Identification of the user licence. The licence identifier is already present in the HW version and should not be modified otherwise there is a risk of the device malfunction.
In the SW version, in most cases, the GUID is empty so you can use the appliance in DEMO mode for five days. Within five days, you will have to ask your supplier and insert in the field a valid GUID, which will be validated automatically via the internet within 8 hours. For the licence validation, HSNM must to be connected to the internet.

Warning! Once validated, the GUID cannot be moved to another HSNM.

By clicking the “Update” button, you perform the immediate update of the licence as to enable new functionalities or new purchased modules without waiting eight hours. Unless you click it, the update will be auto performed within eight hours.
It is used also at the moment of the purchase of HSNM. 
Usually HSNM is provided with standard level and modules. This field enables the licence level and modules purchased and associated with the GUID.

The update may occur, depending on cases, these eventual error codes:

• 1 – Licence not found, not defined or disabled.
• 2 – Another appliance active with the same licence.
• 3 – Licence not valid.
• 4 – Licence expired.
• 6 – Licence already activated on another system.
• 10 – The product assigned to the licence is not valid for the virtual version.
• 20 – Generic error.
• 99 – The request for updates to the Web Service generates an error.

The button is visible only after entering a license and saving the data. 

Warning! Update can be performed only whether HSNM is connected to the internet.

Server role in the context of the current round robin servers. Possible values are:

• Main server;
• Additional server

Additional servers cannot run backup tasks, restore, compaction, etc. The “Main server” will perform these activities

Enter the IPv4 address to be assigned to the device. As already explained, we recommend you to assign a public IP address and possibly install the appliance in a DMZ. If you set up a private IP you will need to enter some redirects in your router firewall for the following ports:

80 web-based administration

443 web-based administration

1514 to receive the logs sent from hotspot

1812 for RADIUS accounting

1813 for RADIUS accounting

HW version, the IP will be assigned to ETH4
Warning! The system is also preconfigured with the IP 192.168.10.10 (not editable) assigned to ETH3. You can use this IP address in case the appliance is no longer reachable using the defined IP address. 

For the SW version, the IP will be assigned to the primary network card ETH0
Warning! In the system, it is also preconfigured the IP 192.168.10.10 (not editable) assigned as additional IP in ETH0. You can use this IP address in case the appliance is no longer reachable using the defined IP address

Enter the appliance network mask in the CIDR format (for example: 24 corresponds to 255.255.255.0; 16 corresponds to 255.255.0.0)

Enter the IP address of the network gateway where HSNM is connected. It is the router IP address that allows connection to the internet

IP address of the primary DNS (mandatory)

Warning! Verify that the entered URL or the IP points to a valid and functioning DNS otherwise HSNM will not work properly. If you do not know any DNS servers, use a public one such as 8.8.8.8

Secondary DNS server IP address (mandatory)

Warning! Verify that the entered URL or the IP points to a valid and functioning DNS otherwise HSNM will not work properly. If you do not know any DNS servers, use a public one such as 8.8.4.4

Enter the host name to identify the appliance on your network. Note that this name is not already present in some other network device and it must not contain spaces and/or characters such as ?,^,(,), etc

Networks or IP addresses that are allowed to access the administration interface.
If the client IP address that attempts to access is not among the entered networks, an error will occur.
Define a network in the form IP/subnet mask (e.g. 192.168.0.0/24) or IP address (e.g. 192.168.0.10). Every network or IP address must be separated by comma or “line wrap”.

If, cause as defined, you are no longer able to access, type the IP or the URL with the parameter password=administrator password (e.g. .mydomain.com?password=Adminpassword

Networks or IP addresses that are not allowed to access the administration interface.
If the client IP address that attempts to access is among the networks, an error will occur.
Define a network in the form IP/subnet mask (e.g. 192.168.0.0/24) or IP address (e.g. 192.168.0.10). Every network or IP address must be separated by comma or “line wrap”.

