by the DNS server in the gateway. The logout domain can be used to logout users. When the users type logout or logout.com (as in the example) they will be logged out. When a user is logged in and wants to go back to the portal he can simple type the domain that is given in recovery domain. If a user wants to upgrade his account he just has to type (in this case) recovery or recovery.com ( This option is only for pms accounts). Block non standard DNS will block all non standard DNS querys to try to avoid DNS tunneling.
3.4.4.4.
This tab will be visible when listen to all VLANs is enabled in the network interfaces tab. Here you can add or delete VLANs. There is also the possibility to import or export VLANs using a CSV file.
3-18 | P a g e
3.4.5.
In this menu you can enable the AAA Settings. AAA stands for Authentication, Authorization and Accounting and is used to control the access in your network. If AAA is not enabled everybody will have access to the network without authentication and the gateway acts as a basic router.
3.4.5.1.
In the UAM (Universal Access Method) server screen you can enable or disable:
AAA By enabling AAA you make sure subscribers will be redirected to the login page and have to log in before accessing the internet MAC Authentication This option creates the opportunity to do authentication on basis of the MAC address.
3-19 | P a g e
Local MAC list If this is enabled you can make use of a local MAC list. This is a list with MAC addresses that dont need authentication. Pre authentication URL You can make use of a pre authentication URL before users see get to the portal page. To do this just enable pre authentication URL and fill in a valid URL. Its important that the GET variable redirect is set when the user is redirected to the portal. Without this variable the client will always be redirected to the pre authentication URL. SSL Only enable this option if you have SSL enabled on the appliance and make sure the SSL certificate is registered for the domain youve configured in network settings => DNS (see chapter 3.4.4.3.). This way the users will be redirected to a SSL protected login page without being warned about an invalid certificate. Server Type Use server type external to redirect the users to an external server instead of the internal server portal.
3-20 | P a g e
3.4.5.2.
If you want to use an external RADIUS for a subscriber network, you can enable this option here.
3.4.5.3.
In subscriber network => AAA settings => walled garden it is possible to enter a URL. The URL path uses regular expressions to match a specific URL. You can only enter a single entry per domain and the URL match only works with non https sites.
3-21 | P a g e
Example 1 - Domain: www.fdxtended.com - Path: ^(news|images) - Allow This allows all pages of www.fdxtended.com where the path starts with news or images. Example 2 - Domain: www.fdxtended.com - Path: ^corporate - Disallow This allows all pages of www.fdxtended.com except where the path starts with corporate. Example 3 - Domain: www.fdxtended.com - Path: private - Disallow This allows all pages of www.fdxtended.com except where the path contains private. Example 4 - Domain: www.fdxtended.com - Path: - Allow This allows all pages of www.fdxtended.com
3.4.5.4.
If you want to block a domain for all users, you simple need to add this domain here.
3-22 | P a g e
3.4.5.5.
This filter gives you control of incoming request depending on the user agent,URL or extension. For example of you want to ignore all incoming traffic from a specific browser, you can add this one to the list (User agent).
3.4.6.
In this menu you can find an overview of the current subscribers in your network. The overview shows the following parameters: MAC The MAC address of the subscriber. By clicking the MAC address you can see an overview of the subscriber. In this overview you can release the MAC address, add it to the database or remove it from the database IP The IP-address of the subscriber AAA State Shows if the subscriber is logged into the network (VALID) or attached to the network but not logged on (PENDING) Username The username of the subscriber Active Shows how long the subscribers has been active on the network Timeout Shows how much time the subscriber has left on his account Idle timeout Shows how much time is left before idle time-out 3-23 | P a g e
Input Shows the amount of data that has been downloaded by the subscriber Output Shows the amount of data that has been uploaded by the subscriber Band.Up The limitation on the bandwidth for upload Band.Down The limitation on the bandwidth for upload First URL The first URL that was visited by the subscriber VLAN Which VLAN the user is connected to.
It is also possible to click on the MAC address of a subscriber to see all the details or to add the MAC address to the internal database so this MAC address no longer needs authentication.
3-24 | P a g e
In the subscriber menu, you get an overview, can add or search for subscribers. You can also create, view or upload vouchers.
3.5.2.
In the subscriber menu overview, you can see a general overview of all the subscribers that are either:
Active
This tab will show all users that are logged in on an external radius (only visible when external radius is enabled).
Pending
Devices that are connected to the network but are not authenticated yet.
Idle
Expired subscriber/Vouchers moved to a separate archive table Usernames in this list can be reused.
Blocked
A list of all MAC addresses that no longer needs authentication when mac based authentication is enabled.
3-25 | P a g e
3.5.3.
Add subscriber is used mainly for quickly adding a single user. You can enter a username and password that you desire or click generate and the computer will automatically generate a username and password. You now need to select a billing plan that will be used for this subscriber. Next you need to select a print out template that will be used when printing the username and password. (See chapter 3.5.5. how to create a voucher, chapter 3.7. to create a billing plan).
