Requirements for Internet gateways - draft RFC 985

Edge Gateway 3003安装和操作手册计算机型号： Edge Gateway 3003管制型号： N03G管制类型： N03G001注、小心和警告注: “注”表示帮助您更好地使用该产品的重要信息。

小心: “小心”表示可能会损坏硬件或导致数据丢失，并说明如何避免此类问题。

警告: “警告”表示可能会造成财产损失、人身伤害甚至死亡。

目录1 概览 (5)2 系统视图 (6)顶部视图 (6)底部视图 (6)左侧视图 (7)右侧视图 (9)3 安装 Edge Gateway (10)安全与管制信息 (10)专业安装说明 (10)Instructions d'installation professionnelles (11)联邦通信委员会干扰声明 (11)加拿大工业部声明 (11)设置 Edge Gateway (12)激活移动宽带服务 (17)安装边缘网关 (19)使用标准安装架安装 Edge Gateway (19)使用快速安装架安装 Edge Gateway (26)将电缆控制条连接至标准安装架 (34)使用 DIN 导轨架将 Edge Gateway 安装在 DIN 导轨上。

(36)使用垂直安装架安装 Edge Gateway (39)使用 VESA 安装架安装 Edge Gateway (42)4 设置 ZigBee 加密解密器 (44)5 设置操作系统 (45)Windows 10 IoT Enterprise LTSB 2016 (45)启动并登录—直接系统配置 (45)启动和登录—静态 IP 系统配置 (45)恢复 Windows 10 IoT Enterprise LTSB 2016 (45)Windows 10 IOT Enterprise LTSB 2016 基本功能 (46)Ubuntu Core 16 (47)概览 (47)启动并登录—直接系统配置 (47)启动并登录—静态 IP 系统配置 (47)更新操作系统和应用程序 (48)其他 Ubuntu 命令 (48)网络通信接口 (49)安全性 (51)Watchdog Timer (WDT) (52)恢复 Ubuntu Core 16 (52)3刷新新的 OS 映像 (53)创建恢复 USB 闪存盘 (54)6 访问和更新 BIOS (55)访问 BIOS 设置 (55)在 POST 过程中输入 BIOS 设置 (55)更新 BIOS (55)使用 USB 调用脚本 (55)从 USB 闪存驱动器刷新 BIOS (56)在 Windows 系统上更新 BIOS (56)在 Ubuntu 系统上使用 UEFI 压缩包更新 (56)Dell Command | Configure (DCC) (57)Edge Device Manager (EDM) (57)默认 BIOS 设置 (57)常规（BIOS 级别 1） (57)系统配置（BIOS 级别 1） (59)安全性（BIOS 级别 1） (60)安全引导（BIOS 级别 1） (61)性能（BIOS 级别 1） (61)电源管理（BIOS 级别 1） (61)POST 行为（BIOS 级别 1） (62)虚拟化支持（ BIOS 级别1） (62)维护（BIOS 级别 1） (63)系统日志（BIOS 级别 1） (63)7 参考资料 (64)8 附录 (65)天线规格 (65)从 DIN 导轨架卸下 (66)连接到 Edge Gateway (66)Windows 10 IoT Enterprise LTSB 2016 (66)Ubuntu Core 16 (67)4概览Edge Gateway 3000 系列是物联网 (IoT) 设备。

on-premisesfeedbacknotecurrently, microsoft actively supports only the last six releases of the on-premises data gateway. we release a new update for data gateways every month.the on-premises data gateway acts as a bridge. it provides quick and secure data transfer between on-premises data, which is data that isn't in the cloud, and several microsoft cloud services. these services include power bi, power apps, power automate, azure analysis services, and azure logic apps.by using a gateway, organizations can keep databases and other data sources on their on-premises networks while securely using that on-premises data in cloud services.how the gateway worksfor detailed information on how the gateway works, go to on-premises data gateway architecture.types of gatewaysthere are two different types of on-premises data gateways, each for a different scenario.•on-premises data gateway: allows multiple usersto connect to multiple on-premises data sources.with a single gateway installation, you can usean on-premises data gateway with all supportedservices. this gateway is well suited to plexscenarios where multiple people access multipledata sources.•on-premises data gateway (personal mode): allowsone user to connect to data sources and can't beshared with others. an on-premises data gateway(personal mode) can be used only with power bi.this gateway is well suited to scenarios whereyou're the only one who creates reports and youdon't need to share any data sources with others.in addition, there's a virtual network (vnet) data gateway that lets multiple users connect to multiple data sources that are secured by virtual networks. no installation is required because it's a microsoft managed service. this gateway is well suited to plex scenarios in which multiple people access multiple data sources. virtual network data gateways are discussed in depth in what is a virtual network (vnet) data gateway.using a gatewaythere are four main steps for using a gateway.1.download and install the gateway on a local puter.2.configure the gateway based on your firewall andother network requirements.3.add gateway admins who can also manage andadminister other network requirements.4.troubleshoot the gateway if there are errors.•logic apps, power apps, and power automatesupport both read and write operations throughthe gateway:o the gateway has a 2-mb payload limit forwrite operations.o the gateway has a 2-mb request limit and an8-mb pressed data response limit for readoperations.o url for the get request has a 2048 characterlimit.•while using the gateway with power bi in directquery mode, there's a 16-mb unpressed dataresponse limit.•for information about installation considerations, go to related considerations.gateway documentationthis document contains general information about theon-premises data gateway that applies to all services that the gateway supports. you can obtain more on-premises data gateway information for specificproducts by visiting the following product-specific sites.next steps。