If, cause as defined, you are no longer able to access, type the IP or the URL with the parameter password=administrator password (e.g. .mydomain.com?password=Adminpassword

If enabled, user passwords will be encrypted. In this way, by exporting the data or backing up the data, it will not be possible to obtain users’ passwords “in clear text” by increasing the security level.

Using encryption allows using passwords (Unicode) defined by the user with all character sets. Unless you enable it, in the users’ passwords only alphanumeric and “+-*/=_.,;:$#&@<>|~\^()[]{}!?”characters are allowed.

If you enable encryption, you can no longer use any federated radius.

The effective change of user passwords will be performed automatically on the following night with a batch procedure so as not to slow down the system during the hours of peak use.

It defines the complexity that the passwords for the backend users must have. The possible options are:

• None (no check is performed on the complexity of the password. The password must consist of at least four characters);
• Very weak;
• Weak;
• Reasonable;
• Strong;
• Very strong.

The complexity of the password is measuring by analyzing the characters entered with various algorithms and also comparing it with an unsafe password database.

Alternative 1st Host Domain

Define the domain name (e.g. hs1.domainname.com) FQDN (Fully Qualified Domain Name) with which it is possible to reach the first alternative host. This domain must be properly registered at a Registrant and must have the DNSs correctly configured. Otherwise the host could not be reacheable.
In case, it is possible to define the IP address with which to reach the host (e.g. Public IP of the router WAN if the IP of the device is private).

Alternative 1st Host IP Address

Define the IP address of the first alternative host.

Alternative 2nd Host Domain

Define the domain name (e.g. hs2.domainname.com) FQDN (Fully Qualified Domain name) with which it is possible to reach the second alternative host. This domain must be properly registered at a Registrant and must have the DNSs correctly configured. Otherwise the host could not be reacheable.
In case, it is possible to define the IP address with which to reach the host (e.g. Public IP of the router WAN if the IP of the device is private).

Alternative 2nd IP Address

Define the IP address of the second alternative host.

Domain Name

Define the domain name (e.g. hs.domainname.com) FQDN (Fully Qualified Domain name) with which to reach the appliance. This domain must be properly registered at a Registrant and must have the DNSs correctly configured. Otherwise the appliance could not be reachable.
In case, it is possible to define as “Name of the domain” the IP address with which it is possible to reach the device.
In this case, if gateways to configure are in the same net of the appliance, define the same IP that is defined in the field “IP Address”. Otherwise, if gateways are not in the same net of the appliance, then define the IP address with which gateways must reach the appliance.

Domain Name for the CDN

Set the domain name for the CDN (e.g. cdn.domainname.com) FQDN (Fully Qualified Domain Name) with which the appliance will be reachable. You have to properly register this domain at a Registrant and you have to properly configure its DNSs, otherwise the appliance may not be reachable and therefore supply partial contents.
The use of a CDN is particularly important when providing services at international level and you want to improve the page loading speed and reduce traffic by supplying local contents.
We suggest using the services offered by Cloudflare (https://www.cloudflare.com)

This option is only available in the Enterprise edition.

Administrator Email Address

Enter the email address of the system administrator. This address will receive any system notifications such as warnings or errors.
It is also used as sender in sending notification e-mails to the users unless you have edited a resellers’ or a manager’s address.

Enable Compression in the Welcome Portal

Allows you to enable or disable compression of pages served to users. The compression occupies about the 30% more of CPU but halves the occupied bandwidth.
For hardware systems with more than 20 users per second, it is suggested to disable this option in order to increase your ability to deliver contents to users who log in.
For virtualised systems, please enable this option if you have sufficient CPU.

SSL Certificate

Choose the certificate to use.

The available certificates must be entered on “SSL Certificate” available in the “Admin” tab.

Enable HTTPS as Default

If activated, it enables HTTPS by default and it compels the use of HTTPS for the Back-end and the Front-end.

