HSA-500-L2 SD-WAN Multi-WAN bonding Router with 4G Dual Sim, 4G Bonding , 11AC wifi and Captive Portal Hotspot
HSA-500-L2 SD-WAN, Multi-WAN Bonding with 4G Dual Sim ( Dual LTE Modules) Router
HSA-500-L2 SD-WAN Router combines a full suit of advanced cloud networking, security and WAN connectivity features to form an end-to-end WAN solution for large enterprises to connect remote branches/outlets securely and resiliently, particularly as a more cost-effective alternative to traditional MPLS or VSAT solutions.
The key features of SD-WAN solution include below:
- Flexible connectivity options to any WAN technologies, eg. fiber Internet, PPPoE, Single/Dual LTE, MPLS, Metro-Ethernet
- Multi-WAN load balancing for high resiliency
- Multi-VPN protocol with dual/multiple VPN bonding for better security and higher WAN capacity
- Multi-VLAN for traffic separation for local devices sharing the same connectivity with different security policies
- Dynamic routing (OSPF & BGP) for auto fail-over and intelligent path selection
- QoS for traffic prioritization
- Policy-based routing for more granular traffic control
- Advanced "Ethernet over SSLVPN" for seamless network expansion
- Built-in dual-band AC Wi-Fi to offer guest hotspot access with monetization opportunity for retail outlets
- mfusion cloud platform for central network visibility and control
With all above features packed into a powerful platform, customers or service providers enjoy the benefits of
- easy to deploy, easy to configure, easy to operate
- cost effective
- higher resiliency
- better security
Built for speed. HSA-500-L2 SD-WAN Router utilizes the fastest wireless standards today to bring about an enjoyable Internet surfing experience to guests connected to this hotspot. To avoid channel congestion which may degrade the experience of guests, HSA-500-L1 is also capable of 4G Dual Sim, dual-band 2.4GHz/5.0GHz WiFi access as well. The following features further enhances the performance of HSA-500-L1.
- SD-WAN Router
- Multi-Core Processor
- 500Mbps throughput
- Dual 3G/4G Sim ( Active : Active)
- Multi WAN (4 WAN, WAN Bonding)
- 4x 5dBi MIMO antenna
- Gigabit WAN/LAN ports
mbox HotSpot Access (HSA-500) is an integrated Wide Area Network (WAN) appliance designed for retail or small networks, with all essential enterprise features, incorporating advanced networking & security technologies, TCP/IP routing, Multi-WAN bonding, firewall VPN/QoS, and dual-band Wi-Fi, all packed into a powerful appliance. mbox’s “zero-config” feature enables speedy onsite deployment without the need of any certified network engineer, while its cloud management capabilities enables Managed Service Provider (MSP) to massively manage and monitor all deployed mboxes at fingertips.
What HSA does?
- Connects offices to any WAN (Internet/MPLS/LL/ME)
- Balances multiple ISP links with auto failover
- Multi-homes critical networks with BGP and VRRP
- Prioritizes critical applications or VIP users
- Encrypts business transactions using secure VPN
- Monetises Wi-Fi infra through advertising engines
What’s so special about HSA?
- Powerful WAN gateway with high scalability
- Monetization Wi-Fi appliance for maximum returns
- Zero-config deployment with mfusion integration
Who need HSA?
- Providers who need to deploy and manage massive
remote CPE at ease - Organisations who need resilient Internet services
from multiple ISPs for maximum speed and uptime - Retail and F&B outlets which need secure VPN tunnels
back to HQ/DC networks
SD-WAN solution
The key features of RansNet SD-WAN solution include below:
- Flexible connectivity options to any WAN technologies, eg. fiber Internet, PPPoE, Single/Dual LTE, MPLS, Metro-Ethernet
- Multi-WAN load balancing for high resiliency
- Multi-VPN protocol with dual/multiple VPN bonding for better security and higher WAN capacity
- Multi-VLAN for traffic separation for local devices sharing the same connectivity with different security policies
- Dynamic routing (OSPF & BGP) for auto fail-over and intelligent path selection
- QoS for traffic prioritization
- Policy-based routing for more granular traffic control
- Advanced "Ethernet over SSLVPN" for seamless network expansion
- Built-in dual-band AC Wi-Fi to offer guest hotspot access with monetization opportunity for retail outlets
- mfusion cloud platform for central network visibility and control
- easy to deploy, easy to configure, easy to operate
- cost effective
- higher resiliency
- better security

Access layer (HSA)
The Access layer is powered by our HSA appliance (HotSpot Access). It sits at each remote network as a CPE device to connect to different WAN technologies, eg. Fiber, MPLS, VSAT, PPPoE, or LTE. It's capable of connecting to multiple WAN options, at the same time with load balancing and auto fail-over. It has 4 x GE LAN ports to connect local devices and if there are more devices, we can simply extend with a typical LAN switch.

