User Acceptance Tests for the CMS
Overview The Mako System combines a web server driven configuration, management and reporting user interface. The system uses client-end hardware to provide users with considerable cost savings as well as functionality and flexibility not currently available in traditional devices used to meet either the same or similar requirements. All interaction takes place on the Mako Central Management Severs via the webbased management and reporting console. The system is powerful but not unnecessarily complex to use. From initial configuration to daily changes through to viewing of reports, all interface with the Mako System takes place via the secure website. This document provides the reader with a series of User Acceptance Tests that can assist with exposing the core functionality of the Mako System. A certain level of technical expertise is required. You should have a basic understanding of TCP/IP and have experience with configuring and/or managing routers or firewalls.
By default, tests are available for all users. However, some tests may only be done by resellers, and are labeled accordingly. All interactions with the management platform will have up to a two minute delay before the CPE itself is updated. The CPE will poll the management platform for changes within the two minute window. Some significant changes may trigger a software update for the device; an example of this behavior is if the user changes IP addressing information on the WAN interface. The device will update it stored configuration file to reflect the changes. Failover configuration changes are delayed by 10 minutes to ensure the devices are synchronised. It is recommended USB Key configuration files (discussed later in this document) are used after enabling the failover service. A Web Access Control (WAC) server is required for optimum Mako Guardian performance. Testing without this may result in increased latency when browsing websites.
Hardware Prerequisites
Document Reference
nn Mako CMS Manual
You will need the following:
The following documents should be referenced for additional configuration information.
nn Mako Guardian Handbook
nn A Mako device
nn 6500 Product Handbooks
nn Cabling to suit.
• UAT
1 WWW.MAKONETWORKS.COM
Contents 1 Management
3
1.1 Creating a company profile (Reseller Only) 3 1.2 Adding a Mako to a company (Reseller Only) 3
2 Connectivity Configuration 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9
ADSL WAN, PPP Configuration 4 Ethernet WAN, IP Configuration 4 Cellular WAN 5 Adding IP Range 5 Configuring Alerts 5 Configuring Network LAN 1 6 Configuring Network LAN 2 6 Configuring DHCP Leases 6 Configuring Static Routes 6
3 Firewall Configuration 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8
4
7
Inbound Basic Rule 7 Inbound Advanced Rule 7 Outbound Basic Rule 7 Configuring Firewall - Outbound Advanced 8 Configuring Firewall - Intranet Basic 8 Configuring Firewall - Intranet Advanced 8 Configuring Firewall - VPN Basic 9 VPN Advanced Rule 9
4 VPN and Remote Access Configuration 10 4.1 4.2 4.3 4.4 4.5 4.6 4.7
Mako to Mako IPSec VPN 10 Add Third Party Device 10 Delete Third Party Device 10 Mako to Third Party IPSec VPN 11 PPTP Configuration 11 Adding VPN User 11 Enabling Remote Access 12
5 Quality of Service 5.1 5.2 5.3 5.4 5.5
Adding a service to a QoS Bin 12 Removing a service from a QoS Bin 12 Adding a QoS Bin 12 Removing a QoS Bin 12 Managing QoS Bin bandwidth allocations. 12
6 VPN Cloud 6.1 6.2 6.3 6.4
• UAT
12
7 Mako Guardian
15
7.1 Category Management 15 7.2 Default Site Categories 15 7.3 Custom Sites 15 7.4 Custom Sites Banned URL Expression 16 7.5 Custom Categories 16 7.6 Custom Category Edit 17 7.7 Phrases Management 17 7.8 Custom Phrases 18 7.9 Weighted Phrase Configuration 18 7.10 User and Group Options 18 7.11 Users and Groups - LDAP 19 7.12 Users and Groups - Local Users 19 7.13 Create Local Group 20 7.14 Create IP Group 20 7.15 Create LDAP Group 20 7.16 Add Local User to Local Group 21 7.17 Add IP Address to IP Based Group 21 7.18 Banned File Extensions 21 7.19 MIME Types 22 7.20 Create Time 22 7.21 Exceptions 22 7.22 Site Bypass 23 7.23 Landing Page 23
8 Mako Failover
24
8.1 Failover Configuration 24
9 Dynamic DNS
24
9.1 Dynamic DNS Configuration - No-ip.com 24 9.2 Dynamic DNS Configuration - DynDNS.org 25
10 Deployment
25
10.1 Mako ID Change (Reseller Test) 25 10.2 Hardware Modification (Reseller Test) 25
11 Warranty
26
13
Creating a VPN Cloud 13 Joining a VPN Cloud 13 Editing your Mako's options for its VPN Cloud 14 Simple Diagnostics on VPN Cloud 14
2 WWW.MAKONETWORKS.COM
1 Management 1.1 Creating a company profile (Reseller Only) Menu Management > Home > Add a company or Management > Company > New Company 1) Select the Parent Company.
1.1 Notes It is possible for a reseller to belong to multiple companies. Select the company that will become the ‘Parent’ for the company being created. 13) Access types are described in Appendix 1 of the Management System Reseller Manual.
2) Enter the Company Name. 3) Enter the Address.
14) Scope is defined as the single device being created, or the entire Company being created.
4) (Optional): Enter the Suburb. 5) (Optional): Enter the City.
Result
6) (Optional): Enter the State.
Company saved (if Mako device profile and/or user created these should be saved also).
7) (Optional): Enter the Postal Code. 8) Select the Country. -- Optionally Create a User -9) Select the user’s Title. 10) Enter the First Name. 11) Enter the desired username. 12) Enter the user’s E-Mail address. 13) Select Type of Access. 14) Select the scope of access. -- Optionally Create a Mako -15) Enter the Mako name. 16) Select the Hardware type. 17) (Optional): Enter the Mako ID. 18) (Optional): Enter any associated licenses for this device. 19) (Optional): Enter location specific details (Default: Inherit Company details).
1.2 Adding a Mako to a company (Reseller Only) Menu Management > Company > Manage [Company] > Add a Mako 1) Select Management.
1.2 Result Selecting ‘Add’ creates the device profile, selecting ‘Add and Configure’ creates the device profile and redirects the user to the configure page for the newly created profile.