3-26 | P a g e
By clicking on the Add button, a windows box will then prompt you to open, save or cancel. If you open the file you can print the voucher. This can be be used like a scratch card. When printed, template dependant, it will show the Username, and have a covered scratch part that will when scratch off show the password. By opening up advanced settings, you can specify the personal details of the guest that will be using the account. The following fields are available:
First name Last name Country State ZIP code Street + nr City E-mail Phone Fax Expiry timeout Start date End date Expiry timeout, start date and End date will overwrite the settings of a billing plan. So only fill these in if you want to use a different date or timeout.
3.5.4.
This menu makes it possible to activate a client that is connected to the HSMX.
3-27 | P a g e
3.5.5.
Via this menu you can quickly add a MAC address to the database.
3-28 | P a g e
3.5.6.
3-29 | P a g e
Create vouchers is used when you want to create multiple usernames. Enter the number of vouchers to be created, as well as the prefix onto the voucher (this is to keep the vouchers similar). Now you need to select the type of output that you want for the vouchers, either Word, or CSV. Next choose a billing plan and template, and click Create. In the advanced settings box there are some additional options available.
Type Export to a CSV file instead of a word file. CSV Separate CSV file by , or by a ;. Voucher code Specify the format of the generated vouchers: o Numeric o Alphanumeric o Numeric / alphanumeric Voucher code only This option will generate a password that equals the username. o This is used for portals that only require a voucher code instead of a username and password Number of characters This allows you to specify the length of the generated vouchers. Expiry timeout, Start date and End date These will overwrite the expiry timeout, start date and end date of the selected billing plan.
3.5.7.
Subscriber menu > Insert (Upload) subscribers Subscriber menu > Insert (Upload) subscribers - add
3.5.7.1.
Here you can import a list of pre-entered data (default username and password). Select the billing plan and the type of symbol that separates the entries. This depends on your system for your file (the comma is the most common). Now select the file (must be CSV type) by either typing the file location into the bar or by clicking on the browse button and locating it. 3-30 | P a g e
3.5.7.2.
Here you choose how the HSMX will read the CSV file. If the columns do not match the CSV file, an error will be given.
3.5.8.
Reload cards can be used top up existing accounts. Enter the number of reload cards that need to be created, as well as the prefix for the reload code (this is to keep the codes similar). Select the billing plan and template, and click Create. In the advanced settings box, there are some additional options available.
Type Export to a CSV file instead of a word file. Voucher code Specify the format of the generated vouchers: o Numeric o Alphanumeric o Numeric / alphanumeric Number of characters Number of characters allows you to specify the length of the generated reload cards.
3-31 | P a g e
3.5.9.
This will display a list of all the vouchers that were generated on the system. From here you can either download or delete a voucher.
3.5.10.
Here you can search for a specific subscriber. By clicking on show details, you can view all the details of that subscriber.
3-32 | P a g e
3.5.11.
If you click on the details button of a subscriber you will see following information: page 1
Username Password This field will not be visible if the user itself fills in his password. Room Billing plan Packages bought by this guest. Bandwidth up Bandwidth down Volume up Volume down URL redirection Where the guest will be redirected to after authentication. Simultaneous use How many concurrent logins with the same username. Session timeout How much time the guest can spend on the internet. Idle timeout After the idle interval specified the session will be closed. Accounting Interim: At this interval the NAS will send an update. Start date: Account cannot be used before this date. End date: Account cannot be used after this date. Created by: Administrator who created the account. Voucher page What voucher page the account is printed on. Account status Enabled or disabled.
3-33 | P a g e
Root group Root group of the subscriber. 2 actions: Logout / delete Page 2 Firstname Lastname State Country City ZIP Street Phone Fax E-mail
3.5.12.
This module allows you to update the subscriber profile. e.g. give the user additional time or volume. Not every field can be updated; settings like bandwidth are linked to the billing plan used. Time based access ensures that a guest cannot login within a timeframe in a day. e.g. not after 7 PM and not before 8AM
3-34 | P a g e
3.5.13.
In Active sessions you can see the start time of the user, as well as the total time, bytes sent, bytes received, IP address, MAC address and the NAS used to login In Non-active sessions, you can see the start and end time of the user, as well as the total time, bytes sent, bytes received, IP address, MAC address, NAS used to login and the termination cause.
3-35 | P a g e
Introduction
Group settings Location scheduling Room settings General Settings PMS settings Loyalty membership settings iTV settings Credit card settings
In this menu, you will find most configuration settings specific to the site.
3.6.2.
3.6.2.1.
Here you can see all groups. To enable online access for one group click on the right icon in the column Action. To add a new group click on the add new group button on the upper-right.
3.6.2.1.
If you click on the details of a group you will see all users that are in this group and their online status. To change the group or delete a user from this group you can click on the group name in the column Group. To add a new user to this group you can press the Search users link and search the user you want to add.
3-36 | P a g e
3.6.3.
Here you can schedule the AAA state of a location. Once the start date is reached you cannot update the location scheduling anymore. When deleting a location scheduling or when the end date is reached, the location will return to its previous AAA state. (Locations can be created in the home screen)f
3.6.4.
3.6.4.1.
In the overview screen you can see all the rooms. To add a room to the list, you can click on the add new room button on the upper-right. This table is populated by:
FIAS PMS module.
When this module is enabled the table will show all rooms of the building.
