Back

Notes on Cradlepoint NetCloud Configuration

  • Cradlepoint (CP) says best way to update configuration is always via netcloud manager (NCM): https://www.cradlepointecm.com/
  • When you do updates to the configuration via the NCM, you also need to commit your changes:

img

It is also a very good idea to View Pending Changes before committing, especially if you do not have physical access to the router.

Update firmware via NCM

  • create a new group for all affected routers. Add routers to group. img

  • Select the group and go to NetCloud OS dropdown and pick the firmware version you want to have installed.

Set up your new SIM card

In the table in the Connection Manager, select your modem (associated with SIM card) from the table

img.png

Edit the device (double-click) and enter the information associated with the Access Point Name (APN)

img.png

Configure LAN

  1. Delete or Disable the Guest LAN
  2. Edit the Primary LAN and change the subnet

img.png

Make IP Reservations

Networking > Local Networks > DHCP Server

Add reservations to the following table as such:

img.png

Make Entry into local DNS table

Networking > Local Networks > DNS Servers

Add entries into the Known Hosts Configuration table as such:

img.png

Hostname can be whatever you like.

Set up Port Forwarding

Security > Zone Firewall > Port Forward & Proxy

Add rules to the following table as such:

img.png

Set Up Internet Firewall

Security > Zone Firewall > …

  1. Create a new filter policy called Andes Remote Access under the Filter Policies section. Add a new rule for controlling what is able to access the LAN via WAN:

img.png

** Note: For the host identities, you can specify IP ranges such as 205.125.0.0/16 **

  1. Add a new rule for denying everything else:

img.png

Back in your new policy, the order of the rules is very important as they will be applied in incoming traffic in that order. For example, if your deny everything else group is before the allow rule, there will be no access to the CP from the WAN.

Here is how things should look, approximately:

img.png

  1. Under the Zone Forwarding section, assign the new policy to traffic moving from WAN to Primary LAN as such:

img.png

Control access to the Web from within LAN

Security > Web Access Filtering > Network Web Filter Rules

Check off the “Enable web filtering” checkbox and then save.

img.png

To permit certain hosts on the network to access the web, you can add their MAC addresses here:

img.png