2) Select Company and in the search box enter the Company you want to add a new Mako device to. 3) Select Company from the search results; your browser will be redirected to the Management tabs for the selected company. 4) Select the ‘Add Mako to [Company]’ hyperlink, or click the Add Mako tab. 5) Select the appropriate model and enter the required name for the new device profile. 6) (Optional): Enter the Mako ID and any associated licenses you have been supplied. • UAT
3 WWW.MAKONETWORKS.COM
2 Connectivity Configuration 2.1 Notes
2.1 ADSL WAN, PPP Configuration Prerequisite Mako ADSL device profile has been loaded for configuration. This could be done via loading from the selection page or after creating a new company and choosing the ‘Add and Configure’ option.
5) is dependent on the ISP Plan. If you have selected an ISP plan that is flat rate, Warning and Absolute Threshold alerts are not available.
Result WAN Interface configured. If a USB configuration file is required the above steps will be enough information to get a CPE device to an online state.
Menu Configure > Internet > ISP Setup 1) Select the ISP. 2) Select the Plan. 3) Enter the username and password details. 4) (Optional): Configure external DNS for the CPE to use. 5) (Optional): Configure the warning and absolute threshold levels. 6) Select the correct Billing Cycle Start Date to match the ISP billing cycle (this information is used by the End of Month Report.) 7) Click ‘Save’ to commit the changes.
2.2 Notes
2.2 Ethernet WAN, IP Configuration Prerequisite Mako Ethernet device profile has been loaded for configuration. This could be done via loading from the selection page or after creating a new company and choosing the ‘Add and Configure’ option.
Menu Configure > Internet > ISP Setup
1) and 2) are optional here and not strictly required to bring a device to an online state. The information provided during these steps is used for reporting purposes. 8) is dependent on the ISP Plan. If you have selected an ISP plan that is flat rate, Warning and Absolute Threshold Alerts are not available.
Result
1) (Optional): Select the ISP.
WAN Interface configured. A USB Configuration file can now be downloaded and applied to the device.
2) (Optional): Select the Plan. 3) Enter the WAN IP address. 4) Enter the Network Mask. 5) Enter the default gateway. 6) (Optional): Configure external DNS for the CPE to use. 7) (Optional): Configure the Warning and Absolute Threshold levels. 8) Select the correct Billing Cycle Start Date to match the ISP billing cycle (this information is used by the End of Month report). 9) Click ‘Save’ to commit the changes.
• UAT
4 WWW.MAKONETWORKS.COM
2.3 Notes
2.3 Cellular WAN
3) is optional and depends on the environment your configuring for.
Prerequisite A Mako Cellular device profile has been loaded for configuration. This could be done via loading from the selection page or after creating a new Mako and choosing the ‘Add and Configure’ option.
Menu Configure > Internet > ISP Setup
4) is optional and depends on the type of service your using. 6) is dependent on the ISP Plan. If you have selected an ISP plan that is flat rate, Warning and Absolute Threshold Alerts are not available.
1) Select the ISP.
Result
2) Select the ISP Plan.
WAN Interface configured. A USB Configuration file can now be downloaded and applied to the device.
3) (Optional): Enter the PIN number. 4) (Optional): Enter the APN. 5) (Optional): Configure external DNS for the CPE to use. 6) (Optional): Configure the Warning and Absolute Threshold levels. 7) Select the correct Billing Cycle Start Date to match the ISP billing cycle (this information is used by the End of Month report). 8) Click ‘Save’ to commit the changes.
2.4 Notes
2.4 Adding IP Range
IP Ranges are defined by the ISP plan. Subnet masks can be entered in standard or CIDR formats.
Prerequisite ISP Plan selected support IP Range.
Result Menu Configure > Internet > IP Range 1) Enter an IP range that has been allocated by the ISP.
IP Range now listed. IP addresses allocated within IP Range are now available in the Firewall section of the website as Target IPs.
2) Click Save.
2.5 Notes
2.5 Configuring Alerts Menu Configure > Internet > Alerts 1) Set the percentage level at which the system will alert based on your daily average. 2) Set the percentage level at which the system will alert based on your selected ISP plan free monthly allowance. 3) Select Worm Detection threshold.
Extraordinary Alerts are based around summary data captured during an End of Month report. The Management System will track usage patterns and can warn when certain thresholds are passed. 2) is ISP Plan dependent; if the currently selected ISP plan is flat rate this option will not be available.
Result
4) Select Port Scan Detection threshold.
Management system alerts are configured.
5) Select the maximum temperature before alerting. 6) Select whether to alert if the internal fan stops spinning.
• UAT
5 WWW.MAKONETWORKS.COM
2.6 Notes
2.6 Configuring Network LAN 1
Steps 6-10 are optional and are only used when client machines on the LAN are connecting via DHCP. Client settings can override any DHCP options entered here.
Menu Configure > Network > LAN 1 1) (Optional): Enter a name to describe the LAN. 2) Select whether to allow or deny ICMP echo-request (default: deny). 3) Enter the Ethernet IP address.
If Steps 6 and 7 are not set the default action is to use the entire LAN subnet for IP allocation.
Result
4) Enter the subnet mask.
LAN 1 Interface is configured.
5) Enable or disable DHCP (default: enable). 6) (Optional): Enter the start IP address for DHCP allocation. 7) (Optional): Enter the stop IP address for DHCP allocation. 8) (Optional): Enter the IP address of a WINS server for DHCP clients. 9) (Optional): Enter the IP address of a primary DNS server for DHCP clients. 10) (Optional): Enter the IP address of a secondary DNS server for DHCP clients.
2.7 Notes
2.7 Configuring Network LAN 2
LAN 2 supports disabling NAT. This is useful if you have a public IP range and wish to allocate the entire range to this network port.
Prerequisite 6500 - A2 / 3G / E Hardware type.
Result
Menu Configure > Network > LAN 2
LAN 2 can have NAT enabled or disabled.
See ‘Configuring Network LAN 1’
2.8 Notes
2.8 Configuring DHCP Leases
2) Enter the MAC Address. (Format XX:XX:XX:XX:XX:XX)
The DHCP Leases page will be automatically populated by the Mako device after a lease has been issued. This section of the website can be used to statically assign a particular IP address to a MAC address.
3) (Optional): Enter a comment.
The Mako Management System uses the “Comments” field for reporting purposes.
Menu Configure > Network > DHCP Leases 1) Enter the IP Address.
4) Click Add.
Result
2.9 Configuring Static Routes
DHCP Entry displayed on page. After CPE update (2 minutes) the assigned IP address should be allocated to the correct requesting MAC address.