Product Data SheetApril 201300813-0200-4420, Rev FA⏹Gateway connects wireless self-organizing networks with any host system ⏹Easy configuration and management of self-organizing networks⏹Easy integration into control systems and data applications through serial and Ethernet LAN connections⏹Seamless integration into AMS Device Manager and DeltaV™ automation system ⏹Greater than 99% reliability with industry proven security⏹Smart Wireless capabilities extends the full benefit of PlantWeb ® architecture to previously inaccessible locationsSmart Wireless GatewaySmart Wireless Gateway April 2013Emerson Smart Wireless GatewayGain real-time process information with greater than 99% wireless data reliability⏹The Smart Wireless Gateway automatically manages wireless communications in constantly changing environments⏹Native integration with DeltaV and Ovation automation systems provides simple and fast commissioning for wireless field networks⏹Connect to data historians, legacy host systems, and other via a LAN applications through Ethernet, Modbus, Serial, OPC, EtherNet/IP, and HART outputsGuarantee system availability withredundant Smart Wireless Gateways⏹Never lose the wireless network with hot standby capabilityand automatic fault detection⏹Smart Wireless Gateways function as a single system,eliminating the need for duplicate host integration⏹One click configuration and plug-and-play architectureComplete wireless network configuration toolsprovided with each Gateway⏹The integrated web interface allows easy configuration of thewireless network and data integration without the need to installadditional software⏹Complimentary AMS Wireless Configurator software providesEmerson Device Dashboards to configure devices and viewdiagnostic dataDrag and Drop device provisioning enables asecure method to add new wireless devices tothe wireless field networkContentsEmerson’s Smart Wireless Solution .. . . . . . . . . page3IEC 62591 (WirelessHART®)... The Industry Standard page3Ordering Information . . . . . . . . . . . . . . . . . . . . . page4Accessories and Spare parts . . . . . . . . . . . . . . . . page5 Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . page6 Product certifications . . . . . . . . . . . . . . . . . . . . . page8 Dimensional drawings . . . . . . . . . . . . . . . . . . . . . page9Smart Wireless Gateway April 2013Emerson’s Smart Wireless SolutionIEC 62591 (Wireless HART®)... The Industry StandardSelf-Organizing, Adaptive Mesh Routing⏹No wireless expertise required, network automatically finds the best communication paths⏹The self-organizing, self-healing network manages multiple communication paths for any given device. If an obstruction is introduced into the network, data will continue to flow because the device already has other established paths. The network will then lay in more communication paths as needed for that device.Reliable Wireless Architecture⏹Standard IEEE 802.15.4 radios⏹2.4 GHz ISM band sliced into 15 radio-channels⏹Time Synchronized Channel Hopping to avoid interference from other radios, WiFi, and EMC sources and increase reliability⏹Direct sequence spread spectrum (DSSS) technology delivers high reliability in challenging radio environment Emerson’s Smart WirelessSeamless Integration via a LAN to All Existing Host Systems ⏹Native integration into DeltaV and Ovation is transparent and seamless⏹Gateways interface with existing host systems via a LAN, using industry standard protocols including OPC, Modbus TCP/IP, Modbus RTU, and EtherNet/IPLayered Security Keeps Your Network Safe⏹Ensures that data transmissions are received only by the Smart Wireless Gateway⏹Network devices implement industry standard Encryption, Authentication, Verification, Anti-Jamming, and Key Management⏹Third party security verification including Achilles andFIPS197- User based login and enforced password strength. Password strength monitoring, user based log in, password reset requirements, automatic lockout, password expiration requirements. Based on guidelines from ISA99.03.03 standard approved level two. SmartPower™ Solutions⏹Optimized Emerson instrumentation, both hardware and software, to extend power module life⏹SmartPower technologies enable predictable power lifeSmart Wireless Gateway April 2013 Ordering InformationTable 1. Smart Wireless Gateway Ordering Information★ The Standard offering represents the most common options. The starred options (★) should be selected for best delivery.The Expanded offering is subject to additional delivery lead time.Model Product Description1420Smart Wireless GatewayPower InputStandard StandardA24 VDC Nominal (10.5-30 VDC)★Ethernet Communications - Physical ConnectionStandard Standard1(1)(2)Ethernet★2(3)(4)Dual Ethernet★Wireless Update Rate, Operating Frequency, and ProtocolStandard StandardA3User Configurable Update Rate, 2.4 GHz DSSS, Wireless HART★Serial Communication]Standard StandardN None★A(5)Modbus RTU via RS485★Ethernet Communication - Data ProtocolsStandard Standard2Webserver, Modbus TCP/IP, AMS Ready, HART-IP★4Webserver, Modbus TCP/IP, AMS Ready, HART-IP, OPC★5(6)DeltaV Ready★6(6)Ovation Ready ★8Webserver, EtherNet/IP, AMS Ready, HART-IP★9Webserver, EtherNet/IP, Modbus TCP/IP, AMS Ready, HART-IP★Options (Include with selected model number)Product CertificationsStandard StandardN5FM Division 2, Non-incendive★N6CSA Division 2, Non-incendive★N1ATEX Type n★ND ATEX Dust★N7IECEx Type n★NF IECEx Dust★KD FM & CSA Division 2, Non-incendive and ATEX Type n★N3China Type n★N4TIIS Type n★Redundancy OptionsStandard Standard RD(7)(8)(9)Gateway Redundancy★AdaptersStandard StandardJ1CM 20 Conduit Adapters★J2PG 13.5 Conduit Adapters★J33/4 NPT Conduit Adapters★Antenna Options(10)Standard Standard WL2Remote Antenna Kit, 50 ft. (15.2 m) cable, Lightning Arrestor★Smart Wireless GatewayApril 2013Accessories and Spare partsWL3Remote Antenna Kit, 20 ft. (6.1 m) and 30 ft. (9.1 m) cables, Lightning Arrestor ★WL4Remote Antenna Kit, 10 ft. (3.0 m) and 40 ft. (12.2 m) cables, Lightning Arrestor ★Expanded WN2(11)High-Gain, Remote Antenna Kit, 25 ft. (7.6m) cable, Lightning ArrestorTypical Model Number:1420A2A3 A 2 N5(1)Single active 10/100 baseT Ethernet port with RJ45 connector.(2)Additional ports disabled.(3)Dual active 10/100 baseT Ethernet ports with RJ45 connectors.(4)Multiple active ports have separate IP addresses, firewall isolation, and no packet forwarding.(5)Convertible to RS232 via adaptor, not included with Gateway.(6)Includes Webserver, Modbus TCP, AMS Ready, HART-IP, and OPC.(7)Requires the selection of Dual Ethernet option code 2.(8)Not available with DeltaV Ready option code 5.(9)Not available with EtherNet/IP option codes 8 and 9(10)The WL2, WL3, WL4, and WN2 options require minor assembly.(11)Not available in all countriesTable 1. Smart Wireless Gateway Ordering Information★ The Standard offering represents the most common options. The starred options (★) should be selected for best delivery.The Expanded offering is subject to additional delivery lead time. Table 2. AccessoriesItem DescriptionPart Number AMS® Wireless SNAP-ON™, 1 Gateway License 01420-1644-0001AMS Wireless SNAP-ON, 5 Gateway Licenses 01420-1644-0002AMS Wireless SNAP-ON, 10 Gateway Licenses 01420-1644-0003AMS Wireless SNAP-ON, 5-10 Upgrade Licenses 01420-1644-0004Serial Port HART Modem and Cables only 03095-5105-0001USB Port HART Modem and Cables only03095-5105-0002Table 3. Spare PartsItem DescriptionPart Number Spare Kit, WL2 Replacement (1), Remote Antenna, 50 ft. (15.2 m) Cable, and Lightning Arrestor01420-1615-0302Spare Kit, WL3 Replacement (1), Remote Antenna, 20/30 ft. (6.1/9.1 m) Cables, and Lightning Arrestor01420-1615-0303Spare Kit, WL4 Replacement (1), Remote Antenna, 10/40 ft. (3.0/12.2 m) Cables, and Lightning Arrestor 01420-1615-0304Spare Kit, WN2 Replacement (1), High Gain, Remote Antenna, 25 ft. (7.6 m) Cable, and Lightning Arrestor (2)01420-1615-0402(1)Can not upgrade from integral to remote antenna.(2)Not available in all countries.Smart Wireless GatewayApril 2013SpecificationsFunctional SpecificationsInput Power10.5 - 30 VDCCurrent DrawRadio Frequency Power Output from AntennaMaximum of 10 mW (10 dBm) EIRPMaximum of 40 mW (16 dBm) EIRP for WN2 High Gain optionEnvironmentalOperating Temperature Range: -40 to 158 °F (-40 to 70 °C)Operating Humidity Range: 10-90% relative humidityEMC PerformanceComplies with EN61326-1:2006.Antenna OptionsIntegrated Omnidirectional AntennaOptional remote mount Omnidirectional AntennaPhysical SpecificationsWeight10 lb (4.54 kg)Material of ConstructionHousingLow-copper aluminum, NEMA 4X PaintPolyurethaneCover GasketSilicone Rubber AntennaIntegrated Antenna: PBT/PC Remote Antenna: Fiber Glass CertificationsClass I Division 2 (U.S.)Equivalent WorldwideCommunication SpecificationsIsolated RS4852-wire communication link for Modbus RTU multidrop connectionsBaud rate: 57600, 38400, 19200, or 9600Protocol: Modbus RTUWiring: Single twisted shielded pair, 18 AWG. Wiring distance up to 4,000 ft. (1,524 m)Ethernet10/100base-TX Ethernet communication portProtocols: EtherNet/IP Modbus TCP, OPC, HART-IP, HTTPS (for Web Interface)Wiring: Cat5E shielded cable. Wiring distance 328 ft. (100 m).ModbusSupports Modbus RTU and Modbus TCP with 32-bit floating point values, integers, and scaled integers.Modbus Registers are user-specified.OPCOPC server supports OPC DA v2, v3EtherNet/IPSupports EtherNet/IP protocol with 32 bit Floating Point values and Integers.EtherNet/IP Assembly Input-Output instances are user configurable.EtherNet/IP specifications are managed and distributed by ODVA.Self-Organizing Network SpecificationsProtocolIEC 62591 (Wireless HART), 2.4 - 2.5 GHz DSSS.Maximum Network Size100 wireless devices @ 8 sec or higher.50 wireless devices @ 4 sec.25 wireless devices @ 2 sec.12 wireless devices @ 1 sec.Supported Device Update Rates1, 2, 4, 8, 16, 32 seconds or 1 - 60 minutesNetwork Size/Latency100 Devices: less than 10 sec.50 Devices: less than 5 sec.Data Reliability>99%C u r r e n t (m A )Operating Current Draw is based on 3.6 Watts average powerconsumption. Momentary startup Current Draw up to twice Operating Current Draw.Smart Wireless Gateway April 2013System Security SpecificationsEthernetSecure Sockets Layer (SSL)- enabled (default) TCP/IPcommunicationsSmart Wireless Gateway AccessRole-based Access Control (RBAC) including Administrator,Maintenance, Operator, and Executive. Administrator hascomplete control of the gateway and connections to hostsystems and the self-organizing network.Self-Organizing NetworkAES-128 Encrypted Wireless HART, including individual sessionkeys. Drag and Drop device provisioning, including unique joinkeys and white listing.Internal FirewallUser Configurable TCP ports for communications protocols,including Enable/Disable and user specified port numbers.Inspects both incoming and outgoing packets.Third Party CertificationWurldtech: Achilles Level 1 certified for network resiliency.National Institute of Standards and Technology (NIST):Advanced Encryption Standard (AES) Algorithm conforming toFederal Information Processing Standard Publication 197(FIPS-197)Smart Wireless Gateway April 2013 Product certificationsApproved Manufacturing LocationsRosemount Inc. – Chanhassen, Minnesota, USAEmerson Process Management GmbH & Co. - Karlstein, GermanyEmerson Process Management Asia Pacific Private Limited - SingaporeBeijing Rosemount Far East Instrument Co., Limited - Beijing, ChinaTelecommunication ComplianceAll wireless devices require certification to ensure that they adhere to regulations regarding the use of the RF spectrum. Nearly every country requires this type of product certification. Emerson is working with governmental agencies around the world to supply fully compliant products and remove the risk of violating country directives or laws governing wireless device usage.FCC and ICThis device complies with Part 15 of the FCC Rules. Operation is subject to the following conditions. This device may not cause harmful interference. This device must accept any interference received, including interference that may cause undesired operation. This device must be installed to ensure a minimum antenna separation distance of 20 cm from all persons. Ordinary Location Certification for FMAs standard, the Gateway has been examined and tested to determine that the design meets basic electrical, mechanical, and fire protection requirements by FM, a nationally recognized testing laboratory (NRTL) as accredited by the Federal Occupational Safety and Health Administration (OSHA).North American CertificationsN5FM Division 2, Non-IncendiveCertificate Number: 3028321Nonincendive for Class I, Division 2, Groups A, B, C, and D.Suitable for Class II, III, Division 1,Groups E, F, and G; Indoors/outdoor locations;Type 4XTemperature Code: T4 (-40 °C < T a < 60 °C)Canadian Standards Association (CSA)N6CSA Division 2, Non-IncendiveCertificate Number: 1849337Suitable for Class I, Division 2, Groups A, B, C, and D.Dust Ignition-proof for Class II, Groups E, F, and G;Suitable for Class III Hazardous Locations.;Install per Rosemount drawing 01420-1011.Temperature Code: T4 (-40 °C < T a < 60 °C)CSA Enclosure Type 4X European Union Directive InformationThe EC declaration of conformity for all applicable European directives for this product can be found on the Rosemount websiteat . A hard copy may be obtained by contacting your local sales representative.European CertificationN1ATEX Type nEx nA nL IIC T4 (-40 °C < T a< 60 °C)Special condition for safe use (X):The surface resistivity of the antenna is greater than onegigaohm. To avoid electrostatic charge build-up, it mustnot be rubbed or cleaned with solvents or a dry cloth.The Apparatus is not capable of withstanding the 500Vinsulation test required by Clause 9.4 of EN 60079-15:2005. This must be taken into account when installing the apparatus.ND ATEX DustCertificate Number: Baseefa 07ATEX0057Ex tD A 22 IP66 T135 (-40 °C < T a < 60 °C)Maximum working Voltage = 28 VN7IECEx Type nCertificate Number: IECEx BAS 07.0012XEx nA nL IIC T4 (-40 °C < T a < 60 °C)Maximum working voltage = 28 VSpecial condition for safe use (X):The surface resistivity of the antenna is greater than onegigaohm. To avoid electrostatic charge build-up, it mustnot be rubbed or cleaned with solvents or a dry cloth.The Apparatus is not capable of withstanding the 500 Vinsulation test required by Clause 9.4 of EN 60079-15:2005. This must be taken into account when installing the apparatus.NF IECEx DustCertification Number: IECEx BAS 07.0013Ex tD A22 IP66 T135 (-40 °C < T a < 60 °C)Maximum working voltage = 28 VCombinations of CertificationsKD Combination of N5, N6, and N1.Smart Wireless Gateway April 2013Dimensional drawingsFigure 1. Smart Wireless Gateway Dimensions are in inches (millimeters)Smart Wireless Gateway April 2013 Remote Antenna KitThe Remote Antenna kit includes sealant tape for remote antenna connection, as well as mounting brackets for the antenna, Lightning Arrestor, and the Smart Wireless Gateway.Lightning protection is included on all the options.*Note that the cables lengths on the remote antenna options WL3 and WL4 are interchangeable for installation convenience.Smart Wireless Gateway April 201311Standard Terms and Conditions of Sale can be found at \terms_of_sale The Emerson logo is a trade mark and service mark of Emerson Electric Co.Rosemount and the Rosemount logotype are registered trademarks of Rosemount Inc.PlantWeb is a registered trademark of one of the Emerson Process Management group of companies.HART and WirelessHART are registered trademarks of the HART Communication Foundation Modbus is a trademark of Modicon, Inc.All other marks are the property of their respective owners.© 2012 Rosemount Inc. All rights reserved.Emerson Process Management Rosemount Inc.8200 Market Boulevard Chanhassen, MN 55317 USA T (U.S.) 1-800-999-9307T (International) (952) 906-8888F (952) Emerson Process Management Blegistrasse 23P.O. Box 1046CH 6341 Baar Switzerland T +41 (0) 41 768 6111F +41 (0) 41 768 Emerson Process Management Asia Pacific Pte Ltd 1 Pandan Crescent Signapore 128461T +65 6777 8211F +65 6777 0947Service Support Hotline: +65 6770 8711Email:***************************.comSmart Wireless Gateway00813-0200-4420, Rev FAProduct Data Sheet April 2013Emerson Process Management Latin America 1300 Concord Terrace, Suite 400Sunrise Florida 33323 USA Tel + 1 954 846 5030。

