Administrator Manual
The Gateways (HGWs, PAEGWs and PGWs)

The branch of the domain contains the HGWs and PGWs, depending on the authentication method you have selected in the domain.

HGW gateways are equipments placed between the access point network and internet, they route users ‘ anonymous requests to Welcome Portal or login page for registration or authentication. 

Login credentials for the user can be provided directly by the manager of the HGW gateway or the user, if set out by the domain, may obtain them by registering independently to the service using the procedure specified to this phase.

PAEGW gateways are equipments to which the customers’s devices send authentication requests and which, in turn, forward them to the HSNM’s radius that checks the username and password and assigns the characteristics of the connections based on the product assigned to the user.

Login credentials for the user are generally created by the manager and provided to users.

PGWs are instead equipmenta to which the customers’ routers send authentication requests and that, in turn, they forward to the radius of HSNM that checks the username and password and assigns the characteristics of the connections based on the product that is assigned to the user. Technically, they are called NAS.
Managers create the login credentials for the user and provide them to the hotspot’s owner who will have to configure the routers.

The Context Dropdown menu

By clicking the bar with the right mouse button or pressing the context properties button , you expand the context dropdown menu that contains a range of options grouped by: default; edit; admin; Welcome Portal.

The “Default” Section

It contains the following options:

Option Description
Dashboard For further details about the contents of the various tiles, please refer to the “Tile Types of the Dashboards” paragraph.

The “Edit” Section

In addition to the standard options, contains the following options:

Option Description
 Add Virtual Gateway Allows you to add a virtual gateway.
Add Printer Allows you to add a new HSNM Printer.
Add Map, Zone or Floor Adds a map, a zone or a floor on which to place access points.

The “Admin” Section

It contains the following options:

Option Description
Connected Devices For the HGW and PAEGW gateways reachable over the net by HSNM, if you have inserted the configuration data and if based on MikroTik RouterOS, it displays the list of the device connected in Wi-Fi.
 Display All Connected Users Shows in a table all users connected to the gateway.
 Display All Users who Used this Gateway Displays in a table all users who used or are using this gateway.
 Download the Certificate for the Device

Downloads the certificate to upload to devices for the WPA Enterprise authentication.

Available only for domains with the authentication mode set to “WPA Enterprise”

Download Gateway Config Files Downloads the configuration files, for Mikrotik RouterOS, of the gateway generated based on the parameters you have set
Download Walled Garden Download a file with the list of the walled garden
Manufacturer’s Management Interface Shows the page for managing the appliance made available by the manufacturer.
Gateway Route Locates the gateway on a map and tracks the route taken. 
The gateway must be enabled to store GPS coordinates.
List of Access Points Opens a page containing a list of all access points entered for the gateway.
Map of the Gateways Shows the position of the gateways on the map based on the defined GPS coordinates.
User Traffic Log Displays the traffic log files of the users of the gateway.

The “Welcome Portal” Section

It contains the following options:

Option Description
Bypass or block IP/MAC-address

Opens the page that allows defining the IP address, the subnets or the MAC-addresses of devices that must bypass the Welcome Portal and/or that must be blocked for the specific gateway.

Available only for HGW and PAEGW gateways.

Custom App Goes to the management of the Apps customised and specific for the gateway. To make them visible in the Welcome Portal, you have to assign them in the configuration of gateway.
Custom Images Opens the page for managing custom images for the gateway. They are usable only in the current gateway.
Download QR Code

Downloads a PDF file with the QR Code and instructions for connecting.

Available only for HGW gateways.

Languages Allows you to define the images of all the languages and also the parameters for the additional languages

Available only in the Enterprise edition.

Surveys, Quizzes and Tests Opens the page for managing surveys, quizzes and tests.
Templates Allows you to manage the templates that customise the Welcome Portal for the gateway.
Translations Allows you to customise, specific for the gateway, the texts displayed in the Welcome Portal, in the standard apps, in user login page without Welcome Portal and in the printing of “ Cards” or to add texts for additional languages.
User Interface Preview Available only on gateway branches and it displays the user interface with the Welcome Portal or the login page based on how the domain is configured.
 Walled Garden Allows you to define the accessible URLs by users of the gateway without logging in and registering.

Adding or Editing a HGW or a PAEGW Gateway

To add a gateway, select the data tab, press the context properties button of the domain in which insert a gateway and select “ Add gateway”. While, to modify a gateway, always in the data tab, press the context button on the gateway and select “ Edit”. In both cases, a page appears that allows you to manage the contents of the following fields:

General Data

It is important to enter the GPS coordinates (latitude and longitude fields) eventually also derived in automatic way from the address. They are used to display the map of the gateways and for the geo referenced “ Advertising Campaigns“.

Field Description
ID ID of the record. Auto-assigned Identifier of the record. It can be used to use the API or external integrations.

It is displayed during editing phase of an existing data and not during insertion of a new record.

Created on Date and time of creation of the gateway.
Gateway Name Name assigned to the gateway.

Editable only if the user has permissions to manage the data of the gateway. 

Gateway MAC Address

MAC address of the gateway used to recognize the correct domain and gateway when you perform either a redirect to the Welcome Portal or the radius login.

If in the Redirect URL you specify the hotspotname parameter, using the name assigned in the “Gateway Name” field, you do not need to define it.

If the gateway passes the “Calling Station ID” that matches the gateway name, you do not need to define it.

If the radius cannot recognize the gateway from which the login request originates, the log contains an “info” that also defines the “Calling Station ID” passed in. In this case, define the gateway name with the value corresponding to the “Calling Station ID” or assign the value in this field.

Title for the Authentication Method Title displayed at the top of the login App for the authentication method.
If you want to offer multiple authentication methods to users, proceed as follow:

  • Enter the multilingual title to be displayed for the method represented by this gateway;
  • Add a new domain by parameterizing as needed;
  • Add a new virtual gateway on the previous gateway by entering the following minimum values:
Field Description
Virtual Gateway Type With multiple authentication methods
Authentication Method Title Multilingual title to assign to this second authentication method.
Reference Domain Choose the new domain just entered.