WAN Distribution layer (CMG)
The WAN distribution layer is powered by Cloud Managed Gateway (CMG). The CMG acts as VPN concentrator to terminate SSLVPN tunnels with remote HSA. The CMG runs OSPF inside the SSLVPN tunnel to learn remote routes; it runs BGP with core routers to learn upstream (core) routes. It then redistributes BGP into OSPF for the remote HSA to learn routes for core networks; and redistributes OSPF into BGP for core network to learn remote networks. So the CMG forms a very important aggregation layer between the core and remote networks.
If we need to support large amount of remote sites, it's recommended to use multiple virtual CMG hosted on typical hypervisor (VM-Host), eg. VMWare, KVM, etc. Then split remote HSA into multiple groups to tunnel with different virtual CMG.
Typical design guide:
- Min resource per virtual CMG: 4GB RAM, 8 core CPU, 40GB HDD
- Up to 300 SSLVPN tunnels (remote HSA) per virtual CMG. This is to ensure tunnel stability and speed up OSPF routing convergence. It also simplifies operations.
- Up to 100 virtual CMG per VM-Host, with specs of 512GB of RAM, 2/4 CPU, 5TB usable HDD (RAID-10), 2 x 10G interfaces.
Core Layer
The core layer consist of customer or provider core switches or core routers. The core routers form BGP with CMG to learn remote routes and advertises server routes/networks to CMG (redistributed to HSA). It's possible to use any other 3rd-party high performance routers or customer preferred selection of routers, as long as they support standard BGP protocols. But a physical CMG-5000 with 10G interfaces would be a good choice too.
mfusion cloud
The mfusion platform can be a VM or physical server sitting in the cloud, or any location/networks that are reachable by both CMG and HSA.
The mfusion provides below key functions
- remote configuration provisioning for both HSA and CMG. This empowers zero-touch configuration for HSA. Once the device is on-line, it auto "call-home" back to mfusion to push its configuration provisioned by NOC engineers remotely, without the need for any certified engineers onsite.
- firmware and patch management. If needed, firmware or software patches can be remotely pushed by mfusion to target HSA.
- real-time monitoring, alerting and scheduled historical reporting.
Hotspot over SD-WAN
This design leverages on our SD-WAN device (HSA-500) to extend its Wi-Fi capability to offer staff or guest WiFi.
The HSA-500 comes with full suit of SD-WAN features, including Multi-WAN connectivity support, load balancing, VPN bonding, optional Dual LTE SIM, dynamic routing etc, at the same time it comes with 802.11ac wave 2 Wi-Fi capability with built-in hotspot access controller, capable of redirecting guest Wi-Fi users to external captive portal for authentication.
HSA-500 is an ideal all-in-one device for multi-purposes for a retail outlets.
Target environments:
- Retail outlets
- F&B chains
Features:
- Redundant WAN with bonding (active/active, or active/standby)
- Multiple LAN ports for local terminals (eg. POS, IPT, PC, etc).
- Secure VPN tunnel as alternative to traditional MPLS
- Integrated Wireless 802.11b/g/n/ac for guest WiFi and monetization
- Social media integration to capture guest profiles
- CRM/POS integration for premium Wi-Fi
- WiFi user data analytics and database collection
- Landing page and in-session ads streaming
- POS traffic will route through VPN tunnel
- Guest Wi-Fi traffic will local breakout
- Stateful firewall inspection for perimeter security protection
- Integration with mfusion for central management and monitoring