SG720 configuration

Version 3.1.4u4

How to setup a “Bridge” is at the end….

28-02-2007

© TMSE 2007 1

Front view: network connections

A B CDE Serial

A&B : 10/100/1000 Mb/s

C, D & E : 10/100 Mb/s

© TMSE 2007 2
 Front view: modem connection + Reset

Erase button.
Press 2x with 0.5 sec interval to
reset the router to factory-setting.
modem

© TMSE 2007 3

Connection of the Router

A B CDE

Hospital
Laptop Network
or
CT HUB

© TMSE 2007 4
 Configuration steps 1/2
1. Connect to the Router
2. Network setup:
a. Assign a Toshiba network port
b. Assign a port for the Hospital network
3. Create Firewall Addresses List
4. Create Firewall NAT entries.
5. Control Incoming Access.
6. Make a Backup
7. Set ‘Default Gateway’ on CT, Anet.

© TMSE 2007 5

Configuration steps 2/2

Additional Procedures:

• Create a Firewall Rule for access from outside (in

case of Query & Retrieve SCU or SCP).
• Create a Firewall Rule for every connection to
enhance security.
• Set up a Dial-In connection
• Create a Bridge (for connecting the SP etc.)

- Net mask Information

- Router Configuration Sheet

© TMSE 2007 6
 Collect IP information (example)
Toshiba Net Hospital Net
Router Port A 192.168.0.1
Router Port B 172.26.60.100

CT 192.168.0.101
CT_Hosp 172.26.60.55
Anet 192.168.0.102
Anet_Hosp 172.26.60.56
Ask Hos
pital Net
Don’t
Don’t use
use 192.168.0.1
192.168.0.1 only
only for
for the
the SG720,
SG720, Adminis work
not
not for
for any
any other
other device
device on
on the
the network.
network.
trator

© TMSE 2007 7

1. Connect to the Router

• Set Laptop IP address to: 192.168.0.10

• Connect the Laptop with Router port A.
• Start web-browser and enter 192.168.0.1 in
the address bar.
• First login: root / default
Then specify new password: toshibavpnSG

Note on Modify / Delete icons:

Modify: Delete:

© TMSE 2007 8
 2. Network Setup

This is how a clean system looks at

first power on or after system reset.

© TMSE 2007 9

Loading a preset configuration 1/2

• You can download a preset configuration file from the Service
Net (SG720 default.sgc)
• Load it into the SG720. The preset contains these settings:
– Port A:
• IP address: 192.168.0.1
– Addresses List:
• CT : 192.168.0.101
• Anet : 192.168.0.102
– Incoming Connections:
• LAN: Telnet and HTTP.

© TMSE 2007 10
 Loading a preset configuration 2/2

Choose the file on your laptop

toshibavpnSG

© TMSE 2007 11

2a. Network Setup Æ Port for Toshiba Net

Toshiba Net
A 192.168.0.1 (= default setting)

Hospital Net
B

In the default preset

© TMSE 2007 12
 2a. Network Setup Æ Port for Toshiba Net

fau lt
De
• No changes are necessary for normal use.
In the default preset
© TMSE 2007 13

2b. Network Setup Æ Port for Hospital Net

Toshiba Net
A 192.168.0.1 (= default setting)

Hospital Net
B 172.26.60.100 (assigned by Hospital)
- Firewall Class: Internet

+ Alias 172.26.60.55 (CT_Hosp)

+ Alias 172.26.60.56 (Anet_Hosp)

© TMSE 2007 14
2b. Network Setup Æ Port for Hospital Net

Select
“Direct Connection”

• Use Port B (1 Gb) for the Hospital Network.

