| Ethernet |
| DHCP Server |
Provide a pool of IP address to provide to DHCP clients. There is no imposed limit to the DHCP address range. |
| DHCP mac reservations |
Reserve IP addresses for user configured MAC addresses. |
| DHCP server custom options |
List user-definable DHCP option for number of responses. |
| DHCP server per layer 2 "group" |
Define a DHCP server instance for each layer 2 or hub group. |
| DHCP Relay |
A DHCP relay agent will forward DHCP requests between client and servers. |
| DHCP Client |
The device can request an IP address for its own interfaces from a DHCP server. |
| VLANs |
Virtual LAN networks. |
| VLANs inside VLANs |
Used by some IP phones, for example. |
| Multiple IP's per "LAN" |
Router can own multiple IP addresses in the same layer 2 "LAN group". |
| Port Isolation/Grouping |
Each Ethernet port is individually configurable. |
| Arbitrary network plumbing |
VLAN bridging, VLANs on Bridged VLANs/Wifi/Ethernet, ... |
| Duplex/speed control |
Adjustable Ethernet link duplex and speed. |
| Network analyzer |
Configurable to enable logging of packet analyzer trace for network troubleshooting. |
| Ethernet bonding |
Bond multiple Ethernet ports together for higher throughput and/or redundancy. |
| PPPoE server |
Support for running a PPPoE server in IP passthrough mode. |
| BOOTP server |
Provide a pool of IP address to provide to BOOTP clients. There is no imposed limit to the address range. |
| 802.1x |
Port-based network access control, configurable per network interface. |
| Routing |
| GREtap Tunneling |
Generic Routing Encapsulation Terminal Access Point (GRETAP) tunnel operates on OSI level 2 and encapsulates Ethernet traffic in IPv4 packets as described in RFC 2784 |
| WAN Bonding |
Digi WAN Bonding combines multiple connections into a seamless and resilient connectivity solution that ensures optimal performance and maximum uptime anywhere around the world, with a maximum bonded bandwidth of 1 Gbps. |
| mGRE |
|
| DMVPN |
Phase 3 DMVPN spoke support with BGP, OSPF, NHRP, or mGRE routing. |
| Static routing |
Static routes to interfaces with metrics. |
| Multicast routes |
1-to-many data transmission. |
| Policy based routes |
Traffic shaping based on 5-tuple packet filtering. |
| STP |
Spanning Tree Protocol. |
| RSTP |
Rapid Spanning Tree Protocol. |
| RIP |
Routing Information Protocol. |
| BGP |
Border Gateway Protocol. |
| OSPF |
Open Shortest Path First routing protocol. |
| NEMO/DMNR |
Verizon Dynamic Mobile Network Routing. |
| GRE |
Generic Routing Encapsulation. |
| Respond to GRE keepalives |
Send a reply if a GRE keepalive is received. |
| PPPoE |
Useful so router can own IP address from an xDSL router. |
| QoS |
DSCP and Priority Queuing. |
| Load balancing between different WANs |
Example: load-balance cellular and Ethernet. |
| IPv6 |
Independently configurable IPv6 network for all available network interfaces. |
| IPv6: DHCPv6 |
IPv6 DHCP client. |
| IPv6: SLAAC / Prefix Delegation |
IPv6 Stateless Address Autoconfiguration. |
| NHRP |
Next-hop routing protocol |
| Failover |
| Digi SureLink® |
Range of connectivity tests for any type of network interface (WAN, cellular, LAN, VRRP, VPN, bridge, etc.) along with recovery options to ensure the interface automatically re-establishes. |
| Ethernet to Cellular |
Automatic failover with Digi SureLink tests to validate both connections. |
| Cellular to Ethernet |
Automatic failback with Digi SureLink tests to validate both connections. |
| SIM to SIM failover on failure to connect |
Automatically switch between SIM slots if either SIM cannot connect. |
| SIM to SIM failover on problem with automated ping test probes or similar allowing reconnect attempt. |
