All the modules related to external applications / tools / devices and interfaces.
Account printers are three button printers to easily generate and print vouchers.
Make sure the printer is configured correctly and is able to contact the gateway. Enable the service, choose the correct (TCP) port and fill in the printer IP address. Add the printer IP address and port number (in TCP) to the firewall, otherwise communication will get blocked using defaults. If the printer is connected using a subscriber network you have to activate the printer first. (see Activate subscriber - because the printer cannot authenticate itself).
You can simply add or edit a printer by using the respective buttons in the printer overview. You need to configure the printer IP and how many times a voucher needs to be send to the printer. To configure functionality behind one of the three physical buttons, choose the respective button (A, B or C) and configure the details.
Captive.net is a centralized authentication platform hosted in the cloud. By using this feature, the local portal and database will no longer be used to authenticate clients. Instead the gateway will redirect clients to the cloud before they are activated on the local gateway.
Captive.net also provides dynamic reports, marketing campaigns, an easy to use portal editor, a variety of authentication mechanisms, … See https://captive.net for more information.
Before configuring your gateway to use Captive.net, make sure that you have a valid Captive.net admin account and admin domain. Please contact your reseller if this isn't the case.
Enter your admin domain and credentials and press Next. The next step will show you what will be applied on your gateway. Additionally you can choose to add your gateway to the Captive.net platform (will only be shown if the WAN MAC is not yet found on the Captive.net platform). Press next to apply the configuration. New clients will now be redirected to the cloud platform for authentication.
To use the internal portal and database again, you need to remove the Captive.net RADIUS profiles from the guest authentication module (Service → guest authentication) and the Captive.net redirect portal (Layout → portal page → rules).
When the system is running in authentication or mixed mode you can let external guest networks join this gateway. This gateway will act as authentication server while client traffic is still handled by the external gateways. Make sure you configure the
System → Settings to reflect to correct system state [todo: gateway/auth]
Add the IP address and login credentials of the gateway holding the guest networks you want to add. If the gateway is added and connection towards the device is successful you will see an additional icon to view all guest networks. Check the guest networks which should redirect clients to this gateway for authentication and press save. The joined guest network will now redirect all clients to the IP address which was used to reach the external gateway. This IP address can be viewed/changed by going to network→ network configuration → click edit on the guest network → virtual section on the external gateway.
The gateway is compatible with a range of credit card clearing houses and PayPal, these services can be used to automatically charge for Internet access without any other user intervention. The client can buy a package for the price configured in the billing plan and will automatically be logged in afterwards.
Note: The credit card option will only be available on the portal page when credit card or PayPal is enabled in the payment section of the portal rules.
This feature is deprecated.
There is an option to enabled or disable the (optional) module. The option invoice allows the client to receive an invoice for the payment via e-mail. See general settings for more configuration options.
The gateway is compatible with several credit card clearing houses. Select the credit card clearing house from the drop down list. There will be several configuration option that need to be entered depending on the chosen clearing house. These details should have been supplied to you by the clearing house.
This facility is deprecated. Contact support for a PayPal implementation using the newer Custom Clearing House facility.
PayPal is a popular payment service, clients can buy packages with their PayPal account or also without PayPal account and just a credit card.
This requires adding paypal.com to the Walled Garden in order to function.
Instead of using one of the predefined clearing houses you can add your own, an API of the clearing house is required to know the exact flow and variables. The following can be configured:
This is the form that will be sent to the clearing house (and also the customer redirection to the payment page). All values (operator applied!) are saved and can be used in the clearing house answer.
|characters are used for variables generated by the system, these can be||portal_url||(example: http://login.fdxtended.com),||order_id||,||amount||and||currency|
The answer is the status of the payment that is being sent from the clearing house to the gateway. This answer should be returned to https://[gateway public IP]/creditcard/cc_notification.php, it is possible this URL needs to be specified in the submit fields or in the clearing house settings, without this URL the HSMX gateway will never be informed of success or failure of payment.
Order identification An unique Id has to exists to match the submit fields (request) and answer, therefore the orderId has to be in the submit fields so the clearing house can return this value in the answer. Here you can specify in which variable the clearing house sends back the orderId.