如何上网的英语作文Here is an English essay on the topic of "How to Use the Internet":The internet has become an integral part of our daily lives, providing us with a vast array of information, entertainment, and communication tools at our fingertips. For many, navigating the internet can seem daunting, but with a few simple steps, anyone can become a proficient internet user. In this essay, we will explore the key aspects of using the internet effectively and efficiently.First and foremost, it is crucial to have a reliable internet connection. Whether you are accessing the internet through a wired ethernet connection or a wireless Wi-Fi network, ensuring a stable and fast connection is essential for a seamless online experience. Many internet service providers offer a variety of plans to cater to different needs and budgets, so it is important to research and choose the one that best suits your requirements.Once you have a reliable internet connection, the next step is to become familiar with the various web browsers available. Web browsers are the gateways to the internet, allowing you to access websites, online applications, and a multitude of digital resources.Popular web browsers include Google Chrome, Mozilla Firefox, Microsoft Edge, and Apple Safari, each with its own unique features and user interface. It is recommended to explore and experiment with different browsers to find the one that best aligns with your preferences and workflow.Navigating the internet effectively also requires proficiency in searching for information. Search engines, such as Google, Bing, or Yahoo, are powerful tools that allow you to find relevant information, websites, and online resources with just a few keystrokes. Mastering the art of crafting effective search queries, using keywords and Boolean operators, can significantly enhance your ability to locate the desired information quickly and efficiently.In addition to searching for information, the internet also provides a vast array of communication and collaboration tools. Email, instant messaging, video conferencing, and social media platforms enable users to stay connected with friends, family, and colleagues, regardless of their physical location. Understanding the proper etiquette and best practices for using these communication tools can help you maintain professional and personal relationships in the digital age.Another crucial aspect of using the internet effectively is online safety and security. With the increasing prevalence of cybercrime, itis essential to be vigilant and take necessary precautions to protect oneself and one's digital assets. This includes using strong and unique passwords, enabling two-factor authentication, and being cautious of phishing attempts and malware. Additionally, it is important to keep your operating system and software up-to-date to mitigate vulnerabilities and ensure the overall security of your devices.Furthermore, the internet has become a valuable resource for education and lifelong learning. Online courses, tutorials, and educational platforms offer a wealth of opportunities for individuals to expand their knowledge, acquire new skills, and pursue personal and professional development. Leveraging these resources can help you stay ahead of the curve in a rapidly changing world.Finally, the internet has also transformed the way we engage in entertainment and leisure activities. Streaming services, online gaming, virtual events, and social media platforms provide endless options for entertainment and relaxation. Striking a balance between productive use of the internet and recreational activities is crucial for maintaining a healthy work-life integration.In conclusion, using the internet effectively requires a combination of technical skills, information literacy, digital safety awareness, and a strategic approach to balancing various online activities. Bymastering these key aspects, individuals can harness the power of the internet to enhance their personal and professional lives, while navigating the digital landscape with confidence and security.。

Digi Connect® Family Application GuideHow to Create a VPN between a Connect Gatewayand WatchGuard_______________________________________________________________________ScenarioDigi Connect WAN is used for remote site connectivity. The primary site is using a WatchGuard VPN appliance. The two networks need to be connected, and the data needs to be encrypted between them.Theory of OperationA remote location needs to be able to build a secure tunnel between the main site and a remote branch. One location is using a Digi Connect gateway to provide primary internet connectivity. The other location is using a WatchGuard VPN appliance for primary site connectivity. AVPN tunnel will be created to the Digi Connect gateway, creating a secure connection for data to pass through.Sample DiagramPCs, PLCs, etc.ConnectPort WANWAN IP: 1.2.3.4LAN IP: 192.168.1.1WatchGuardWAN IP: 5.6.7.8Carrier Plan and PC / VPN Appliance RequirementsDigi Connect Requirements: Firmware version must be 2.8 or later. To download the latest firmware, go to /support.GSM GPRS/EDGE APN Type needed: VPN and GRE end-points usually require static (persistent) IP addresses and must support mobile terminated data connections. If mobile termination is not an option with your current APN, you will need to acquire a new one that does support mobile termination.CDMA networks may also require special plans to provide static IP addresses and support mobile terminated data connections.Check with your wireless provider on the available plan types.Digi Connect Gateway Configuration1.Read and follow the quick-start guide for the Digi Connect gateway.2.Assign a static IP address to the Ethernet port (the default address is 192.168.1.1).3.Configure the Digi Connect gateway settingsa.Navigate to Configuration > Network > VPN Settings.b.Click VPN Policy Settings.c.Click Add.d.Fill in the appropriate settings, shown in the screenshots below:e.Click Apply to save the changes.WatchGuard VPN Configuration1.Configure the WatchGuard VPN devicea.Log into the Web Interface of the WatchGuard device.b.Navigate to VPN in the left hand panel.c.Under the section titled 'Manual VPN Gateways', click Configure.d.Click Add to add a new VPN policy.e.Fill in the appropriate information shown in the screenshots belowf.Click Submit to save the changes.ADDITIONAL NOTES1.This configuration will work with Dynamic IP addresses, using hostnamesestablished with . When using a Dynamic IP address, you will need to set the VPN tunnel to use Aggressive Mode to make the connection work.2.This configuration will work with other VPN parameters than what is listed in thescreenshots. i.e. – DES, 3DES, AES 192-bit, AES 256-bit, etc.3.This configuration will work with other Digi Cellular products, such as the ConnectWAN, Connect WAN 3G, and ConnectPort WAN VPN series of products thatsupport VPN connections.Where to Get More InformationRefer to the Digi Connect gateway user documentation and Digi technical support website at /support for more information. Technical assistance is available at /support/eservice/eservicelogin.jsp.For sales and product information, please contact Digi International at 952-912-3444 or refer to the Digi Cellular pages at .。