Failover between SIM cards if an automatic ping test probe or similar fails, allowing a re-connection attempt of the current SIM first. If the re-connection attempt of the current SIM is successful but end to end probe test still fails, then failover to the other SIM. |
| SIM prioritization |
Allow one SIM to be given priority over the other if both are working. Return to the higher priority SIM after running on lower priority SIM for a period of time. |
| Wi-Fi to cellular |
Wi-Fi-as-WAN client connectivity can be used in addition to cellular or wired Ethernet for Internet connectivity. Each Internet connection can be individually prioritized to control primary vs backup. |
| VRRP |
Basic hardware redundancy sharing of MAC and IP address between two devices. |
| VRRP+ |
Digi patented feature to increase/lower VRRP priority based upon the results of probe tests; allows for intelligent failover. |
| Supports pings and/or other automated probe tests on all interfaces. |
Allow recovery or failover action to be initiated if the test fails. |
| Support for a second ping or probe target. |
Only take action if both the primary and secondary ping/probe targets are failing. |
| In VPN tunnel pings |
Interface ping/probe tests can be directed through a VPN tunnel to prove end to end connectivity and disconnect WAN interface when problem detected. |
| Recovery Pings (firewall) |
Routes/interfaces can be brought back into service only after a successful ping / probe test. |
| No IPSec SA deact |
Detect when there are no IPSec Security Associations on an interface and initiate a recovery procedure; e.g. reconnect module, reboot router etc. |
| DNS |
| Routing - DNS Sel |
Route requests for different host/domain names to different DNS servers including wildcard definitions. |
| Dynamic DNS |
Automated DNS updates for dynamic IP addresses. |
| Custom DNS entries |
Custom IP/name/domain entries via DNS server configuration. |
| Allow-lists |
A list of allowable domains or FQDNs configured so the device itself can act as a DNS filter instead of requiring all of the DNS filtering decisions to be made externally. |
| Cellular |
| Radio technology locking |
Supports locking to specific radio access tech (2G-only, 3G-only, or 4G-only). |
| SIM PIN |
Ability to configure and unlock SIMs with PINs. |
| Dual APN |
Connect to two APNs at the same time and obtain an IP address on each. Typical use is for private APN and public APN simultaneous connections. |
| APN Search |
APN lookup/search based on global database/SIM provider/carrier. |
| User configurable APN search |
Full control over what APNs are utilized to establish a cellular connection. |
| External USB Modems |
Support for plug-in USB modems. |
| OTA/Remote Modem Firmware Update |
Manually or automatically trigger remote firmware updates to the cellular modem(s) in the Digi device. |
| CLI/WebUI Modem Firmware Update |
Apply local firmware update to cellular modem. |
| Carrier/SIM based firmware switching |
Change modem firmware to suit SIM/Carrier. |
| Carrier/SIM locking |
Use cases: cellular MVNO/partner SIM cards can connect to multiple carriers in an area.
Benefit: users need the SIM to connect to a specific carrier due to better signal strength, performance, or data plan. |
| User Configurable Antenna Control |
Main-only, diversity-only, or both. |
| Cellular IP Passthrough Mode |
Cellular addressing is passed through to upstream device. IP passthrough can also be done for Wired WAN or Wi-Fi-as-WAN connections. |
| 5G NSA (non-standalone) and SA (standalone) modes |
Options to set the cellular modem to 5G-only (including setting to 5G SA-only, NSA-only, or both NSA/SA-modes). |