In this way two TABs will be displayed in the login App where the users can choose the authentication method to use.
Convenient cases of using multiple authentication methods can be:

  • In schools where the same infrastructure is used to allow teachers and students to access, but with different authentication and performance methods. 
  • In hospitals, on cruise ships, in hotels, in villages, etc. to allow guests and staff to access.
Address Address where the gateway is installed. Used to calculate the GPS coordinates.
ZIP Code ZIP code.
City City where the gateway is installed.
Country Country where the gateway is installed.
Phone Telephone number of the person in charge.
Mobile Phone Mobile number of the person in charge.
Activate Logs Enables the registration of logs for the gateway. 
To enable this feature, it is necessary that IP address of the connection must be static, i.e. it does not change for each adsl reconnection of the manager. If it changes, the logs will not be registered because the IP is not recognised.
Possible options are:

  • Disabled: the logs for this gateway are not saved;
  • Enabled: SysLog data are saved in a general file;
  • Enabled with saving in separate file: SysLog data are saved in a separate file so that it can be easily identified.

Editable only if the user has permissions to manage the data of the gateway. 

Internet Connection IP Address or DynDNS Name  Defines the IP address or DynDNS name with which the gateway will contact the HSNM. 
Mandatory if: you active the syslog filter in the system settings; if you want to to permit the disconnection of users from the backend from the page “ Connected devices”; if from the frontend of the user profile’s App it is allowed to disconnect the device.

Editable only if the user has permissions to manage the data of the gateway.

URL or IP to Access the Management Web URL or IP to access the web management of the gateway

If the backend is in HTTPS and the web management access of the device is in HTTP, it will open a new browser tab. In other cases, it will open a new tab on the HSNM backend.

Hardware Type Hardware type of the gateway.

Warning! Ubiquiti UniFi Controller does not support or has errors in accounting radius. The data are correct only if the system is able to reach the UniFi Controller (usually with NAT or VPN rules) and compensate dicrectly for deficiencies by enabling the various parameters of the panel “Fields for Gateway Configuration” and under panel “Radius”. If it is not possible, it is recommended to use this type of gateway only for user authentication. The user data rate can not be parameterised by the products but can only be defined in the controller.

Editable only if the user has permissions to manage the data of the gateway.

Gateway RouterOS Version RouterOS version.

Visible only if in the “Hardware type” field, you have selected “MikroTik”.

Editable only if the user has permissions to manage the data of the gateway.

Uptime Updatime, active time of the gateway.

The field contains a value only if the gateway’s scripts are updated to version 6 and later.

Visible only if in the field “Hardware Type” has been selected MikroTik.

Welcome Portal Template Declares the template to use for this gateway that parameterises the contents and the graphic unit interface of the Welcome Portal or login page. If you enable the “Use domain settings” option, it will use the template defined in the domain.

Selectable templates are coloured in base to the level they belong to. In specific, custom templates for the domain are displayed in light blue and in yellow ochre the ones for the system.

Template Color Scheme Colour scheme to use for the selected template.
If you enable the “Use domain settings” option, it will use the colour defined in the domain.
Advertising Defines the type of advertising, derived from “Advertising Campaigns“, that can be displayed to users.
Possible values are:

  • Enabled: enable the inclusion of advertisement:
  • Only for campaign on this gateway: enables the inclusion of advertising only for specific campaigns for this gateway (they must have defined the field gateway).
  • Disabled: does not display advertisement. 
  • Editable only if the user has permissions to manage the data of the gateway and if advertising has not been disabled in the domain.

If in the domain, you have defined to not display advertising, this value is not considered in this field.

Surveys, Quizzes or Tests Enables the request for surveys, quizzes or tests.
Possible values are:

  • Use domain definition.
  • Enable, one at a time. Enables the request to fill in the surveys but at maximum one at a time.
  • Enable, all those provided. If the current context provides for more surveys, it requires them all.
  • Disable. No surveys are required.

Editable only if user has the permissions to manage the domain data.

Geolocation and Tracking

Allows defining the parameters for the gateway’s geolocation and tracking.

Field Description
Longitudine GPS coordinates of the gataway: longitude. 

If not filled, it is defined by address.

GPS coordinates are re-calculated automatically if not defined or if you change the address, city or country. To force coordinates, define address, city and country, save, then define the desired coordinates and resave.

Latitudine GPS coordinates of the gataway: latitude. 
The display of the gateways’ maps automatically fills in this field, if not already filled, on the basis of the address, city or nation. To set coordinates, define address, city and country, save, define the desired coordinates and resave.

GPS coordinates are re-calculated automatically if not defined or if you change the address, city or country. To force coordinates, define address, city and country, save, then define the desired coordinates and resave.

GPS Coordinate Storing Enables or disables storing GPS coordinates sent every five seconds by the gateway.

Visible only with MikroTik hardware types.

The tracking of the gateway’s GPS coordinates requires a GPS detector compatible and to be connected to the MikroTik. Moreover, on the MikroTik RouterOS there must be installed and enabled the GPS package.

Vehicle

Define the reference vehicle.

To define the vehicle you need to purchase the “Fleet GPS Tracking & Telemetry” module.

Activation Scheduler

Using the parameters in this section you can set the times and the months of the gateway activation.
You can then create systems functioning based on the opening hours, days or months of the companies who offer the services.

Field Description
Timezone Defines the timezone of the gateway. The entered value effects the start time, end time and the operating hours of the gateway.
Using this value, it is possible to parameterise international gateways with different time zones than the one set in the system.
If you select “Use default”, it will consider the Timezone defined in the manager.
Operating Hours Defines the operating hours of the gateway. The gateway will be active during the highlighted hours.Timetables depend on the selected Timezone.
Operating Days Defines the operating days of the gateway. The gateway will be active on the highlighted days.
Operating Months Defines the operating months of the gateway. The gateway will be active during the months that are highlighted, partially active in the months not highlighted or disabled in the months that are not highlighted.
The gateway can be partially active in the non-highlighted months if in the manager or reseller has been defined a percentage in the “Reduce the Maximum Number of Users of the Gateway to” field. If the percentage is equal to zero, the system is disabled in the months that are not highlighted.
With these options, it is then possible to define seasons or gateways with seasonal peaks.