HXG3000Indoor LoRaWAN GatewayInclude the document title and part number (HXG3000 Indoor LoRaWAN Gateway User Guide, 90002468 A) in the subject line of your email.The Haxiot HXG1000 Gateway is a multi-channel high performance LoRa transceiver designed to receive multiple LoRaWAN packets simultaneously with remote management from the Haxiot X-ON cloud platform. The HXG3000 Indoor IoT Gateway supports multiple operating systems and host processor chipsets. The Haxiot X-ON cloud platform provides centralized configuration and management for all the Haxiot gateway capabilities.About the HXG3000Indoor IoT GatewayAbout the HXG3000Indoor IoT Gateway OverviewPacking list and supply options Packing listPacking listn The HXG3000 base unitn HXGW470 or HXGW900 concentrator—depending on regional frequency plann LoRa Antenna—900 MHz—or LoRa antenna—470 MHz—depending on regional frequency planSupply optionsn5V @ 2 Amp DC Adapter—supplied with the kit.n Power over Ethernet (PoE) Splitter—not supplied with kit. Customers can buy separately.Requirements Haxiot Cloud account Haxiot Cloud accountTo provision and connect the HXG3000 Indoor IoT Gateway you must have a current subscription to the Haxiot X-ON platform. See Gateway provisioning for details on how to scan and provision yourgateway in X-ON.Network and firewall requirementsThe HXG3000 Indoor IoT Gateway requires an Internet connection to the X-ON cloud platform. Power over Ethernet(PoE) Splitter—if used—requires an available ethernet port. IP address allocation is byDHCP from the Local Area Network.By default, the gateway initiates an outbound connection to the XON cloud serverusing TLS connectivity.IP network portsHaxiot HXG Series gateways use TLS over TCP port 443 for network connections to the XON Cloud, the same protocol used for HTTPS. The gateway initiates all connection requests to the XON Cloud. The use of Network Address Translation on Internet gateways is fully supported by the HXG series.n TCP outbound - port 443 (TLS)n UDP outbound - port 53 (DNS)WARNING! Read all instructions before installing the HXG3000 gateways. WARNING! The HXG3000 Indoor IoT Gateway must always be operated with a LoRa antenna connected or the radio module could be damaged.Installation Site survey Site surveyCustomers should select a site with as few obstructions as possible between the HXG3000 Indoor IoT Gateway and the expected locations of LoRaWAN IoT devices. Elevation increases range. Backhaul accessibilityThe gateway location must have access to a network connection—Ethernet RJ-45—and power—120/240V—for the supplied D C power adapter. Shielded, indoor grade Category 5E cabling or higher is recommended.The antenna should be mounted vertically and will generate a vertically polarized omni-directionalLoRa signal. There is minimal coverage directly above and directly below the antenna with a standard design omnidirectional antenna. Maximum coverage will extend outwards in all directionshorizontally.Specifications DimensionsSpecifications Operating conditions:absolute maximum ratingsSpecifications Radio informationRegulatory Haxiot notice Haxiot noticeThe Haxiot HXGW900 LoRaWAN gateway module has been certified for US and Canada with theFederal Communications Commission (FCC) & Industry Canada (IC).FCC ID: ANQY-HXGW900IC ID: 23185-HXGW900FCC noticeFCC NOTICE: This product is designed to allow:(1) Product developers to evaluate electronic components, circuitry, or software associated with thekit to determine whether to incorporate such items in a finished product and(2) Software developers to write software applications for use with the end product. This kit is not afinished product and when assembled may not be resold or otherwise marketed unless all requiredFCC equipment authorizations are first obtained. Operation is subject to the condition that thisproduct not cause harmful interference to licensed radio stations and that this product acceptharmful interference. Unless the assembled kit is designed to operate under part 15, part 18 or part 95 of this chapter, the operator of the kit must operate under the authority of an FCC license holder ormust secure an experimental authorization under part 5 of this chapter.(3) Sales of this device are limited to product developers, software developers, and system integratorsFor evaluation only; not FCC approved for resale; and this evaluation kit is designed to comply with all applicable FCC technical rules, including frequency use, spurious and out-of-band emission limits, and maximum power or field strength ratings applicable to a final FCC approval product that wouldemploy the components or circuitry to be evaluated.RoHS complianceThis module is compliant with the requirements of RoHS.。

OBD系统OBD-I只能监控部份部件的工作和一些排放相关的电路故障，其诊断功能较为有限。

另外，获取OBD信息的数据通信协议和连接外部设备和ECU的接口仍然未被标准化。

OBD-II汽车工程师协会(SAE)对诊断接口、通信方式等技术细节进行了进一步标准化工作，OBD-I在此基础上发展成为第二代OBD，即OBD-II。

美国环境保护局(EPA)采用了这些新的技术标准，并于1990修订了《清洁空气法》（），要求自1996年1月1日起所有在美国市场销售的新车必需符合OBD-II所概念的技术要求。

与OBD-I相较，OBD-II在诊断功能和标准化方面都有较大的进步。

故障指示灯、诊断连接口、外部设备和ECU之间的通信协议和故障码都通过相应标准进行了规范。

另外，OBD-II可以提供更多的数据被外部设备读取。

这些数据包括故障码、一些重要信号或指标的实时数据，和冻结桢信息等。

OBD-I与OBD-II诊断功能的比较以上内容来自MisubishiEOBD1998年10月13日，欧共体通过了指令。

该指令要求自2000年1月1日起，在所有在欧盟成员国内销售的新上市的汽油机车必需知足相关规定，被称为EOBD。

与OBD-II相较，EOBD的要求较为宽松，比如不对油箱泄露进行诊断等等。

我国的OBD要求2005年4月5日，国家环保总局发布批准《轻型汽车污染物排放限值及测量方式（中国III、IV 阶段）》（）等五项标准为国家污染物排放标准。

OBD作为强制性要求第一次出此刻我国的法规标准中。

此项标准是通过修改采用欧盟（EU）对70/220/EEC 指令进行修订的98/69/EC 指令和随后截止至2003/76/EC 的各项修订指令的有关技术内容产生的。

主要的修改内容包括包括M1和M2类车型的分组、燃料的技术要求等5个方面，而OBD部份大体照搬了欧盟的标准。

虽然也有人愿意把我国对OBD的技术要求称为COBD，但从具体不同来看，EOBD和OBD-II 有明显的区别，而我国的国III/IV法规中的OBD部份与EOBD并无二致。

