This use case describes the configuration of an office where the Mediatrix unit is located directly on the internet and there are other devices in the LAN needing to access the internet.
These configuration notes are specially designed for the Mediatrix G7 and S7 Series as well as for the Sentinel 100 and 400 units, which feature Gigabit Ethernet interfaces and a built-in 4-port Ethernet switch.
This diagram represents a network configuration in which the Mediatrix unit is connected to both Internet (i.e. WAN) and other devices in the local network (i.e. LAN).
Before starting to use these configuration notes, complete the following table to make sure you have the required information to complete the different steps.
If you are not familiar with the meaning of the fields and buttons, click Show Help , located at the upper right corner of the Web page. When activated, the fields and buttons that offer online help will change to green and if you hover over them, the description will be displayed.
The Mediatrix unit must be reinitialised to its factory default settings to make sure the configuration can be successfully executed.
|Information||Value||Used in Step|
|The IP address to access the management interface of your Mediatrix unit.||
|Logging on to the Mediatrix Unit Web Interface|
|Internet connection details:
||Configuring the Uplink Network Interface to a static IP address|
|IP address of each DNS server||Configuring the Domain Name Server (DNS)|
|IP address of each SNTP server (optional)||Configuring the SNTP Server to a Static IP Address|
When setting the Source Address, the Destination Address, and the New Address, make sure you type them exactly as shown:
You may not be able to log on to the Mediatrix unit Web interface if you are using older browser versions.
You can also use public as a username and leave the password field empty. it has the full administration rights by default.
The password is case sensitive. As a general rule, passwords should be at least eight characters, with a mix of lowercase letters, uppercase letters, numbers, and symbols.
If your Internet Service Provider is using another method, such as DHCP or PPPoE, refer to the DGW Configuration Guide - Network Interfaces document published on the Media5 documentation portal https://documentation.media5corp.com/ .
Once the changes are applied, the connection with the unit might be lost. You may need to reconnect to the Web page using the new address.
The best practice is to use the servers supplied by your Internet Service Provider, then complement with servers from a different network close to your geographical area.
For example: time.nist.gov (USA), ntp4.sptime.se (Sweden), time1.isu.net.sa (Saudi Arabia), ntp.nict.jp (Japan), time.google.com (Worldwide), pool.ntp.org or one of their regional server pools (see https://www.ntppool.org/ for more information).
The file name is case sensitive. As a best practice, add the .xml extension. Make sure to indicate the firmware version the backup was made from because a backup file can not be restored on an older firmware version than the one it was taken from.
Remember, if you have several units with several configurations and plan to reuse the configuration on another unit, the name must be explicit. Indicate the date of your backup, the interfaces used, the device model, etc.
Media5 corp strongly recommends to use a privacy algorithm (encryption) to protect certificates and passwords.
The Port Forwarding feature allows a connection from a remote device (for example, computers on the Internet) to a specific computer or device within a private local-area network (LAN) behind the Mediatrix unit.
To allow remote users access a local IP-enable PBX, or intranet server, it is possible to map a TCP/IP port on the Mediatrix unit WAN interface and forward its packets to the wanted IP/port combination on the LAN.
A typical scenario would be to map port 8080 on the Mediatrix unit WAN interface to a Web server on the LAN side, with the new address 192.168.0.99:80 for example.
By default, the Local Firewall service is in Automatic mode and configured with a default policy to accept all traffic.
There are different approaches to security, but in this section we will give a simple example that will restrict a range of ports from 1 to 5000 to everyone except the LAN. Note: Our range stops at 5000, as the later ports are used for telephony 5004 (RTP), 5006 (SRTP), 5060 (SIP), 5061 (TLS), 16000-16xxx (Endpoint persistent connections), etc.
The first rule is to allow traffic for LAN devices.
The second rule is block traffic to system ports by TCP.
The second rule is block traffic to system ports by UDP.
Copyright © 2019 Media5 Corporation.
This document contains information that is proprietary to Media5 Corporation.
Media5 Corporation reserves all rights to this document as well as to the Intellectual Property of the document and the technology and know-how that it includes and represents.
This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever, without written prior approval by Media5 Corporation.
Media5 Corporation reserves the right to revise this publication and make changes at any time and without the obligation to notify any person and/or entity of such revisions and/or changes.