Manually
Rooms can be added manually for other gateways, this usually represents different VLANs on the subscriber side. 3-37 | P a g e
For each room you can see its status, floor number, guest type, room type, and whether the room has someone checked in or not.
3.6.4.2.
In the floors module, you can create floors that are in this specific site. Afterwards you can assign the rooms to a specific floor. Floors can be used to create rules or do reporting.
3-38 | P a g e
3.6.4.3.
In the guest type module, you can create all guest types that are in this specific site. Afterwards you can assign the rooms to a specific guest type. Guest types can be used to create rules or do reporting.
3.6.4.4.
When you clicked on edit in the overview page you can see the details of a room the guest that is checked in (only with the FIAS module).
3-39 | P a g e
Specify the floor of this room, this can be used to show different portal pages per floor
Guest type
If the hotel has a wired setup and has a VLAN per room, then you can specify the gateway and VLAN that belongs to this specific room The floor and guest type can be used to define portal page rules based on a floor or guest type and to report things. The guest details can have multiple tabs if multiple people share the room. Each tab will contain the details of one of the guests checked-in in that room.
3.6.5.
General settings is the configuration page of all settings related to the site. The configuration page consist of several parts. In the following we will discuss every part separately. General settings
Name
Here you can specify the time zone for this site. In a centralized setup, it is possible to have different time zones for each site.
Currency
3-40 | P a g e
Account warning
The module warns subscribers when they are running low on time or volume. This will be shown as a popup when the client has the HSM logout console opened up. Please be aware if the customer closed the logout console, there will not be a popup warning. Postmaster
This section will post the price of a billing to a selected room when an account is created or when the account is being used for the first time. Location data
You can enter an e-mail address and phone number of the main technical contact of this site. The phone and e-mail address will be shown in the home screen. Password policy
You can select the password policy that applies to this site. A password policy specifies settings like:
Minimum password length Password complexity Password expiry
The password policy can be created under Extra => password policy (see chapter 3.9.6.).
3-41 | P a g e
In this module you can specify when Free access users that got free access via the billing => free access module are eligible for free access again. In this case, every MAC address is eligible for free access every 24 hours. The length of the free access that the guests receive is specified in the free access module. Payment method
Here you have to enable the available Billing mechanisms for this site. It is possible that some of these options will not be available depending on the license.
PMS billing
PMS (Property Management System) is the management system of a hotel that contains all guest information. It synchronizes all checkin/checkout information with the HSMX. The HSMX has its own certified PMS interface. This way we send the charge directly to the PMS system. We do not depend on VLANs or any network related features. We can have a complete wireless setup and still do PMS charging. HSMX is with its FIAS interface compliant with all Micros Fidelio products.
Credit card billing
This enables credit card billing on the portal. The credit card module or credit card service still needs to be configured in settings => credit card settings. (see chapter 3.6.6.)
Credit card invoice
Guests who buy a package using their credit card, have the option to generate an invoice that will be send to their account.
3-42 | P a g e
When the option credit card invoice is enabled, this part must be filled in. It sets the FROM e-mail address / subject and content of the e-mail that will be sent to the guests.
3.6.6.
3.6.6.1.
PMS interface is used by HSM for room billing, guest data. The first part of the configuration is the type of PMS module that you will enable.
FIAS Serial (basic) This enables our basic PMS interface Guest can be authenticated on any field in the PMS No support for sharing guests Uses the serial port to connect to the PMS system FIAS IP (basic)
This enables our basic PMS interface Guest can be authenticated on any field in the PMS
3-43 | P a g e
No support for sharing guests Uses the network port to connect to the PMS FIAS Serial (advanced) This enables our advanced PMS interface Guest can be authenticated on any field in the PMS Support for sharing guests View bill on the portal page View text messages coming from the hotels staff Check out on the portal page Uses the serial port to connect to the PMS FIAS IP (advanced) This enables our advanced PMS interface Guest can be authenticated on any field in the PMS Support for sharing guests View bill on the portal page View text messages coming from the hotels staff Check out on the portal page Uses the network port to connect to the PMS FIAS Agent (basic) This enables our basic PMS interface Guest can be authenticated on any field in the PMS No support for sharing guests Connects to the HSM agent instead of directly to the PMS Because PMS is not reachable over the internet To encrypt guest data before it is sent over the internet FIAS Agent (advanced) This enables our advanced PMS interface Guest can be authenticated on any field in the PMS Support for sharing guests View bill on the portal page View text messages coming from the hotels staff Check out on the portal page Connects to the HSM agent instead of directly to the PMS Because PMS is not reachable over the internet To encrypt guest data before it is sent over the internet
3-44 | P a g e
3.6.6.2.
You can select the fields that the guest has to enter to authenticate. If you do not select any field in this section the guest will be able to charge his room without entering any data. This scenario will only work in a wired setup and where the guest is connecting from his/her room.
3-45 | P a g e
No VLANs or wireless
Here you can select the fields the guest has to enter when the room is not known in advance. The guest will need to enter the room number by default, any other fields you select here will be required to fill in as well.
Shared room
In case that multiple guests share a room, it might not be clear what guest is authenticating. Here you can specify some additional fields to make sure you have a unique guest.