Table of ContentsOverviewLicensing RequirementsPrerequisites and GuidelinesPreparing the Web GatewaySteps Specific to Gen. 4 Agent SetupSteps Specific to Gen. 2/Gen. 3 Agent SetupAdditional ReferencesOverviewMost commonly, Agents are used to secure devices that leave the traditional local network boundary, for example, when a user takes their office laptop computer home with them. Historically, devices that were taken outside of the enterprise network would have required the use of a VPN with default routes to backhaul all data to the location where the physical gateway(s) and other services resided to ensure that the security policy was applied consistently. As drivers for VPN diminish (adoption of cloud SaaS solutions replace locally hosted services), residential bandwidth throughput increases and price decreases, cloud secure web gateway have become a more attractive option.VPNs may still be used for any locally hosted services that have not yet been migrated to the cloud, but all internet traffic can egress through the commodity Internet Service Provider and still be secured using iboss’distributed cloud gateways. The other common use case for deploying security agents is in circumstances where no local gateway is desired or necessary. An example use case for this is a satellite office or retail store. Licensing RequirementsCore, Malware Defense, or Data Loss Prevention iboss Cloud subscription.Prerequisites and GuidelinesAt least one local or cloud gateway with Mobile Agent licenses enabled.While it is possible to backhaul data to a local gateway, it is highly recommended to redirect mobile endpoint traffic to cloud gateways.It is recommended to leverage the inherent fault tolerance of the iboss distributed gateway platform by ensuring that more than one cloud gateway be used to secure mobile devices.Preparing the Web GatewayThe instructions for configuring Windows Mobile Client consist of preparing the web gateway to support offsite web security, decrypting traffic, and identifying the logged in user.Login to https://Navigate to Data Redirection > AgentsSelect the Default group, 1, from the group selection drop-down and choose the filtering group you are deploying the Windows Agent to.Enable Security Agent Filtering for the filtering groups you intend to support and click Save.Setting DescriptionUse session Encryption This toggle will activate the service.Enable VPN Auto Registration This toggle is not necessarily required (the toggle shown above demonstrates this disabled) but is an optional step for use with VPN mode.Configure Auto Login Agents to use Key for Group Switching this toggle to "Yes" causes users to be placed into groups based on the security key (parameter in the agent MSI setup file) rather than the group name.Use session Encryption When this feature is enabled AES encryption will be used. All new agentregistrations will be encrypted (when enabled) and all existing sessions thatare not encrypted will still function properly.Define a custom security key. Note this key as it will be necessary for agent configuration in later steps.Select your LDAP server from the "Extract Group From LDAP" setting.Note: If you do not have a centralized directory or prefer to decouple NetID SSO from the directory, skip this step as Gen. 4 agents do not support thisSave the settingsSteps Specific to Gen. 4 Agent SetupOption 1- Windows Agent via SAML and ProxyThe Generation 4 Windows agent accelerates proxy data redirection by automatically configuring the proxy settings on the workstation and injecting proxy authentication information and SAML authentication cookies into the proxy requests.Note: Proxy-based filtering will still work without agents but the agents will speed up the performance and reduce the number of logins the user will need to enter.Web Gateway Setup InformationThe Web Gateway must be configured to proxy with SAML-based authentication. To do this, log in to iboss Cloud and navigate to Data Redirection > Proxy > User Authentication Method > SAML. Click the Save when finished to preserve these settings.Agent SetupThe Download Windows Agent button will allow you to download the installation and configuration files for the Windows Mobile Client Agent.Extract the archive from the Windows folder. The archive contains a Windows Installation file (.msi) and a registry update file (.reg). Installation may be done manually or pushed via the publishing feature of Windows Server (/kb/816102). The latest installation files are always available via the 'Download Agent' button.Select the OS that you would like to use (taking care to select the appropriate 32- or 64-bit installer).Note: You’ll find a win7 and win8 install folder. The win7 installer folder is compatible with all Windows versions up to and including Windows 7. The win8 installer folder is compatible with Windows 7 and aboveSave the .msi to your desktop for quick access in the next steps.The Windows agent is configured through the system registry. The MSI file used to install the Windows agent may be pre-configured to set the desired values using an MSI editing tool such as Orca.Installing and Using OrcaOrca is a widely available tool used for editing the properties .msi files. Once Orca is installed on the system, you can use it to modify the .msi file that you just downloaded. Right click on the extracted file and choose Edit with Orca as shown here.This will bring up the interface shown below.Click on "Property" in the list of tables, then click on Property at the head of the table to organize it alphabetically. Edit the appropriate parameters (explained below) by typing in the corresponding field in the "Value" column. The following registry values are used to configure Gen 4 Proxy mode:Parameter DescriptionPARAM_RUNTIME_MODE Set to “gen4_saml”PARAM_GATEWAY_HOST Enter the Web Gateway address or cluster address here.E.g. PARAM_GATEWAY_PORT Enter the proxy port (available on the Proxy page under Settings). The default is 8009.PARAM_PROXY_MONITOR_INTERVAL This value (in milliseconds) controls how often the proxy settings will be checked by the agent (default and minimum is 1000 ms). If the settings are found to be different from what is configured in the registry, then the agent will update them.PARAM_PROXY_OVERRIDE These are addresses that will bypass the proxy server. At a minimum, every web gateway in the cluster must be added. E.g. cluster1 contains the web gateway *. Multiple server names must be separated by semi-colons.PARAM_SAML_SESSION_COOKIE Optional, if a SAML session cookie is known ahead of time then it can be specified here and the user would not need to log in. If unused, then set to null. If set in Orca and deployed to multiple workstations, all users would be deployed similarly.After the necessary parameters have been edited in Orca, save the file by clicking File > Save.Once you have modified the installer, install the appropriate .msi (either ibsa32.msi or ibsa64.msi) onyour computer by double-clicking the installer and following any prompts.Note: You can also push the installer via Active Directory. Make sure that the 64-bit installer is used for 64-bit systems and the 32-bit installer is used for 32-bit systems.This completes the install of the agent in SAML Proxy Mode.Option 2- Windows Agent Auto-Login ModeThe Generation 4 Windows agent accelerates proxy-based redirection by automatically configuring the proxy settings on the workstation and injecting cookies into traffic that will authenticate the endpoint and gateway to each other. Auto-Login mode allows iboss Agents and endpoints to be automatically registered and secured by a configured gateway without the need for manual input of login credentials.Note: The Auto Login Proxy configuration requires the use of Agents to work.Web Gateway Setup InformationThe Web Gateway must be set to use a proxy data redirection method, with the "User Authentication Method" set to Auto-Login Agents. to do this, log into your iboss Cloud Account and navigate to Data Redirection > Proxy > Enable Proxy Settings (if not already active) >User Authentication Method > Auto Login Agents). Click the Save when finished to preserve these settings.Agent SetupThe Download Windows Agent button will allow you to download the installation and configuration files for the Windows Mobile Client Agent.It will appear on your computer compressed into a .zip file. Extract the contents of the file and save to your preferred location.In this folder, right-click the file called install_ibsa.bat > Run as an Administrator certifying that you are sure you want to run the file. The batch file will be presented to you as shown below.If this is the first time an iboss agent is being installed on this device, enter a number 1-4 corresponding to the windows version present on the device.If this device has had another version of the iboss agent previously installed on it, enter the "u" command to fully uninstall any agents on the device, followed by the "r" command to remove the iboss registry key. After this, enter a number 1-4 corresponding to the windows version present on the device.Within a few minutes, your device will now direct all web traffic (unless otherwise specified) to thegateway/cluster from which the agent was downloaded. All applicable policy is now being applied.To verify that the agent is running, you can navigate to your computer's "Services" interface (Search "Services" from the Start menu) and check to see that "IBSA" (iboss Security Agent) is present and running. To ensure the parameters of the agent have been correctly set, open up your computer's Registry Editor (search "regedit" from the start menu) and navigate through the registry path Computer > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > iboss Security Agent > Parameters. The address of the web gateway cluster will display in the "GatewayHost" parameter, the "RuntimeMode" parameter will be "gen4_auto", and the "Version" parameter will be "4.0.0". If you edit any of the parameters in the Registry Editor, be sure to restart the IBSA service.If you check your Proxy settings through either your computer or your browser, you will notice that traffic is being directed to a proxy- the same iboss web gateway cluster address will appear here as well.In the event that the agent does not detect any groups pertinent to the device, the device will appear in the table under Users, Groups & Devices > Users and Devices. From here the device can be moved from the default group to an appropriate one.Note: You can also push the installer via Active Directory. Make sure that the 64-bit installer is used for 64-bit systems and the 32-bit installer is used for 32-bit systems.This completes the install of the agent.Acquiring Group InformationAt the initial startup of the agent or upon a user-changed event, the agent checks whether the device is joined to a domain and if the current user is a domain user. If so, it retrieves the group information from the domaincontroller. If the computer is not joined to a domain or the user is logging into a local account on a domain-joined computer, then the group information will be retrieved from the local user groups.In the event that the agent does not detect any groups pertinent to the device, the device will fall into your default group and appear in the table under Users, Groups & Devices > Users and Devices. From here the device can be moved from the default group to an appropriate one.Steps Specific to Gen. 2/Gen. 3 Agent SetupThe parameters below must be entered via the Registry Editor or Orca when setting up the Gen. 2/Gen. 3 Agent. Of all the properties, there are only a few which need to be changed to match your network configuration. Parameter DescriptionPARAM_GATEWAY_HOST This should be the IP Address (or DNS Hostname) of the iboss as visible by mobile computers when OUTSIDE of your network. This IP must be publically accessible on TCP ports 8025 and 8026.PARAM_SECURITY_KEY Change this to match the security key on the iBoss Mobile Client configuration page that corresponds to the filtering group you would like the mobile client filtered by when outside of your network.PARAM_OUTSIDE_NETWORK_IP The public IP Address (or addresses) of the localnetwork to which the private IP Addresses are translated via NAT when on the local network. Enter single IPs or IPranges in the following format (38.50.10.5,38.50.10-7-38.50.10.12). If there is only one public IP, enter it byitself.If you will be using the agent to perform LOCAL network SSL content inspection (NOT REQUIRED for mobile filtering/security or SSL blocking), the following options should be set (available in gen3 agents only): Parameter DescriptionPARAM_LOCAL_GATEWAY_HOST (gen3) This should be the local IP Address of the iboss as seen on the local network.PARAM_LOCAL_GATEWAY_SECURITY_KEY (gen3) Change this to match the security key on the Mobile Client/Local SSL Inspection configuration page for “Local SSL Agent Security Key”. This key is not group specific.PARAM_LOCAL_SSL_AGENT (gen3) Set this to 1 if the agent will be used for local SSL inspection. If the agent will only be used for mobile filtering/security, leave this set to 0 and do not enter values for any of the values in this sectionPARAM_ALWAYS_LOCAL (gen3) Set this to 1 if the agent will ONLY be used for local SSL inspection and will not be used for mobile security.The rest of the properties are optional and are typically not modified. If you would like the agent to perform a system reboot after detecting an upgrade, set the following property: PARAM_RESTART_AFTER_UPGRADE = 1This option is available on Gen. 3 installers only. A restart is required when moving from a Gen. 2 agent to a Gen. 3 agent. This option can be used if moving between Gen. 2 and Gen. 3 is necessary.After the necessary parameters have been edited in Orca, save the file by clicking File > Save.Once you have modified the installer, install the appropriate .msi (either ibsa32.msi or ibsa64.msi) on your computer by double-clicking the installer and following any prompts.Note: You can also push the installer via Active Directory. Make sure that the 64-bit installer is used for 64-bit systems and the 32-bit installer is used for 32-bit systems.This completes the install of the agent.Additional ReferencesLegacy Windows and Mac Agent DocumentationNote: This article was last updated in conjunction with the iboss version 9.0.90.200 firmware (released09/26/2017). You may be using a different version of firmware than the one featured in this article.。

