Routing / Firewall

The Ewon gateway possesses two communication interfaces: a LAN and a WAN.

The WAN interface of the Ewon gateway can be either the Ethernet WAN, the cellular modem or the Wi-Fi modem.
If The Ewon gateway is connected to a VPN server, then a third interface - the VPN interface - is added.

The Ewon gateway acts as a router and as such, embeds several features to allow interaction between the WAN, VPN and LAN interfaces.

Routing features

NAT features

  • NAT on LAN (called Plug'n Route): it allows a PC connected to the VPN or WAN interface of the Ewon gateway to reach other Ethernet devices connected to the LAN interface of the Ewon gateway.
  • NAT on WAN: it allows the Ewon gateway to act as an Internet router
  • NAT on VPN: dedicated for special routing requirements inside VPN network.

Proxy table

A table of 10 entries is available to configure the port forwarding of the Ewon gateway to Ethernet devices which are connected to the LAN interface of the Ewon gateway.
For the external interface you can select between VPN, WAN , PPP incoming.

NAT 1:1 table

The NAT 1:1 is a submodel of NAT which maps an internal address (LAN) to one external address (WAN or VPN). So for every entry inside the NAT 1:1 table, the Ewon gateway will create a new virtual IP address on its WAN or VPN interface and everything happens as if the LAN device is part of the WAN or VPN network

A table of 10 entries is available to configure NAT 1:1 to reach Ethernet devices behind the Ewon gateway.

Security features

To block unwanted traffic on the WAN interface, you can choose what type of connection you want to allow on the WAN interface of the Ewon gateway.

To protect the network of the Ewon gateway's location, the Ewon gateway has also an option to block IP forwarding from LAN or VPN interface to the WAN interface.

For a Talk2M connection, the standard settings for the security options are:

  • WAN Protection level = discard all traffic except VPN
  • WAN IP Forwarding = disabled

However, some routing features listed here above, for example NAT on WAN, requires a modification of these settings.