3-46 | P a g e
There are 10 user definable fields that can be used for any fields in the PMS system, this way you can authenticate on a loyalty number or any other field that exists inside the PMS system.
A checked out error is the message that will be shown to guests that are connecting from a room that is not checked in.
3.6.7.
Depending on the selection in the first tab you will see different options here.
o o
3-47 | P a g e
o o
Database swap Interval: every x minutes a database swap command will be sent, this is not recommended because a database swap can take a long time, depending on the number of rooms in the hotel. During a database swap no posting can be sent to the PMS. Fixed hour: This is a recommended setting, Set the hour to 03:00 AM for example when the system is less likely to be used, at that time the entire database can be swapped and were sure that the HSMX database is up2date. Be careful as the hour stated is in the UTC timezone. On start: this is also a recommended setting, when the connection to the PMS was disrupted, it is likely that the HSM did not get all live check in or check out data so doing a database swap when the link starts makes sure the system starts clean. PMS responds to link alive for sanity check This option will determine if the HSMX needs to wait for a link alive check from the PMS when the HSMX sends a link alive itself. Save bit log Do not strip guest title from guest name
In case of there is no FIAS communication for a certain period, the admin will be notified by e-mail. The FIAS interface might be up and running but if no data is received the administrator can check the interface on the PMS and restart it necessary.
3-48 | P a g e
3.6.8.
The credit card module can be configured as a service or as a module. The main difference between service and module, is that the user will stay on the portal page when module is selected.
o Service When a client wants to pay using credit card, the client is redirected to creditcard.firedigit.com where the client must enter his credit card credentials. The credit card service then sends this information to the credit card clearing house. Note that the credit card server does not store any credit card info on the server, it is directly sent to the credit card clearing house in an encrypted manner and in the format required by the clearinghouse. Module When a client wants to pay using credit card, the client stays on the portal and has to enter his credit card credentials. The hotspot manager sends this information to the credit card clearing house. Note that the hotspot manager does not store any credit card info on the server, it is directly sent to the credit card clearing house in a encrypted manner and in the format required by the clearinghouse.
3-49 | P a g e
Pre-paid billings plans Guest pays in advance for a pre-defined time or volume Post-paid billings plans Guest pays after use of his connections, price depends on time and/or volume (only in combination with our PMS module) Free-access billings plans Guest does not pay for the access for a specific time period or a specific amount of data volume
3-50 | P a g e
3.7.1.
3.7.1.1.
Name:
Content filter
All clients with this billing will use the selected WAN connection (only available when load balancing is enabled).
Location
The package and accounts will only be valid in the location specified.
Limit account to x MAC addresses
You can limit the account to a number of MAC addresses, the MAC addresses that first login with the account will be the ones that can login. If set to one, the first MAC address will be linked to the account and no other MAC address will be able to use the account even if the account is not in use.
URL Redirection:
This is the URL that the user will be redirected to after login (appliance only)
Simultaneous-Use:
This is how many subscribers can logon with this username simultaneously
Subnet:
This is the subnet of the local network, where the Subscribers computer will receive its IP Address
Accounting Interim Interval:
This is the time interval for communication between HSM and the gateway daemon.
Idle Timeout:
This is the amount of time that a user must remain idle before automatically being logged off
Session Timeout:
This is the amount of time that the user has before the voucher/subscriber expires. e.g. an expiry timeout of 1 day means that the user will expire one day after the first login whether the account was used up or not
Start date
Here you can set a start date of the package, accounts cannot be used before this date
End date:
Here you can set an end date of the package, accounts cannot be used after this date
Time based access.
The accounts generated with this package can only be active between the start and end time specified
Staff
This option makes sure this package is only available for staff users. Staff users can be created in access control
Calender days Calendar days limit days / time where this package is This enabled you to make promotional packages that are only valid in weekends / holidays, valid.
3-52 | P a g e
3.7.1.2.
Post paid billing plans can only be used in combination with the FIAS Module You can specify a price per MB or a price per minute.
3-53 | P a g e
3.7.1.3.
Free access billing plans allows a guest to get connected without being charged for the access. You can configure the free-access plan so the guest can only select that specific billing plan once or once every x hour. You can also limit the plan per guest id (PMS) instead of MAC address, he will only be able to get the free access once even if he/she is using different pcs or spoofing his/her MAC address.
3-54 | P a g e
3.7.2.
When you go to Billing-> Calendar days you will see the overview screen, you will be able to view all the calendar days that are available for billing plans. It is not possible to delete a calendar day when it is used in a billing plan. When you update a calendar day, it is possible to add more days, periods or time limits.
This is the name that is assigned to the period, day or dynamic day.
Period:
Here you can define a period from start date until end date. Fixed: In this type you specify one day. Dynamic day/weekend/weekday: In the last type you can add a day. E.g. every first Monday of February, every Sunday or the whole weekend
Time limit:
3-55 | P a g e
3.7.3.
In the free access module you can assign a period of free access to users. This means guests can surf a period for free and after that period they are redirected to a portal page where they can buy a package or login with a voucher code.
3-56 | P a g e
After you created a free access page, you still need to create a free access rule. A free access rule specifies what guests get free access. You still need to specify what VLAN or rooms that are entitled to the free access.
3.7.4.
