In questo secondo appuntamento di webinar dedicati ad Insight, si introducono le funzionalita' di gestione e monitaraggio disponibili per tutte le tipologie di prodotti Insight based.
Webinar NETGEAR - Insight, le funzionalita' per il Networking Management
1. Insight
Le funzionalità per il Networking
Management
Webinar, 11/10/18, ore 15:00
Andrea Rossi
Senior System Engineer
2. What is NETGEAR Insight?
NETGEAR Insight redefines networking and network management for SMB by
removing networking complexity and replacing it with anytime-anywhere access
and a simple, intuitive user interface.
4. Insight 5.0 – Scope of SMB Device Management
NETGEAR Insight Setup Manage Monitor Discover Register
Insight Access Points √ √ √ √ √
Insight Switches √ √ √ √ √
Orbi Pro √* √ √ √
ReadyNAS (except 100-series) √ √ √ √
Smart Managed Plus Switches √ √ √
Smart Managed Pro Switches √ √ √
WAC 700 Series √ √
WAC 100 Series √
Fully managed Switches √
Unmanaged Switches √
ReadyNAS 100 Series √
* Limited Orbi Pro Support in IM5.0 with plans to extend setup and management features in future releases
5. 5.0 Insight Basic Features
• Firmware Scheduler
• Improved Security with 2-Factor Authentication
• Improved In-App support to provide easy access to NETGEAR knowledge base
• Access Points:
•Auto – Radio Resource Management
•MAC ACL
• NEW -- Switch:
•Support for GC752X, GC752XP
•STP/RSTP Management per port
•L3 Static Routing
•Enhanced PoE controls (power management for PoE ports)
6. 5.0 Insight Premium Features
+ All features in Insight Basic, PLUS
+ Insight cloud-based web portal in
addition to the mobile app on iOS and Android
+ Insight Switch and Access point Supports
•PoE Scheduling Access Points
•WiFi Fast Roaming
•Facebook WiFi
7. Core Insight Features
• Mobile app (iOS & Android) and Web Portal
• Cloud-based: Deliver increased operational efficiency, productivity, agility and
flexibility
• Remote Access from anywhere
• Unified Management & Visibility: Across your full network and devices
• Single Sign-on: Security & Ease
• In-app access to NETGEAR Support
• 2-Factor Authentication
• Discovery of all Insight Managed devices and Plus and Pro devices
• QR and/or Bar Code scanning to create inventory of all NETGEAR (registered)
devices
• List view of all your devices in one place
• Simple Network Creation: Holistic unified view
• One-tap Registration of all your devices for improved visibility and Support
• Management of select Business Access Points, Switches and ReadyNAS
NOTE: Web Portal features are only available on Insight Premium
8. Additional Insight Core Features
• Manage/Edit Network from your
phone
• Configure all switches and
access points in your network:
• Network Creation
• SSID creation
• VLAN creation with QoS
• RADIUS Configuration
• Wireless Location Setting
• Network Security:
• Network Name/Password
• Device Admin Password
• MAC and URL Access Control lists
• IP Filtering – ACL
• Setup & Configuration of Access
Points and Switches
• Firmware Scheduler
• Devices Status
• Notifications: Critical, Warning,
Notification
• Critical: System, Device, Port or
Radio Failure
• Warning: Firmware Availability,
Update/Failure, Network
degradation.
• Notifications: Device Logs, Network
changes and WiFi clients
• Account Management
• Name
• Subscription
• Link to NETGEAR Support
• Links to App Stores for other
NETGEAR apps
NOTE: Web Portal features are only available on Insight Premium
9. Insight Management Features for Access Points (1/2)
• Multiple SSID/Passphrase Creation
• Band Selection: 2.4GHz, 5Ghz or both
• WiFi Security
• WPA2-PSK
• WPA/WPA2-PSK
• WPA2-Enterprise
• URL filtering
• MAC ACL – Whitelist
• Captive Portal: Enable/Disable
• Display Custom Message
• Redirect URL
• Session Timeout Selection – 30 minutes to 24
hours
• Captive Portal Logo (with Default Logo provided)
• Facebook WiFi allows creation of WiFi Captive Portal
to promote your business and simplify login
• Rate Limit: Enable/Disable
• Set Upload Unit Selection and Rate
• Set Download Unit Selection and Rate
• VLAN Setup for Created SSID
• Management VLAN
• Video VLAN
• Device Diagnostics:
• IP address of the AP
• Graphs of wireless traffic
• Status
• Name
• Mac address
• Country/Region
• Firmware version
• Serial number
• Uptime
NOTE: Web Portal features are only available on Insight Premium
10. Insight Management Features for Access Points (1/2)
NOTE: Web Portal features are only available on Insight Premium
11. Insight 5.0 Features for Access Points (2/2)
• Auto RRM
(Automatic selection of best channel and
power for 2.4 GHz and 5 GHz Radio
Frequencies)
•Facebook WiFi allows creation of WiFi
Captive Portal to promote your business
and simplify login
• Radio and WiFi channels (2.4GHz & 5
GHz)
• WiFi Channel
• Channel width
• Output Power
• Fast Roaming
• Enables Access Points to quickly
verify roaming clients.
