The client page allows the Admin to setup new clients and configure existing clients from a central location. Each client configuration is saved as its own template and can be re-used for future clients.
Quick setup is designed to allow Admin's to configure new client devices in seconds. With quick setup, the Admin enters the new client device name, serial number, selects an existing client configuration, sets the client device username/password, selects the clients primary/secondary Gateway server, and then click apply. The Gateway server will then add that client device to its network and push the configuration to the client device.
The client device automatically updates its settings as soon as it receives an Internet connection.
Client Name: Every client device requires a unique device name. This name will also become the device client configuration template name.
Client Serial: The client serial number is a 16 digit number found on the physical client device. The admin can save the configuration as a configuration template without the client serial number; however, the client serial must be entered to activate a client device.
Client Configuration: The client configuration selection allows the admin to copy other client configuration templates on the new device. A new configuration sets the device with the default settings.
Local Login: Each client device also has a local UI which is primarily available for local troubleshooting. The local login section allows the admin to set the username/password for the local UI.
Primary/Secondary Gateway Server: The Gateway server acts as both a controller and WAN aggregator. The admin must select at least a primary gateway server for each client device.
Network settings of the client device can be modified in the network settings. These settings control how the device will connect and route traffic both locally and externally.
LAN Configuration: By default the client device automatically creates its own private LAN. The admin can modify the LAN subnet and device IP address by switching to manual mode and entering the desired LAN settings.
DHCP Server: Client devices are capable of running their own DHCP to provide downstream clients with IP addresses. If manual is selected then the admin sure ensure that the leased IP addresses are within the LAN subnet and the IP's do not overlap with the client device IP address.
Secure Multi-Site: Clients using the same gateway server automatically create secure AES-256 tunnels to allow for private communications with remote networks. Multi-Site must be enabled for this feature to work. The Multi-Site ID can be modified to accommodate all types of IP subnet structures.
Traffic Routing: Gateway clients support two different types of traffic routing. Aggregate routing virtualizes all WAN connections into a single WAN and the traffic exits the Gateway aggregation server into the local Internet. Standard routing has traffic exit through the local ISP's network.
The interface section allows for granular control of each interface on the client device. Clients may have both wired and wireless interfaces. Both interface types can be modified in this section by clicking on the triangle in the left hand column.
Interface State: The admin can enable or disable specific interfaces. Once disabled, the interface will not pass any traffic even if a physical connection is made.
Connection Type: Each interface can be set as either a Internet connection (WAN) or a Local connection (LAN).
Network Mode: If DHCP is enabled, then the interface will try to get an IP address from the upstream router for WAN connections and it will provide downstream devices with a DHCP IP address for LAN connections. Static mode follows the same pattern except the network settings are defined below instead of through DHCP.
IP Address: This is the statically assigned IP address of the interface.
Subnet Mask: This is the statically assigned subnet mask for the interface.
Router/Gateway: This is the statically assigned gateway for the interface.
Advertise Routes: Each interface can advertise routes independently. Once added, traffic from advertised routes will automatically point to its interface.
The SD-WAN section enables the admin to configure how multiple Internet (WAN) connections should operate. Each connection can be configured for a unique purpose depending on the network requirements. SD-WAN rules are configured by first selecting the SD-WAN action, then selecting which traffic it should apply the action, and finally selecting which WAN interfaces should have the rule applied. SD-WAN rules listed at the top of the table will have the highest priority.
SD-WAN Action: Clients support four SD-WAN actions (failover, load balance, aggregate, and local exit).
Traffic Type: The admin can elect to apply rules only for specific types of traffic. Thunder supports granular application by category, domain, or traffic type.
WAN Interface: The WAN Interface drop down lists all the interfaces that could be selected for a given SD-WAN rule.
The Cyber Security section is designed to ensure each client device is protected against internal and external threats including ransomware, malware, trojans, worms, spyware, and viruses. Cyber security definitions are updated every 5 minutes to ensure each device is protected against the newest threats.
Anomaly Detection: An on agent service runs in the background and identifies network anomalies. New anomalies are reported back to the admin to investigate.
Download Verification: Files are scanned prior to being downloaded.
Web Protect: This is a Domain based security designed to protect devices from navigating to malicious domains.
Advanced Firewall: IP based security definitions that auto updates to protect devices from known IP threats.
FIREWALL & NAT
The Firewall & NAT section allows the admin to enter custom IP rules for each client device. These rules can be applied both for the internal and the external network.
Priority: This sets the rules priority level. The client device applies firewall/NAT rules based on priority.
Rule Name: The admin must set a custom rule name for each rule.
Network Type: This allows the admin to setup rules for specific network types. The network options are WAN traffic, LAN, Load Balance, Private Tunnels, Aggregate, and Failover.
Direction: Admin can select the rule to apply for a specific traffic direction (i.e inbound/outbound).
Protocol: Apply the rule only to specific protocols (i.e TCP, UDP)
Action: Select the rule action (i.e. accept, drop, sourceNAT, desNAT)
Source + Destination IP Address: Admin can specify the IP address/range for the new rule. The acceptable formats are single IP address (184.108.40.206), IP with Port (220.127.116.11:11) IP Range (18.104.22.168/29), IP Range with Port Range (22.214.171.124/29:10-1000) or any combination.
The content filter is designed to enable customized experiences for each client device. The admin to can filter content based off category, domain, IP, or web reputation. Thunder has over 20M domains that have been categorized into 80+ categories.