© TMSE 2007 15

2b. Network Setup Æ Port for Hospital Net

IP address on Hosp. Net

24 = 255.255.255.0

Select “Internet”.
More subnet mask
information on the last slide.
© TMSE 2007 16
2b. Network Setup Æ Port for Hospital Net

LT
SU
RE

© TMSE 2007 17

2b. Network Setup Æ Port for Hospital Net

Create Aliases for the Hospital port.

e.g.
172.26.60.55
172.26.60.55 (CT_Hosp)
172.26.60.56 (Anet_Hosp)

• This is necessary to make the ‘translated’ Toshiba systems visible

on the Hospital network.
• So, enter here the IP-addresses of CT_Hosp, Anet_Hosp, etc.
© TMSE 2007 18
 Check Network Setup

© TMSE 2007 19

3. Create Addresses List

A list with IP-addresses and Names

© TMSE 2007 20
 3. Create Addresses List

© TMSE 2007 21

3. Create Addresses List

Name IP Address
CT 192.168.0.101
Anet 192.168.0.102
CT_Hosp 172.26.60.55
Anet_Hosp 172.26.60.56
LT
SU
RE

172.26.60.56

172.26.60.55

© TMSE 2007 22
 4. Create NAT entries.

Network Address Translation

© TMSE 2007 23

4. Create ‘1 to 1’ NAT entries.

• Network Address Translation takes care of the
translation of the Toshiba Network address to and
from the Hospital Network address.

Toshiba Net 192.168.0.101

A
NAT
Hospital Net 172.26.60.55
B

© TMSE 2007 24
 4. Create ‘1 to 1’ NAT entries.

© TMSE 2007 25

4. Create ‘1 to 1’ NAT entries

e.g. CT

CT (192.168.0.101)

CT_Hosp (172.26.60.55)

Hospital Net Port

© TMSE 2007 26
 4. Create ‘1 to 1’ NAT entries

CT Anet
Descriptive Name CT Anet
Enable ; ;
Private Address CT (192.168.0.101) Anet (192.168.0.102)
Public Address CT_Hosp (172.26.60.55) Anet_Hosp (172.26.60.56)
Public Interface Hospital Net Port Hospital Net Port

Do this for all systems on the Toshiba Net passing the SG720
to the Hospital Net.

© TMSE 2007 27

5. Control Incoming Connections

• Here you limit the access to the Router

Configuration Server.
– Normally, only access via “LAN” is necessary.
– When connecting via VPN, also access via
“Internet Interfaces” is necessary.
– When connecting via Telephone Line, access via
“Dial-In Interfaces” is necessary.
• Enable “Accept Echo Request”: ;

In the default preset

© TMSE 2007 28
 5. Control Incoming Connections: LAN

Normally,
Normally, only
only access
access via
via LAN.
LAN.

In the default preset

© TMSE 2007 29

5. Control Incoming Connections: VPN

Connected
Connected via
via VPN,
VPN, also
also access
access via
via
“Internet
“Internet Interfaces”.

© TMSE 2007 30
 5. Control Incoming Connections: Modem

Connected
Connected via
via Telephone
Telephone Line,
Line,
access
access via
via “Dial-in
“Dial-in Interfaces”.
Interfaces”.

© TMSE 2007 31

6. Make a Backup of your settings

© TMSE 2007 32
 6. Make a Backup
A. Remote Backup / Restore.
- Encrypted / Password protected storage on you laptop.
B. Local Backup / Restore.
- A snapshot of your configuration is stored on the
SG720 itself.
C. Text Save / Restore.
- Copy and Paste the contents of the configuration files
to your laptop.

Use A for creating regular backups (leave a copy on

site) and use B to make a backup for you and
your colleagues on the Router itself.

© TMSE 2007 33

6. Make a Backup: A. Remote Backup

© TMSE 2007 34
 6. Make a Backup: B. Local Backup

© TMSE 2007 35

6. Make a Backup: C. Text Backup

1. Click in this window.

2. Press Ctrl-A (select all)
3. Press Ctrl-C (copy)
4. Create a new txt document on your
laptop, open it and press Ctrl-V (paste).

© TMSE 2007 36
 7. Set ‘Default Gateway’ on CT and Anet.

• Set the ‘Default Gateway’ to the ‘Toshiba

Network Port’ (Port F or the Bridge of A & F)
on all systems on the Toshiba Network.

© TMSE 2007 37

7. Set ‘Default Gateway’ on CT and Anet.

192.168.0.101
192.168.0.102

192.168.0.200

© TMSE 2007 38
 7. Set ‘Default Gateway’ on other systems

© TMSE 2007 39

This ends the standard setup.