Menu Configure > Network > Static Routes 1) Enter the subnet information. 2) Enter the gateway address to reach this subnet (must be local).
2.9 Notes
3) (Optional): Enter a name for the static route.
If the name field is omitted then the network and subnet mask will be used as a name.
4) Click Add.
Static routes can be edited by clicking on the cog icon.
Result Static route added.
• UAT
6 WWW.MAKONETWORKS.COM
3 Firewall Configuration 3.1 Notes
3.1 Inbound Basic Rule
The IP address must be reachable via one the Mako’s internal LAN interfaces, either directly or via a static route.
Menu Configure > Firewall > Inbound > Basic 1) Enter the internal IP Address to forward traffic to. 2) Select the service type from the list provided.
The refresh button can be used force an update from the NOC to the Mako.
3) (Optional): Enter a comment for the rule.
Result
4) Click Add.
Firewall rule added to list.
3.2 Notes
3.2 Inbound Advanced Rule
The IP address must be reachable via one the Mako’s internal LAN interfaces; either directly or connected via a static route.
Menu Configure > Firewall > Inbound > Advanced 1) Enter the Source IP Address (blank for any). 2) (Optional): Enter the subnet mask (defaults to /32). 3) Select the External Service Type. 4) (Optional): Select the Internal Service Type. 5) (Optional): Enable Trace Logging (recommended only in rare circumstances). 6) (Optional): Enter a comment for the rule.
Trace Logging means any packet coming through the firewall will be logged.
Result
3.3 Notes
3.3 Outbound Basic Rule
The Refresh button can be used to force an immediate update from the NOC to the Mako.
Menu Configure > Firewall > Outbound > Basic 1) Enter a Source IP Address, or select a source network from the drop down list. 2) Enter a Destination IP Address, or leave blank for ‘anywhere’. 4) Set the action for the rule: Allow or Deny.
The External Service and the Internal Service can be different; the Mako will perform a port translation in this case.
Firewall rule added to list.
7) Click Add.
3) Select the Service Type.
The refresh button can be used to force an update from the NOC to the Mako.
Firewall rules are implemented from the top down. Be wary of this when constructing complex rule sets.
Result Firewall rule added to list.
5) (Optional): Enter a comment for the rule. 6) Click Add.
• UAT
7 WWW.MAKONETWORKS.COM
3.4 Configuring Firewall - Outbound Advanced Menu Configure > Firewall > Outbound > Advanced 7) Enter the Source IP Address. 8) (Optional): Enter the Source Subnet Mask (default: /32). 9) Enter the Destination IP Address.
3.4 Notes The Refresh button can be used force an immediate update from the NOC to the Mako.
Result Firewall rule added to list.
10) (Optional): Enter the Destination Subnet Mask (default /32). 11) Select the Service Type. 12) Set the action for rule: Allow or Deny. 13) (Optional): Set Trace Logging flag (default: Allow-disabled, Denyenabled). 14) (Optional): Enter a comment. 15) Click Add.
3.5 Configuring Firewall - Intranet Basic Prerequisite
3.5 Notes The refresh button can be used force an immediate update from the NOC to the Mako. Any manually entered IP addresses must be local to the device, either directly connected or reachable via a static route.
6500 – A2 / Cellular / E Hardware type.
Menu Configure > Firewall > Intranet > Basic
Result
1) Select the Source Network.
Firewall rule added to list.
2) Enter the Destination IP or select the Destination Network. 3) Select the Service Type. 4) Set the action for the rule: Allow or Deny. 5) (Optional): Enter a comment. 6) Click Add.
3.6 Configuring Firewall - Intranet Advanced Menu Configure > Firewall > Intranet > Advanced 1) Enter the Source IP Address. 2) (Optional): Enter the Source Subnet Mask (default: /32). 3) Enter the Destination IP Address. 4) (Optional): Enter the Destination Subnet Mask (default /32). 5) Select the Service Type.
3.6 Notes The refresh button can be used force an immediate update from the NOC to the Mako. Any manually entered IP addresses must be local to the device, either directly connected or reachable via a static route.
Result Firewall rule added to list.
6) Set the action for the rule: Allow or Deny. 7) (Optional): Set Trace Logging flag (default: Allow-disabled, Denyenabled). 8) (Optional): Enter a comment. 9) Click Add.
• UAT
8 WWW.MAKONETWORKS.COM
3.7 Notes
3.7 Configuring Firewall - VPN Basic
The refresh button can be used force an immediate update from the NOC to the Mako.
Prerequisite An IPSec VPN must be present. Refer 4.1 Mako to Mako IPSec VPN.
Result Firewall rule added to VPN rule list.
Menu Configure > Firewall > VPN > Basic 1) Select an IPSec VPN to create a rule for. 2) Enter Source IP Address, or select Source Network from the drop down list. 3) Enter Destination IP Address, or select Destination Network from drop down list. 4) Select the Service Type. 5) Set the action for the rule: Allow or Deny. 6) (Optional): Enter a comment. 7) Click Add.
3.8 Notes
3.8 VPN Advanced Rule
The refresh button can be used force an immediate update from the NOC to the Mako.
Prerequisite An IPSec VPN must be present. Refer 4.1 Mako to Mako IPSec VPN.
Result Firewall rule added to list.
Menu Configure > Firewall > VPN > Advanced 1) Select an IPSec VPN to create a rule for. 2) Enter the Source IP Address. 3) (Optional): Enter the source Subnet Mask (default: /32). 4) Enter the Destination IP Address. 5) (Optional): Enter the Destination Subnet Mask (default: /32). 6) Select the Service Type. 7) Set the action for the rule: Allow or Deny. 8) (Optional): Set Trace Logging flag (default: Allow-disabled, Denyenabled). 9) (Optional): Enter a comment. 10) Click Add.
• UAT
9 WWW.MAKONETWORKS.COM
4 VPN and Remote Access Configuration 4.1 Result
4.1 Mako to Mako IPSec VPN
Mako to Mako IPSec VPN constructed with the desired default traffic direction.
Prerequisite At least two device profiles must exist in order to construct a Mako to Mako IPSec VPN. The device profiles do not need to exist under the same company; a reseller with access to multiple customers can use the search feature to construct inter-company IPSec VPNs.