| 5G slicing |
Single-slice support for configuring the slice type to set in the 5G modem. |
| Carrier scan |
Scan for available carriers the modem and SIM card can connect to and allow manual selection of the carrier. |
| SIM survey tool |
Initiate a SIM survey for one or multiple devices through Digi Remote Manager, triggering the device to test all available SIM slots and report the connectivity capabilities, signal strength, and health of each SIM installed in the device. |
| Cellular Band Locking |
Improve cellular connection reliability at congested sites by locking the modem to a particular set of LTE or 5G bands. |
| VPN |
| LAN to LAN IPsec |
Flat LAN networking setup with multiple remote sites. |
| Support for 0.0.0.0/0 traffic selector |
Needed if all the traffic received from the LAN is to be routed down the IPSec VPN tunnel. |
| IPv4-over-IPv6 |
IPv4 networking through an IPv6 tunnel. |
| IPv6-over-IPv4 |
IPv6 networking through an IPv4 tunnel. |
| IPsec tunnel inside of another IPSec tunnel |
Network segmentation with tunnels within another IPsec tunnel. |
| Number of Consecutive tunnels |
There is no fixed limit. |
| IKEv2 |
Modern IPsec protocol support. |
| Multiple subnets in single IKEv2 policy |
Dynamic networking within IPsec tunnels. |
| IPSec tunnel follows best WAN interface |
Automatic tunnel establishment on WAN failover/failback. |
| Failover IPsec tunnel with same local/remote subnet between two remote VPN concentrators |
Simple IPSec VPN failover configuration (back up tunnel IP address or other method that allows the same remote subnet to failover between two IPSec concentrators). |
| OpenVPN Server |
Secure VPN for point-to-point or site-to-site connections. Both clients and servers can be configured simultaneously. |
| Accept OpenVPN pushed routes |
Routes pushed to the client by the OpenVPN server. |
| OpenVPN Client |
Outbound OpenVPN tunnel to an OpenVPN server. |
| EZY VPN |
Cisco IPSec extension to use MODECFG + XAUTH. |
| Support X.509 certs with IPSec |
Certificate-based peer authentication. |
| Support RSA Signatures |
Public-key crypto for IKE authentication. |
| SCEP |
Connect to a Simple Certificate Enrolment Protocol server to obtain certificates for IPSec. |
| Max IPSec Authentication Level |
AES256GCM128 |
| Max IPSec Encryption Level |
SHA512 |
| Max IPSec DH Group |
DH32 |
| IPSec Debug Logs |
Easy way via the UI for the user to enable and access IPSec + IKE debug logs, i.e. without using CLI. |
| Protocol-based IKE policies |
Ability to configure IPsec networks by protocol and/or port instead of a network address range. |
| XFRM or strict routing IPsec tunnels |
Options for configuring route-based XFRM IPsec tunnels or policy-based IPsec tunnels. |
| L2TP |
Layer 2 Tunneling Protocol. Includes options for configuring PPP-over-L2TP and L2TP-over-IPsec tunnels. |
| L2TPv3 |
Layer 2 Tunneling Protocol Version 3 static unmanaged Ethernet tunnels. |
| Multiple IPsec remote endpoints |
Add multiple endpoints and either round-robin between the endpoint or randomly select an endpoint to establish the tunnel to. |
| MACsec 802.1ae |
MACsec (Media Access Control Security) layer 2 VPN tunnel used along with 802.1x authentication for secure LAN communication. |
| WireGuard VPN |
Simple, fast, lean, and modern VPN that utilizes secure and trusted cryptography for providing client-mode or server-mode tunnels. |
| Firewall & Security |
| Stateful packet filtering (basic security) |
Per-packet analysis to match with applicable firewall rules for traffic shaping and access restriction. |
| Firewall Zones |
Allow firewall groups of interfaces and access based on usage, etc.