Now, communication from the Toshiba
systems to Hospital systems is possible.
Test it by pinging an Imager from the CT.
Continue with the next sheets to:
A. Create access from the Hospital Net to the Anet (or CT).
This is only necessary when DICOM Q&R SCU or SCP is
installed on the Anet.
B. Create a Firewall Rule for each connection (optional added
security).
C. Set up a Dial-In connection (telephone line).

© TMSE 2007 40
 Appendix

A. Create Firewall Rule for access from the

Hospital Net to a Toshiba System.

B. Create Firewall Rule for each connection.

C. Set up a Dial-In connection.

Modem connected to the COM port.

© TMSE 2007 41

A. Create Firewall Rule for access from Hospital Net

• All systems on the Toshiba network (LAN) have full
access to the Hospital network.
The systems on the Hospital Network have NO
access to the Toshiba network.
• Firewall rules are not necessary when the Toshiba
Systems send data out only (Storage / Print).
• Except when Query & Retrieve SCU or SCP is
installed on the Anet.
• Then we have to create a Firewall Rule to allow
DICOM access from the Hospital net to the Anet.

© TMSE 2007 42
 A. Create Firewall Rule for access from Hospital Net

ANET ANET

le
all ru
Toshiba Net Toshiba Net

firew a
A A

e
creat
Hospital Net Hospital Net
B B
WS WS

Normal situation New situation

no access from WS to Anet access from Workstation
(WS) to Anet: OK

© TMSE 2007 43

A. Create Firewall Rule for access from Hospital Net

WS
172.26.60.73

Create an entry in the “Addresses” list for the

workstation (WS).
© TMSE 2007 44
 A. Create Firewall Rule for access from Hospital Net

© TMSE 2007 45

A. Create Firewall Rule for access from Hospital Net

from PACS to ANET

Select “Accept”

Select “Any” or “Hospital Net” (B)

Select “Any” or “Toshiba Net” (A)
WS Select “WS” (from:)
Select “ANET” (to:)

Select “Any” or click on [New]

© TMSE 2007 46
 A. Create Firewall Rule for access from Hospital Net

WS
After clicking [New] Services:

Specify Protocol and Port number.

(Will be added to “Services”)
If more port numbers are necessary:
Create a Service Group
(“Definitions” Æ “Service Groups”)

© TMSE 2007 47

A. Create Firewall Rule for access from Hospital Net

• Test it by pinging the Anet from the Work

Station (WS).
ANET

Toshiba Net
A

Hospital Net
B
WS ping Anet_Hosp

© TMSE 2007 48
 A sub1: Create a Service Group

© TMSE 2007 49

A sub2: Create a
Service Group
e.g. DICOM

?
u r p oses
gp
For testin

Enter the DICOM port number, e.g. 3001

Enter the DICOM port number, e.g. 3001

© TMSE 2007 50
 A sub2: Create a Service Group

LT
SU
RE

Now you can select this Service Group in the Packet

Filter Rule pull-down menu.

© TMSE 2007 51

B. Create Firewall Rule for each connection

• Why create a Firewall Rule for Each

Connection?
– To increase security and to limit the access of
the Toshiba systems on the Hospital Network.
Limit the damage
• We will create a Rule allowing the Toshiba
system to communicate with one Hospital
system (e.g. Imager) only.

© TMSE 2007 52
 B. Create Firewall Rule for each connection
Example: from Anet to Imager

Anet Imager
;
Accept
Forward
Toshiba Net Port
Hospital Net Port
Anet
Imager
“Any” or DICOM Port

Repeat this for all connections

passing the router
© TMSE 2007 53

C. Set up a Dial-In connection

• Sometimes a connection via telephone line is

the only possibility.
• The SG720 can handle Dial-In or Dial-Out,
not both. We use the Dial-In feature.
• The external modem is connected to the
serial port on the front of the SG720.
• Follow the next steps to configure the dial-in
connection.

© TMSE 2007 54
 C. Set up a Dial-In connection

© TMSE 2007 55

C. Set up a Dial-In connection

Select “Dialin”

© TMSE 2007 56
 C. Set up a Dial-In connection

e.g. “Dial in”

e.g. 192.168.0.50

Leave on default

Next step: Create an account for the Dial-In connection.

