HSA-500-L2 SD-WAN Multi-WAN bonding Router with 4G Dual Sim, 4G Bonding , 11AC wifi and Captive Portal Hotspot

HSA-500-L2 SD-WAN, Multi-WAN Bonding with 4G Dual Sim ( Dual LTE Modules) Router


HSA-500-L2 SD-WAN Router combines a full suit of advanced cloud networking, security and WAN connectivity features to form an end-to-end WAN solution for large enterprises to connect remote branches/outlets securely and resiliently, particularly as a more cost-effective alternative to traditional MPLS or VSAT solutions.

The key features of  SD-WAN solution include below:

  1. Flexible connectivity options to any WAN technologies, eg. fiber Internet, PPPoE, Single/Dual LTE, MPLS, Metro-Ethernet
  2. Multi-WAN load balancing for high resiliency
  3. Multi-VPN protocol with dual/multiple VPN bonding for better security and higher WAN capacity
  4. Multi-VLAN for traffic separation for local devices sharing the same connectivity with different security policies
  5. Dynamic routing (OSPF & BGP) for auto fail-over and intelligent path selection
  6. QoS for traffic prioritization
  7. Policy-based routing for more granular traffic control
  8. Advanced "Ethernet over SSLVPN" for seamless network expansion
  9. Built-in dual-band AC Wi-Fi to offer guest hotspot access with monetization opportunity for retail outlets
  10. mfusion cloud platform for central network visibility and control

With all above features packed into a powerful platform, customers or service providers enjoy the benefits of

  1. easy to deploy, easy to configure, easy to operate
  2. cost effective
  3. higher resiliency
  4. better security

Built for speed. HSA-500-L2 SD-WAN Router utilizes the fastest wireless standards today to bring about an  enjoyable Internet surfing experience to guests connected to this  hotspot. To avoid channel congestion which may degrade the experience of  guests, HSA-500-L1 is also capable of 4G Dual Sim, dual-band 2.4GHz/5.0GHz WiFi access  as well. The following features further enhances the performance of HSA-500-L1. 

  • SD-WAN Router
  • Multi-Core Processor
  • 500Mbps throughput
  • Dual 3G/4G Sim ( Active : Active)
  • Multi WAN (4 WAN, WAN Bonding)
  • 4x 5dBi MIMO antenna  
  • Gigabit WAN/LAN ports 

mbox HotSpot Access (HSA-500) is an integrated Wide Area Network (WAN) appliance designed for retail or  small networks, with all essential enterprise features, incorporating advanced networking & security technologies, TCP/IP routing, Multi-WAN bonding, firewall VPN/QoS, and dual-band Wi-Fi, all packed into a powerful appliance. mbox’s “zero-config” feature enables speedy onsite deployment without the need of any certified network engineer, while its cloud management capabilities enables Managed Service Provider (MSP) to massively manage and monitor all deployed mboxes at fingertips.

What HSA does?

  • Connects offices to any WAN (Internet/MPLS/LL/ME)
  • Balances multiple ISP links with auto failover
  • Multi-homes critical networks with BGP and VRRP
  • Prioritizes critical applications or VIP users
  • Encrypts business transactions using secure VPN
  • Monetises Wi-Fi infra through advertising engines


What’s so special about HSA?

  • Powerful WAN gateway with high scalability
  • Monetization Wi-Fi appliance for maximum returns
  • Zero-config deployment with mfusion integration


Who need HSA?

  • Providers who need to deploy and manage massive
    remote CPE at ease
  • Organisations who need resilient Internet services
    from multiple ISPs for maximum speed and uptime
  • Retail and F&B outlets which need secure VPN tunnels
    back to HQ/DC networks


Contact us for Price!!
sales@zcomax.co.uk
  • Weight
    2 kg
  • SKU
    HSA-500-L2

SD-WAN solution 

SD-WAN combines a full suit of advanced cloud networking, security and WAN connectivity features to form an end-to-end WAN solution for large enterprises to connect remote branches/outlets securely and resiliently, particularly as a more cost-effective alternative to traditional MPLS or VSAT solutions.
The key features of RansNet SD-WAN solution include below:
  1. Flexible connectivity options to any WAN technologies, eg. fiber Internet, PPPoE, Single/Dual LTE, MPLS, Metro-Ethernet
  2. Multi-WAN load balancing for high resiliency
  3. Multi-VPN protocol with dual/multiple VPN bonding for better security and higher WAN capacity
  4. Multi-VLAN for traffic separation for local devices sharing the same connectivity with different security policies
  5. Dynamic routing (OSPF & BGP) for auto fail-over and intelligent path selection
  6. QoS for traffic prioritization
  7. Policy-based routing for more granular traffic control
  8. Advanced "Ethernet over SSLVPN" for seamless network expansion
  9. Built-in dual-band AC Wi-Fi to offer guest hotspot access with monetization opportunity for retail outlets
  10. mfusion cloud platform for central network visibility and control
With all above features packed into a powerful platform, customers or service providers enjoy the benefits of
  1. easy to deploy, easy to configure, easy to operate
  2. cost effective
  3. higher resiliency
  4. better security
This section covers a typical SD-WAN scenario. We use a 3-layer design approach.