With email still being the primary business collaboration tool, organizations need to ensure that the content and information they send and receive is both appropriate and permitted to enter or leave the organization. The Clearswift SECURE Email Gateway (SEG) helps to secure against critical information data loss; protecting the intellectual property and brand reputation of your organization and ensuring compliance with current regulations and standards.Clearswift’s award-winning deep-content inspection capabilities facilitate the competitive advantages inherent in open and safe communications; transforming email from a high-risk communication channel to one tailored exactly to your organization’s needs.The Gateway scans emails for sensitive content, and based on a granular organizational policy it provides the necessary flexibility to permit multiple behaviours, depending on the senders and recipients of the message. The Clearswift Adaptive Redactionfunctionality allows for content to be dynamically modified to make the content safe rather than having to stop and block and forcea remediation.Inbound threat protectionFeaturing integrated, cloud-assisted Kaspersky and / or Sophos anti-virus, with automatic updates every fifteen minutes toprovide the latest protection. These technologies are supplemented with zero-hour anti-malware and active code detection to ensure that no malware comes in, or goes out, via email. Targeted ransomware and spyware attacks typically use email with commonly used Office and PDF files as a means to deliver a payload. If these exploits manage to reach the desktop they will be run with the user privileges of the recipient, which could provide access to sensitive data. So as an addition to standardanti-malware features the Structural Sanitization feature permits macro’s, scripts and Active/X to be removed from messages, PDF and Office file formats significantly reducing the risk of targeted ransomware and spyware attacks being successful.Message Sanitization is able to remove URLs, attachments and HTML from messages to ensure there is no potential riskfrom that message.Best-of-Breed spam detectionThe new Clearswift SECURE Email Gateway comes with a completely redesigned anti-spam engine incorporating thebest-of-breed Mailshell component. This reduces the amount of spam reaching the end-user and the number of false positives.DMARC, SPF and DKIM support enables yet further spam reduction and with an Outlook Spam Reporter included, spam can be monitored, registered and eliminated. Featuring a new multi-layer spam defence mechanism using IP reputations, greylisting, signatures, SPF, RBL, recipient authentication and machine learning (Bayesian) engines to provide > than 99.9% detection rates, the SEG is able to drastically reduce the amount of time users spend managing their inboxes and significantly reduces theeffect of malware contained in spam.Context-aware content inspection policiesFlexible policies and context-aware content inspection mean you no longer have to choose between free-flowing communications and unacceptable risk. Flexible policy is the key to any real-world deployment. If the policy is too restrictive then people either cannot work effectively, or they find ways to get around their security policy.Adaptive RedactionClearswift’s unique Adaptive Redaction features permit the content of messages and attachments to be modified dynamically based on policy. The Data Redaction feature allows information to flow when before it would have been blocked. Customers can create policies to change specific words and phrases in messages and documents with “*” characters to make the content safe.This can apply to Credit Card numbers, Social Security details, Project codes, individual names or any custom value.Figure 1. Clearswift Adaptive Redaction: Data RedactionThe Document Sanitization feature can remove outstanding revision changes, clearing history and fast-save data that can also hold embarrassing critical information being accidentally disclosed. Document properties, such as “Author”, “Organization” and “Status” can be completely removed or bespoke properties can be preserved.DATA REDACTIONAdaptive RedactionOriginal Email with attachmentsEmail after Adaptive RedactionAdaptive Data Loss PreventionData loss is one of today’s biggest organizational concerns. Be it the latest designs, customer details or private employee information, the loss of intellectual property can ruin a company, both from a financial and reputational perspective.To reduce the chances of accidental data loss, the SECURE Email Gateway is able to control messages based on their content and their context. Context is provided through integration with Active Directory or LDAP, so policy can be applied to a specific individual or group (or the whole organization). The content of the message is checked through looking for text in the message body, subject line and also attachments, against 180 predefined policies.Policies consist of standard words, phrases or regular expressions, which can be used to look for complex alphanumeric patterns. These patterns could be used to identify an organization’s assets, such as credit cards, IBAN numbers, social security numbers, and many more.These phrases can be combined using Boolean and positional operators to create examples such as: • Credit .FOLLOWEDBY=1. Card• Confidential .AND. (Project .OR. Material)• C hecking for policy violations can also take place within image content such as screen shots, attachments and embedded content in documents.ComplianceStaying within the bounds of a regulatory framework is very important. To help you maintain compliance, the SECURE Email Gateway includes standard templates and dictionaries for common terms that may indicate a data breach.The Gateways are supplied with customisable dictionaries for GLBA, HIPAA, SEC and SOX to save deployment time. Organizations that must adhere to PCI and PII regulations can use a custom dictionary and the special ‘credit card’ and ‘social security’ tokens. Customers can augment the standard dictionaries with ones that may be more applicable.Organizations that must adhere to PCI and PII regulations, such as the EU GDPR, can use a custom dictionary and any of the more than 200+ pre-configured PCI and PII tokens to simplify policy definition and enforcement. Customers can augment the standard dictionaries with ones that may be more applicable.Some information will always need to be shared and email encryption is another important capability of the Gateway, ensuring that regulations relating to sensitive data sent over the internet are protected using strong encryption. The HITECH Act in the US and the EU’s General Data Protection Regulation make it clear that sensitive data must be encrypted when sent via email; the SECURE Email Gateway supports a number of different encryption mechanisms to provide flexibility as required.Email encryptionWith TLS as standard, and cost options to provide either S/MIME, PGP and password protected files or Web portal-based encryption, the Email Gateway offers a variety of options to cater for customer requirements. Whichever you choose, the Gateway allows sensitive data to be delivered securely, in seconds, using the optimal format for the recipient.Management and reportingThe user interface of the Gateway is powerful, yet simple to use. With roles based administration, automation and policy re-use, it’s quick and easy to build policy, manage violations, track messages and report on trends and behaviour. In this way, valuable insight is provided without consuming valuable admin resource.Deep content inspectionTrue file-type detection that recognizes files by signature and not by extension allows the Clearswift SECURE Email Gateway to understand files accurately. Compressed file archives are opened and the contents examined in real-time; embedded documents are discovered, and content is scanned in depth, to ensure data leakage is kept at bay.Flexible deployment optionsYou decide how you want to buy and deploy the Clearswift SECURE Email Gateway, either as a pre-installed hardware appliance, as a software image that can be loaded on a choice of hardware platforms, or alternatively virtualized in a VMware / Hyper-V environment. The Clearswift SECURE Email Gateway is also available as a Cloud solution using providers such as AWS and Azure or from Clearswift (regional offerings) as hosted virtual servers where you maintain control of the platform, but with the convenience and benefits of a Cloud delivery model.About ClearswiftClearswift is trusted by organizationsglobally to protect their criticalinformation, giving them the freedomto securely collaborate and drivebusiness growth. Our uniquetechnology supports a straightforwardand ‘adaptive’ data loss preventionsolution, avoiding the risk of businessinterruption and enabling organizationsto have 100% visibility of their criticalinformation 100% of the time.Clearswift operates world-wide, havingregional headquarters in Europe, AsiaPacific and the United States. Clearswifthas a partner network of more than 900resellers across the globe.More information is available atUK - International HQClearswift Ltd1310 WatersideArlington Business ParkTheale, Reading, BerkshireRG7 4SATel : +44 (0) 118 903 8903Fax : +44 (0) 118 903 9000Sales: +44 (0) 118 903 8700Technical Support: +44 (0) 118 903 8200Email:*******************AustraliaClearswift (Asia/Pacific) Pty LtdLevel 17 RegusCoca Cola Place40 Mount StreetNorth Sydney NSW 2060AustraliaTel: +61 2 9424 1200Technical Support: +61 2 9424 1210Email:*******************.auGermanyClearswift GmbHIm Mediapark 8D-50670 CologneGermanyTel: +49 (0)221 828 29 888Technical Support: +49 (0)800 1800556Email:******************JapanClearswift K.KShinjuku Park Tower N30th Floor3-7-1 Nishi-ShinjukuTokyo 163-1030JapanTel: +81 (3)5326 3470TechnicalSupport************Email:**********************United StatesClearswift Corporation309 Fellowship Road, Suite 200Mount Laurel, NJ 08054United StatesTel: +1 856-359-2360Technical Support: +1 856 359 2170Email:******************.comIntuitive web-based interface Ease of use and no requirement to learn complex syntax or Linuxcommands.Multi-gateway consolidated reporting Consolidated reporting view of user’s activities for easier analysis andsharing of management data.Multi-gateway message tracking Enables a view of where messages came from, how they wereprocessed and where they went across multi-gateways, complete withmanual or scheduled export capability.Centralized SYSLOG, SCOM, SNMP, SMTP Alerting Consolidate to a central SIEM, or use SCOM, SNMP or SMTP management alerts for a ‘lights out’ data centre deployment.* Cost Option。

Gateway DatasheetHuawei Technologies Co., Ltd.Copyright © Huawei Technologies Co., Ltd. 2018. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.Trademarks and Permissionsand other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders.NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.Huawei Technologies Co., Ltd.Address: Huawei Industrial BaseBantian, LonggangShenzhen 518129People's Republic of ChinaWebsite: Email: ******************With wide application of cloud computing technology, IT and CT are rapidly converged. Consequently, requirements for public and private cloud deployment, quick service provisioning, on-demand service migration, and tailored attack defense increase sharply. Conventional service gateways with dedicated hardware can hardly meet the deployment requirements of the cloud network architecture.Huawei USG6000V is a virtual (software-based) service gateway based on the network functions virtualization (NFV). It features high virtual resource usage because the virtualization technology allows a large number of tenants to concurrently use the resources. In addition, the USG6000V provides abundant virtualized gateway services, such as vFW, vIPsec, vLB, vIPS, vA V, and vURL Remote Query. It can be flexibly deployed to meet service requirements.Huawei USG6000V series virtual service gateway is compatible with most of mainstream virtual platforms. It provides standard application platform interfaces (APIs), together with the OpenStack cloud platform, SDN Controller, and MANO to achieve intelligent solutions for cloud security. It meets the requirements of flexible service customization, elastic and on-demand resource allocation, visualized network management, rapid rollout and frequent changes of security service, and simple and efficient O&M.HighlightsIntegrated functions and fine-grained managementThe USG6000V provides multiple functions, including security protection to data centers at the virtualization layer and value-added security services for tenants.●Multi-purpose: The USG6000V integrates the traditional firewall, VPN, intrusionprevention, antivirus, data leak prevention, bandwidth management, and online behaviormanagement functions all in one device, simplifying device deployment and improvingmanagement efficiency.●IPS: The USG6000V can detect and defend against over 5000 vulnerabilities. It canidentify and defend against web application attacks, such as cross-site scripting and SQLinjection attacks.●Antivirus: The high-performance antivirus engine of the USG6000V can defend againstover five million viruses and Trojan horse. The virus signature database is updated daily.●Anti-DDoS: The USG6000V can identify and defend against over 5 million viruses andover 10 types of DDoS attacks, such as SYN flood and UDP flood attacks.●Online behavior management: The USG6000V implements cloud-based URL categoryfiltering to prevent threats caused by users' access to malicious websites and control users'online behavior, such as posting. The USG6000V has a predefined URL category databasethat contains over 120 million URLs. In addition, the USG6000V audits users' networkaccess records, such as posting and FTP operations.●Secure interconnection: The USG6000V supports various VPN features, such as IPsec,SSL, L2TP, MPLS, and GRE VPN to ensure high-availability and secure interconnectionbetween enterprise headquarters and branch offices.●QoS management: The USG6000V flexibly controls upper and lower traffic thresholds andimplements policy-based routing and QoS marking by application. It supports QoSmarking for URL categories. For example, the packets for accessing financial websites areassigned a higher priority.●Load balancing: The USG6000V supports server load balancing. In a multi-egress scenario,the USG6000V can implement load balancing with the egresses for applications accordingto link quality, bandwidth, and weights.Flexible deployments of services achieved by elastic and on-demand principlesVirtualization: The USG6000V supports the virtualization of many security services, such as firewall, intrusion prevention, antivirus, and VPN. Users can separately conduct personal managements on the same physical device. The USG6000V8 can be divided to 500 virtual systems to achieve one-to-many virtualization. It requires less investment from small-scale tenants by providing fine-grained service resources.Automation: It supports such plug-ins as NETCONF and OpenStack, and connects to Agile Controller or Openstack cloud platform through standard interfaces. With one-click configuration and delivery of network parameters on the portal, it spares users the nuisances of configuring complicated commands of specific network devices.It achieves seamless orchestration among computing, storage, and network by providing faster deployment of network resources. Network services roll out within minutes with manual configuration being reduced by 90%.Service provisioning process of Huawei DCN security solutionIntegrated management and visualized O&M●Security policy management: Users configure security service rules based on security groups.The Agile Controller generates and automatically delivers security policies.●Visualized O&M: It provides topology visibility for network-wide virtual and physicalresources to quickly locate network fails. It also provides visualized network management based on tenants to meet compliance requirements of visualized network topology, quota, traffic, and alarms.Visualized Agile Controller management of Huawei DCN security solutionBuilding an ecosystem available to be integrated widelyBy adopting standard APIs, it achieves zero transportation and zero cable layouts in the deployment of data centers. With this effortless deployment experience, it accelerates service deployments and supports migration among multiple virtual platforms. It provides automatic service scheduling and other functions by supporting comprehensive northbound interface protocols to realize wide connection to various kinds of standard controllers.●Various virtualization platforms: Supports mainstream virtualization platforms, such asthe VMware, KVM, XEN, Hyper-V, and Huawei FusionSphere, as well as inst allation of bare machine.●Multiple file formats: Supports software packages in multiple formats(including .vmdk, .iso, .qcow2, and .ovf) for deployment in various environments.●API friendliness:Supports the management using NETCONF and RESTCONF NBIsand the OpenStack platform for NFV interconnection.●Solutions: Supports solutions of Huawei DCN.●Public cloud platform: Supports public cloud platforms of AWS, Azure and Huawei. Typical Application ScenarioHuawei DCN security solutionTenants subscribe to value-added services on the service portal; MANO deploys the USG6000V; the Agile Controller predefines the network and delivers security policies based on Layer 4 through 7. All of the procedures for rolling out the services are automated. The USG6000V deployed on the border of the VPC of tenants provides such services as remote access, value-added security, and load balancing. It protects the north-south traffic among tenants from threat transmissions emanated from the data center.The USG6000V supports as many as 500 virtual systems. It provides fine-grained security resources based on virtual systems to small-scale tenants, greatly lowering the threshold for investment.Specifications1. VM resources refer to resources provided by deployed VMs, including vCPUs, memory, hard disks, and virtual interfaces.2. The vCPU indicates the logical CPU virtualized by the Intel x86 64-bit CPU that supports VT. One core corresponds to two vCPUs.3. All performance indicators are tested under the specified hardware environment, namely, RH2288, V3, X86 series-3200MHz-1.8V-64bit-135000mW-Haswell EP Xeon E5-2667 v3-8Core-with heatsink.4. In SR-IOV mode, the SR-IOV technology is used, and the test environment is the KVM platform. In vSwitch mode, the USG6000V is connected to the vSwitch, and the test environment is the VMware platform.5. The maximum throughput is obtained by testing 1518-byte or 1420-byte packets in ideal conditions. The specifications may vary depending on live network environments.6. The maximum throughput is obtained by testing 64-byte packets in ideal conditions. The specifications may vary depending on live network environmentsOrdering Guide2018-11-3Huawei Confidential Page11 of 11About the PublicationThe publication is for reference only and does not constitute a warranty of any kind, express or implied. All trademarks, pictures, logos, and brands in this publication are the property of Huawei Technologies Co., Ltd. or an authorized third party.Copyright © Huawei Technologies Co., Ltd. 2017. All rights reserved.。