Flow The flow is how the system will check the incoming answer and can be fully customized. An incorrect check however can lead to creation of accounts while payments were rejected. % characters are being used to indicate return variables from the clearing house, for example %amount% || characters are being used to use variables that were sent to the clearing house (the ones created in Submit fields including the operation), for example: ||amount||
The LDAP (Lightweight Directory Access Protocol) module allows the system to connect to an external LDAP server to authenticate administrators and subscribers.
In this section you can add / update and delete LDAP server connections.
This are the rules that will link a group profile to an external administrator. The rules are being read from top to bottom so the first rule that matches will be applied. You can change the order by dragging the number in the sort column.
If the returned attribute (ou) matches “pos” we will login the administrator with the rights of group1
This section is identical to Access control rules besides the fact it used to authenticate subscribers rather then administrators of the system. When a subscriber authenticates, depending on the rules, a package will be created with the configured billing plan.
The PMS module is an optional module of the system. It connects the gateway to a PMS (property management system), this way the gateway retrieves all guest details of the hotel and it can also charge the guest folio.
There are three basic access methods available for FIAS: Serial, IP and Agent. Each access method is available in basic or advanced mode. The difference between basic and advanced:
When the system is licensed for multiple PMS connections two additional options are shown:
Defaultentry sets a PMS connection as the default fallback.
You can select the fields that the guest has to enter to authenticate. We have three sections, room known (and checked-in), room unknown, room shared.
User definable fields can contain any value that is available in the PMS to be used for identifying the guests (e.g. loyalty membership number).
Tip: to enable all ten user definable fields from the PMS specification, enable
Show extra definable fields under
No post options.
The error message shown when a subscriber tries to sign onto a checked-out guest account.
Here you can specify how strict we check the input of the guest against the PMS database. This overcomes problems with input and difficult guest names or special characters causing problems. You can create multiple policies and you can assign a policy per PMS field and / or set a default policy for all fields.
For example if we mandate the first four characters of the name should match and we strip spaces, dashes and quotes. The PMS database contains
O' Donald which becomes
odonald. The subscriber logs-on with
O'donnald processed becomes
odonnald, the first four characters match so we assume it's the right user.
Depending on the selection in the first tab you will see different options here.
Tips: configure the
FIAS warning setting to receive an alert when the PMS communication has been down for longer than a specified period. Set the source e-mail/name and recipient (multiple recipients should be comma seperated), the subject and text body. Don't forget to configure System SMTP Settings).
An agent can be configure to forward all incoming guest data to an external authentication system. There is a listener and a sender, the listener waits for requests while the sender sends updates whenever we receive an update from the PMS. Communication can be encrypted.
Configuration of the different RADIUS profiles. The RADIUS profiles can be configured in the subscriber (LAN) network in the AAA section (see AAA)
Name: Name of the RADIUS server Type: (PAP - CHAP - MS-CHAPv1/2) Authentication server IP: IP address of the RADIUS server Authentication server port: Port used for the RADIUS authentication requests Accounting server port: Port used for the RADIUS authentication requests RADIUS secret: Secret for communication between this NAS and the RADIUS server. NAS identifier: Identifier to identify the connection of our subscribers on the RADIUS server Time-out: Amount of retries
Overwrite WAN IP (optional): This will disable the auto detection of the WAN IP in the RADIUS requests made. MAC (mandatory if Overwrite WAN IP option is used): MAC address of the system, can be found in Network configuration.
The HSMX gateway supports several standard RADIUS attributes to set connection specific parameters as well as several WISPR attributes.
Enable SNMP when you want to retrieve certain OS values from the system. The gateway can send traps on certain system events, MIB for the SNMP traps is available in the web interface as download (see also: howto remote monitor HSMX using SNMP).
UMS or User Management System is a free Windows based program to create vouchers. You need to enable the UMS server here to make sure the program can contact the HSMX gateway. You can choose to allow all IP's or just a few. If specified only these IP addresses will then be able to use the UMS server, otherwise every source IP address is welcome to partake.
HSMX provides an XML interface which can be used to automate tasks. To make use of the XML-API make sure to enable the service first. Once enabled the service needs to be configured to accept requests from certain source IP addresses; enable
Allow any IP or enter an IP address in
XML server IP 1 (or 2, 3).
You can configure a radius server if you wish to override the regular configuration, which can be found at
Guest Authentication under