Conguration of the Firewall/Router for Access across the Internet
To allow access to the Digital KVM over IP Switch behind a corporate rewall/router, establish
the following settings on your rewall/router (not on your switch).
1. Congure a virtual server on your router (or ask your networ k administrator to do it) as
mapped to the switch’s local IP address.
2. Open a port range (<port_base> – <por t_base_+_9>) both inbound and outbound for the
virtual server according to what has been previously co ngured as the port base for the
switch.
As per the previous example, if the switch is congured with a port base of 5970, then the port
range should be opened as 5970–5979 (i.e., <port_base> – <port_base +9>) both for inbound
and outbound, in which:
for the switch’s viewer connection port: <port_b ase> = 5970
for the browser SSL connection port: <port _base + 8> = 5978
for viewer internal communication, etc.: <port_base + 9> = 5 979
ExAMPlE: Router Internet IP virtual ser ver (port range open) switch’s local IP
61.232.134.120 virtual server (port 5970–5979 open) 192.168.1.7
Once you’ve congured a virtual server with an appropr iate port range open (<port_base> –
<port_base_+_9>), you can try to access your switch ac ross the Internet by using a public IP
address and designated port number. Based on the previous example settings:
Browser access: https:// 61.232.134.120:5978
Viewer access: 61.232.134.120:5970
If you have domain name mapping to the public IP address, you can also use the domain
name; for example:
Browser access: https:// www.mycompany.com:5978
Viewer access: www.mycompany.com:5970
NOTE: Once you’ve changed the port base of your switch, you should also modify t he open
port range on your router accordingly if you want Internet acces s to come across.
Installation of Certicates
NOTE: You can use the default set of certicates (on the included CD) to practice making some
PKI-authenticated connections as long as your network safety isn’t jeopardized. It’s recommended
that this be done within your local area network, assuming it’s well secured wi th an adequate
rewall and other due precautions against network intrusions. Othe rwise, anyone who has a
copy of the default certicates can establish a conn ection to your servers. If you have already
obtained a set of certicates with the le names and for mats required for the switch (which is
strongly recommended), you can use them for viewer authentication. You can also generate
the certicates using software like XCA. (For cer ticate generation using XCA, refer to “How
to Generate KLE Certicates Using XCA” on the included CD.)
First, you need to have these certicates — as mentioned above, if you haven’t obtained your
own certicates, you can use the default set of cert icates — ready on your client computers
for uploading to the switch via a Web browser:
root certicate (root.crt)
server certicate (server.crt), and
server private key (serverkey.pem)
Once you’ve located whichever set of certicates is to be used, you can begin the installation
process.
1. Access the switch’s Web Management interface and go to the Secur ity Settings screen.
14
inStALLAtion