Allows user to easily add rules to a number of interfaces/define interaction between different zones etc. |
| Custom firewall rules |
User may utilize complex low level rules (i.e. IPtables) |
| Basic web content filtering by DNS |
Basic web content filtering by DNS redirection. |
| Advanced web filtering - Cisco Umbrella |
Full umbrella support. |
| Address Translation |
NAT support for segmenting networks behind a firewall. |
| MAC Address filtering |
Allow/deny network access based on MAC address of incoming device. |
| TLS Version 1.3 |
Secure HTTPS communication. |
| Certificates with HTTPs |
Customizable SSL certificate for HTTPS web UI access. |
| 2 Factor Authentication |
Configurable 2FA user authentication. |
| Multi-user role based access |
Fine-grained permission control to determine whether a user has admin level access or read-only access. |
| Firmware update notifier |
Notification shown in the CLI, web UI, and Digi RM when new firmware is available. |
| Port forwarding |
Forward incoming traffic on a port to another IP address. Support a range of ports, including 1:1 and many-to-one port mappings. |
| FIPS 140-2 |
FIPS 140-2 is the recognized benchmark for cryptographic hardware. FIPS 140-2 compliance can be enabled with a single configuration setting, which updates the device to only use FIPS 140-2 approved cryptographic algorithms and ciphers. |
| Management |
| ITxPT |
Industry standard implementation of information technology for public transportation systems. ITxPT is available on Digi’s TX router series. This allows the router to function as a Vehicle Communications Gateway module, as well as a GNSS location server, time server, and MQTT broker. |
| External USB/SD storage management |
Web UI and CLI tools to format, initialize, and set up auto-mounting of USB or SD cards. |
| mDNS |
Local device discovery using the mDNS bonjour protocol that resolves host names in small networks that do not have a DNS server. |
| Support for multiple user levels including read-only. |
Role-Based Access Control specifically to allow a user to log into a device, view configuration and status but not change it. |
| Digi Remote Manager® (Digi RM) |
Digi’s central portal for monitoring, managing, and performing automated interactions with Digi devices, utilizing best-in-class secure connectivity with client-side TLS certificates |
| Digi RM Profile Manager |
Compatible with Digi Remote Manager Profile Manager for fleet management, remote firmware updates, and OTA modem firmware updates. |
| Digi RM CLI |
Remote access to the admin CLI on the Digi device through Digi Remote Manager.
Benefit: when combined with Digi RM's automations feature, users can perform a series of defined tasks to automate a number of actions on the DAL device. |
| Digi RM SMS |
Digi Remote Manager can configure a device via encrypted SMS messages. |
| Digi RM http proxy connection support |
Devices in a secure network can connect to an HTTP proxy for all outbound communication to Digi Remote Manager. |
| Remote console access |
Device can be remotely accessed using the cloud server. |
| CLI |
Digi command line interface with a large set of commands available for administering the Digi device, including tab auto-completion. |
| HTTPS |
SSLv3 secure web UI login. |
| HTTP/s banner |
Custom text displayed when user logs into the device. |
| Telnet/SSH banner |
Custom text displayed when user logs into the device. |
| Syslog |
Can send events to an external syslog server. |
| Telnet server |
Access to admin CLI, serial port(s), and shell console (available on select products; disabled by default). |
| SSH server |
Access to admin CLI, serial port(s), and shell console. |
| SFTP server |
Available for the user to transfer config files, scripts and firmware. |
| SCP server |
Available for the user to transfer config files, scripts and firmware. |
| SNMP server |
SNMPv3 and SNMPv2c read-only access. |
| DRM Health |
Digi Remote Manager Health Metrics. |
| SMS cmd execution |
Change the configuration or reboot the device via SMS messages, either through Digi Remote Manager or a custom python script. |
| TACACS+ |
TACACS+ for system administration, authorization, authentication, and accounting. |
| RADIUS |
RADIUS for system admin and authentication. |
| LDAP |
LDAP for system admin and authentication. |
| USB analyzer trace |
Configurable to enable logging of packet analyzer trace to a USB mass storage device (e.g. flash drive). |
| Web UI to configure tracing |
Web UI to configure and view analyzer traces. |
| Access to the Linux shell |
Linux shell console available for sysadmin tasks. |
| NetFlow |
NetFlow allows for in depth traffic analysis and bandwidth monitoring. |
| intelliFlow |