Warning! Enabling requires the editing of the redirect pages in the gateways (automatic for MikroTik within five minutes and manual for other systems. The change involves the replacement of HTTP protocol with HTTPS in redirect URLs. It can then cause inefficiencies). Moreover, in the gateway you must install the certificate SSL as well as any intermediate SSL certificates.

This field is visible only if you have installed a certificate and if the domain name matches with the one of the installed certificates.

SMTP Server Address

Enter the address of the SMTP server that will be used for sending e-mail notifications and/or warnings.

Secure Connection for SMTP

Allows you to enable secure connections (SSL or TLS) for SMTP.

For Gmail, use TLS and port 587and enable access to less secure Apps to URL  https://www.google.com/settings/security/lesssecureapps.

Possible options are:

• No: does not enable SSL nor TLS
• Yes with SSL: enables SSL
• Yes with TLS: enables TLS

SMTP Port

Enter the SMTP port. Generally, it is the 25.

Enable SMTP Authentication

If enabled, enable SMTP authentication.

SMTP Username

SMTP Username.

SMTP Password

SMTP Password.

Username Mask

Mask for username generation. It can include: X = alphanumeric uppercase char; x = alphanumeric lowercase char; C consonant uppercase char; c consonant lowercase char; V vocal uppercase char; v vocal lowercase char; N or n numeric char (no zero).

Password Mask

Mask for password generation. It can include: X = alphanumeric uppercase char; x = alphanumeric lowercase char; C consonant uppercase char; c consonant lowercase char; V vocal uppercase char; v vocal lowercase char; N or n numeric char (no zero)

Secret

Enter the secret / password of radius server in the appliance. This secret will be set in the gateway configuration in order to allow the sending of authentication requests.
If for the gateway configuration you use the configuration script auto generated by HSNM, the secret is automatically set and there will be no problem in sending authentication requests to the radius of the device.

Timeout

Define the time-out of the radius in milliseconds. Unless you configure it, the default value is 3000.
The maximum value is 3000.

Type of Gateway for SMS

Defines the type of gateways to be used for sending SMS. The possible values are:

• Inside (for sending it uses HSNM modems);
• Mail transport (it uses an external gateway for sending sms and the requests are transmitted via smtp);
• HTTP request (SMS sending is made through a HTTP request).
• You have to fill the “URL address” field with the proper variables);
• SMPP (The sending is made through a gateway, Short Message Peer-to-Peer).

Sender Email Address

The sender’s e-mail address to the gateway with mail transportation.

Visible only if the gateway type is “Mail transport”.

Recipient’s Address

Recipient’s email address for the gateway with transportation via mail. It is usually in the form %Number%@DomainnameGateway.com o %NumberNoIntPrefix%@DomainnameGateway.com where instead of %Number% it is placed the number of target cell and instead of %NumberNoIntPrefix% is placed the number without the international country calling code.
In the address, you can use the variables %Number% (telephone number), %NumberPlus% (number with + in the international country calling code), %NumberNoIntPrefix% (number without international country calling code), %NumberNoIntPrefixZero% (number without zeros in the international country calling code).

Visible only if the gateway is “Mail transport”.

Email Subject

Subject of the e-mail to be sent to the gateway. The available variables are the same as defined in the recipient’s address.

Visible only if the gateway type is “Mail transport”.

Request Type

Defines request type for the specified URL.

Visible only if the gateway type is “HTTP request”.

URL Address

URL Address for gateways with HTTP requests.
In the address, you can use the variables
%Number%,
%NumberPlus% (number with + in the international country calling code),
%NumberNoIntPrefix% (number without international country calling code),
%NumberNoIntPrefixZero% (number without zeros in the international country calling code),
%UserName%,
%Password% and %Message% representing respectively the destination number, any username, any password and any text to be sent.

Example: http://DomainSmsGateway/smssend.php?username=
%UserName%&password=%Password%&to=%Number%&text=
%Message%.