Menu Configure > VPN > Mako to Mako > Manage Access 1) On the left-hand side, select the local network to be part of the IPSec VPN. 2) Select the direction of traffic flow. This controls firewall settings allowing or denying traffic originating in a certain direction. 3) Select the other device profile to be part of the IPSec VPN. The search magnifying glass icon can be use to locate device profiles under other companies (Reseller only function). 4) Select the network on the other device that will be part of the IPSec VPN. 5) Click Add.
4.2 Notes
4.2 Add Third Party Device Menu Configure > VPN > Mako to Mako > Add Third Party Device 1) Enter the Location name. 2) Enter the Public IP Address of the Third Party Device. 3) Enter the Network that will be part of the IPSec VPN. 4) Click Add, or Add and Create VPN.
Result Device created is now available in the Manage Access section and can be used to construct an IPSec VPN.
4.3 Notes
4.3 Delete Third Party Device Menu Configure > VPN > Mako to Mako > Delete Third Party Device 1) Select the device to delete. 2) Click Delete. A confirmation box will be displayed allowing the user to confirm or cancel this action.
• UAT
Refer Appendix 3 of the Management System Reseller Manual for more information on IPSec parameters.
Any IPSec VPNs or VPN Firewall rules associated with the Third Party IPSec device will be removed.
Result Third Party IPSec device is no longer available in the Manage Access section.
10 WWW.MAKONETWORKS.COM
4.4 Notes
4.4 Mako to Third Party IPSec VPN
Refer Appendix 3 of the Management System Reseller Manual for more information on IPSec parameters.
Prerequisite
The local subnets at both ends of an IPSec connection must be unique.
A Third Party device needs to be available to use.
Menu Configure > VPN > Mako to Mako > Manage Access 1) On the left-hand side, select the local network to be part of the IPSec VPN. 2) Select the direction of traffic flow. This controls firewall settings allowing or denying traffic originating in a certain direction.
Result Mako side of IPSec tunnel will be created. If the other end is correctly configured then the tunnel should establish and be useable.
3) Select the Third Party Device profile to be part of the IPSec VPN. The search magnifying glass icon can be use to locate device profiles under other companies (Reseller only function). 4) Enter the pre-shared key to be used during authentication for this IPSec tunnel. Alternately, the Management system can generate a unique pre-shared key by clicking on the [random] hyperlink. 5) Click Add.
4.5 Notes
4.5 PPTP Configuration Menu Configure > VPN > Remote Access > PPTP Settings 1) Enable PPTP access. 2) Select the Network to terminate PPTP VPNs. 3) Enter the IP Range Start Address. 4) Enter the IP Range Stop Address. 5) (Optional): Enter a DNS server address to be allocated to a connecting PPTP client. 6) (Optional): Enter a WINS server address to be allocated to a connecting PPTP client. 7) Click Save.
Menu Configure > VPN > Remote Access > Add VPN User
2) Enter the users Last Name.
Due to the above nature of PPTP, the connecting client cannot have the same network as the Mako. I.e. They cannot both have 10.0.0.0/8, as a routing conflict will exist.
Result PPTP Configured. PPTP will not be activated on the device until a user is created and enabled, refer 4.6 and 4.7.
4.6 Notes
4.6 Adding VPN User 1) Enter the users First Name.
PPTP allocates IP addresses from the network terminating the PPTP sessions. It is important to ensure that the IP addresses allocated during PPTP Configuration do not conflict with existing devices on the LAN.
The user will receive an e-mail containing login details. These details are used by PPTP users when they construct a PPTP VPN, or by a Remote Access IPSec VPN user when they log into the Management System to exchange pre-shared keys.
3) Enter the desired Username.
Result
4) Enter the users E-Mail Address.
The user is created in the system. The will receive an e-mail containing username and password information.
5) Click Add.
The user will now be available in the Remote Access > Manage Access section.
• UAT
11 WWW.MAKONETWORKS.COM
4.7 Notes
4.7 Enabling Remote Access
User access is disabled by default.
Menu Configure > VPN > Remote Access > Manage Access 6) Toggle the red and green access orbs to enable or disable access of the required type on the appropriate LAN by clicking once on them.
Result Account state is changed and access is allowed or denied.
5 Quality of Service Quality of Services comes pre-configured. The Mako Team has developed a generic QoS profile that suits the majority of customers. All QoS changes are done via Configure > Services > QoS > Advanced. The hyperlink found at Configure > Services > QoS > Custom is the same menu item. QoS works by dividing the available upstream bandwidth into segments called bins.
5.1 Notes
5.1 Adding a service to a QoS Bin
Source Addresses can be used to provide fine-grained control over QoS.
Menu Configure > Services > QoS > Advanced 1) Select the Service Type.
Result
2) Select the Bin.
Service added to selected QoS Bin and prioritized accordingly.
3) (Optional): Enter a Source Address. 4) Click Add.
5.2 Removing a service from a QoS Bin Menu Configure > Services > QoS > Advanced 1) Click on the delete icon in the Remove Service column next to the service you want to remove.
5.3 Adding a QoS Bin
New QoS bin available for use.
5.4 Notes
1) Click on the Add New Bin button.
Any services in the QoS Bin being removed will be deleted from the QoS profile.
5.4 Removing a QoS Bin Menu Configure > Services > QoS > Advanced 2) Click on the delete icon in the Remove Bin column next to the bin you wish to remove.
5.5 Managing QoS Bin bandwidth allocations. Menu Configure > Services > QoS > Advanced
The bandwidth previously added to the QoS Bin will be distributed to the last QoS bin in the profile.
Result Bin removed and QoS allocations readjusted.
5.5 Notes
1) Click on the ‘Show advanced bandwidth settings’ checkbox at the bottom of the page. 2) Adjust QoS Bin allocations, ensuring the total adds to 100%.
• UAT
5.3 Notes The new bin will be allocated 3% bandwidth from the most suitable bin. The new bin will be placed last in the priority queue.
Result
Menu Configure > Services > QoS > Advanced
3) Click Save.
5.2 Result Service removed from QoS configuration.
The refresh button can be used force an immediate update from the NOC to the Mako.
Result Firewall rule added to list.
12 WWW.MAKONETWORKS.COM
6 VPN Cloud 6.1 Notes
6.1 Creating a VPN Cloud Prerequisite You must have a least one appliance able to be used as a VPN Cloud concentrator. You must have the authority required to create a VPN Cloud for your network.
