User manual
102
Port forwarding is essential for field applications that use polling that is initiated by a polling master. The port forwarding
function allows the polling master to establish a data connection through the Internet. The incoming polling message is
forwarded by the Vanguard to the appropriate PLC or RTU on the Vanguard’s local area network.
4.5 DMZ
Alternately, DMZ can be enabled on the Vanguard radio. When DMZ is enabled, all traffic destined to the Vanguard’s
cellular IP address that is received from the Internet is forwarded to the DMZ host. The IP address of the DMZ host is
specified by the user. Using DMZ can eliminate the need to specify many individual port forwarding rules. However, by
exposing all the ports on the local device, the local device may become more susceptible to attacks.
If specific Port Forwarding rules exist in the IP Mapping Table, they will take precedence over the DMZ host.
4.6 FRIENDLY IP ADDRESS
Friendly IP addresses can be used with either port forwarding or DMZ to provide an additional layer of security. When
Friendly IP addresses are used, the Vanguard will only forward packets to the LAN if the source IP address of the received
packet matches either the specific IP address or range of IP addresses specified in the Friendly IP address field.
This feature can be disabled by entering 0.0.0.0 in the friendly IP address field. In this case, packets from any host
on the Internet can be forwarded to the LAN when either DMZ or Port Forwarding is enabled.
5 IPSEC AND VPN PASS-THROUGH DEPLOYMENT GUIDE
This technical application note will help anyone that wants to build a secure IP network using IPSec and the
Calamp Vanguard SC Cellular Modem. The first case will demonstrate the Vanguard SC when used as an IPSec
client. The second case will show the Vanguard SC passing an IPSec connection from WAN to LAN. (VPN Pass-
through)