37.4

Feature Parameters

MAX_SSL_INSTANCES 3

MAX_SSL_PUSH_SUBNETS 10

MAX_SSL_CN_BIND_INST 100

Westermo OS Management Guide

Version 4.22.0-0

954 © 2017 Westermo Teleindustri AB

Westermo OS Management Guide

Version 4.22.0-0

Chapter 38

WeConnect

This chapter describes the WeOS support for the Westermo WeConnect service.

Westermo WeConnect is a centralised on-line connectivity service offered by

Westermo as a separate product (not normally included in the purchase of a

WeOS product).

The idea of the service is to connect equipment and networks through the Internet in an easy way, but at the same time safe and encrypted using standard VPN features.

The secured networks set up by WeConnect can be used in many ways such as remote management, interconnection of remote network locations, centralised logging and alerts, emergency access, etc.

WeConnect is managed with an on-line web portal. In this portal you are able to define your virtual secure networks and create VPN configurations for WeOS units and other clients and nodes. For more information about the service and how to sign up for it, please visit Westermo’s home page at http://www.westermo.

com/ .

In WeOS, WeConnect is set up using an installer that takes you through some easy steps that takes care of the configuration for you.

You only need the Secure Network Code and the One Time Password (OTP) for your unit from the WeConnect web portal to be able to run the installer. WeOS will use the Code and OTP to make an encrypted download of the configuration and certificates from the on-line portal service. The VPN will automatically connect when the installer procedure is completed and your unit instantly becomes part of your secured network.

© 2017 Westermo Teleindustri AB 955

Westermo OS Management Guide

Version 4.22.0-0

WeConnect utilises these standard features in WeOS for its operations:

ˆ SSL VPN - This is used for the encrypted tunnel that connects to your We-

Connect secure network.

ˆ RIP - This protocol is run inside the SSL VPN tunnel to receive routes from other units and networks in the secure network. It also announces the local networks on your unit so they can be reached remotely.

ˆ Firewall - Automatic forward rules for the WeConnect SSL VPN tunnel are added. It is recommended that you use the firewall, but not mandatory.

The SSL VPN tunnel is run in UDP mode. This makes the WeConnect service perform well on most types of Internet connections. There is no requirement of fixed public IP number for your unit, and accessing the Internet via external firewalls and NAT will work in most cases.

Note

WeConnect is using the IPv4 networks 198.18.0.0/16 and 198.19.0.0/16 internally for its operation. You can not use these networks, or subnets within these networks, for other purposes on your WeOS unit while using

WeConnect.

956 © 2017 Westermo Teleindustri AB