Menu Management > Company > Manage MSP > VPN Cloud 1) Click 'Create VPN Cloud'. The VPN Cloud modal window will appear.
A VPN Cloud is a virtual data center where VPN traffic is managed by certificatebased authentication. It's a fast, secure way of handling VPN traffic. While creating a VPN Cloud is very simple, you should ensure that its creation has a genuine business purpose, as maintaining several VPN clouds may cause unwanted management problems.
Result A new VPN Cloud is created.
2) Enter a name for your VPN Cloud. 3) Select a Mako to be used as a cloud concentrator. The Mako's LAN details will appear. 4) Enable at least one LAN over which the VPN cloud will operate. 5) Click 'Save VPN Cloud'. The 'Save VPN Cloud' dialog box will appear. 6) Enter your password to authorize this configuration change.
6.2 Notes
6.2 Joining a VPN Cloud
By default, joining a Mako to a VPN Cloud allows bi-directional traffic.
Prerequisite
Result
A VPN Cloud must have been created for the business.
Menu Configure > VPN > VPN Cloud 1) Click 'Join VPN Cloud'. A modal window will appear.
The VPN Cloud-enabled LANs of the selected Mako are listed.
2) Click 'Select VPN Cloud'. A drop-down selection box will appear. 3) Begin typing the name of an available VPN Cloud. (In Mako's Demo site, "BigCorp's Cloud" has been created.) 4) If/When the cloud appears below the search box, click it. The cloud name will appear in the VPN Cloud field. 5) Click 'Save VPN Cloud connection'.
• UAT
13 WWW.MAKONETWORKS.COM
6.3 Editing your Mako's options for its VPN Cloud Prerequisite
6.3 Notes Options may be edited during the 'Joining' process. SNAT settings, whether it's used or not, can be instrumental in diagnosing UScentric problems.
Your Mako must have joined a VPN Cloud.
Menu Configure > VPN > VPN Cloud 1) The page shows the name of the Mako's VPN Cloud, how many LANs your Mako has assigned to the cloud, the direction, SNAT setting and the Options ( ) column. 2) Click the button. The 'Join VPN Cloud' modal pane appears. 3) Click 'Select concentrators, VPN direction and SNAT'. The VPN Cloud's concentrator list and Mako LAN properties appear. 4) Enter an SNAT address in IPv4 or CIDR notation, and/or select a direction change, and/or a priority weighting level. You may also engage or disengage a Mako's LAN from the cloud.
Traffic direction determines which way data may be transmitted and received from Mako to Mako. Priority is a weighting level. A Mako's LAN may be part of several VPN cloud networks in a distributed concentrator configuration. Priority assists in distributing loads across several concentrators.
Result The Mako's LAN's properties have been altered.
5) Click 'Save VPN Cloud connection'. You will return to the main page listing the VPN Cloud your Mako has joined.
6.4 Notes
6.4 Simple Diagnostics on VPN Cloud Prerequisite This procedure requires a laptop or IP client with which to plug in to the LAN(s) of a Mako assigned to a VPN Cloud. 1) Plug a PC or IP client to the LANs on at least one Mako designated as a VPN Cloud Mako.
VPN Cloud diagnostics start stepping out of the scope of user acceptance testing. Some properties are only accessible via high level system administrators.
Result Several tables of diagnostic information are present for user evaluation.
2) Enter the CMS and select the Mako. 3) Menu
Reports > Diagnostics > VPN Cloud Setup
4) This diagnostic displays the Cloud name, Device tunnel name, the number of connections in the cloud, the Peer Network count and local network address. 5) Menu
Reports > Diagnostics > VPN Cloud Routing Table
6) This displays the networks discovered over the VPN Cloud, including network ranges, weights and endpoint address.
• UAT
14 WWW.MAKONETWORKS.COM
7 Mako Guardian 7.1 Notes
7.1 Category Management
Mako Spyware Protection can be enabled by checking the ‘Enable Mako Spyware Protection’ checkbox.
Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox.
Menu Configure > Services > Mako Guardian > Sites > Categories
An ‘Add All’ category is available; this simply adds all categories into the profile configuration. Groups and Times default to Everyone/ Anytime. Additional Groups and Times can be configured. Refer 6.10 through to 6.18.
1) Select a category for the drop down list.
Result
2) (Optional) Select a Group.
New category selected is added to the list.
3) (Optional) Select a Time. 4) Select an action for the category: Allow or Deny. 5) Click Add.
7.2 Notes
7.2 Default Site Categories A Mako Guardian license must be installed to use this functionality.
The Mako Team has put together a standard set of categories suitable to most sites. Using the Default button will load those categories into the list, replacing any user-specific changes.
Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox.
Result
Prerequisite
Menu Configure > Services > Mako Guardian > Sites > Categories 1) Click the ‘Use Default Site and Phrase Categories’ button.
7.3 Notes
7.3 Custom Sites Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox.
Menu Configure > Services > Mako Guardian > Sites > Custom Sites 1) Enter a domain or URL. 2) (Optional) Select a Group.
When adding domain names, the system will include sub-level domains as part of a match. E.g. Adding a block on example. com will block www.example.com however adding a block on www.example. com will not block test.example.com. Allowed sites have priority over domains, so adding allowed custom sites will override any denied entries that match in the Categories section. Groups and Times default to Everyone/ Anytime. Additional Groups and Times can be configured. Refer 6.10 – 6.18.
3) (Optional) Select a Time.
Result
4) Set the Action, Allow or Deny.
The custom site is added to the list of domains and URLs.
5) Click Save.
• UAT
Category and Phrase lists are set to default. These include Adverts, Hacking, Pirated Software, Pornography, Proxies, Diallers and Redirectors.
15 WWW.MAKONETWORKS.COM
7.4 Custom Sites Banned URL Expression Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox.
Menu Configure > Services > Mako Guardian > Sites > Custom Sites 1) Enter a regular expression. 2) (Optional): Click the [test] hyperlink to test the expressions you have entered.
7.4 Notes The Mako CPE can handle true regular expressions as part of its site and URL filtering. More information about regular expressions can be found at http://www. regular-expressions.info Groups and Times default to Everyone/ Anytime. Additional Groups and Times can be configured. Refer 6.10 – 6.18.
Result Regular expression is added to the list of custom sites.