Visible only if the gateway type is “HTTP request”.

Host

Host of the SMPP gateway.

Submit Port

Defines the port to send SMSs for the host of the SMPP gateway.

Receive Port

Defines the port to receive SMSs for the host of the SMPP gateway.

Gateway Username

Gateway username used to define the password to send SMS from the ouside or to give value to the variable %UserName%. Usually gateways that use HTTP requests require credentials in the URL.

Visible only if the gateway type is “HTTP request” o “SMPP”.

Gateway Password

Gateway password used to give value to the variable %Password%. Usually gateways that use HTTP requests require credentials in the URL.

Visible only if the gateway type is “Internal”, “HTTP request” o “SMPP”.

Type of Country Calling Code

Defines the type of international country calling code to be used for sending, through the SMPP gateway.
Possible values are:

• With 00 (example: 0039);
• With + (example: +39);
• Without 00 nor + (example: 39)

Type of Country Calling Code in Receiving

Defines the type of international country calling code received by the SMS gateway.
Possible values are:

• Auto (auto recognises the international country calling code)
• With 00 (example: 0039);
• With + (example: +39);
• Without 00 nor + (example: 39)

The field is visible only if in the type of gateway, you have set “HTTP request”.

Primary Modem Type

It self-defines the principal type of modem connected.
It supports the following types of modem:

Visible only if the gateway type is “Inside”.

Field available from hardware version 1.3.

Message Center Number

Set the primary message centre number of the SIM.
Warning! The number should be inserted including the international phone calling code with the syntax +39 (Example: +393359609600).

Visible only if the gateway type is “Inside”.

Main Number

Set the primary phone number of the SIM. Used to enhance the variable %Number%.
Warning! If you use an internal modem, you have to define the international country calling code as 00xx (Example 00393351234567).

It is used to replace variables %Number%, %NumberPlus% e %NumberNoIntPrefixZero%.

Additional Modem Type

It self-defines the type of the additional modem connected.

Visible only if the gateway type is “Internal”.

Field available from hardware version 1.3.

Additional Message Center Number Modem

Set the message centre number of the SIM of the additional modem.
Warning! The number has to be inserted including the international phone calling code with the syntax +39 (e.g.: +393359609600).
Field available from hardware version 1.3
Visible only if the gateway type is “Inside”.

Additional Number

Set the number associated with the SIM on the additional modem.

Visible only if the gateway type is “Internal”.

Field available from hardware version 1.3.

Warning! The number has to be inserted including the international phone calling code as 00xx (e.g. 00393351234567).

It is used to replace variables %Number%, %NumberPlus% e %NumberNoIntPrefixZero%.

Enable the IP Filter

If enabled, enables a filter to prevent fraudulent access to the port of “ Syslog“. Allowed IP addresses must be specified in the configuration of gateways. If disabled, the filter is disabled and accepts logs from all hosts.

Warning: disabling is recommended only in DMZ scenarios with hotspots accessible from the VPN network.

NTP Primary Server

Set the IP address of the primary NTP server for time synchronization system.

It depends on the value set in the Timezone field.

NTP Secondary Server

Set the IP address of the secondary NTP server for time synchronization system.
It depends on the value set in the Timezone field.

Timezone

Defines the timezone for HSNM.

Defines the type of database configuration.
Possible values are:

• Internal (Using HSNM internal database);
• External (Use MySQL external database configured by the administrator);
• Replica (it is a replica server that synchronises with other HSNMs). This option is not available if before you chose an external database. To make it be available again, select “internal” and save.

Name of the Host

Name of the host, URL or IP address where the database server externally resides.
The system is tested and certified for “MySQL” version 5.5.

Name of the Database

Enter the name of the database created in the external server.

Username

Enter the username to access the database.

Warning! The user must have all “global” permissions and also to the database.

Password

Enter the user’s password to log in the external database.

Activate replication

By pressing the button “Activate” you go to page “Data Replication” which enables data replication among different HSNMs.