Here you can set up the settings for MAC based authentication.
3.7.5.
Here you can add/update a network policy to determine which ports and what protocols are allowed. You also can set a limit on a port.
3-57 | P a g e
Is the page that the subscriber will see when logging onto the internet.
Logout Console
Is the box that will popup when the user has logged on. It will allow the user to log off, as well as display the amount of time/volume that the subscriber has left.
Templates
Are the templates that will be used when printing out Vouchers or invoices.
Theme
3.8.1.
On this page you can customize the portal page to suit your company/organization. The portal page is the screen that the subscriber will see when logging on. In overview you can view all the portal pages that are available. In the add screen you can add a customizable portal page. Enter the name that you want to display, as well as the type of Portal that you would like to use. There are four types of portal pages available that you can use. In the Portal type drop down box, to select the type that you want to use, and then click Add.
3-58 | P a g e
3.8.2.
HSM portal
If you click on the edit button in the overview page you will be able to update a portal. This section is the same as the initial add screen. Here you can adjust the name, description, or the type of portal that you are creating. Ensure to click submit if any changes were made. At any time you can click on the Preview portal in the bottom of the page to preview what your portal page will look like. Navigation links
Here you can adjust which of the navigation links you would like to be seen. You can also rename them here. Update portal page
3-59 | P a g e
Terms of Agreement
Here you can add the terms and conditions that apply to the guests.
Title
This is the title that will be displayed at the top of the box.
Button
A subsection is one of the sub-divisions of the HSMX initial home screen. Cookie-based authentication
This module gives the guest the option to remember the username and password so he will be logged in automatically the next time he reaches the portal page.
3-60 | P a g e
Voucher code
This option removes the password field from the portal page so the guests only have to enter the username. When generating vouchers there is an option to generate voucher codes only. Welcome e-mail
This module sends a welcome e-mail to guests who log in or register for the first time. This mail can contain the username and password they used to register. In the text you can use the following variables they will be replaced by the actual values when the guest logs in.
||username|| ||password||
Login settings
Here you can choose how a client can login. With username/password, voucher code only or with the PMS fields.
3-61 | P a g e
Here you can setup a simple help section for the user. If they forgot their password, all they need to do is enter their username and email address, and they can retrieve their password. Select which categories you want these settings to be available for
Voucher are the vouchers that the user was given at the desk. PMS this is the venue PMS (Property management system) Credit card if the user logs on using their credit card
3.8.3.
External portal
This is a portal page that is hosted on an external web server. Enter the location of the page in the external url field. The HSMX will forward the subscriber to the external portal with all parameters configured. Click submit.
3-62 | P a g e
3.8.4.
The Custom HSM portal is a portal page that can be fully customized and is custom made.
Here you have to upload the portal zip file. For more information on how to create a custom portal page, there is a how-to available on the fdXtended website. Cookie-based authentication
This module gives the guest the option to remember the username and password so he will be logged in automatically the next time he reaches the portal page. Voucher code
This option removes the password field from the portal page so the guests only have to enter the username. When generating vouchers there is an option to generate voucher codes only.
3-63 | P a g e
Welcome e-mail
This module sends a welcome e-mail to guests who log in or register for the first time. This mail can contain the username and password they used to register.
Login settings
Here you can choose how a client can login. With username/password, voucher code only or with the PMS fields.
Here you can setup a simple help section for the user. If they forgot their password, all they need to do is enter their username and email address, and they can retrieve their password.
3-64 | P a g e
3.8.5.
Hospitality portal
The Hospitality portal is a portal page that can be fully customized and is custom made. It offers advanced Hospitality functionalities if the HSM advanced PMS interface is used.
o o o View bill Text messages Check out
3.8.6.
Rsync and sftp have been introduced to customize portals from an external source so you no longer need to upload the portals in the HSMX-GUI. When you add a portal and chooses for a hospitality or custom portal you can enable this option. You can do this by choosing rsync or SFTP as synchronize method. The only requirement is to enter a folder and password (this can later be changed if you update the portal). Now you can log in using a program that supports this feature with the password and username that has been configured. You should then see the portal folder where you can upload the pages.
3.8.7.
Banners
The HotSpot Manager banner module allows administrators to add banners to the portal page. Banners can be updated and changes will be reflected on the portal page automatically. It does not require any HTML knowledge of the administrator.
3-65 | P a g e
3.8.8.
Portal rules
Here you can add a rule to match a portal page or billing package against certain criteria. You can also choose to sort the rules. This is essential as the system implements the rules from the top to bottom.
Here you need to give the rule a name, this will be used when sorting the list as well as viewing all the rules listed. Select a portal page
Select a portal page that you wish to be used for this rule Logout console
Enable or disable the logout console, and select the logout console that you wish to use
3-66 | P a g e
Select how they can pay on the portal page. Realm based routing
Select a suffix for realm based routing If the NAS is configured for multiple gateways, we can add a realm to the authentication requests so the NAS selects the radius server of the HotSpot Manager for the authentication requests. If you have added the portal rule, you will see a list of criteria. It is possible to implement rules with more then one criteria. With the portal page rules you can add more than one criteria, for a rule to be implemented. E.g. add a criteria of All rooms, and where the user agent is a PocketPC, you can display a certain portal page.