Aruba 9004 Series Gateways provide high-performance SD-WAN and security functionality in a compact and cost-effective form factor. Ideally suited for branch and small campus networks, the 9004 Series Gateways serve a key role within Aruba’s SD-Branch solution, which unifies WLAN, LAN, SD-WAN and security for distributed enterprises.The 9004 Series can be easily configured and managed using Aruba Central, a cloud-based network operations, assurance and security platform. Onsite deployment is accomplished with a simple mobile installer application.HIGH PERFORMANCE AND RELIABILITYFor distributed enterprises with increasing performance and bandwidth needs, the 9004 is designed with scale and flexibility, and equipped with plenty of horsepower. The 9004 provides connectivity for up to 2,048 users or client devices at up to 2 Gbps of firewall throughput or up to 4 Gbps of wired bridged throughput. These capabilities are up to 40 times the client density and 10 times the maximum throughput of typical SD-WAN appliances.For enhanced resiliency and high availability, the 9004 can be clustered together with multiple gateways at each branch.IOT AND INTEGRATION READYThe 9004 includes flexible connectivity options, with four Ethernet ports that can be used as access/WAN uplinks, a USB 3.0 port for cellular third-party connectivity, and an integrated IoT radio that supports Bluetooth 5.The gateway also uses integrated device profiling to improve client visibility, and works with Aruba ClearPass Policy Manager or ClearPass Device Insight to provide advanced user, device and IoT policy management and insights.ARUBA 9004 SERIES GATEWAYSVersatile and cost-effective branch networkingSD-WAN DEPLOYMENTFor organizations that are now managing multiple WAN connections, 9004 Gateways can be connected to Aruba’s SD-WAN fabric right out of the box. SD-WAN is a rich WAN management solution that is used to simplify management of traffic entering and exiting branch sites. Please refer to the SD-WAN datasheet for more information.MOBILITY CONTROLLER DEPLOYMENT9004 Gateways can also be re-purposed as Mobility Controllers with ArubaOS 8.5 software to provide wireless LAN services. In this mode, the 9004 cannot simultaneously be used for SD-WAN. For more information, refer to the ArubaOS datasheet .KEY FEATURES• Cloud-managed and purpose-built for branch SD-WAN requirements.• Up to 10 times the performance and 40 times the client density of typical SD-WAN appliances.• Unified policy enforcement for wired and wireless traffic through Aruba Dynamic Segmentation.• Visibility into over 3,000 applications with no addedhardware.UNIFIED POLICY ENFORCEMENTTo simplify and better secure wired and wireless network access, the 9004 Series Gateways are a pivotal componentin Aruba’s Dynamic Segmentation framework. Wired and wireless traffic can be tunneled to a gateway, which then provides consistent policy enforcement based on user role (e.g. guest, contractor, departmental employee), device type, application or network location. Learn about Dynamic Segmentation in this guide.MICROSOFT FEATURESAruba’s integration with Microsoft enables unique application intelligence that detects Microsoft 365, Teams, and Skype for Business traffic and then prioritizes them over less critical applications. Through management interfaces on Aruba Central, ArubaOS, and Aruba AirWave, IT can visualize call quality metrics such as MOS, latency, jitter, and packet loss for additional insights.ENHANCED CAPABILITIESPolicy Enforcement FirewallThe 9004 includes a Layer 4-7 stateful firewall with PEF to deliver a consistent user, device, and application awareness across WLAN, LAN, and WAN. When deployed alongside Aruba ClearPass Policy Manager, policies are automatically enforced to simplify SSID, VLAN and policy management. This is the foundation of Dynamic Segmentation, and is included within the Foundation, Foundation Base Capacity, and PEF licenses. Application visibility and controlDeep Packet Inspection (DPI) technology, which is a component of PEF, consistently evaluates and optimizes performance and usage policies for over 3,000 applications. This ensures the highest possible Quality of Service (QoS) – even for encrypted traffic.High AvailabilityThe 9004 can be deployed with N+1 or NxN redundancy, and can also join a controller cluster when deployed as a Mobility Controller managed by Mobility Master. This increases performance and scale for enhanced resiliency.Simple to use, mobile provisioningAllows on-site personnel to use a mobile app to onboard gateways. A central IT team can verify device location, licenses, and status with no additional steps required. Available for iOS and Android.Unified Communications and Collaboration (UCC) Visualize and troubleshoot networks based on call quality metrics such as MOS, latency jitter and packet loss. Supported applications include: Teams, Skype for Business, Wi-Fi Calling, FaceTime, SIP, Jabber, Spark and more.TECHNICAL SPECIFICATIONS*These modes are only enabled when the appropriate minimum licenses and ArubaOS firmware are deployed:• SD-WAN Mode – Aruba Central Foundation, Foundation Base, or Advanced Licenses• Controller Mode – ArubaOS Licenses1 LED utilized by the SD-WAN Gateway solution2 1RU can support two 9004 gateways side-by-side using an optional mount kit.SERVICE AND WARRANTY INFORMATION• Hardware: 1 year parts/ labor, can be extended with support contract• Mobility Controller Software: 90 days, can be extended with support contract • SD-WAN Gateway Software: 1, 3, 5, 7, or 10 year subscription licenses.For additional information on the Aruba 9004 Series Gateways, please refer to:• 9004 Series Ordering Guide• SD-WAN Datasheet• ArubaOS Datasheet3 1RU can support two 9004 gateways side-by-side using an optional mount kit.。

跨境电商日常英语Cross-border e-commerce has become increasingly popular in recent years, allowing individuals and businesses to buy and sell products online across international borders. As an international business practice, it is important to be familiar with certain terms and phrases in English that are commonly used in daily cross-border e-commerce operations. In this article, we will explore some of these terms and provide a reference for their usage.1. Import/Export: These terms refer to the act of bringing goods or services into a country (import) or sending goods or services out of a country (export). For example, "We import electronic gadgets from China and export them to various countries."2. Customs: This refers to the government agency responsible for regulating and overseeing the flow of goods in and out of a country. For example, "The customs clearance process can sometimes cause delays in shipping."3. Tariffs: These are taxes imposed on imported goods by the government to protect domestic industries, regulate trade, or generate revenue. For example, "The new tariff policy will impact the prices of our imported goods."4. Duties: Duties are also taxes, but they are levied specifically on goods being imported or exported. For example, "We need to pay customs duties on these products before they are released."5. Incoterms: These are internationally recognized terms that define the responsibilities of buyers and sellers regarding thedelivery of goods. For example, "We agreed to sell the products under FOB (Free on Board) terms."6. Dropshipping: This is a business model where the seller does not keep goods in stock but instead transfers customer orders directly to the manufacturer, wholesaler, or another retailer for shipment. For example, "We have a dropshipping arrangement with a supplier in the United States."7. Supply Chain: This refers to the sequence of activities involved in the production and distribution of goods, including sourcing, manufacturing, transportation, and delivery. For example, "Efficient supply chain management is crucial for a successful cross-border e-commerce business."8. Market Research: This is the process of gathering information about potential customers, competitors, and market trends to make informed business decisions. For example, "We conducted market research to identify the demand for our products in various countries."9. Localization: This refers to adapting a product or service to meet the specific language, cultural, and regulatory requirements of a particular market. For example, "We are working on localizing our website to better connect with customers in different countries." 10. Payment Gateway: This is a service that allows online businesses to accept electronic payments from customers securely. For example, "We integrated multiple payment gateways to provide our customers with a range of options."In conclusion, cross-border e-commerce involves various complex processes and considerations. Being proficient in the relevant English terms and phrases can greatly facilitate communication and understanding in this global business environment.。

