Changes

 

==Introduction==

==Introduction==

This article contains instructions on how to configure mobile SIM traffic effectively, The configuration ensures that when SIM1 is active, it provides internet connectivity to all end devices. However, when SIM2 is being used, the configuration should impose restrictions on the traffic flow from PC2 and only traffic from.

This article contains instructions on how to configure mobile SIM traffic effectively, The configuration ensures that when SIM1 is active, it provides internet connectivity to all end devices. However, when SIM2 is being used, the configuration should impose restrictions on the traffic flow from PC2 and only traffic from.

For this configuration you will need:

For this configuration you will need:

* Teltonika Networks router with dual sim card support (RUTX11 is being used in the example);

* Teltonika Networks router with dual sim card support (RUTX12 is being used in the example);

* 2 SIM cards;

* 2 SIM cards;

* 2 end devices connected to the router (PC's are being used in the example);

* 2 end devices connected to the router (PC's are being used in the example);

==Preparation==

==Preparation==

* Prepare RUTX11, power up the device, insert two sim cards, check that both are active and working. SIM1, SIM2, PWR, and signal strength indicators should light up.

* Prepare RUTX12, power up the device, insert two sim cards, check that both are active and working. SIM1, SIM2, PWR, and signal strength indicators should light up.

* Access the router through WEBUI, go to <b>Network -> Interfaces</b>, and make sure that one or the other mobile interference is running MOB1S1A1 or MOB2S1A1 (Status = Running). You should be able to see the IP address assigned to it. In addition, it is recommended to perform connectivity checking by using the ping utility.

* Access the router through WEBUI, go to <b>Network -> Interfaces</b>, and make sure that one or the other mobile interference is running MOB1S1A1 or MOB2S1A1 (Status = Running). You should be able to see the IP address assigned to it. In addition, it is recommended to perform connectivity checking by using the ping utility.

* Make sure that you have ADVANCED mode enabled. This will allow you to choose from a larger variety of settings.

* Make sure that you have ADVANCED mode enabled. This will allow you to choose from a larger variety of settings.

# Locate the WAN zone and click on the '''edit button''' (pencil sign)

# Locate the WAN zone and click on the '''edit button''' (pencil sign)

[[File:Firewall_wan_zone_split_1.png|border|center|class=tlt-border]]

[[File:RutOS_traffic_control_firewall_wanzone_split_7.8_1.png|border|center|class=tlt-border|1100px]]

# Remove the '''mob1s2a1''' interface from the Default Firewall zone configuration

# Remove the '''mob2s1a1''' interface from the Default Firewall zone configuration

# Save the settings by clicking '''Save & Apply''' button at the bottom right hand side

# Save the settings by clicking '''Save & Apply''' button at the bottom right hand side

[[File:Firewall_wan_zone_split_2.png|border|center|class=tlt-border]]

[[File:RutOS_traffic_control_firewall_wanzone_split_7.8_2.png|border|center|class=tlt-border]]

==== Create a new Zone: ====

==== Create a new Zone: ====

----To create a new zone, simply click on the "Add" button located in the bottom right corner.

----To create a new zone, simply click on the "Add" button located in the bottom right corner.

[[File:Firewall_wan_zone_split_3.png|border|center|class=tlt-border]]

[[File:RutOS_traffic_control_firewall_wanzone_split_7.8_3.png|border|center|class=tlt-border|1100px]]

By clicking on '''Add''' button as shown:

By clicking on '''Add''' button as shown:

# Choose a '''Name''' for this rule as per your preference.

# Choose a '''Name''' for this rule as per your preference.

# Configure the forward action to be directed to the "'''Reject'''" zone.

# Configure the forward action to be directed to the "'''Reject'''" zone.

# Activate both '''Masquerading''' and '''MSS clamping''' options.

# Activate both '''Masquerading''' and '''MSS clamping''' options.

# In the "'''Covered'''" zone, select the SIM Interface individually. In the provided example, it will be "SIM2" identified as "mob1s2a1".

# In the "'''Covered'''" zone, select the SIM Interface individually. In the provided example, it will be "SIM2" identified as "mob2s1a1".

# In the inter-zone section keep Allow forward from source zones as "'''lan'''"

# In the inter-zone section keep Allow forward from source zones as "'''lan'''"

# Click on '''"Save & Apply"''' in the bottom right corner.

# Click on '''"Save & Apply"''' in the bottom right corner.

[[File:Firewall_wan_zone_split_4.png|border|center|class=tlt-border]]

[[File:RutOS_traffic_control_firewall_wanzone_split_7.8_4.png|border|center|class=tlt-border]]

<br />Once you have created the new zone, it should resemble the following:

<br />Once you have created the new zone, it should resemble the following:

[[File:NewZone.png|border|center|class=tlt-border]]

[[File:RutOS_traffic_control_firewall_wanzone_split_7.8_5.png|border|center|class=tlt-border|1100px]]

=== Traffic rule creation ===

=== Traffic rule creation ===

----

----

To establish the traffic rule according to the zones you've set up, follow these steps  '''Navigate to Network –> Firewall -> Traffic Rule''' to begin creating the rule.  Create and set up the rule to enable the host's access to the web server.   

To establish the traffic rule according to the zones you've set up, follow these steps  '''Navigate to Network –> Firewall -> Traffic Rules''' to begin creating the rule.  Create and set up the rule to enable the host's access to the web server.   

* In the '''<nowiki/>'''Add type field, select '''<nowiki/>'Add new forward rule''''.

* In the '''<nowiki/>'''Add type field, select '''<nowiki/>'Add new forward rule''''.

* Select "'''WAN2'''" as the destination zone.

* Select "'''WAN2'''" as the destination zone.

* Click the ''''Add'''<nowiki/>' button to confirm and add the rule.

* Click the ''''Add'''<nowiki/>' button to confirm and add the rule.

[[File:Add new Instance.png|border|center|class=tlt-border]]

[[File:RutOS_traffic_control_firewall_wanzone_split_7.8_6.png|border|center|class=tlt-border|1100px]]

=== Specify the source zone ===

=== Specify the source zone ===

Upon clicking '''<nowiki/>'Add'''' in the previous step, a new window will appear, enabling you to define additional configurations.   

Upon clicking '''<nowiki/>'Add'''' in the previous step, a new window will appear, enabling you to define additional configurations.   

* Source zone change to "'''WAN2:mob1s2a1"'''

# '''Enable the instance''';

* Specify the source zone for which the SIM Interface is intended. In the provided instance, this would be '''SIM2''' labelled as "'''mob1s2a1'''".

# Choose Protocol: '''All''';

* Choose the '''MAC address''' associated with the host to which the rule is to be applied in the source MAC address section. If needed, you can input a custom MAC address.

# Choose the Source IP address '''the one to block, e.g. 192.168.11.228 in this case''';

* Input the '''IP address''' of the host in the source IP address field. 

# Choose Action: '''Reject''';

* Within the action field, opt for '''<nowiki/>'Reject''''.

* Click on '''<nowiki/>'Save and Apply''''.

* Click on '''<nowiki/>'Save and Apply''''.

[[File:FirewallTraffic Rule.png|border|center|class=tlt-border]]

[[File:RutOS_traffic_control_firewall_wanzone_split_7.8_7.png|border|center|class=tlt-border]]

== Testing the configuration ==

== Testing the configuration ==