As described for the domain it is possible to inject popup for advertising or for information etc. in the Welcome Portal defined in the advertising campaign. If you are using a CO.IN. gateway (Content Injector for HSNM) it is possible to inject popups also on the external visited pages.

In this section, you can define, for each gateway, whether to activate or not this function and the parameters that will influence user’s experience.

The panel is not visible if advertising has been disabled in the “General Data” appropriate field.

Popup Injection

Field Desciption
Popup Injection It allows you to enter popups in the Welcome Portal and in the pages viewed by users during web navigation.
The possible options are:

  • Use domain definition: consider what is defined in the domain.
  • Disable: disables the injection.
  • Enable: enables the injection.
  • Warning! If the gateway is reconfigured, in order it injects contects again, you have to disable injection, save, and then enable injection and save again.

Warning! Injection works only if advertising module is active and advertising campaigns have been entered with content for injection.

Time of First Popup Defines the number of seconds that must pass before the first insertion of popup.
Popup Frequency Defines the frequency of the popups calculated in seconds.
Display in the Welcome Portal If enabled, contents are injected also in the Welcome Portal.
Display the Toolbar States whether to display the toolbar that allows the user to return to the Welcome Portal while browsing.

Requires the use of CO.IN.

Not visible with “PAEGW”-gateway type.

CO.IN. (Content Injector)

Allows defining some parameters for the CO.IN.usage (Content Injector for HSNM)

Not visible with “PAEGW”-gateway type.

Field Description
CO.IN. Gateway GUID

GUID of the gateway CO.IN. to enable for this gateway.

It is necessary to enter the GUID of the CO.IN.gateway for security reasons. After defining the GUID for this gateway, only the CO.IN. gateway with the same GUID will be able to perform the injection of contents

Wake On Lan Wake On Lan for CO.IN.
If enabled, it automatically turns the CO.IN. on in case it has accidentaly powered off or for example due to a temporary electrical power failure.

This feature is available only if the gateway’s hardware is MikroTik-Type.

Use CO.IN. DNS Use the CO.IN. DNS server to improve the performance and obtain, on CO.IN., the DNS usage statistics with the required domains.

In order to use this feature, it is necessary to have CO.IN. updated to version 2.0 or higher.

Warning! CNA of Apple, Android and Windows Phone has problems with the injection of contents in the web pages viewed by users while browsing. If you want to enable injection please disable the CNA.

Custom App

Field Description
App to Load List of system Apps to upload for this gateway. 
To select the Apps, open the list by clicking in the field and make the selection. To remove an App already selected, click the button of the App already uploaded.
In addition to the Apps specific for the domain (press the button of the domain properties then select “ Custom app”) and for the gateway (press the button of the gateway properties then select “ Custom app”), it uploads also the system Apps defined in this field. To see the system Apps, press the button of the properties on “ System” and select “ Custom app”.

After authentication through social login, you can ask the user, depending on the used social networks, to press “I like”, “Follow” or “Circle”. 
In order to do this, you have to indicate the URL of the page or the ID of the user who can be “liked” or to “follow”. 
For a description on how you can create the pages, please refer to the section “enable social login” in this manual.

The values entered in the gateway are considered more important and specific than those of the domain. Therefore, if the same field is definable in both the gateway and the domain and you have entered the values into both levels, it will consider the ones of the gateway. If you do not enter them into the gateway, it adopts the ones of the domain.

Not visible with “PAEGW”-gateway type.

External Authentications

Field Description
URL or Page ID for “I Like” or “Publish” Defines the complete URL (without HTTP://) or the Facebook page ID which the user can press “Like” on or “Publish a post” to.
Publish a Post to Facebook At the registration or connection using Facebook, users have the possibility to publish a post on the activity log or user’s timeline.
Possible values are: 
Use the domain settings: considers the domain settings.
Yes: users can publish a post on to their timeline.
Never: users cannot publish post and it ignores the domain settings.
Twitter Username Define the Twitter username that the user must follow (Follower). When the user logs in, he may click “follow” before accessing the internet.

CNA

Warning! If you have choosen the “QR Code & connect. No registration, no password” authentication type the CNA properties are always considered “Disabled”.

If you print cards with the QR Code, to facilitate the access, we suggest you to disable the CNA.

Not visible with “PAEGW”-gateway type.

Field Description
Disable the Apple CNA If enabled, disables the Apple mini browser (captive network assistant) which has several limitations (e.g. it does not display the YouTube videos). The user must manually open the browser after having been connected to Wi-Fi.
The option will be active from the next update of “ Walled Garden

Not available if you have selected “Ruckus Access point”, “Ruckus Zone Director” or CISCO Meraki in the hardware type. In this case, you have to manually enter the Walled gardens in the configuration of the appliances. For the list of the Walled gardens to open, please refer to the “ Walled Garden” paragraph.

Disable the Android CNA If enabled, disables the Android mini browser Android (captive network assistant) which has several limitations (e.g. it does not display the YouTube videos). The user must manually open the browser after having been connected to Wi-Fi.
The option will be active from the next update of “ Walled Garden“.

Not available if you have selected “Ruckus Access point”, “Ruckus Zone Director” or CISCO Meraki in the hardware type. In this case, you have to manually enter the Walled gardens in the configuration of the appliances. For the list of the Walled gardens to open, please refer to the “ Walled Garden” paragraph.

Warning! The usage of Android CNA has several limitations: In some versions, it does not display YouTube videos; after the login, the CNA closes automatically and therefore user is no more inside the Welcome Portal and cannot be redirected to a Custom URL; pressing the Facebook button “I Like” on Android 6, it displays a blank white page and closes the Welcome Portal; etc.