Access layer (HSA)
The Access layer is powered by our HSA appliance (HotSpot Access). It sits at each remote network as a CPE device to connect to different WAN technologies, eg. Fiber, MPLS, VSAT, PPPoE, or LTE. It's capable of connecting to multiple WAN options, at the same time with load balancing and auto fail-over. It has 4 x GE LAN ports to connect local devices and if there are more devices, we can simply extend with a typical LAN switch.

Through resilient WAN connectivity, the HSA will build dual SSLVPN tunnel to the CMG gateways sitting at WAN distribution layer, for highest resiliency. The HSA advertises it's local LAN network to CMG via OSPF across the VPN tunnels. It's possible to run active-active VPN tunnels, or active-standby tunnel, simply by tweaking OSPF costs, eg. by default if the tunnel cost is the same, OSPF will load balance traffic across both tunnels; else we can increase the OSPF costs over the less preferred (backup) tunnel. Typically if the backup link is less reliable we'd recommend to configure active-standby mode.The secure SSLVPN tunnels can run across any IP networks, through dynamic or static WAN links or even from behind other routers/firewall, as long as HSA is able to reach to CMG across provider networks.


WAN Distribution layer (CMG)
The WAN distribution layer is powered by Cloud Managed Gateway (CMG). The CMG acts as VPN concentrator to terminate SSLVPN tunnels with remote HSA. The CMG runs OSPF inside the SSLVPN tunnel to learn remote routes; it runs BGP with core routers to learn upstream (core) routes. It then redistributes BGP into OSPF for the remote HSA to learn routes for core networks; and redistributes OSPF into BGP for core network to learn remote networks. So the CMG forms a very important aggregation layer between the core and remote networks.
If we need to support large amount of remote sites, it's recommended to use multiple virtual CMG hosted on typical hypervisor (VM-Host), eg. VMWare, KVM, etc. Then split remote HSA into multiple groups to tunnel with different virtual CMG.
Typical design guide:
  1. Min resource per virtual CMG: 4GB RAM, 8 core CPU, 40GB HDD
  2. Up to 300 SSLVPN tunnels (remote HSA) per virtual CMG. This is to ensure tunnel stability and speed up OSPF routing convergence. It also simplifies operations.
  3. Up to 100 virtual CMG per VM-Host, with specs of 512GB of RAM, 2/4 CPU, 5TB usable HDD (RAID-10), 2 x 10G interfaces.
With above design, a hypervisor (VM-Host) can support up to 30,000 remote HSA. For redundancy, we will need two VM-host, to form dual tunnels with the same HSA. It is highly recommended to locate each VM-Host at two different physical locations.

Core Layer
The core layer consist of customer or provider core switches or core routers. The core routers form BGP with CMG to learn remote routes and advertises server routes/networks to CMG (redistributed to HSA). It's possible to use any other 3rd-party high performance routers or customer preferred selection of routers, as long as they support standard BGP protocols. But a physical CMG-5000 with 10G interfaces would be a good choice too.

mfusion cloud

The mfusion platform can be a VM or physical server sitting in the cloud, or any location/networks that are reachable by both CMG and HSA.
The mfusion provides below key functions
  1. remote configuration provisioning for both HSA and CMG. This empowers zero-touch configuration for HSA. Once the device is on-line, it auto "call-home" back to mfusion to push its configuration provisioned by NOC engineers remotely, without the need for any certified engineers onsite.
  2. firmware and patch management. If needed, firmware or software patches can be remotely pushed by mfusion to target HSA.
  3. real-time monitoring, alerting and scheduled historical reporting. 

Hotspot over SD-WAN

This design leverages on our SD-WAN device (HSA-500) to extend its Wi-Fi capability to offer staff or guest WiFi.

The HSA-500 comes with full suit of SD-WAN features, including Multi-WAN connectivity support, load balancing, VPN bonding, optional Dual LTE SIM, dynamic routing etc, at the same time it comes with 802.11ac wave 2 Wi-Fi capability with built-in hotspot access controller, capable of redirecting guest Wi-Fi users to external captive portal for authentication.

HSA-500 is an ideal all-in-one device for multi-purposes for a retail outlets.

Target environments:

  • Retail outlets
  • F&B chains


Features:

  • Redundant WAN with bonding (active/active, or active/standby)
  • Multiple LAN ports for local terminals (eg. POS, IPT, PC, etc).
  • Secure VPN tunnel as alternative to traditional MPLS
  • Integrated Wireless 802.11b/g/n/ac for guest WiFi and monetization

    1. Social media integration to capture guest profiles
    2. CRM/POS integration for premium Wi-Fi
    3. WiFi user data analytics and database collection
    4. Landing page and in-session ads streaming
  • POS traffic will route through VPN tunnel
  • Guest Wi-Fi traffic will local breakout
  • Stateful firewall inspection for perimeter security protection
  • Integration with mfusion for central management and monitoring


Related products

Drop items here to shop
Product has been added to your cart