3) (Optional): Enter a domain or URL to test against. 4) (Optional): Click Test Expression This section allows you to modify the expression you have entered until it is behaving as expected. 5) (Optional): Click Use Expression to use the expression entered in the parent page. 6) (Optional) Select a Group. 7) (Optional) Select a Time. 8) Click Save.
7.5 Notes
7.5 Custom Categories
Custom Categories allow you to create customised lists containing both URLs and Domains. These custom categories can be shared amongst CPE device profiles within the same company.
Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox.
Menu Configure > Services > Mako Guardian > Sites > Custom Categories 1) Enter the name of the category you would like to create.
is a reseller function and can be used to share custom categories among multiple customers.
Result Regular expression is added to the list of custom sites.
2) Enter a description for the category type your creating. 3) (Optional - Reseller level only) Check or uncheck ‘Share this category with customers’.
• UAT
16 WWW.MAKONETWORKS.COM
7.6 Notes
7.6 Custom Category Edit
Custom Categories allow you to create customised lists containing both URLs and Domains. These custom categories can be shared amongst CPE device profiles within the same company.
Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox. A custom category must be created. Refer 6.5.
Menu Configure > Services > Mako Guardian > Sites > Custom Categories 1) Click the spanner icon next to the category you would like to edit. 2) (Optional) Individual Domains/URLs can be added or removed using the Add/Remove Sites section and corresponding Add/ Remove buttons.
3) is a reseller function and can be used to share custom categories among multiple customers. When uploading files the correct format must be adhered to. Refer Mako Guardian Manual for further details. Existing custom categories can be downloaded using the ‘Floppy Disk’ icon located on the Custom Categories page.
Result Regular expression is added to the list of custom sites.
3) (Optional) Correctly formatted files containing URLs and Domains can be uploaded using the ‘Upload Site Category File’ section. 4) a: (Optional) Use the ‘Choose File’ button to locate the Domains/ URLs file. b: (Optional) Click Upload.
7.7 Notes
7.7 Phrases Management
Phrases are based on the contents on an HTML pages rather than domain or URL matching.
Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox.
Menu Configure > Services > Mako Guardian > Phrases > Categories
Groups and Times default to Everyone/ Anytime. Additional Groups and Times can be configured. Refer 6.10 – 6.18.
Result Phrase category added to the list.
1) (Optional) Select a Group. 2) (Optional) Select a Time. 3) Click Add.
• UAT
17 WWW.MAKONETWORKS.COM
7.8 Notes
7.8 Custom Phrases
The weight setting allows you to give certain words or combinations of words more weight than others. Use this in conjunction with the weighted phrase configuration.
Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox.
Menu Configure > Services > Mako Guardian > Phrases > Custom Phrases 1) Enter a phrase. 2) Select action for the phrase match; Allow, Deny or Weight.
The Add to Preview function allows you to build combinations of words that act as one phrase. Groups and Times default to Everyone/ Anytime. Additional Groups and Times can be configured. Refer 6.10 – 6.18.
Result Phrase added to the list.
3) (Optional) Select a Group. 4) (Optional) Select a Time. 5) Click Save.
7.9 Notes
7.9 Weighted Phrase Configuration
Weight Phrase Modes act on phrases matched in an HTML page. Either each match of a word counts only once, or the match counts multiple times.
Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox.
Menu Configure > Services > Mako Guardian > Phrases > Custom Phrases
Weighted Phrase Limit decides the level an HTML page has to reach before it is blocked.
Result Weighted Phrase Configuration updated.
1) Select the Weighted Phrase Mode. 2) Enter the Weighted Phrase Limit. 3) Click Save.
7.10 Notes
7.10 User and Group Options Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox.
Menu Configure > Services > Mako Guardian > Users and Groups > Options 1) Select the authentication mode for Mako Guardian (Default: Anonymous). 2) (Optional) Check ‘Allow anonymous/unauthenticated web access’ 3) Click Save.
Optional enables or disables anonymous access as well as the selected Authentication mode. This is useful during initial configuration where an administrator can configure another mode of operation and not effect existing users. LDAP configuration (Configure > Services > Mako Guardian> Users and Groups > LDAP) is only available if LDAP User Authentication mode is selected. Local Users configuration (Configure > Services > Mako Guardian> Users and Groups > Local Users) is only available if Local User authentication mode is selected.
Result The authentication mode is changed.
• UAT
18 WWW.MAKONETWORKS.COM
7.11 Notes
7.11 Users and Groups - LDAP
The administrative account entered here will need to be fully qualified. E.g. ‘cn=Administrator,cn=Users, dc=example,dc=com’ rather than ‘Administrator’.
Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox. LDAP User Authentication mode must be enabled. Refer 6.8. An LDAP compliant directory server must be reachable from the CPE device.
Menu Configure > Services > Mako Guardian > Users and Groups > LDAP
The Root DN (Distinguished Name) is the top level at which we search for users. In the example domain the Root DN is ‘DC=example, DC=com’. Steps 7 & 8: These values are specific to your LDAP configuration. The examples provided are based on Microsoft 2003 Active Directory.
Result
1) Enter the IP address of the LDAP server. 2) Enter the port number that the LDAP service is available on.
LDAP Authentication mode is configured.
3) Enter an administrative account name that can browse and authenticate LDAP users. 4) Enter the administrative account password. 5) Enter the administrative account password a second time (for validation). 6) Enter the Root DN. 7) Enter the search query. 8) Enter the Group Attribute.
7.12 Notes
7.12 Users and Groups - Local Users
Local User Authentication mode provides a mechanism for Authentication without the requirement for a LDAP compliant server.
Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox. Local User Authentication mode must be enabled.
Menu Configure > Services > Mako Guardian > Users and Groups > Local Users
Result The user is added. This account can now be used for authentication when Mako Guardian is configured in ‘Local User Authentication Mode’.
1) Enter a Username. 2) Enter the Full Name. 3) Enter the E-Mail address of the user. 4) Enter the Password. 5) Enter the Password again for verification.
• UAT
19 WWW.MAKONETWORKS.COM
7.13 Notes
7.13 Create Local Group
Local User Group’s provide a mechanism for Group based policies without the requirement of an LDAP compliant server. Local Groups contain Local Users.
Prerequisite Local User Authentication mode must be enabled.
Menu Configure > Services > Mako Guardian > Users and Groups > Groups 1) Enter a Group name.
Result The Local User Group is created and appears in the list of Groups.