Disable the Windows Phone CNA If enabled, disables the Windows Phone mini browser (captive network assistant). The user must manually open the browser after having been connected to Wi-Fi. The option will be active from the next update of “ Walled Garden“.

Not available if you have selected “Ruckus Access point”, “Ruckus Zone Director”, CloudTrax or CISCO Meraki in the hardware type. In this case, you have to manually enter the Walled gardens in the configuration of the appliances. For the list of the Walled gardens to open, please refer to the “ Walled Garden” paragraph.

Warning! The usage of Windows Phone CNA has several limitations: it does not display YouTube videos; after the login, the CNA closes automatically and therefore user is no more inside the Welcome Portal and cannot be redirected to a Custom URL; etc.

Options

Field Description
Maximum Number of Users

Maximum number of users connected to the gateway. Once this number is reached, other users will no longer be able to connect unless there are disconnections. To indicate that the number of users is not limited, edit a zero value.

It is used to create a multi-tenant system.

If in the reseller and/or in the manager, you have specified a maximum value of users, then the minimum value in this field is equal to five.

The maximum value that you can edit depends: on the “Maximum Number of Users per Gateway” defined in the reseller and/or in the manager, on the concurrent users defined in the “Maximum Number of Users” in the manager or reseller and on how many gateways you have already inserted.

To not stress the system, the count of the current number of connected users is not done at every access to the Welcome Portal but every minute. In some special cases and on systems with lots of users, it may happen that the maximum number of defined users is exceeded.

Editable only if the user has permissions to manage the data of the gateway.

Maximum Number of Views per minute

The sum of the maximum number of views per minute, you need to enter in the manager’s gateways cannot exceed the value defined in the manager.

A value of zero indicates that no limit has been set.

It is used to create a multi-tenant system. It allows limiting the access to the Welcome Portal. When several devices try to view the Welcome Portal in the same minute and their number exceeds the defined value, the user will see a message that the system is busy and to wait for X seconds.

Editable only if the user has permissions to administrate the reseller’s data.

Notes for the Gateway Enter possible notes for the gateway.

Available only if the user has permissions to manage the data of the gateway.

Enable Notification

Enables sending notifications for gateway monitoring.

Available only for Mikrotik gateways.

Verify Internet Connection

Enable verifying Internet connectivity upon users login.

If not active, the login procedure is faster but users are not notified if the Internet connection is missing.

Lock the Gateway If enabled, it blocks the logins to all users of the gateway.

Available only if the user has permissions to manage the data of the gateway.

Fields for Configuring the Gateway

After you have entered and saved this information by pressing the button on the gateway properties in sidebar and choosing “ Download Gateway Config Files“, you can download a .zip file containing all the files necessary to configure a gateway and compatible based on MikroTik RouterOS.

This entire section is available only if the user has the permissions to manage the data of the gateway.

Visible only if the type of gateway is MikroTik.

Authentication Options

Visible only if the type of gateway is MikroTik and not “PAEGW”.

Field Description
Authentication via Mac-address If enabled, it is possible to create users with a username and password equal to the MAC address of the device. This avoids the Welcome Portal and consequently the manual registration and authentication phase.

Enable this option only if really necessary otherwise an authentication request will be senT to the Wifi connection of any device.

Wireless

Field Description
Use Wireless If enabled, the commands for configuring the wireless card (WLAN1) will be added in the configuration script of the gateway and the hotspot service will be configured on this interface. 
If disabled, no wireless card will be configured and the hotspot service will be configured on the Ether2
SSID Enter the SSID of the wireless network that you want to be displayed by the users who connect to this gateway.

It appears only if “Use wireless” is enabled.

Radius

Field Description
Force Disconnections If enabled, connections not receiving updates from the gateway during the double of the time defined in the ‘Interim Update’ of the product policy, are automatically closed

For Ubiquiti UniFi Controller, we recommend you to enable this option.

Send Disconnection Requests to the Gateway In addition to forcing disconnections, it also sends a radius request for disconnection to the gateway. Some types of gateways (i.e. Ubiquiti) may not send the stop to the radius and consider the device always active. If enabled, the gateway must be reachable via the port indicated with UDP protocol.

For Ubiquiti UniFi Controller, we recommend you to enable this option. For Mikrotik it is not available.

Port for Disconnection Requests Port used by the gateway to accept the disconnection requests. Port 3799 is commonly used but it depends on the type of gateway.

For Ubiquiti UniFi Controller, we recommend you to enable this option. For Mikrotik it is not available.

Verify User Consumption If the gateway does not support all the necessary radius attributes and the device is able to send the disconnection requests, the system periodically verifies the consumption of the connected users and in case they reach the time/traffic limits or at the expiration, it disconnects the user
Wan.

For Ubiquiti UniFi Controller, we recommend you to enable this option. For Mikrotik it is not available.

WAN

Visible only if the type of gateway is MikroTik.

Field

Description

WAN Configuration Type

Allows choosing how to configure the WAN.
The possible options are:

  • Enter Parameters. The user needs to complete the parameters displayed as to generate the configuration automatically;
  • Manual Configuration of the Gateway. It does not generate the configuration of the WAN part, leaving complete autonomy on configuring directly the gateway. You have to define the route and the NAT or Masquerading rule. It is useful to add the service on pre-existing and already configured MikroTik-type gateways.

If you choose “Manual Configuration of the Gateway”, all subsequent parameters of this section will be hidden.

Same Network of the Appliance

Enable it if the gateway is on the same network (physical and IP) of HSNM.

If enabled, in the configuration script of the gateway, it will add the commands to define, in the DNS configuration, a static host that associates the domain name, defined in “System Setting”, to the IP address (generally private) of HSNM.

Warning! If not enabled and the gateway is on the same network in the NAT of the appliance, the gateway may fail to contact HSNM.

Addressing Mode

Type of network addressing
The possible values are:

  • Static IP or DHCP;
  • PPPoE Client;
  • USB Modem;
  • LTE.