3-67 | P a g e
Default
This is if you want this rule to apply to all rooms (VLAN setup)
Room
This is if you want this rule to apply to a user agent, e.g. Sony PSP
User Agent User definable
Here you can set this rule based on a certain FIAS input, e.g. First name
3.8.9.
Here you can alter the logout page when clients logout. The ZIP file needs to contain index.html.
3.8.10.
This section is similar to the portal page section, except that this is the small popup that the guest will see with the remaining time and volume and a button to log off. The overview page is the same as the portal page. The add screen also has a selection of logout console types, that can be used. By default the logout console is a popup screen that automatically shows the amount of time, volume up and volume down left. The logout button will log off the subscriber, setting his status to Idle. They willhave to logon again to be able to access the internet. If the subscriber has a popup blocker, the system will prompt the subscriber to allow the popup to be shown. If the subscriber ignores the message and carry on to the internet, he will not be able to log off, unless they know a special page to log off. There are two different types of logout consoles that are available
HSM logout console Custom logout console
3-68 | P a g e
3.8.11.
Name:
This is the hyperlink that the subscriber clicks on, in order to log off
Time Credit:
Volume Credit:
This is the wording that informs the user when their account has expired
Idle:
This is the wording that informs the user when their account has gone idle
Logout message:
This wording is displayed when the user clicks the logout hyperlink
Color scheme
Here you can adjust the colors In the last part (Logout console advanced settings) you can enable the heartbeat between the logout console and the HSMX. Poll interval determines the interval of this heartbeat. If a client misses X retries he will be automatically logged out. For example, if poll interval is 60 and retries is set to 2 the user will be logged out if the last heartbeat is from 180 seconds ago.
3.8.12.
3-70 | P a g e
The first part of the page is the name and type of the Console. The dimensions are those of the logout console box, and are measured in Pixels. Logout console ZIP file, here you have to upload the custom logout console zip. In the preview part of the page you can see a preview of the uploaded logout console. In the last part (Logout console advanced settings) you can enable the heartbeat between the logout console and the HSMX. Poll interval determines the interval of this heartbeat. If a client misses X retries he will be automatically logged out. For example, if poll interval is 60 and retries is set to 2 the user will be logged out if the last heartbeat is from 180 seconds ago. For more information on how to create a custom logout console, there is a how-to available on the website.
3-71 | P a g e
3.8.13.
Layout Templates
Here you upload or create your own template, used for printing vouchers, invoices etc. To upload a template click on the right icon in the upper-right corner. Enter your name, and the location of the file, or click Browse to locate it. Choose the type of file that is being uploaded. The voucher templates are in RTF format and can be updated with with Microsoft Wordpad for example. In the template we use variables that are replaced by the actual values when vouchers are generated. Here is a list of all available variables:
||user|| => username ||pass|| => password ||bill|| => billing plan name ||description|| => billing plan description ||session_timeout|| => session timeout ||volume_up|| => data volume up ||volume_down|| => data volume down ||expiration|| => fixed expiration date ||expire_time|| => same as session timeout without start stop, what is used depends on the billing plan configuration ||band_up|| => bandwidth up ||band_down|| => bandwidth down ||url_redirect|| => URL redirect after authentication ||sim_use|| => simultaneous use ||idle_timeout|| => idle timeout ||limit_mac|| => limit account to x mac addresses ||expire|| => expire is the fixed expiration that can be set when the accounts are generated (in subscriber create page)
To create a new template click on the left icon in the upper-right corner. Here you will get a text editor where you can insert images,tables, Its also possible to add variables which you can find in the fields dropdown.
3.8.14.
Layout Theme
The theme section allows you to choose between some available themes in the HSMX. Currently only one theme is available but more themes might be added in the future.
3-72 | P a g e
3.9.1.
Here you can see all the system logs. The logging is important for HSM for troubleshooting purposes.
There is an advanced search option in the logs. You can select the hour, facility and level you want to filter on. You can also search a specific word in the log files. You can use * as a wild card when you do a search on a specific word. There are several logs available:
Syslog
Syslog is the general syslog the HSM receives from the NAS device. In the NAS you need to configure the Syslog level (log number) to 1.
XML log
XML log is the communication log between the HSM and the NAS.
FIAS log
FIAS log is the communication log between the HSM and the PMS system. It is also possible to download the FIAS log of the current date.
Payment log
Payment log is a list of all payments that have occurred (PMS / credit card)
Lawfull interception
Lawfull interception will show all connections for a user for legal reasons. In the NAS you need to configure the Syslog level (log number) to 3.
System log
Radius log is a radius communication log between the gateway daemon and the internal radius server. 3-73 | P a g e
3.9.2.
You can view all settings in the summary menu. Click on the icon in the right corner to create a PDF of these settings.
3.9.3.
Here you can update and add currencies to be used for billing purposes.
3-74 | P a g e
3.9.4.
Portal debug is an advanced debugging feature of the portal page sessions. You can enable portal debug in system => system settings. (see chapter 3.10.15.). Since the portal debug generates so much data it is important you only enable it when you are debugging a specific issue that is guest related. The log shows you the exact user input and all the variables that are active at the time a guest is logging on.