Leading Intelligent IP NetworkHuawei NetEngine 8000 Series All-scenario Intelligent RoutersHUAWEI TECHNOLOGIES CO., LTD.Huawei Industrial Base Bantian LonggangShenzhen 518129, P. R. China Tel: +Tradememark Noticeare trademarks or registered trademarks of Huawei Technologies Co.,Ltd.Other Trademarks,product,service and company names mentioned are the property of thier respective owners.General DisclaimerThe information in this document may contain predictive statement including, without limitation, statements regarding the future financial and operating results, future product portfolios, new technologies, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.Copyright © 2019 HUAWEI TECHNOLOGIES CO., LTD. All Rights Reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.Product AppearanceThe NetEngine 8000 consists of the X, M, and F series, including the NetEngine 8000 X8, NetEngine 8000 X4, NetEngine 8000 M14, NetEngine 8000 M8, NetEngine 8000 M6, NetEngine 8000 M1A, and NetEngine 8000 F1A, applicable to networks of different scales.HighlightsThe ultra-broadband converged bearer platform supports up to 14.4T per slot, more than 1.5 times the industry average, meeting enterprises' requirements for full-scenario and large-capacity service access. This enables converged full-service bearing and smooth evolution to higher bandwidth. The high-density, large-capacity, and compact fixed-configuration routers supporting flexible cards help enterprises to save equipment room space and electricity, hence reducing operations and maintenance (O&M) costs.Industry-Leading Ultra-Broadband PlatformIPv6 Segment Routing (SRv6) is a future-oriented, next-generation simplified protocol that inherently supports IPv6, facilitating the access of numerous terminals, while simplifying protocols and configurations. SRv6 and iMaster NCE enable network resource adjustment in accordance with changes on the cloud, one-hop access to the cloud, and service provisioning within minutes. SRv6 can identify applications and tenants to implement intelligent traffic steering based on latency and bandwidth, ensuring Service Level Agreements (SLAs). Huawei's continuous innovations make it a leader in the SRv6 field. Huawei has participated in the development of more than 75% of SRv6 standards and led the large-scale commercial use of SRv6 in the finance and over-the-top (OTT) industries. Huawei will continue to lead future SRv6 evolution and innovation.SRv6-Powered Intelligent ConnectionsNetEngine 8000 X4NetEngine 8000 X8NetEngine 8000 M14NetEngine 8000 M6NetEngine 8000 F1ANetEngine 8000 M1ANetEngine 8000 M8Huawei NetEngine 8000 series routers (hereinafter referred to as the NetEngine 8000) are Huawei's next-generation, high-end intelligent routers for all scenarios. They are predominantly suited to scenarios including access and aggregation, private line, inter-national gateway (IGW), data center-gateway (DC-GW), and data center interconnect (DCI) to help build intent-driven IP bearer networks that feature a simpli fied architec-ture, intelligent connections, and high availability.The NetEngine 8000 series features an ultra-broadband network platform, SRv6-based intelligent connections, and full-lifecycle automation. It provides rich service types and high-reliability SLA quality, making it the best choice for enterprise customers in digital transformation.PRODUCT DESCRIPTIONFull-Lifecycle AutomationiMaster NCE, the "intelligent brain", enables real-time visualization of the whole network and full-lifecycle automation. iMaster NCE and In-situ Flow Information Telemetry (iFIT) allow real-time visualization of service quality and fault locating within minutes. Huawei proprietary Routing Optimization Algorithm based on Matrix (ROAM) algorithm enables intelligent traffic steering and optimization, improving network utilization by over 20%. AI algorithms for alarm compression reduce the number of alarms by 99% and improve O&M efficiency by 90%, helping enterprises move towards autonomous driving wide area networks (WANs).The NetEngine 8000 provides reliability protection at different levels, including the device level, network level, and service level. The NetEngine 8000 can provide a network-wide reliability solution that comprehensively meets the reliability requirements of diverse services. These reliability features lay the foundation for reliable enterprise service interconnection with a system availability of 99.999%.All-Round Reliability SolutionDevice-level reliability: The NetEngine 8000 provides redundancy backup for key components. Key compo-nents also support hot swap and hot backup. Furthermore, the NetEngine 8000 leverages Non-Stop Routing (NSR) and Non-Stop Forwarding (NSF) technologies to ensure uninterrupted service transmission.Network-level reliability: The NetEngine 8000 uses multiple technologies to ensure network-wide reliability and provide end-to-end protection switching within 50 ms for uninterrupted services. These technologies include: IP fast reroute (FRR), Label Distribution Protocol (LDP) FRR, VPN FRR, TE FRR, hot standby, and fast convergence of Interior Gateway Protocol (IGP), BGP , and multicast routes. Other technologies used by NetEngine 8000 to ensure reliability include Virtual Router Redundancy Protocol (VRRP), trunk load balanc-ing and backup, bidirectional forwarding detection (BFD), Ethernet operation, administration and mainte-nance (OAM), routing protocol/port/VLAN damping, Topology-Independent Loop-free Alternate FRR (TI-LFA), and egress protection through mirror segment IDs (SIDs).The NetEngine 8000 provides comprehensive network slicing functions to meet the differentiated SLA require -ments of different services and enterprises. Quality of Service (QoS) ensures service isolation and pipe statistical multiplexing. Flexible Ethernet (FlexE) sub-interfaces implement service protection based on queue isolation. Timeslot-based FlexE slicing provides SLA assurance for super services through physical isolation.High-quality QoS capabilities, advanced queue scheduling algorithms and congestion control algorithms, as well as a five-level hierarchical QoS (HQoS) scheduling mechanism, meet the service requirements of diverse users on the access side in a differentiated manner. The NetEngine 8000 supports MPLS HQoS on the network side. QoS can be deployed on the network side to provide QoS for MPLS VPN, virtual leased line (VLL), and pseudo-wire emulation edge to edge (PWE3) services. The NetEngine 8000 performs precise multi-level scheduling of data flows, meeting the quality requirements of different users and services of different classes.Comprehensive Network Slicing FunctionsThe NetEngine 8000 supports IPv6 static routes and various IPv6 routing protocols, including OSPFv3, IS-ISv6, and Border Gateway Protocol for IPv6 (BGP4+). In addition, it provides a large-capacity IPv6 forwarding infor mation base (FIB) and supports IPv6 terminal access, IPv6 Access Control Lists (ACLs), IPv6 policy-based rout ing, and SRv6. These features lay the foundation for a smooth transition from IPv4 to IPv6. The NetEngine 8000 also supports IPv4/IPv6 dual stack and IPv4-to-IPv6 transition technologies for both communication between IPv4 and IPv6 networks and between separate IPv6 networks to enhance network scalability.Future-Oriented IPv6 SolutionThe NetEngine 8000 supports diverse features and provides powerful service processing capabilities to meet the service requirements of metro networks, vertical networks, DCI networks, and campus or DC gateways. See below for some of these capabilities.Strong Service Support CapabilitiesPowerful routing capabilities: The NetEngine 8000 supports super large routing tables and diverse routing protocols including Routing Information Protocol (RIP), Open Shortest Path First (OSPF), Intermediate System to Intermediate System (IS-IS), Border Gateway Protocol Version 4 (BGPv4), and broadcast, unknown-unicast and multicast traffic (BUM) routing. In addition, the NetEngine 8000 supports both simple and ciphertext authentication and fast convergence to ensure network stability and security in complicated routing environments.Strong service bearing capabilities: IP , Multiprotocol Label Switching (MPLS), and SRv6 can be deployed on the NetEngine 8000 as required. The NetEngine 8000 supports Layer 2 virtual private network (L2VPN), L3VPN, multicast VPN (MVPN), and Ethernet VPN (EVPN) services, traffic engineering (TE), flexible 802.1Q in 802.1Q (QinQ), and Generic Routing Encapsulation (GRE). The NetEngine 8000 supports traditional access, emerging services, and multi-service bearing.Powerful expandable multicast capabilities: The NetEngine 8000 supports various IPv4/IPv6 multicast protocols, such as Protocol Independent Multicast - Sparse Mode (PIM-SM), PIM - Source Specific Multicast (PIM-SSM), Multicast Listener Discovery Version 1 (MLDv1), MLDv2, Internet Group Membership Protocol Version 3 (IGMPv3), IGMP snooping, and MLD snooping. The NetEngine 8000 can flexibly carry video services, such as Internet Protocol Television (IPTV), and satisfy multicast service requirements on networks of various scales.IEEE 1588v2 refers to the IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measure ment and Control Systems. The 1588v2 standard defines a Precision Time Protocol (PTP), which can achieve time and frequency synchronization with an accuracy of sub-microseconds.The 1588v2 standard enables time and frequency synchronization to meet the requirements of the G.813 template. Moreover, an accuracy of 100 ns meets the requirements of wireless and Long Term Evolution (LTE) networks, and the time jitter between multiple nodes (under 30 nodes) is less than 1 µs, allowing for large-scale networking. The external clock sources can be assigned different priorities. The NetEngine 8000 automatically selects an external clock source as its reference clock source based on parameters such as the priorities of external clock sources and the number of hops between itself and the external clock sources. If the best external clock source fails, the device automatically selects the second-best external clock source as its reference clock source. Service switching can be completed within 200 ns, ensuring high clock reliability. In the meantime, iMaster NCE provides GUI-based clock management.High-Precision 1588v2 Clock Solution。