“PPPoE Client”, “USB Modem” and LTE are not available for domains with PPPoE authentication type.

Interface

Select the WAN interface.
Possible values are: 

  • Ether1; 
  • Ether2;
  • Ether3;
  • Ether4;
  • Ether5;
  • Ether6;
  • Ether7;
  • Ether8;
  • Ether9;
  • Ether10;
  • Ether11;
  • Ether12;
  • WLAN2;

“WLAN2”is not available for domains with “PPPoE” as authentication type.

Some (EtherX) interfaces are not in the list if they had been already used in the Hotspot Interfaces of the virtual gateways.

Use a VLAN

Enables or disables the use of a VLAN for the WAN interface.

Visible only if you have selected “Ether1” or “WLAN 2” in the interface type.

VLAN ID

ID for the VLAN. It allows numeric values between 2 and 4095.

Visible only if “Use a VLAN” is enabled.

Visible only if you have selected “Ether1” or “WLAN 2” in the interface type and you have enabled “Use a VLAN”.

Use DHCP client for the WAN

Enables or disables the DHCP client for the WAN interface. 

If enabled, in the configuration script of the gateway it will add the commands to define a DHCP client in the network interface of the hotspot service that will be connected to the corporate network of the manager. 

If disabled, it will display the fields for the definition of IP address, subnet mask and gateway. These fields will be automatically added to the commands of the configuration script to define the IP address of the network interface of the gateway that will be connected to corporate network of the manager.

Visible only if you have selected “Ether1” or “WLAN 2” in the interface type.

WAN IP Address

IP address that you want to assign to the WAN interface.

Visible only if “Use DHCP” is enabled and if you have selected “Ether1” or “WLAN 2” in the interface type.

WAN Network Mask

Network mask that you want to assign to the WAN interface.

Visible only if “Use DHCP” is enabled and if you have selected “Ether1” or “WLAN 2” in the interface type.

WAN Gateway

IP address of the gateway for the WAN interface. It should coincide with the private IP address assigned to the router of the internet connection of the manager.

Visible only if “Use DHCP” is enabled and if you have selected “Ether1” or “WLAN 2” in the interface type.

PPPoE Client Username

PPPoE client’s username.

Visible only if in the type of network addressing you have selected “PPPoE Client”.

PPPoE Client Password

PPPoE client’s password.

Visible only if in the type of network addressing you have selected “PPPoE Client”.

Dial on Demand PPPoE Client

If enabled, it connects to the PPPoE server only when internet traffic is generated.

Visible only if in the type of network addressing you have selected “PPPoE Client”.

MTU PPPoE Client

Defines MTU of the PPPoE Client’s interface. If it is defined to zero the MTU will not be set.

Visible only if in the type of network addressing you have selected “PPPoE Client”.

APN

Enter the APN provided by the operator of the SIM card.

Visible only if you have selected “USB Modem or LTE in the Addressing Mode.

Authentication

Enable SIM card authentication.

Activation allows you to view the “Usermane” and “Password” fields.

With some operators it is not necessary to enable it.

Visible only if you have selected “USB Modem” or “LTE” in the Addressing Mode.

Username

Enter the username provided by the operator of the SIM card. 

Visible only if you have selected “PPPoE Client”, “USB Modem”or “LTE” in the Addressing Mode.

Password

Enter the password provided by the operator of the SIM card. 

Visible only if you have selected “PPoE Client”, “USB Modem” or “LTE” in the Addressing Mode.

Modem Initialization AT Command

Enter the AT command to use to initialise the modem.

Visible only if you have selected “USB Modem in the Addressing Mode.

Dial AT Command

Enter the AT command to use to make the call. 

Generally ATDT.

Visible only if you have selected “USB Modem in the Addressing Mode.

USB Port

Select the USB port of the MikroTik gateway where the USB modem is connected.

Visible only if you have selected “USB Modem in the Addressing Mode.

Dial Out Phone Number

Enter the phone number provided by the SIM card operator in order to dial out.

Visible only if you have selected “USB Modem in the Addressing Mode.

Guest Interfaces

Visible only if the type of gateway is MikroTik.

Field Description
SSL Certificate Select thwe SSL certificate to use.

The list shows the “Non-private” certificates entered at the system, reseller and manager level.

Editing this field or changing the certificate to “SSL Certificate” involves the automatic installation or update of the certificate installed in the gateways. When the certificate espires, then you simply have to change the certificate to “SSL Certificates”.

For the “PAEGW” gateway types it can be defined for any HotSpot virtual gateway types.

Domain Name (Hotspot DNS Name) Domain name used by the Hotspot service to load the login page.

It must correspond to the domain of the certificate selected in the “SSL Certificate” field.

Not visible for “PAEGW” gateway types.

Add EtherX to the Guest Bridge

If activated, it adds the gateway ethernet X to the bridge in order to activate the (HotSpot, WPA Enterprise or PPPoE) service even on the ethernet. To activate only if the gateway that you are configuring, has 2 or more network cards.

If you are using the ethernet in the WAN, it will not appear in the list.

Guest Network

Visible only if the type of gateway is MikroTik.

Field Description
Keep-Alive timeout Defines the Keep-Alive timeout to check the accessibility of the client. If clients are no more reachable, for example for the loss of the WiFi connection, after the defined time they are disconnected automatically.
For example, if you want to keep a user logged for any length of time without forcing him to relog even when he switches off his device, you have to define a sufficiently high time.

The value is dynamically updated every five minutes in the gateways.

Warning, disconnection can be caused also by the Timeout Idle and the Timeout Session defined in the product policy.

If “Not Defined”, the client remains connected even if, for example, disconnects from the WiFi network or the gateway no longer reaches the HSNM. Any disconnection will be caused by the values defined in the policy of the products (“Session Timeout” and “Timeout for Idle”) or in the products (time and/or traffic credit or expiration).