© TMSE 2007 57

C. Set up a Dial-In connection

© TMSE 2007 58
 C. Set up a Dial-In connection

InnerVision

IV_TAC_SP
IV_TAC_SP
; ;

© TMSE 2007 59

C. Set up a Dial-In connection

d
he
is
fi n
p
tu
Se

Next: switch OFF the modem speaker

© TMSE 2007 60
 C. Set up a Dial-In connection
Switch OFF the Modem Speaker.

© TMSE 2007 61

C. Set up a Dial-In connection

Switch OFF the Modem Speaker.

Modify the file “chat.ttyS0”

© TMSE 2007 62
 C. Set up a Dial-In connection
Switch OFF the Modem Speaker.

Insert this text and click on Finish.

Reboot the Router.

ATM0=0
OK

Test the Dial-In connection and confirm

that the speaker remains silent.

© TMSE 2007 63

Make a Bridge with Ports A, C, D and E.

• The Service Processor needs 24 h network
access.
• This is not the case when the SP is connected
to the internal network switch inside the CT.
• For this reason and also to connect other
devices (e.g. Vitrea) you can bridge the
remaining ports with port A.
• In this procedure we show you how to do this.

© TMSE 2007 64
 Make a Bridge with Ports A, C, D and E.

© TMSE 2007 65

Make a Bridge with Ports A, C, D and E.

© TMSE 2007 66
 Make a Bridge with Ports A, C, D and E.

9
9
9

© TMSE 2007 67

Make a Bridge with Ports A, C, D and E.

© TMSE 2007 68
 Make a Bridge with Ports A, C, D and E.

Toshiba Net

Check IP address
and Netmask

© TMSE 2007 69

Make a Bridge with Ports A, C, D and E.

© TMSE 2007 70
 Additional information

© TMSE 2007 71

Net mask Information 1/2

• Different notations exist:

– 172.26.61.0 255.255.255.0
– 172.26.61.0 /24

• 25510 = FF16 = 111111112

• 255.255.255.010 =
11111111.11111111.11111111.02
(24 bits containing “1”)

© TMSE 2007 72
 Net mask Information 2/2

• Different notations exist:

– 172.26.61.0 255.255.0.0
– 172.26.61.0 /16

• 25510 = FF16 = 111111112

• 255.255.255.010 =
11111111.11111111.0.02
(16 bits containing “1”)

© TMSE 2007 73

Classless Inter-Domain Routing

CIDR Mask CIDR Mask
/32 255.255.255.255 /16 255.255.000.000
/31 255.255.255.254 /15 255.254.000.000
/30 255.255.255.252 /14 255.252.000.000
/29 255.255.255.248 /13 255.248.000.000
/28 255.255.255.240 /12 255.240.000.000
/27 255.255.255.224 /11 255.224.000.000
/26 255.255.255.192 /10 255.192.000.000
/25 255.255.255.128 /9 255.128.000.000
/24 255.255.255.000 /8 255.000.000.000
/23 255.255.254.000 /7 254.000.000.000
/22 255.255.252.000 /6 252.000.000.000
/21 255.255.248.000 /5 248.000.000.000
/20 255.255.240.000 /4 240.000.000.000
/19 255.255.224.000 /3 224.000.000.000
/18 255.255.192.000 /2 192.000.000.000
/17 255.255.128.000 /1 128.000.000.000
/0 000.000.000.000

© TMSE 2007 74
 Router config sheet
Network setup: Connections Firewall Definitions: Addresses
SP_Local 192.168.10.11
Toshiba side Hospital side SP_Hosp 172.26.60.30
Port Port A Port B CT_Local 192.168.10.51
Name Toshiba Net Hospital Net CT_Hosp 172.26.60.33
FW Class LAN Internet VPN_IN 172.26.60.18
IP address 192.168.10.200 172.26.60.100
Netmask 24 24
Def. Gateway 172.26.60.18

Aliases 172.26.60.30
172.26.60.33

Firewall: 1 to 1 NAT
MR - MR_Hosp
Firewall Rules Recon - Recon_Hosp
VPN_IN - SP_Local PCVAP - PCVAP_Hosp
VPN_IN - CT_Local SecCons - SecCons_Hosp
- SP - SP_Hosp
-
- Incoming Connections
- LAN Telnet & HTTP
Internet Interf. Telnet & HTTP

© TMSE 2007 75