NOTE: Web Portal features are only available on Insight Premium
12. Insight Management Features for Switches (1/4)
VLAN Management
• Management VLAN, Voice VLAN, Video
VLAN, Guest and Custom VLANs
• Video Optimization (IGMP Snooping):
Enable/Disable
• Traffic Prioritization Setup
• VLAN Ports Selection (with visual ports selector)
• Associated SSID
• Link Aggregation Groups (LAGs)
• MAC Authentication: On/Off
• IP Filtering: Off/Allow
Mode/Block Mode for
created IP Address/Network Mask
Group Port Configuration Wizard
•Enables setting and changing settings on
multiple ports at a time:
• Select Ports for Configuration via Wizard
(with visual ports selector)
• PoE enable/disable/power levels
• Rate Limit:
• Set Egress Rate Limit
• Set Storm Control Rate
• Select Default VLAN for Ports (PVID):
• Duplex Mode: Auto, Half, Full
• Max Frame Size Selector
• Port Speed Selector:
• Auto
• 10 Mbps
• 100 Mbps
• 1000 Mbps
• Enhanced PoE controls (Power management
for PoE ports)
NOTE: Web Portal features are only available on Insight Premium
13. Insight Management Features for Switches (2/4)
• Setup Switch Management View &
Status
• Connected neighbors
• Fixed IP
• VLANs in Use
• Traffic
• PoE: Enable/Disable
• PoE Power levels
• Historical Data Traffic Statistics
• Reboot Device
• About: Insight Managed Switch Model Details
• Remove: Remove switch from created Network
•L3 Static Routing
• LAG Set Up: Combine Ethernet links
into a single logical link
• Set LAG Name
• Enable/Disable LAG
• Static LAG: Enable/Disable
• Select Ports for LAG (with visual port selector)
• Device Diagnostics and
Management
• Port Mirroring
• Cable Test
• Share Diagnostics
• Reload Configuration: last saved configuration
on Insight cloud
NOTE: Web Portal features are only available on Insight Premium
14. Insight 5.0 – Premium Features for Switches (3/4)
• PoE Scheduling
• Creating PoE Schedules in different times,
Days and weeks
• Pick switch ports for different PoE Schedules
• Support GC752X, GC752XP Switches
• Localization: Japanese & German
• Spanning Tree Configuration (STP) per
port
• STP allows network to detects and
prevents broadcast storm caused by loop
• Choosing spanning tree mode: Disable,
STP, RSTP
NOTE: Web Portal features are only available on Insight Premium
15. Insight 5.0 – Premium Features for Switches (4/4)
• Enhanced PoE controls, Power management for PoE ports
16. Insight Management Features for ReadyNAS
• Status Check: Online/Offline
• Bluetooth Pairing
• ReadyNAS Devices Status
• Temperature – System and CPU
• Device Usage – By Volumes and by Shares (User
created Folders)
• RAID Level (per RAID Standard)
• Details on Disk Status
• Model, serial number, firmware version
• Capacity, spindle speed, ATA (disk communications)
errors, hardware interface
• Disk location and state
• Security (A/V) Status – Enable/Disable
• Secure Diagnostic Mode for Technical Support –
Enable/Disable
• Firmware Update
• Monitoring:
• System & CPU Temperature
• Fan Speed
• Reboot device
•Manage NAS Network Settings
• IP Addresses
• Interface MTU (Maximum Transfer Unit)
• Interface bandwidth
NOTE: Web Portal features are only available on Insight Premium
19. 19
Insight Instant VPN Router Overview
• A business-class router with Instant VPN technology.
• Configure and setup remote connections to your office, with up to three locations with Insight with just a
few taps.
• The VPN connections are encrypted to offer a secure link between your laptop and your office.
• The same is true for site-to-site connections.
• You can start with one or two Instant VPN routers and as your business grows and your needs increase, you
can add more devices to your VPN groups (up to 3 Instant VPN routers) to have a complete meshed network
between 3 locations.
- A VPN group consisting of a single Instant VPN router can handle 10 remote users and each additional
Instant VPN router can offer up to 10 additional remote users.
- An Insight Site-2-Site VPN subscription is required for two or more devices.
- Please see next slide for more details on pricing.
20. 20
BR500 Insight Support
• BR500 now adds routing/VPN functionality to the Insight family. This is primarily for customers looking for an easy to deploy VPN
solution for their small/medium sized business (< ~50 users).
• Scheduled for release in October along with the Insight 5.1 release. Insight 5.1
• IM 5.1 will let the user to:
- Add a BR500 router device to Insight
- Create VPN groups with up to three BR500 devices
- Creation and management of VPN users, as well as individual client connection with Insight VPN app
• Insight 5.1 is required in order to activate and use the BR500 with Insight.
21. 21
Managing the BR500
• A new tab has been added in the Insight web portal labeled “Routers”.