IP Address IP address to assign to the interface (WLAN1 or Ether2 depending if you have enabled the “use wireless” field) on which you will activate the hotspot service.
Network Mask Enter the network mask that you want to assign to the interface (WLAN1 or Ether2 depending if you have enabled the “use wireless” field) on which you will activate the hotspot service.
DNS IP Addresses Enter the IP addresses of the DNS servers (separated by commas) that you want to assign to the gateway. It is very important that the inserted DNS is operating, otherwise the users accessing the service may have problems viewing pages.
First IP Address for the DHCP Address Pool Enter the first IP address of the pool of addresses that will be assigned by the DHCP server that is configured on the interface where the hotspot service will be activated on. 
The IP addresses of the pool will be assigned to the devices that connect.
Last IP Address for the DHCP Address Pool Enter the last IP address of the pool of addresses that will be assigned by the DHCP server that is configured on the interface where the hotspot service will be activated on.
The IP addresses of the pool will be assigned to the devices that connect.
DHCP Lease Time Specify the lease time, expressed in hours, for the IP address assignment of the connected devices

Warning! Set a value equal to or greater than the maximum time for inactivity is defined in the product policy used in the domain. 

Use a VLAN Enables or disables using a VLAN for the bridge interface of the hotspot.
VLAN ID ID of the VLAN. The numeric values allowed are from 2 to 4095

Visible only if “Use a VLAN” is enabled.

GPS

Visible only if the gateway type is MikroTik and not “PAEGW”.

Field Description
GPS Available Activate if the gateway supports GPS.
GPS Type GPS type. If you use the integrated GPS (for example in the LtAP mini 4G Kit, LtAP mini, LtAP mini LTE kit, LtAP mini LTE kit-US models) it is advisable to connect an external GPS antenna.
The possible options are:
USB;
Integrated.
USB Port for the GPS Antenna USB port where the GPS antenna is connected.

Visible only if “USB” has been selected on “GPS type”.

VPN

Visible only if the gateway type is MikroTik.

Field Description
Use VPN Enables or disables the VPN configuration in the gateway. It can be useful if you want that, the hotspots managed by HSNM are on the same IP network of HSNM so you can e.g. activate the sending of LOGs also for hotspots connected to xDSL connection with dynamic IP. 
If enabled, in the configuration script of the gateway, it will add the commands to define a VPN client using the ”PPTP server name”, “Username PPTP” and “PPTP Password” fields.
If disabled, it does not allow the inclusion of: PPTP server name; Username PPTP; Password PPTP.
PPTP Server Name Host name or IP address of the PPTP server to which the gateway will connect to establish a VPN.

It is displayed only if “Use VPN” is enabled.

PPTP Username Username for the PPTP connection.

It is displayed only if “Use VPN” is enabled.

PPTP Password Password for the PPTP connection.

It is displayed only if “Use VPN” is enabled.

Scheduler

Visible only if the gateway type is MikroTik.

Field Description
Minutes for the Update

Defines the auto-update interval (in minutes) of the “ Walled Garden” (free URL) and of the IPs or MAC-address to bypass or block for the gateway.

The minimum value is 5 minutes.

Not visible for “PAEGW”-type gateways.

Monitoring Interval Defines the interval (in minutes) for monitoring the status of the gateway and the access point.

MikroTik Router OS

Visible only if the gateway type is MikroTik.

Field Description
Admin Password Admin password for Router OS.
Custom Commands Custom commands in addition to the standard ones to be included in the script generated for configuring the gateway.

Options

Visible only if the gateway type is MikroTik.

Field Description
Upgrade Script If enabled, it upgrades the gateway scripts. After the upgrade the check is disabled in order to perform the upgrade once
Upgrade Config If enabled, updates, reconfigures and automatically reboots the gateway (this feature is only available for the gateway configured from version 2.0.137 and later ones). 
After the update, the check is disabled in order to perform the update only once. 

Warning! If the data entered are incorrect, the gateway may not be any more accessible!

Import Users If enabled, imports users from “MikroTik HotSpot users” generated by printers or external tools.

Command Bar

In the upper-righ corner of the command bar, if you are editing a gateway, the following buttons are displayed:

Button Description
Upload Configuration It allows you to perform the automatic configuration of the MikroTik gateway type.
For further information, please refer to the “Upload MikroTik Configuration” paragraph described below.

Visible only if you have chosen MikroTik as hardware type.

Upload MikroTik Configuration

Thanks to this feature it is possible to configure in a simple and automatic way the MikroTik gateway type.
When pressing the “Upload Configuration” button in the command bar, the following fields will be displayed:

Field Description
IP Address Assigned to the Gateway IP address assigned to the gateway. In order to upload the configuration, it must be reachable from the system. If you have not assigned it yet, log in to the router using WinBox and assign one to the IP/Addresses section
Username to Log In Username to log in the MikroTik gateway.
Password to Log In Password to log in the MikroTik gateway. On new devices, the password is empty

By pressing the “Run” button, the gateway configuration will be performed.

At the end of the operation, a confirmation message or any will appear. If the upload has been successfully performed, the gateway will be automatically restarted.

Adding or Editing a PGW

To add a PGW, select the data tab, press the context properties button of the domain in which insert a PGW and select “ Add gateway”. While, to modify a PGW, always in the data tab, press the context button on the PGW and select “ Edit”. In both cases a page appear that allows you to manage the contents of the following fields

General Data

It is important to enter the GPS coordinates (latitude and longitude fields) eventually also derived in automatic way from the address. They are used to display the map of the gateways.

Field Description
ID ID of the record. Auto-assigned Identifier of the record. It can be used to use the API or external integrations.

It is displayed during editing phase of an existing data and not during insertion of a new record.

Created on Date and time of creation of the gateway.
Gateway name Name assigned to the gateway.
Address Address where the gateway is installed. Serve per calcolare le coordinate GPS.
ZIP ZIP code.
City City where the gateway is installed.
Country Country where the gateway is installed.
Phone Telephone number of the person in charge.
Mobile phone Mobile number of the person in charge.
Active logs Enable the registration of the logs for the gateway.

