Cradlepoint CBA850: First Time Setup with Firewall/Router

So, you just got your hands on an INS provisioned Cradlepoint CBA850 and you’re ready to connect it to your Firewall/Router. The steps below will show you how to obtain the IPv4 Address, Subnet Mask, Default Gateway and DNS from the CBA850 and how to properly connect the CBA850 to your Firewall/Router.

NOTE: Cradlepoint CBA850's LAN 2 port is the designated IP Passthrough port.

1) Power up the CBA850 and wait for it to connect to the cellular network.

2) Disable the Wi-Fi of your Windows PC. Using an Ethernet cable, connect the PC to LAN 2 port of the CBA850 (screenshot below)

NOTE: Ensure the PC is configured for DHCP connection method.


3) Perform an IP config check (ipconfig /all). Note down the IPv4 Address, Subnet Mask, Default Gateway and DNS values.

4) Disconnect the PC from LAN 2 port of the CBA850. Reboot (power-cycle) the CBA850 and wait for it to connect to the cellular network.

5) Program the Firewall/Router's WAN interface with the parameters taken in step 3 above.

6) With the CBA850 powered up and connected to the cellular network, connect the Firewall/Router’s WAN port to LAN 2 port of the CBA850.

After performing the steps above, the Firewall/Router should now have the cellular IP of the CBA850.

For the CBA850 LED status information, please refer LEDS section of the User Manual, which is available under Resources.

Configure WAN (Remote) Access Settings on Digi Device

WARNING: In today's dismal climate of malware and hacking attacks perpetrated by malicious actors on the Internet, great caution should be exercised when exposing access of network equipment to the public Internet.  Enabling administrative access to devices from the WAN should only be configured as a last resort and in accordance with your company's security policies.  Instead, INS highly recommends use of the manufacturer's secure cloud hosted management solution - Digi Remote Manager (DRM).  For more information, please visit the DRM product page link at the bottom of this article.

Follow the steps below to disable remote access on a Digi Transport router.  This will prevent users from remotely managing the router via Telnet, FTP, or the web interface through the cellular interface (PPP 1).

Step 1: Login into the admin page (locally) 
Step 2: Navigate to Configuration - Network > Interfaces > Advanced > PPP 1 
Step 3: Remote management > choose Disable management
Step 4: Click Apply
Step 5: Click "here" next to the Apply button > Save All > Reboot

We highly recommend changing the default login credentials to secure the device from unauthorized access/logins.



If (after ensuring Remote management access is set to Disable management) you are still able to remotely connect to your router, then this requires more advanced troubleshooting which is beyond the scope of this post. Give us a call and one of our application engineers can assist.

Links of Interest

Configure WAN (Remote) Access Settings on Cradlepoint Device

WARNING: In today's dismal climate of malware and hacking attacks perpetrated by malicious actors on the Internet, great caution should be exercised when exposing access of network equipment to the public Internet.  Enabling administrative access to devices from the WAN should only be configured as a last resort and in accordance with your company's security policies.  Instead, INS highly recommends use of the manufacturer's secure cloud hosted management solution - Cradlepoint NetCloud Manager (NCM).  A subscription to this service is included with the purchase of new hardware.  For more information, please visit the Cradlepoint product page link at the bottom of this article.

You want to have direct access to your favorite Cradlepoint device just like being right next to it while located miles away?  Rest assured, there is a way to accomplish this.

Enabling Web Remote Administration requires a few steps described below.

1. Login (locally) to the Cradlepoint's admin page.
2. Once logged in, click "System" from the left-hand side.
3. Click "Remote Admin".
4. Check "Allow Web Remote Administration" box.
5. Click "Save" and then "OK" so the new settings take effect.


Once "Web Remote Administration" is enabled then a Cradlepoint device can be accessed anywhere from the internet.

Type on your Browser's address bar: (IP Address):(port)   example: 123.145.167.189:8080

If (after ensuring Remote Access is enabled) you are still unable to remotely connect to your modem, then this requires more advanced troubleshooting which is beyond the scope of this post. Give us a call and one of our application engineers can assist.

Links of Interest




Configure WAN (Remote) Access Settings on Peplink Device

WARNING: In today's dismal climate of malware and hacking attacks perpetrated by malicious actors on the Internet, great caution should be exercised when exposing access of network equipment to the public Internet.  Enabling administrative access to devices from the WAN should only be configured as a last resort and in accordance with your company's security policies.  Instead, INS highly recommends use of the manufacturer's secure cloud hosted management solution - Peplink InControl 2 (IC2).  A one year subscription to this service is included with the purchase of new hardware.

Are you looking to remotely access your Peplink modem? If so, you will need to enable remote access prior to field deployments as this setting comes disabled by default.

You can find remote access setting by logging into the admin page (locally) and navigating to System > Admin Security > Web Admin Access. 

Once Web Admin Access is set to LAN / WAN, you can select which WAN connection is allowed for remote access under the WAN Connection Access Settings.

We highly recommend changing the default password once remote access is enabled to secure the device from unauthorized access/logins.


If (after ensuring Web Admin Access is set to LAN/WAN) you are still unable to remotely connect to your modem, then this requires more advanced troubleshooting which is beyond the scope of this post. Give us a call and one of our application engineers can assist. 

Links of Interest 

Use ALMS to Change ACEmanager Password for a Fleet of Devices

The Airlink Management Service (ALMS) is a secure cloud-based device management application that makes it easy to configure and update any number of Sierra Wireless gateways remotely. If you have multiple gateways and do not currently subscribe to ALMS, you can sign up (max of 15 devices for free tier of ALMS) by visiting our website link: ALMS Management Software

For updating ACEmanager passwords from ALMS via the normal “device initiated” setup (this is where the modem checks in to ALMS on a regular interval for providing status and retrieving any settings changes), step by step instructions are detailed here: How To Update ACEmanager Passwords from ALMS

Note: For gateways communicating using MSCI protocol, you will need to first initialize the current password in ALMS.

Links of Interest