3-75 | P a g e
3.9.5.
There are backup logs available which you can download from the appliance or FTP location if the log archives were uploaded.
Syslog Aaa log XML log FIAS log Agent send Agent recceived Lawfull interception Credit card Radius
3.9.6.
3-76 | P a g e
The report section is where printouts of different section can be made. E.g. Revenue, Volume up/down etc. These reports are available in day, month and year views.
3.9.6.1.
Revenue
Here you can view all the revenue that has come in over a certain time period.
3.9.6.2.
Volume up
Here you can view the total data that has been uploaded over a certain period.
3.9.6.3.
Volume down
Here you can view the total data that has been downloaded over a certain period.
3-77 | P a g e
3.9.6.4.
Subscriber
Here you can view the details of the subscribers that have logged on, i.e. how many users logged on, how many used credit card, how many used PMS etc.
3.9.6.5.
Sessions
Here you need enter a number of different criteria, and then click generate report (there is also an option to search using all field, or just one field). This will bring up an excel sheet that displays all the subscribers and session information. You can save or print the file from here if necessary.
3.9.6.6.
Revenue export
This will bring up an excel file, displaying the revenue for a certain period. You can save or print the file if necessary. Select the time period that you wish the view.
3.9.6.7.
Subscriber export
In this section you can generate a report for all users who were created between specific dates.
3.9.7.
In the password policy you can set different password policies for the system. Password policies are used on the portal page and define actions the guest has to do concerning his password. Change password on first login. Allow the guest to change password on the portal. Minimum password length. 3-78 | P a g e
Password expiration. Block account after x login attempts. Password history (no password that the guest recently used can be reused). Password complexity.
3.10. 3.10.1.
3-79 | P a g e
3-80 | P a g e
In Access control you can add administrators for the HSMX billing platform. The person logging on will have access to certain parts of the system depending on the username that they log on with. The level of access for a specific administrator can be configured in this module. There is also a simple mode with a simplified layout for desk personnel. It is also possible to make a user that has only access to the lawfull interception logs, to do this you only need to check the lawfull interception checkbox without giving the users other rights.
3.10.1.1.
Point of Sales
3-81 | P a g e
Here you can see the settings for a POS user. To enable this just click on POS while adding or updating a access control. POS users have a very limited login. They can only add users and manage their own created user profiles. When a POS administrator adds an account, a ticket will be automatically printed on a ticket printer. The template of the ticket can be modified with a GUI in the hotspot manager. The template has a couple of variables that will be replaced by the actual values when generating an account:
||username|| => username generated ||password|| => password generated ||voucher_code|| => voucher code generated (if voucher code instead of username/password is chosen) ||plan|| => billing plan name ||description|| => billing plan description ||price|| => billing plan price ||pos|| => administrator name ||date|| => date account is created
3.10.2.
To disable web pages containing specific phrases or just to block certain URLs you can use a content filter. In order to use a content filter, you need to enabled them here and add them to a billing plan.
3.10.2.1.
Here you can configure a content filter. It is possible the block web pages according to a few lists:
Banned extensions
If a web page ends with an extension in this list, the page will be blocked.
Banned IPs
Banned phrases
Block pages containing words from this list. If you want to block a page containing the word test you need to add test. If you want to block pages containing any word that is part of the string test like fdtest use: *test. You can also enable weight. All the words on a web page that are in your phrase list and have a weight will be added and if the weight is larger then the allowed weight, the site will be blocked. For example, we have 2 words: test weight: 30 and fdxtended weight: 31, the allowed weight is 50. If a site contains the word test or fdxtended but not both the site will not be blocked because the weight will be 30 or 31. However, if the site contains the word test and fdxtended the total weight is 30+31 and is higher than the allowed weight, so the site will be blocked.
Banned sites
You can use this list to block an entire site, there is no need for www/http://
Banned URLs
To block a part of a site you can use this list for example: fdxtended.com/download. Also there is no need for www/http://
3-83 | P a g e
3.10.3.
System > Network configuration System -> Network configuration - Network configuration
3.10.3.1.
Here you can configure the ip settings for each network port or VLAN in the system. Click on add to add a new IP configuration, there you can choose between static, DHCP and PPPoE. Static In this mode, you need to enter a name, IP address, netmask, network port and optional the default gateway: the default gateway used by the system. You can only add one default gateway. DHCP Here you only need to enter a name and network port. PPPoE You can choose this option if you want to connect to a DSL device. Just enter a name, username, password and network port. To enable Network Address Translation you have to check the NAT checkbox. Default Wan interface
Here you can choose the default WAN interface that will be used.
3-84 | P a g e
Current IP configuration
The current IP configuration will show you the current configuration of the system.
3.10.3.2.
Here you can configure the physical network ports and VLANs of the system.
3-85 | P a g e
3.10.3.3.
Routes gives you an overview of the current routes in the system and gives you the option to add static routes.
3.10.3.4.
3-86 | P a g e
3.10.3.5.
3.10.3.6.