2) Select ‘Local User Group’. 3) Click Add.
7.14 Notes
7.14 Create IP Group
IP Groups are groups that contain IP based members.
Prerequisite A Mako Guardian license must be installed to use this functionality.
Result
Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox.
The IP Based Group is created and appears in the list of Groups.
Menu Configure > Services > Mako Guardian > Users and Groups > Groups 1) Enter the Group name. 2) Select ‘IP Address Based’. 3) Click Add.
7.15 Notes
7.15 Create LDAP Group
The LDAP Group DN is defined by the LDAP Server. This will generally be unique for each LDAP environment.
Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox. LDAP User Authentication mode must be enabled. Refer 6.10.
Menu Configure > Services > Mako Guardian > Users and Groups > Groups
You do not enter LDAP users into LDAP Group’s on the Management platform. LDAP Group based membership is queried during communication with your LDAP server.
Result The LDAP User Group is created and appears in the list of Groups.
1) Select ‘LDAP User Group’ - The LDAP Group DN text box now appears. 2) Enter the LDAP Group DN. 3) Click Add.
• UAT
20 WWW.MAKONETWORKS.COM
7.16 Result
7.16 Add Local User to Local Group
The user is added to the group.
Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox. Local User Authentication mode must be enabled. Refer 6.10. Local Users must be defined. Refer 6.12. At least one Local Group must be defined. Refer 6.13.
Menu Configure > Services > Mako Guardian > Users and Groups > Groups 1) Click the Spanner icon next to the group you wish to make the user a part of. 2) Select the user you wish to add to the Group from the ‘Add Group Member’ section. 3) Click Add.
7.17 Result
7.17 Add IP Address to IP Based Group
The IP Address is added to the group.
Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox. At least one IP Based Group must be defined. Refer 6.14.
Menu Configure > Services > Mako Guardian > Users and Groups > Groups 1) Click the Spanner icon next to the group you wish to make the user a part of. 2) Enter the IP Address you wish to add the IP Based Group in the ‘Add Group Member’ section 3) Click Add.
7.18 Notes
7.18 Banned File Extensions
The prefixing full stop is not required.
Prerequisite
Result
A Mako Guardian license must be installed to use this functionality.
File extension is added to the list.
Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox.
Menu Configure > Services > Mako Guardian > Advanced > File Types 1) Enter the extension. 2) Click Add.
• UAT
21 WWW.MAKONETWORKS.COM
7.19 Result
7.19 MIME Types
MIME Type selected is added to the list.
Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox.
Menu Configure > Services > Mako Guardian > Advanced > File Types 1) Select the MIME type from the list. 2) Click Add.
7.20 Notes
7.20 Create Time
Additional time intervals can be added by clicking on the Spanner icon next to the time slot name.
Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox.
Result The time slot is added to the list.
Menu Configure > Services > Mako Guardian > Advanced > Times 1) Enter a name for the time slot you are creating. 2) Select the start and stop intervals for this time slot. 3) Click Add.
7.21 Notes
7.21 Exceptions
All exceptions to Content Filtering are IP based.
Prerequisite A Mako Guardian license must be installed to use this functionality.
Allowed IPs are exempt from all Content Filtering policies.
Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox.
Result
Menu Configure > Services > Mako Guardian > Advanced > Exceptions
Entered IP address is completely allowed, or completely denied.
1) Enter an IP address. 2) Set action, Allow or Deny. 3) Click Add.
• UAT
22 WWW.MAKONETWORKS.COM
7.22 Notes
7.22 Site Bypass Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox.
Menu Configure > Services > Mako Guardian > Advanced > Site Bypass 1) Enter an IP address, Network Address or Website. 2) (Optional) Enter a comment. 3) Click Add.
7.23 Landing Page
Site Bypasses currently only work when Mako Guardian is being used in transparent mode. Transparent mode is when the proxy server address on the Mako device is not being used. If the proxy server address on the Mako is being used the Site cannot be bypassed. Site Bypass is used when non-HTTP traffic is being passed through the Mako on port 80, or in cases when non-RFC compliant devices are using port 80. If a Website name is used and no comment is supplied the Mako System will automatically resolve the Website to an IP address and use the Website name as a comment.
Result The IP Address, Network or Website is not bypassed when accessed.
Prerequisite A Mako Guardian license must be installed to use this functionality. Mako Guardian must be activated. Activate it from this same Menu by clicking the ‘Enable Mako Guardian’ checkbox.
Menu Configure > Services > Mako Guardian > Advanced > Landing Page 1) Check the ‘Landing Page Enabled’ check box. 2) Enter the website to redirect the user to. 3) Select the time-out period. 4) Click Save.
7.23 Notes Landing Page temporarily redirects any HTTP traffic to another website. This is useful for Kiosk mode operation where the initial page displayed could be a welcome message. Only the first request from a browser will be redirected. The user will not see the landing page until the value defined by the timeout period has past and there has been no further activity from the browser.
Result Landing page is enabled. The first attempt to access any webpage will be redirected to the landing page.
• UAT
23 WWW.MAKONETWORKS.COM
8 Mako Failover 8.1 Notes
8.1 Failover Configuration Prerequisite Two device profiles with LAN networks configured in the same subnet but with different IP addresses assigned to the LAN ports. The secondary device in the failover pair must have a valid Mako Failover license to enable failover. The device profiles must be able to communicate with each other via their corresponding LAN ports. A crossover cable is recommended for the communications channel. Both devices in the failover configuration must be the same hardware type, i.e. 2x6500 - A2 / Cellular / E (WAN type can be mixed).
Virtual IP Addresses will be the default gateway for any machines connected on the LAN subnet. The virtual IP Address will shift between the devices as they change state. The Monitor option instructs the devices to also monitor the interface in case of a state change (link up/link down). If a monitored LAN interface fails (or switch fails) the secondary device will take ownership of the Virtual IP.
Result Mako Failover configured.
Menu Configure > Services > Mako Failover 1) Select device profile that will be the secondary device in the failover configuration. 2) Check or uncheck the ‘Secondary always on’ option. 3) For each available Interface, decide the Virtual IP Address. 4) Check or Uncheck the Monitor option for each Interface. 5) Select the LAN Interface to be used as the failover communication channel. 6) Click Save.
9 Dynamic DNS Mako’s CMS supports two Dynamic DNS providers: No-IP.com and DynamicDNS.org. Accounts must be configured with the appropriate provider prior to configuring the Mako’s Dynamic DNS profile.
