Industrial Secure WLAN Controller Centralized medium-scale AP management
  • Centralized AP management and multi-level connections up to 150 manageable access points
  • Virtual service zone management by user group, security profile and etc.
  • Authentication, Authorization, Accounting (AAA) support
  • Dual-WAN Load Balance and Failover
  • Data tunnel security by Intranet local IPSec VPN, Internet Remote Client PPTP VPN, Site-to-Site VPN
  • QoS and WMM Traffic Types support for Voice, Video, Best Effort and Background

The IWF 8405 industrial Secure WLAN Controller is an ideal security solution for medium-scale industrial WLAN deployments. The IWF 8405 integrates “secure access control”, “ user account provisioning”, “centralized WLAN management” , even “flexible accounting and billing” into one box to provide simplified manageability and instant mobility. With more powerful hardware, IWF 8405 is capable of centrally managing 150 access points to cover a wider service area in a medium network.

Secure Networking under Central Management

IWF 8405 is suitable for industry in managing their wired and wireless network access uniformly. The network access of users from different departments and the access of guests can be segregated in different Service Zones. When needed, IWF 8405’s Local, Site-to-Site and Remote VPN tunnels can be used to further secure the information flows for business.

For multi-site Manufacturing facilities, Network deployment and management is always challenge to IT manger, IWF8405 makes it easy to quickly deploy and offer wireless Internet service. IT manager can centrally manage all the access points connected to the IWF 8405. Also, remote firmware upgrade can be done through IWF 8405. Security policy and user groups can be pre-defined in Virtual AP profile and applied to the access points through IWF 8405.

Support NAT or Router mode
Support Static IP, DHCP, PPPoE mode on WAN interfaces and PPTP (WAN 1 only)
Choose freely which LAN is authentication-enabled LAN
Support NAT:
(1) IP/Port destination redirection
(2) DMZ server mapping
(3) Virtual server mapping
(4) H.323 pass-through
Supports email service via designated email server
Built-in with DHCP Server and support DHCP relay
Support walled garden (free surfing zone)
Walled Garden Ad List that enables advertisement website links on user login portal page
Support MAC-address and IP-address pass-through
Support HTTP Proxy
Support IP Plug and Play (IP PnP)
Support configurable static routes
Support dual uplinks, outbound load balancing and failover for more reliable Internet connection
Support SIP pass-through NAT
Support Ethernet connection to external terminal servers
Port location mapping features for working with DSLAM and VLAN switches
Dynamic Routing Protocol: RIP, OSPF, IS-IS
Seamless L2/L3 Roaming
System Administration
Support web-based management user interface
Provide customizable login and logout portal page
SSH remote management
Remote firmware upgrade
NTP time synchronization
Menu driven console management interface
Utilities to backup and restore the system configuration
Built-in root CA and centralized certificate management
Monitoring and Reporting
Status monitoring of on-line users
IP-based monitoring of network devices
Uplink (WAN) connection failure alert
Support Syslog for diagnosis and troubleshooting
User traffic history logging
Traffic history report via email to administrator
Users’ session log can be sent to FTP or Syslog server
Graphical system report
User Management and Access Control
Support 6,000 local accounts and 6,000 on-demand accounts
Provide on-demand accounts for visitors
Support Local user account roaming
Authentication methods supported: Local and On-demand accounts, POP3, LDAP, RADIUS, Windows Domain, and SIP authentication
Single-Sign-On for Windows Domain
Allow MAC address and user identity binding for local user authentication
Support MAC Access Control List
Support auto-expired guest accounts
Users can be divided into user groups, each user group has its own network properties, including bandwidth, QoS, accessible service zones, and other privileges
Support QoS and WMM traffic types: Voice, Video, Best Effort and Background
Each group (role) may get different network policies in different service zones
Max concurrent user session (TCP/UDP) limit
A setting for user-idle-timeout
Configurable user Black List
Export/ Import local users list to/ from a text file
Support local IPSec VPN tunnels
Support PPTP VPN tunnels
Support site-to-site VPN tunnels
Support VPN pass-through (IPSec and PPTP)
Built-in DoS attack protection
Service Zones
The network is divided into maximum 9 Service Zones, each defined by a pair of VLAN tag and ESSID
Each service zone has its own
(1) login portal page
(2) authentication options
(3) LAN interface IP address
(4) DHCP address range
Each service zone allows access to the selected groups
Each service zone assigns a network policy to each user group
WISPr support per service zone
AP Management
Manage up to 150 x Nexcom AP in both Local and Wide Areas AP management totally
Monitor 3rd party non-integrated AP: up to 200
Centralized remote management via HTTP/SNMP interface
Auto discovery for managed APs
Enable or disable APs easily via user interface
Templates for managed APs
Monitoring managed AP for its status, the number of associated clients, and RF information Upgrade managed APs centrally, including bulk upgrade
Rogue AP detection and AP load balancing
Tunneled AP management over internet for NEXCOM Wi-Fi AP Family
Graphical AP statistics display
Accounting and Billing
Support local on-demand and external RADIUS server
Contain 10 configurable billing plans for on-demand accounts
Support credit card billing system by Authorize.net ,PayPal, SecurePay, and WorldPay
Provide session expiration control for on-demand accounts
Provide detailed per-user network traffic history for both local and on-demand user accounts
RADIUS VSA implementation for volume-based session control using RADIUS server
Support automatic e-mail to report network traffic history
Support middleware connection to Property Management System (PMS)
Hardware Specifications
WAN Ports: 2 x 10/100/1000 BASE-T RJ-45
LAN Ports: 4 x 10/100/1000 BASE-T RJ-45
Console Port: 1 x RJ-45
LED Indicators: 1 x Power, 1 x Status, 1 x HDD
LCD Display
Physical and Power
Power Adapter: 100~240 VAC, 50/60 Hz
Form Factor: 19” 1U Rack Mount
Dimensions (W x D x H): 16.77” x 9.29” x 1.75”
(426 mm x 236 mm x 44 mm)
Weight: 12.3 lbs (5.6 kg)
Environment Protection
Operating Temperature: 0 ~40 °C
Storage Temperature: -20 ~ 75 °C
Operation Humidity: 10% ~ 90% (Non-condensing)
Storage Humidity: 10% ~ 90% (Non-condensing)
RoHS compliant
Package Contents
IWF8405 x 1
CD-ROM (User’s Manual and QIG) x 1
RS-232 DB9 to RJ45 Console Cable x 1
Ethernet Cable x 1
Power Cord x 1
Rack Mounting Bracket (with Screws) x 1