Netflow is too data hungry; Digi Intelliflow™ is a tool that provides a graphical way of visualizing your network’s application data. Intelliflow, combined with Digi Remote Manager, provides a powerful tool for combating excessive data usage. Digi Remote Manager provides custom alarms that can be set up to notify you when you approach your monthly data limit or exceed your monthly data limit. You can use those alerts to know when an action is needed on your network to address excess usage. |
| Initial config via Bluetooth |
Configure the cellular connection settings via Bluetooth. |
| iPerf bandwidth testing |
Ability to act as an iPerf server or client. |
| Device event logging |
Send system logs to Digi Remote Manager for cloud-based analysis and information aggregation. |
| Remote commands |
Digi Remote Manager can perform remote actions on the device. |
| Digi AnywhereUSB® Plus debug wizard |
Web UI tool for collecting USB debug logs from an AnywhereUSB Plus device. |
| nuttcp bandwidth testing |
Provides the ability to act as a nuttcp client. |
| NFS client |
Enables the ability to mount an NFS server onto the local filesystem and provides support for logging to an external NFS. |
| Email notifications |
Send system event logs via email. |
| SNMP traps |
Send system event logs via SNMP. |
| Dynamic SNMP OIDs |
Users monitoring Digi devices via SNMP (v2 or v3) can expand the OID values that the Digi device provides by dynamically adding new OIDs to the MIB. This allows users to monitor additional properties about the Digi device that wouldn’t normally be available. |
| On-device activation codes for premium features |
For devices that can’t contact Digi Remote Manager directly (private networks, firewall restrictions, etc), users can now export licenses for add-on services such as Digi WAN Bonding and Digi Containers from Digi RM, and import locally on the device’s web UI, thereby allowing them to utilize these valuable solutions in air-gapped private networks |
| Device-initiated registration with Digi Remote Manager |
|
| Ookla Speedtest tool |
Integrated troubleshooting tool within Digi Remote Manager for evaluating WAN connection performance on a Digi device, whether that is a cellular modem, wireless Wi-Fi WAN, or wired WAN connection. |
| Wi-Fi |
| Wi-Fi 2.4/5GHz |
Dual-band Wi-Fi support (available on select products). |
| Multi SSIDs |
Up to 8 concurrent SSIDs per radio. |
| Client mode |
Connect to another Wi-Fi device’s SSID. |
| Background scanning |
Ability to regularly scan for a SSID with better coverage and automatically switch to that. |
| AP mode |
SSID setup for Wi-Fi client devices to connect to. |
| Client isolation |
Option to prevent client devices from communicating with each other. |
| WPA2 Enterprise |
RADIUS authentication for Wi-Fi connectivity. |
| Client + AP concurrently with a single Wi-Fi module. |
|
| Wi-Fi Bridged Client |
A simple example is bridging a LAN over a Wi-Fi client connection to another LAN. |
| Generic Wi-Fi Hotspot |
Local captive portal and hotspot. |
| Coovachilli Hotspot |
tive portal access controller. |
| WDS |
Wireless distribution system. |
| Access Control List |
Allow or deny clients based upon MAC address. |
| Wi-Fi scanner |
Scan for nearby client devices, including rogue APs, stationary clients, or moving clients, then report the results to one or more remote servers. |
| DFS client |
Support 5 GHz DFS Wi-Fi channels in client mode. |
| WPA3 encryption |
WPA2/WPA3 Personal, WPA3 Enhanced Open, WPA3 Personal, and WPA3 Enterprise. |
| Certificate-based WPA2/WPA2 Enterprise client |
PKI certificate-based authentication for WPA2/WPA3 Enterprise Wi-Fi client connections, including options for user-provided certificates or SCEP client integration for automatic certificate generation. |
| Location |
| GPS/GNSS |
Multiple options for obtaining GPS/GNSS locations, including external USB GNSS modules, internal GNSS module (available on select products), manual lat/lon, or cellular modems with GPS support. |
| Inbound UDP |
Configuration option to accept incoming UDP/TCP packets containing NMEA data. |
| Outbound UDP |
Configuration option to send GPS NMEA stream to server via UDP/TCP with optional filtering. |
| Geo-fencing |
Multiple geo-fences can be defined and multiple actions can be taken when the device enters/leaves any of the geo-fences. |
| UDR (untethered dead reckoning) |
Ultra-precise positioning and location tracking that takes into account acceleration, speed and angular rate (available on TX-series Digi routers). |
| Time |
| Cellular modem as time source |
Use the cellular module's internal clock as a date/time sync source. |
| SNTP client |
Simple NTP protocol support in client mode. |
| SNTP Server |
Simple NTP protocol support in server mode. |