Visible only if you log in with administrator credentials.

Internet Connection IP Address or DynDNS Name

Defines the IP address or DynDNS name that HSNM has to use to reach the gateway.

Mandatory if: you enable the syslog filter in System Settings, or you need to allow disconnecting users from the back-end by selecting the “ Connected Devices” page or if you allow disconnecting the device from the front-end of the user profile App.

Editable only if the user has permissions to administrate the data of the gateway.

Hardware type Hardware type.

Visible only if you log in using the administrator credentials. 

Gateway RouterOS version

RouterOS version

It is displayed only if you log in using the administrator credentials.

Uptime

Gateway uptime.

Maximum Number of Users

Maximum number of users connected to the gateway. Oncethis number is reached, other users will no longer be able to connect unless there are disconnections. To indicate that the number of users is not limited, edit a zero value.It is used to create a multi-tenant system.If in the reseller and/or in the manager, you have specified a maximum value of users, then the minimum value in this field is equal to five.

The maximum value that you can edit depends: on the “Maximum Number of Users per Gateway” defined in the reseller or manager, on the concurrent users defined in the “Maximum Number of Users” of the manager or reseller and on how many gateways you have already inserted.

To not stress the system, the count of the current number of connected users is not done at every access to the Welcome Portal but every minute. In some special cases and on systems with lots of users, it may happen that the maximum number of defined users is exceeded.Editable only if the user has permissions to administrate the data of the gateway.

Welcome Portal Template

Declares the template to use for this gateway which parameterizes the contents and the graphic form of the Welcome Portal or the login page. If you enable the “Use default” option, it will be used the color you set in the domain.

The selectable templates are colored according to the membership level. In particular, the customized templates for the gateway are in white, those of the domain in light blue and those of the system in yellow ocher.

Template Color Scheme

Color scheme to use for the selected template. If you enable the “Use default” option, it willuse the color you set in the domain.

Advertising

 

Defines the type of advertising, derived from “ Advertising Campaigns”, that can be displayed to users.

Possibile values are:

  • Enable: enables the inclusion of advertising.
  • Only for the campaigns on this gateway: enables the inclusion of advertising only for specific campaigns for this gateway (you must have defined the gateway field).
  • Disable: it does not display advertising.

Editable only if the user has permissions to administrate the data of the gateway and if you have not disabled the advertising in the domain.

If in the domain you have defined to not display the advertising, the value of this field is not considered.

Surveys, Quizzes and Tests

Enables the request of surveys, quizzes or tests.

Possible values are:

  • Use domain settings
  • Enable, one at a time. It enables the request to fillin surveys but maximum one at a time.
  • Enable, all those provided. If the current context requires to fill in multiple surveys, it requests all of them.
  • No surveys are required.

Editable only if the user has permissions to administrate the data of the domain.

Geolocation

Allows to define the parameters for the gateway’s geolocation and tracking.

Field Description
Longitude GPS coordinates where the gateway is installed: longitude.
The display of the gateways’ maps automatically fills in this field, if not already filled, on the basis of the address.
Latitude GPS coordinates where the gateway is installed: latitude. 
The display of the gateways’ maps automatically fills in this field, if not already filled, on the basis of the address.

Activation Scheduler

Using the parameters in this section you can set the times and the months of the gateway activation.
You can then create systems functioning based on the opening hours, days or months.

Field Description
Timezone Defines the timezone of the gateway. The entered value effects the start time, end time and the operating hours of the gateway.
Using this value, it is possible to parameterise international gateways with different time zones than the one set in the system.
If you select “Use default”, it will consider the Timezone defined in the manager.
Operating Hours Defines the operating hours of the gateway. The gateway will be active during the highlighted hours.

Timetables depend on the time zone associated with the selected Timezone.

Operating Days Defines the operating days of the gateway. The gateway will be active on the highlighted days.
Operating Months Defines the operating months of the gateway. The gateway will be active during the months that are highlighted, partially active in the months not highlighted or disabled in the months that are not highlighted.
The gateway can be partially active in the non-highlighted months if in the manager or reseller has been defined a percentage in the “Reduce the Maximum Number of Users of the Gateway to” field. If the percentage is equal to zero, the system is disabled in the months that are not highlighted.
With these options, it is then possible to define seasons or gateways with seasonal peaks.

Options

Field Description
Notes for the gateway Enter possible notes for the gateway.

It is displayed only if you enter using the administrator credentials.

Virtual Gateway with its Own Walled Gardens If enabled, it allows generating walled gardens specific for each virtual gateway. If disabled, the number of the generated walled gardens will result much lower but shared with all the virtual gateways
Lock the gateway If enabled, locks the log in to all users who try to connect to the gateway.

Gateway Configuration Fields

After you have entered and saved this information by pressing the button on the gateway properties in sidebar and choosing “ Download Gateway Config Files“, you can download a .zip file containing all the files necessary to configure a PGW and compatible based on MikroTik RouterOS.

This section is displayed only if you enter using the administrator credentials.

Authentication Options

Field Description
Authentication via Mac-address Enables authentication via MAC address.
Enabling this option, you have the ability to create users with username and password equal to the MAC address of the device, skipping the Welcome Portal and the entire manual registration and authentication process.

Warning! Enable this option only if really necessary otherwise it will send an authentication request at the WiFi connection of any device.

Not available for MikroTik-type gateways with PPPoE “Authentication Mode“.

Authenticate Users without Domain Name Enables user authentication without the @NomeDominio suffix. In practice, the Real is automatically added by the PPPoE MikroTik NAS.

Available only for MikroTik-type gateways with PPPoE “Authentication Mode“.

