Configure WAN (Remote) Access Settings on Digi Device

WARNING: In today's dismal climate of malware and hacking attacks perpetrated by malicious actors on the Internet, great caution should be exercised when exposing access of network equipment to the public Internet.  Enabling administrative access to devices from the WAN should only be configured as a last resort and in accordance with your company's security policies.  Instead, INS highly recommends use of the manufacturer's secure cloud hosted management solution - Digi Remote Manager (DRM).  For more information, please visit the DRM product page link at the bottom of this article.

Follow the steps below to disable remote access on a Digi Transport router.  This will prevent users from remotely managing the router via Telnet, FTP, or the web interface through the cellular interface (PPP 1).

Step 1: Login into the admin page (locally) 
Step 2: Navigate to Configuration - Network > Interfaces > Advanced > PPP 1 
Step 3: Remote management > choose Disable management
Step 4: Click Apply
Step 5: Click "here" next to the Apply button > Save All > Reboot

We highly recommend changing the default login credentials to secure the device from unauthorized access/logins.

If (after ensuring Remote management access is set to Disable management) you are still able to remotely connect to your router, then this requires more advanced troubleshooting which is beyond the scope of this post. Give us a call and one of our application engineers can assist.

Links of Interest

• Digi Cellular Products
• Digi Remote Manager (DRM)

Configure WAN (Remote) Access Settings on Cradlepoint Device

WARNING: In today's dismal climate of malware and hacking attacks perpetrated by malicious actors on the Internet, great caution should be exercised when exposing access of network equipment to the public Internet.  Enabling administrative access to devices from the WAN should only be configured as a last resort and in accordance with your company's security policies.  Instead, INS highly recommends use of the manufacturer's secure cloud hosted management solution - Cradlepoint NetCloud Manager (NCM).  A subscription to this service is included with the purchase of new hardware.  For more information, please visit the Cradlepoint product page link at the bottom of this article.

You want to have direct access to your favorite Cradlepoint device just like being right next to it while located miles away?  Rest assured, there is a way to accomplish this.

Enabling Web Remote Administration requires a few steps described below.

1. Login (locally) to the Cradlepoint's admin page.
2. Once logged in, click "System" from the left-hand side.
3. Click "Remote Admin".
4. Check "Allow Web Remote Administration" box.
5. Click "Save" and then "OK" so the new settings take effect.

Once "Web Remote Administration" is enabled then a Cradlepoint device can be accessed anywhere from the internet.

Type on your Browser's address bar: (IP Address):(port)   example: 123.145.167.189:8080

If (after ensuring Remote Access is enabled) you are still unable to remotely connect to your modem, then this requires more advanced troubleshooting which is beyond the scope of this post. Give us a call and one of our application engineers can assist.

Links of Interest

• Cradlepoint products

Configure WAN (Remote) Access Settings on Peplink Device

WARNING: In today's dismal climate of malware and hacking attacks perpetrated by malicious actors on the Internet, great caution should be exercised when exposing access of network equipment to the public Internet.  Enabling administrative access to devices from the WAN should only be configured as a last resort and in accordance with your company's security policies.  Instead, INS highly recommends use of the manufacturer's secure cloud hosted management solution - Peplink InControl 2 (IC2).  A one year subscription to this service is included with the purchase of new hardware.

Are you looking to remotely access your Peplink modem? If so, you will need to enable remote access prior to field deployments as this setting comes disabled by default.

You can find remote access setting by logging into the admin page (locally) and navigating to System > Admin Security > Web Admin Access. 

Once Web Admin Access is set to LAN / WAN, you can select which WAN connection is allowed for remote access under the WAN Connection Access Settings.

We highly recommend changing the default password once remote access is enabled to secure the device from unauthorized access/logins.

If (after ensuring Web Admin Access is set to LAN/WAN) you are still unable to remotely connect to your modem, then this requires more advanced troubleshooting which is beyond the scope of this post. Give us a call and one of our application engineers can assist. 

Links of Interest 

• Peplink Products

Use ALMS to Change ACEmanager Password for a Fleet of Devices

The Airlink Management Service (ALMS) is a secure cloud-based device management application that makes it easy to configure and update any number of Sierra Wireless gateways remotely. If you have multiple gateways and do not currently subscribe to ALMS, you can sign up (max of 15 devices for free tier of ALMS) by visiting our website link: ALMS Management Software

For updating ACEmanager passwords from ALMS via the normal “device initiated” setup (this is where the modem checks in to ALMS on a regular interval for providing status and retrieving any settings changes), step by step instructions are detailed here: How To Update ACEmanager Passwords from ALMS

Note: For gateways communicating using MSCI protocol, you will need to first initialize the current password in ALMS.

Links of Interest

• Sierra Wireless Products
• AirLink Management Service (ALMS)

Sierra Wireless Technical Bulletin: IoTroop/Reaper Malware

Sierra Wireless has observed IoTroop/Reaper infecting Airlink gateways running older firmware, using default user or viewer passwords and that are directly reachable from the public internet. 

If you have a Sierra Wireless Airlink gateway with a public internet reachable IP address, it is highly recommended that you follow the steps included in the bulletin immediately.

The links below contain the latest technical bulletins and provide details about the issue and affected products along with instruction on recommended actions.

Technical Bulletin (3/29/18): IoTroop/Reaper Malware

Technical Bulletin Update (4/30/18): SWI-PSA-2018-004: CVE-2017-15043

Technical Bulletin Update (4/30/18): SWI-PSA-2018-005: CVE-2018-10251

Technical Bulletin Update (5/3/18):  SWI-PSA-2018-003: Technical Bulletin - IoTroop / Reaper Malware Update

All users with AirLink gateways and routers that are reachable from the public internet are advised to contact Sierra Wireless immediately for assistance at the number listed below:

Sierra Wireless Technical Support
1-877-552-3860 (free of charge)
6:00am - 5:00pm Pacific Time, Monday to Friday

ALMS will be provided free of charge by Sierra Wireless to support AirLink users.  The Airlink Management Service (ALMS) is a secure cloud-based device management application that makes it easy to configure and update any number of Sierra Wireless gateways remotely. If you have multiple gateways and do not currently subscribe to ALMS, you can sign up by visiting this website link: ALMS Management Software

NOTE: if you are unable to add more than 15 gateways due to a restriction, you can call into Sierra Wireless at the number listed above and they can change the Account to remove the limitations.

Links of Interest

• Sierra Wireless Security Updates and Information
• AirLink Management Service (ALMS)