| NTP server |
Act as NTP server for local clients. |
| SNTP client wait for WAN to connect |
NTP sync automatically occurs after the Digi device obtains a WAN connection. |
| SNTP daylight saving offset |
Wait for WAN to connect before attempting SNTP. |
| NTP client |
Outbound date/time sync with remote NTP server. |
| GNSS module as time source |
Use the Digi device’s internal or USB GNSS module (if included) as a date/time sync source. |
| Serial |
| Configurable modes |
Login, remote access, Modbus, or custom application. |
| Modbus TCP to RTU conversion |
Serial communication and protocol conversion using Modbus. |
| Inbound TCP to serial |
Inbound TCP socket connection to serial port(s). |
| Accept multiple inbound TCP connections for same serial port concurrently. |
Shared serial port access (can be locked for exclusive access if needed). |
| Inbound SSH to serial |
Inbound SSH connection to serial port(s). |
| Inbound Telnet to serial |
Inbound Telnet connection to serial port(s). Disabled by default. |
| USB to serial adapters |
Support USB to serial adaptors on USB port. |
| Serial port tracing |
Trace traffic in and out of the serial port for debugging purposes (analyzer trace). |
| Web based serial access |
(Shellinabox or similar). |
| Digi RealPort |
Virtual PC comport connection to serial port of DAL device. |
| Support for external analogue modems via RS232 or USB |
Legacy |
| Multi TX |
Sends serial data to multiple destinations (IP and UDP/TCP ports). |
| Modbus gateway |
Use the Modbus protocol to provide serial-to-Ethernet connectivity to Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and other industrial devices. |
| Serial PPP dial-in mode |
Answer Point-to-Point Protocol (PPP) connections over serial ports. |
| Automatic serial detection |
Query connected serial devices and auto-configure serial port settings in remote access mode. |
| Autoconnect mode |
Stream outbound serial traffic when in remote access mode. |
| Outbound serial-over-UDP |
Outbound access to the serial port using UDP. |
| Serial AT dial-up modem emulator |
The Digi device’s serial port acts as a dial-up modem emulator for handling incoming AT dial-ins from a client device. This bridges the gap for dial-up based serial equipment so they can still maintain network connectivity as dial-up POTS lines are being decommissioned. |
| Programmability |
| Python3 |
Modern Python scripting. |
| Python PIP |
Dynamically install and add Python modules via Python PIP. |
| Python method to control device LEDs |
Customizable LED behavior with automated Python scripts. |
| Python module to post datapoints to Remote Manager |
Custom Digi Python modules for automated and custom interactions with Digi Remote Manager. |
| Python module to access OS CLI / change configuration |
PIP Python module installer. |
| Shell scripts |
Linux shell scripting. |
| Execute own Linux cross compiled programs |
Ability to run custom-compiled applications natively on the Digi device. |
| Python support to send data to AWS |
Python AWS module support. |
| Python support to send data to Azure |
Python Azure IoT module support. |
| DIA (Device Integration Application) |
Compatibility with Digi DIA Python framework. |
| Script/Application Sandboxing |
Python and Linux shell scripting run with full access to the device’s system or in a locked-down sandbox environment. |
| MQTT Client |
Report custom metrics and analytics to a customer's infrastructure. Primarily used when integrating with Azure IoT Hub. |
| Containers as a Service |
Containers-as-a-Service is a tool to simplify and centralize the process to build, deploy, run, monitor, and manage your custom applications on Digi devices run DAL OS, utilizing Digi Remote Manager as the central portal for controlling your containerized applications. |
| containerized python environment |
Add on Python to your EX-series Digi device via Digi Remote Manager. |
| Fleet |
| Ignition sense delayed power off |
Monitor ignition sense input to control power off sequence. |
| Device Configuration |
| Binary ".all" file |
Flash image for configuration or factory reset function. |
| Device Configuration Export/Import |
Abilty to export the configuration for (re)configuring other/same router. |
| Custom factory config file |
Ability to define customer's own default config file that will be instigated after a factory reset. |
| Local web API |
Use cases: users need to setup config automation for devices without Internet access.
Benefit: the web UI of the DAL device provides a RESTful API that can perform multiple configuration updates on the device. |
| Low power mode |
Options to adjust the CPU frequency, system performance, Ethernet ports, serial ports, and LED behavior for reduced power consumption. |