This allows you to set networking parameters for your gateway, including WAN1, WAN2 settings, Cellular connection, and DDNS. You can access this page through Configure > Gateway > Interface
In this mode, the EnGenius Gateway acts as a layer 3 routing gateway between WAN and LAN interfaces. Client outbound traffic to the Internet is source Network Address Translated (NATed) with the gateway’s WAN1/WAN2 IP address. As a layer 3 routing gateway, LAN-to-LAN traffic passing through the gateway can also be bridged or routed and can be controlled by outbound firewall rules as well.
In this mode, the EnGenius Security Gateway acts as a layer 2 bridge that does not perform any routing or network address translation for client outbound traffic for Internet access. This mode is usually used when you want to put the EnGenius Security Gateway between a customer's existing external NAT device and an internal L2/L3 switch. And you want to deploy EnGenius Security Gateway to provide firewall filtering and VPN services without changing the existing IP subnet address planning.
EnGenius Security Gateway can support dual WAN(WAN1/WAN2) configurations for dual WAN load balance and redundancy. Below are the WAN1 configuration settings. For the connection type, the Interface can be configured to DHCP to dynamically obtain an IP address or to static IP to manually configure the IP address or to use PPPoE to authenticate the gateway to an Internet Service Provider (ISP)
Name: the WAN Interface Name
DHCP: When you select DHCP, the gateway will automatically configure its IP address, subnet mask, and default gateway for the WAN interface.
PPPoE: Point-to-Point Protocol over Ethernet (PPPoE) is a specification used to authenticate a networking device to an Internet Service Provider (ISP). Selecting PPPoE will allow you to enter the following information:
Username: Enter the username associated with your ISP. This is a required field.
Password: Enter the password associated with your ISP. This is a required field.
DNS Server: you can choose the DNS server from ISP or use Google Public DNS (8.8.8.8) or specify nameservers entered in the Primary DNS and Secondary DNS.
EnGenius Security Gateway can support dual WAN(WAN1/WAN2) configurations for dual WAN load balance and redundancy. To deploy dual WAN configuration, you have to enter the following WAN2 settings. After WAN2 is enabled and settings configured here, the WAN2/P3 port will act as the WAN2 port.
Primary WAN Interface: either WAN1 or WAN2 can be selected as the Primary WAN Interface in a dual WAN configuration deployment.
Load Policy:
Failover: When both WAN1 and WAN2 are up, only the Primary WAN is active for inbound and outbound services. If the Primary WAN is down, automatic WAN failover will occur then the other WAN will take over and become active for services.
Load balance: For inbound services, the usage and restriction are the same as Failover. for the client's outbound Internet access traffic sessions, when both WAN1 and WAN2 are up, both WAN1 and WAN2 are used for outbound connections. The session load balance distribution algorithm is based on WRR(Weighted Round Robin) using WAN1/WAN2 upload bandwidth.
Cellular networks are high-speed, high-capacity voice and data communication networks with enhanced multimedia and seamless roaming capabilities for supporting cellular devices. With the increase in popularity of cellular devices, these networks are used for more than just entertainment and phone calls. They have become the primary means of communication for finance-sensitive business transactions, emergency services, etc. WAN connectivity options, such as cellular networks, now also serve as a reliable backup internet uplink in the event of a primary uplink failure. You can plug in the USB modern in the EnGenius Gateway and configure the following settings.
SIM PIN: Enter the Security Code on the SIM to prevent unauthorized use of the card.
Dial on Demand: Only connect when traffic is sent over the interface.
Idle timeout: If there is no traffic on the interface for the given minutes, the gateway will disconnect the link.
We offer the EnGenius Security Gateway that supports Dynamic DNS (DDNS) service by default. With this feature, users can have a hostname associated specifically with the ESG WAN interfaces. ESG uses Dynamic DNS (DDNS) to update a registered DNS hostname A record automatically each time its Primary WAN IP address changes. This feature is useful because it allows the administrator to configure applications such as client VPN to access the EnGenius Gateway by its hostname which is static instead of an IP address that may change over time. When the Primary WAN is down, EnGenius Security Gateway will use the public WAN IP of the other WAN for DDNS update.
DDNS Enable: click the button to enable/disable the DDNS service.
DDNS Providers: Select your DDNS service provider from the pull-down menu, if your DDNS service provider is not in the list, please select Custom
Username: input your registered username
Password: input your registered password
VLAN id: Enter the VLAN id from 1-4094.
ISP Bandwidth: you should check with your ISP (Internet Service Provider) for the actual Download/Upload bandwidth. The ISP Bandwidth is used in WAN link utilization and dual WAN outbound sessions load balance calculations.
Hostname: input your registered DDNS FQDN hostname
Enter other required information from your DDNS Service Provider
(DS-Lite / MAP-E / IPIP)
This section describes how to configure IPv4 over IPv6 settings after selecting WAN1 as the connection interface. The EnGenius Gateway supports tunneling technologies such as DS-Lite, MAP-E, and IPIP to enable IPv4 communication over IPv6-based ISP lines.
In certain broadband environments, such as those provided by Virtual Network Enablers (VNEs), IPv4 connectivity is delivered over IPv6 infrastructure using tunneling technologies like MAP-E and IPIP (IP-in-IP). One widely used implementation of this model is commonly known as **v6plus**, which has been adopted by multiple ISPs to support high-speed access while preserving legacy IPv4 services.
Key characteristics of VNE-based IPv4 over IPv6 deployments include:
- IPv4 access via MAP-E or IPIP - Optional static IPv4 assignment (typically with IPIP) - Integration with DDNS and authentication mechanisms - Routing and tunnel management handled by the VNE infrastructure
After selecting WAN1 under Configure > Gateway > Interfaces > WAN, choose a connection type:
- IPv4 over IPv6 (DS-Lite) - IPv4 over IPv6 (MAP-E) - IPv4 over IPv6 (IPIP)
For DS-Lite, configure the following parameters:
MAP-E is a stateless tunneling method and does not require manual configuration.
For IPIP-based deployments, select a VNE type: v6plus or Xpass. Each has distinct parameter requirements.
Under Configure > Gateway > Interfaces > LAN > Addressing, enable IPv6 using one of the following options:
- Disable - Auto (DHCPv6-PD) - Auto (IPv6 Relay)
Both IPv4 and IPv6 addresses will display in:
- Manage > Gateway List - Manage > Gateway Detail
Fixed to “From ISP”.
Field
Description
BR / AFTR Address
Required. Provided by ISP.
DNS Server
Fixed to “From ISP”.
Field
Description
DNS Server
Fixed to “From ISP”.
Field
Description
BR / AFTR Address
Required. Provided by ISP or VNE.
IPv4 Address
Required. Static IPv4 address.
Interface ID
Assigned by v6plus.
Update Server URL
Provided by provider.
Username / Password
Optional, depending on ISP.
DNS Server
Fixed to “From ISP”.
Field
Description
BR / AFTR Address
Required. Provided by ISP.
IPv4 Address
Required. Static public IP.
DDNS Update Server URL
Required. Provided by Xpass.
Basic Auth ID / Password
Provided by Xpass.
FQDN / DDNS ID
Assigned hostname.
DDNS Password
Provided by Xpass.
DNS Server