- In the Routers section you can add new devices as well as view statistics such as data consumption and device state.
• The Routers section is for adding/managing your BR500 device and once the device has been added you can manage your BR500
device from there.
- In the mobile app the device can be added from the main screen.
- Once the device is added in the mobile app, selecting the device will bring up the device management screen.
22. 22
Insight and the BR500
• Selecting the device you can view detailed information of the device such as:
- Connected Clients
- LAN/WAN IP Settings
- VPN Users
- Traffic from the device
- VPN groups the device is connected to
- Traffic Statistics
23. What is a VPN?
A VPN is classically described as a tunnel between local networks over a WAN network. Most VPN applications do this by doing the
following:
• Set up a virtual network interface (replicate the physical HW so that to the OS it looks like another port)
• Set up a tunnel from one router/computer to another router/computer (encrypt the data between two routers)
• Any traffic exchanged between the two end point routers is encrypted, hence Virtual Private Network
This is great if we only connect two end points together. This does not scale and routing can become difficult and inefficient the more
satellite networks that join this scheme. Enter the new way to do VPN, Insight Mesh VPN…
The Internet
Tunnel Created
24. Insight Mesh VPN
Insight Mesh VPN is a very unique protocol in that it configures endpoints on the router easy connection of multiple networks.
It uses public keys to exchange with other nodes in the VPN network. 521 bits ECDSA keys, AES-256-CTR + HMAC-SHA256
This allows for autodetection of TCP and UDP as well as routing around damage areas (broken links).
With Insight Mesh
VPN, we can
connect up to three
sites in a mesh
configuration.
This means all the
resources in the
VPN group are
shared and available
to the users of these
three networks.
It encapsulates packets directly into UDP
packets instead of PPP or PPP over TCP
Streams and lets packets take the most direct
route to their destination.
25. Secure Remote VPN Ecosystem
Insight Instant VPN router allows us to connect remote users anywhere in the world back to the Business office to access resources.
Using Insight the VPN connection is initiated using Insight and a signal is sent to the Insight cloud servers. Once the signal is passed and
the handshake is completed the connection between routers or router → client is established.
27. 27
VPN Groups
• A VPN Group is the virtual grouping of 1 to 3 routers.
• Once routers are added to a group any resources behind that router such as NAS, or servers are accessible by the members of the
group.
28. 28
VPN Groups
• The BR500 supports up to three connected routers to connect remote locations to create a connected virtual network. Allowing up to
10 users per device full access and share data from remote connections.
• Each router that is added must be added to individual locations in Insight before adding them to a VPN group.
• Once you have up to two devices added. Navigate to the device summary of a device and select VPN group.
• Select Create VPN Group and give your VPN group a name.
• Once the group has been created, select the Add Device button to add your BR500 routers to the specified VPN group.
• Once added, the devices will be configured automatically and join the VPN group. A green healthy line between both devices will show
that they are connected.
30. 30
VPN Groups
• Once connected and part of the VPN group, clients on Network A can now access any resource on Network B, and vice versa. If users
wish to restrict access to certain resource's across both networks, the customer will need to set up the permissions on their network
level to restrict access.
• For VPN connectivity to work, there should be a different subnet on the LAN side of each BR500 in a VPN Group.
▪ Network A: 192.168.1.x
▪ Network B: 192.168.2.x
• This can be edited under the individual device summary and LAN IP, once saved it will take some time to reflect on the edited network.
31. 31
VPN Groups
• VPN groups can also be created and edited in the mobile app as well, select one of the BR500 devices and select VPN group.
- Select the + button to create the VPN group
- Once created, select the add device and select the BR500 devices to the VPN group
• Once the devices have been added a green line between both devices will symbolize a healthy connection between both sites.
32. 32
VPN Client
• VPN client allows users to connect their computer or laptop remotely to the VPN group of their choice. Allowing them to access
resources remotely. The user must have a valid MYNETGEAR account and accept the invitation sent by the admin before they can
access the VPN group remotely.
• Under the device summary, select VPN users and select the Add button to add the users valid MYNETGEAR email.
• Once completed the user will receive an Invitation email and with options to download the client of their choice.
• The user will need to install and setup the client by logging into the client with their MYNETGEAR account.
• Once logged in they can select the VPN group of their choice and the client will automatically connect to the VPN group.
33. 33
Instant VPN Pricing on Insight & for MSPs
A BR500 unit includes ONE remote VPN user included in the price.
Insight Basic/Premium: Users will be able to purchase Subscriptions for remote VPN and
Site-2-Site VPN.
• Remote VPN is defined as a user connecting to Instant VPN Router and get access to the
resources behind the router.
• A site-2-site VPN is defined as connecting up to 3 sites using the Instant VPN Router in a
mesh configuration so that all resources are available to all users of these three
networks.
MSP: Insight Pro VPN Subscription is always a bundle and either on or off. This means that
once the Subscription is activated on an account, that account will have both remote and
site-2-site VPN privileges for up to 3 routers and 30 remote users.