9.1 Dynamic DNS Configuration - No-ip.com Prerequisite
9.1 Notes Dynamic DNS uses third party DNS providers.
Result
A Dynamic DNS account must be configured with No-IP.com.
Dynamic DNS profile configured on the device. After the first update the Dynamic DNS hostname will be updated to point to the Mako’s WAN address.
Menu Configure > Services > Dynamic DNS 1) Enter the Username. 2) Enter the Password. 3) Enter the Password again for confirmation. 4) Enter the Hostname. 5) (Optional): If you have a group of hostnames you can enter the group name. 6) Click Submit.
• UAT
24 WWW.MAKONETWORKS.COM
9.2 Dynamic DNS Configuration - DynDNS.org Prerequisite
9.2 Notes Dynamic DNS uses third party DNS providers. The Backup MX Record is used if you wish to provide an alternate MX record for the hostname. If enabled, two MX records are created; one pointing to the IP address for the Mako’s WAN and another pointing to the backup MX host provided.
A Dynamic DNS account must be configured with DynDNS.org.
Menu Configure > Services > Dynamic DNS 1) Enter the Username.
Result
2) Enter the Password.
Dynamic DNS profile configured on the device. After the first update the Dynamic DNS hostname will be updated to point to the Mako’s WAN address.
3) Enter the Password again for confirmation. 4) Enter the Hostname. 5) Set wildcard support. 6) Enter a Backup MX Record if you wish to use one for this host. 7) Enable or Disable Backup MX service. 8) Click Submit.
10 Deployment 10.1 Notes
10.1 Mako ID Change (Reseller Test)
Mako IDs are used to link a physical piece of Mako hardware to a device profile configured on the Management System.
Menu Configure > Deployment > Deployment 1) Enter the Mako ID.
Result
2) Click Update.
Mako ID is changed.
10.2 Hardware Modification (Reseller Test) Menu Configure > Deployment > Hardware 1) Select the Hardware Type. 2) (Optional): Enter the Mako ID (useful if changing physical hardware). 3) Enter your password. 4) Click ‘Update Configuration’.
10.2 Notes Entry of your password is required due to the irreversible changes Modify Hardware can make. Take special note of the warnings on this page. Changing from an Ethernet model to an ADSL model will remove all firewall, IPSec and WAN configuration entered into the site.
Result Hardware type changed. Mako ID updated if required.
• UAT
25 WWW.MAKONETWORKS.COM
11 Warranty 1) Standard Limited Warranty. If the products purchased hereunder are resold by a distributor or reseller to an enduser (customer) pursuant to the terms hereof in their original, unmodified, unused condition, Purchaser shall pass on to its customers, or keep as applicable for internal use, the MAKO NETWORKS LTD. standard limited warranty for the products, as summarized in documentation supplied with the product and including provisions and limitations set forth below. The Manufacturer warrants the Mako Appliance for one (1) year. The Warranty begins on the date of purchase as shown on your providers invoice. 2) Express End-user Limited Warranty. Each MAKO NETWORKS LTD. product purchased hereunder is warranted against defect in material and workmanship and will substantially conform to MAKO NETWORKS LTD. product documentation for the period set forth in the documentation supplied with the product following delivery to end-user (the “Warranty Period”). This warranty extends only to end-user and will not extend to, nor may it be assigned to, any subsequent user, Purchaser or user of a MAKO NETWORKS LTD. product, whether such MAKO NETWORKS LTD. product is alone or incorporated into end-user’s product. 3) Exclusions. The express warranty set forth above is contingent upon the proper use of a MAKO NETWORKS LTD. product in the application for which it was intended and will not apply to any MAKO NETWORKS LTD. product that has been (i) damaged during shipping, (ii) modified or improperly maintained or repaired by a party other than MAKO NETWORKS LTD. or its designees, or (iii) subjected to unusual physical or electrical stress. This includes operation of the product outside the Operating Specifications of the product. 4) Limitation of Remedy. In the event a MAKO NETWORKS LTD. product fails to perform as warranted, MAKO NETWORKS LTD. sole and exclusive liability and end-user’s only remedies for breach of this warranty shall be, at MAKO NETWORKS LTD.’s option to repair, replace or credit an amount not exceeding the Purchaser’s purchase price of each product found to be defective, provided that: 4.1) End-user complies with the rejection and warranty procedures contained in Section 5 below and returns the MAKO NETWORKS LTD. product that the end-user considers defective for examination and testing. 4.2) MAKO NETWORKS LTD. shall not be liable under this warranty if testing and examination by MAKO NETWORKS LTD. discloses that the MAKO NETWORKS LTD. product has been modified or altered in any manner after it was shipped by MAKO NETWORKS LTD. 4.3) MAKO NETWORKS LTD. shall not be liable under this warranty if testing and examination by MAKO NETWORKS LTD. discloses that the alleged defect in the MAKO NETWORKS LTD. product does not exist or was caused by end-user or any third person’s misuse, neglect, improper installation or testing, unauthorized attempts to repair or any other cause beyond the range of intended user, or by accident, fire or other hazard. 4.4) MAKO NETWORKS LTD. shall not be liable under any warranty under this Agreement with respect to any MAKO NETWORKS LTD. product that is not returned in its original shipping container or a functionally equivalent container. 4.5) If MAKO NETWORKS LTD. testing and examination does not disclose a defect warranted under this Agreement: MAKO NETWORKS LTD. shall so advise Purchaser and dispose of such MAKO NETWORKS LTD. product in accordance with Purchaser’s instructions on behalf of end-user and at Purchaser’s cost.
2014 Mako Networks Limited. Some Rights Reserved - http://creativecommons.org/licenses/by-ncsa/3.0/ The Mako logo is a registered trademark of Mako Networks Limited. Other product and company names mentioned herein can be trademarks and/or registered trademarks of their respective companies. Information in this document is subject to change without notice and does not represent a commitment on the part of Mako Networks Limited. This document should be read in conjunction with the Mako Networks Terms and Conditions available from the Mako Networks website (http://www.makonetworks.com). Mako Networks, its parent or associate companies may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written licence agreement from Mako Networks, its parent or associate companies, the furnishing of this document does not give you any rights or licence to these patents, trademarks, copyrights, or other intellectual property.
Page 26
• Warranty Software