The field is visible only if in the type of configuration, you have set “Replica”.

Active Data replication

By pressing the button “Disabled”, the server will be removed from the data replication.
It may be necessary to cancel a HSNM from the replication if you evaluate that it is not synchronised. To do this, disable the data replication then rehabilitate it in the HSNM that is not synchronised, so data backup will be redone.

Field visible only if the “Replica” has been enabled.

Host

It displays the host status in the context of data replication.
If the host was enabled for replication and then consequently disabled, you are displayed also the “Delete” button. If you press it, it definitively deletes the host from the history of replication configurations informing and automatically deleting the reference in the other hosts configured for the replica.

Keep detailed Logs for

Defines how long to keep the details of the user’s connection log, clicks and impressions. Older activities will be compressed. Compression is performed automatically or manually from “ Utility Functions“.
Possible values are: always; one month; three months; six months; one year; eighteen months; two years; three years.

Delete Unused Users/Cards Older than

Deletes automatically users or generated “ Cards” never used, and older than the time indicated.
Possible values are: never; a month; three months; six months; one year; eighteen months; two years; three years.

If you choose a value greater than one month, then the cancellation procedure is performed weekly as to save resources. You will then have unused users/cards with a seven-day tolerance.

Delete Users Expired Since

Deletes automatically expired users older than the time indicated.
Possible values are: never; one day; a week; two weeks; three months, six months; a year; eighteen months; two years; three years.

If you choose a value greater than one month, then the cancellation procedure is performed weekly as to save resources. You will then have unused users/cards with a seven-day tolerance.

Delete Inactive Users

Deletes automatically the inactive users (who do not have connections) according to the time indicated.
Possible values are: never; one day; one week; two weeks; one month; three months; six months; one year; eighteen months; two years; three years.

If you choose a value greater than one month, then the cancellation procedure is performed weekly as to save resources. You will then have unused users/cards with a seven-day tolerance.

Keep Detailed Advertising Logs for

Defines for how long to keep the clicks and impressions details. Older activities will be compressed. The possible options are: never; fifteen days; one month; two months; three months.

Compression is performed automatically or manually by the” Utility Functions“. To effectively compress data, user references and click time and impression time are removed.

Protocol

Protocol type. The possible values are: FTP; SFTP.

FTP Address

Enter the URL or IP address of the FTP server where the backup file will be sent to.

Port

FTP or SFTP port.

It is typically used port 21 for FTP and port 22 for SFTP

FTP Username

Enter the username for the FTP connection.

Warning! User must have the read, write and execution permissions.

FTP Password

Enter the password for FTP connection.

Database FTP Path

FTP path where the backup file will be copied.

FTP Path for Logs

FTP path where the log backup file will be copied.

Execution Time

Set the start time execution of the daily backup of the database data. By choosing “Never”, backup will be disabled.

Keep backups for

Keep backups on the FTP server for the indicated period.
The possible values are:

• One day (The file destination name will always be “DataBackup.gz”).
• One week (The file destination name will always be “DataBackup-Name of the day of the week.gz”).
• One month (The file destination name will always be “DataBackup-Number of the day of the month.gz”).

Backup Frequency

Indicate the frequency of the log backup. Possible values are: Never; Daily; Sunday; Monday; Tuesday; Wednesday; Thursday; Friday; Saturday. In practice, you can indicate a daily or weekly backup.

Execution Time

Set the start time of execution of the log backup.

Days to Log Storage

Maintains logs on the system for the number of days you specified. After backing up the logs, it will erase the older data than the value stated in this field.

IP address of the remote host

Specify the IP address of another host involved or to be involved.

Warning! All local data will be erased and overwritten by the ones of the remote host.

Admin user Password

For security reasons, it is necessary to enter in the Admin user password in the remote host. If it does not match with the one of the remote host, you will receive an error and be unable to activate replication to the current host.