WAN

Field Description
Same network of the appliance Enable it if the gateway is on the same network (physical and IP) of HSNM. 
If enabled, in the configuration script of the PGW, it will add the commands to define, in the DNS configuration, a static host that associates the domain name, defined in “ System Settings“, to the IP address (generally private) of HSNM.
If not enabled and the PGW is on the same network in the NAT of the appliance, the PGW may fail to contact HSNM.
Interface Select the WAN interface. 
Possible value is: 
Ether1.
Use a VLAN Enables or disables the use of a VLAN for the WAN interface.
VLAN ID ID for the VLAN. It allows numeric values between 2 and 4095.
Visible only if “Uses VLAN” is enabled.
Uses DHCP client for the Wan Enables or disables the DHCP client for the WAN interface. 
If enabled, in the configuration script of the PGW it will add the commands to define a DHCP client in the network interface of the PPPoE service that will be connected to the corporate network of the manager. 
If disabled, it will display the fields for the definition of IP address, subnet mask and gateway. These fields will be automatically added to the commands of the configuration script to define the IP address of the network interface of the PGW that will be connected to corporate network of the manager.
WAN IP address IP address that you want to assign to the WAN interface.
Visible only if “Use DHCP” is enabled.
WAN Network mask Network mask that you want to assign to the WAN interface.
Visible only if “Use DHCP” is enabled.
Wan Gateway IP address of the PGW for the WAN interface. It should coincide with the private IP address assigned to the router of the internet connection of the manager.
Visible only if “Use DHCP” is enabled.

PPPoE Interface

Field Description
Add EtherX to the PPPoE Bridge If enabled, it adds the etherX of the to the bridge in order to activate the PPPoE service also on the ethernet. To be activated only if the gateway you are configuring has X or more network adapters.
IP Address IP address to assign to the interface Ether1 on which you will activate the PPPoE service.
Network Mask Enter the network mask that you want to assign to the interface Ether1 on which you will activate the PPPoE service.
DNS IP Addresses Enter the IP addresses of the DNS servers (separated by commas) that you want to assign to the PGW. It is very important that the inserted DNS is operating, otherwise the users accessing the service may have problems viewing pages.
DHCP Lease Time Specify the lease time (in hours) for assigning the IP address to the connected devices.

PPPoE Network

Field Description
Keep-Alive timeout

Defines the Keep-Alive timeout to check the reachability of the routers. If routers are no longer reachable, for example for the loss of the connection, after the define time, they are automatically disconnected.

Warning! Disconnection can be also caused by the Timeout for Idle and the Session Timeout defined in the product policies.

If “Not Defined”, the router remains connected even if no longer reached by the HSNM. Any disconnection will be caused by the values defined in the product policies (“Session Timeout” and “Timeout for Idle”) or in the products (time and/or traffic credit or expiration).

IP Address IP address of the gateway interface (Ether2).
Network Mask Network mask of the gateway interface (Ether2).
DNS IP Addresses Enter the IP addresses of the DNS servers (separated by commas) that you want to be assigned to the PGW. It is very important that the DNS entered are functional.
DHCP Lease Time Defines the Lease Time, expressed in hours, for the IP address assigment of the connected devices.

Warning! Set a value equal to or greater than the maximum idle time defined in the product policies used in the domain.

Use VLAN Enable or disable the usage of a VLAN for the bridge interface.
VLAN ID ID for the VLAN. The allowed numerical values are between 2 and 4095.

Visible only if “Use a VLAN” is enabled.

VPN

Field Description
Use VPN Enables or disables the VPN configuration in the PGW. It can be useful if you want the routers managed by HSNM are on the same IP network of HSNM so you can e.g. activate the sending of LOGs also for PGWs connected to xDSL connection with dynamic IP. 
If enabled, in the configuration script of the PGW, it will add the commands to define a VPN client using the ”PPTP server name”, “Username PPTP” and “PPTP Password” fields.
If disabled, it does not allow the inclusion of: PPTP server name; Username PPTP; Password PPTP.
PPTP server name Host name or IP address of the PPTP server to which the PGW will connect to establish a VPN.

It is displayed only if “use VPN” is enabled.

PPTP username Username for the PPTP connection.

It is displayed only if “use VPN” is enabled.

PPTP Password Password for the PPTP connection.

It is displayed only if “use VPN” is enabled.

Scheduler

Field Description
Monitoring Interval Defines the interval (in minutes) for monitoring the status of the gateway. The minimum value is 1 minute.

MikroTik Router OS

Field Description
Admin password Admin password for RouterOS.

Save the Data Rate

Saves the data rate of users, reading them from PPPoE MikroTik server. In this way you will be able to display the “Ethernet Data Rate (Last 24 Hours)” graph for the user.

The data rate of users is read directly from MikroTik routers by connecting through the RouterOS APIs to the IP address of the WAN or to the IP address of the internet connection declared in the data of the gateway.

Custom Commands Custom commands in addition to the standard ones to be included in the script generated for configuring the PGW.

Options

Field Description
Upgrade Config If enabled, updates, reconfigures and automatically reboots the gateway (this feature is only available for the gateway configured from version 2.0.137 and later ones). 
After the update, the check is disabled in order to perform the update only once.

Warning! If the data entered are incorrect, the gateway may not be any more accessible!

Command Bar

In the upper-righ corner of the command bar, if you are editing a gateway, the following buttons are displayed:

Button Description

Upload Configuration

It allows you to perform the automatic configuration of the MikroTik gateway type.

For further information, please refer to the “Upload MikroTik Configuration” paragraph described below.

Visible only if you have chosen MikroTik as hardware type.

Upload MikroTik Configuration

Thanks to this feature it is possible to configure in a simple and automatic way the MikroTik gateway type.

When pressing the “Upload Configuration” button in the command bar, the following fields will be displayed:

Field Description

IP Address Assigned to the Gateway

IP address assigned to the gateway. In order to upload the configuration, it must be reachable from the system. If you have not assigned it yet, log in to the router using WinBox and assign one in the IP/Addresses session

Username to Log In

Username to log in the MikroTik gateway.

Password to Log In

Password to log in the MikroTik gateway. On new devices, the password is empty

By pressing the “Run” button, the gateway configuration will be performed.

At the end of the operation, a confirmation message or any will appear. If the upload has been successfully performed, the gateway will be automatically restarted.