In this section, you can enable load balancing. The HSMX will automatically choose an interface (that is enabled) for every user depending on its weight (if you want more users on one interface, the weight has to be bigger then the other one). If an interface is selected in billing plan/subscriber network (except the default) users will be redirected to this interface no matter what the weight is. If you want to use an interface just for users with billing plan A or with a specific subscriber network and no other user. Choose the interface in the subscriber network/billing plan and disable the interface here. The default WAN interface will be chosen if load balancing is disabled.
3-87 | P a g e
3.10.3.1.
3-88 | P a g e
3.10.4.
On this page you can add different firewall rules. By default, all rules are added to communicate with the NAS. It is possible to set IP or subnet based filters to make sure the appliance is safe against attacks when it is directly connected to the internet.
3.10.5.
All clients that are using a protocol in connection tracking will be destination natted to one of the available IPs (to add an IP go to System->network settings).
3-89 | P a g e
3.10.6.
Here you can enter the timeservers which the HSMX will use to sync the time. You also need to select the time zone to set the correct time.
3-90 | P a g e
3.10.7.
Here you can configure the XML server. You can enable it and set source IP restriction.
3.10.8.
Here you can ping an external host to verify the network connection.
3.10.9.
3-91 | P a g e
3.10.10. System -> SNMP settings 3.10.10.1. System -> SNMP settings SNMP settings
To gain access to some information of your system using an external program you can enable SNMP. Configure SNMP daemon v2 Here you need to specify the write and/or read community string to determine who can write/read to the system. Configure SNMP daemon v3 Enable version 3 and enter a username / authentication algorithm / Authentication password. You also need to specify a privacy algorithm and a privacy password
3-92 | P a g e
3.10.10.2.
Here you can enable SNMP traps. If this option is enabled the system will send traps to the selected IP addresses for the selected events. SNMP traps v3 Select version 3 and enter the user /auth method / password and privacy method / password and specify the engine id of the user.
3-93 | P a g e
If you want to forward a specific domain to another IP address, you can enable this here. Just enter the domain that needs to be blocked and the IP address that the users will see if they go to the domain.
If you are making use of our CMS, you can enable remote access so the HSMX is reachable even if its in a local network. Port, username and password are provided by the CMS.
3-94 | P a g e
Here you can enter all details for the SSL certification of the server.
3-95 | P a g e
3.10.14. System ->System backup 3.10.14.1. System -> System backup - Backup settings
Here you can choose if the system will generate a complete backup and if the backup needs to be uploaded to an FTP location. If you want to backup the system at this point, you can press the backup now link.
3.10.14.2.
Backups offers you a complete list of all back-ups, here you can download, upload, delete or restore a backup. If a backup was uploaded you also can download it from the FTP location by clicking to link in the Uploaded column.
3.10.14.3.
3-96 | P a g e
In log handling you can choose to upload the log archives to an FTP location. It is also possible to remove the logs or log archives after a couple of days/months. (the system will automatically create every day a log archive (zip file from all the text logs of one day))
3.10.14.4.
This will reboot the server. Rebooting the server takes about 90 seconds.
3.10.16. System -> Cluster settings 3.10.16.1. System -> Cluster settings Cluster settings
This module is only available when the cluster module is licensed. This setup means that there are two appliances in high availability. If the master appliance fails, the other appliance will instantly take over. All log files and configuration settings are synced automatically.
3-97 | P a g e
3.10.16.2.
This is the setup screen to let the system sends an email when a failover occurred or when a node is unavailable.
Here you have an overview of all tasks and modules running on the server. For every task/module you can see the status. To update the system you can simple upload a zip file in the system updates tab. To check if an update is available, you can use the check for updates button in the system updates tab. If an update is available you can directly download and install them. 3-98 | P a g e
On the system settings page you can find all system wide settings. Subscriber session time When a subscriber is idle, the system needs to calculate the session time the profile has left. Here you can choose the difference between start and stop time or the session time provide by the gateway. This can be different, as the session time of the gateway usually does not include the time the user has been idle.
3-99 | P a g e
SMTP settings SMTP settings of the server are needed so the system can send mails, e.g. welcome e-mail, status alerts, intrusion detection, . External URL When a subscriber is going directly to the portal page without redirecting to the internet, the system will automatically redirect the subscriber to the external url for lost portal sessions. So the NAS will redirect the guest to the portal page properly. Portal debug Here you can enable the portal debug feature to debug the portal session. Remember to disable this feature after the debug. Portal session error Recent browsers have an option to allow multiple tabs to be opened at the same time. This feature detects that a portal session is already open (with the same session id) and will show a warning when the guest opens a second session. This is primarily because new portal session can overwrite settings (like payments / logins) of a previous portal session. By enabling this option you overcome that problem. Sample input (submit button is needed to continue): There is already a portal session active.</br>Click <input type="submit" value="here"> to stop the previous portal session and to continue with this one.
3-100 | P a g e
Here you have to enter the install code provided by fdXtended. After entering the install code, company name and e-mail address you have to click get license. The system will generate a license key on our license key server and your HSMX will be operational. In case the system cannot make an outgoing connection to the license key server, it is possible to enter the license information manually. Contact fdXtended support with the following information:
Install code Company E-mail Machine id
Machine id value can be found in the tab enter license key manually.
3.11.
Logout
This is used to logoff the HSMX gateway and you will automatically return to the login screen.
3-101 | P a g e