DAL OS Feature List

Feature Description
Ethernet
DHCP Server Provide a pool of IP address to provide to DHCP clients.  There is no imposed limit to the DHCP address range.
DHCP mac reservations Reserve IP addresses for user configured MAC addresses.
DHCP server custom options List user-definable DHCP option for number of responses.
DHCP server per layer 2 "group" Define a DHCP server instance for each layer 2 or hub group.
DHCP Relay A DHCP relay agent will forward DHCP requests between client and servers.
DHCP Client The device can request an IP address for its own interfaces from a DHCP server.
VLANs Virtual LAN networks.
VLANs inside VLANs Used by some IP phones, for example.
Multiple IP's per "LAN" Router can own multiple IP addresses in the same layer 2 "LAN group".
Port Isolation/Grouping Each Ethernet port is individually configurable.
Arbitrary network plumbing VLAN bridging, VLANs on Bridged VLANs/Wifi/Ethernet, ...
Duplex/speed control Adjustable Ethernet link duplex and speed.
Network analyzer Configurable to enable logging of packet analyzer trace for network troubleshooting.
Ethernet bonding Bond multiple Ethernet ports together for higher throughput and/or redundancy.
Routing
Static routing Static routes to interfaces with metrics.
Multicast routes 1-to-many data transmission.
Policy based routes Traffic shaping based on 5-tuple packet filtering.
STP Spanning Tree Protocol.
RSTP Rapid Spanning Tree Protocol.
RIP Routing Information Protocol.
BGP Border Gateway Protocol.
OSPF Open Shortest Path First routing protocol.
NEMO/DMNR Verizon Dynamic Mobile Network Routing.
GRE Generic Routing Encapsulation.
Respond to GRE keepalives Send a reply if a GRE keepalive is received.
PPPoE Useful so router can own IP address from an xDSL router.
QoS DSCP and Priority Queuing.
Load balancing between different WANs Example: load-balance cellular and Ethernet.
IPv6 Independently configurable IPv6 network for all available network interfaces.
IPv6: DHCPv6 IPv6 DHCP client.
IPv6: SLAAC / Prefix Delegation IPv6 Stateless Address Autoconfiguration.
Failover
Digi SureLink® Range of connectivity tests for any type of network interface (WAN, cellular, LAN, VRRP, VPN, bridge, etc.) along with recovery options to ensure the interface automatically re-establishes.
Ethernet to Cellular Automatic failover with Digi SureLink tests to validate both connections.
Cellular to Ethernet Automatic failback with Digi SureLink tests to validate both connections.
SIM to SIM failover on failure to connect Automatically switch between SIM slots if either SIM cannot connect.
SIM to SIM failover on problem with automated ping test probes or similar allowing reconnect attempt. Failover between SIM cards if an automatic ping test probe or similar fails, allowing a re-connection attempt of the current SIM first. If the re-connection attempt of the current SIM is successful but end to end probe test still fails, then failover to the other SIM.
SIM prioritization Allow one SIM to be given priority over the other if both are working. Return to the higher priority SIM after running on lower priority SIM for a period of time.
Wi-Fi to cellular Wi-Fi-as-WAN client connectivity can be used in addition to cellular or wired Ethernet for Internet connectivity. Each Internet connection can be individually prioritized to control primary vs backup.
VRRP Basic hardware redundancy sharing of MAC and IP address between two devices.
VRRP+ Digi patented feature to increase/lower VRRP priority based upon the results of probe tests; allows for intelligent failover.
Supports pings and/or other automated probe tests on all interfaces. Allow recovery or failover action to be initiated if the test fails.
Support for a second ping or probe target. Only take action if both the primary and secondary ping/probe targets are failing.
In VPN tunnel pings Interface ping/probe tests can be directed through a VPN tunnel to prove end to end connectivity and disconnect WAN interface when problem detected.
Recovery Pings (firewall) Routes/interfaces can be brought back into service only after a successful ping / probe test.
No IPSec SA deact Detect when there are no IPSec Security Associations on an interface and initiate a recovery procedure; e.g. reconnect module, reboot router etc.
DNS
Routing - DNS Sel Route requests for different host/domain names to different DNS servers including wildcard definitions.
Dynamic DNS Automated DNS updates for dynamic IP addresses.
Custom DNS entries Custom IP/name/domain entries via DNS server configuration.
Cellular
Radio technology locking Supports locking to specific radio access tech (2G-only, 3G-only, or 4G-only).
SIM PIN Ability to configure and unlock SIMs with PINs.
Dual APN Connect to two APNs at the same time and obtain an IP address on each. Typical use is for private APN and public APN simultaneous connections.
APN Search APN lookup/search based on global database/SIM provider/carrier.
User configurable APN search Full control over what APNs are utilized to establish a cellular connection.
External USB Modems Support for plug-in USB modems.
OTA/Remote Modem Firmware Update Manually or automatically trigger remote firmware updates to the cellular modem(s) in the Digi device.
CLI/WebUI Modem Firmware Update Apply local firmware update to cellular modem.
Carrier/SIM based firmware switching Change modem firmware to suit SIM/Carrier.
Carrier/SIM locking Use cases: cellular MVNO/partner SIM cards can connect to multiple carriers in an area.

Benefit: users need the SIM to connect to a specific carrier due to better signal strength, performance, or data plan.
User Configurable Antenna Control Main-only, diversity-only, or both.
Cellular IP Passthrough Mode Cellular addressing is passed through to upstream device. IP passthrough can also be done for Wired WAN or Wi-Fi-as-WAN connections.
VPN
LAN to LAN IPsec Flat LAN networking setup with multiple remote sites.
Support for 0.0.0.0/0 traffic selector Needed if all the traffic received from the LAN is to be routed down the IPSec VPN tunnel.
IPv4-over-IPv6 IPv4 networking through an IPv6 tunnel.
IPv6-over-IPv4 IPv6 networking through an IPv4 tunnel.
IPsec tunnel inside of another IPSec tunnel Network segmentation with tunnels within another IPsec tunnel.
Number of Consecutive tunnels There is no fixed limit.
IKEv2 Modern IPsec protocol support.
Multiple subnets in single IKEv2 policy Dynamic networking within IPsec tunnels.
IPSec tunnel follows best WAN interface Automatic tunnel establishment on WAN failover/failback.
Failover IPsec tunnel with same local/remote subnet between two remote VPN concentrators Simple IPSec VPN failover configuration (back up tunnel IP address or other method that allows the same remote subnet to failover between two IPSec concentrators).
OpenVPN Server Secure VPN for point-to-point or site-to-site connections.  Both clients and servers can be configured simultaneously.
Accept OpenVPN pushed routes Routes pushed to the client by the OpenVPN server.
OpenVPN Client Outbound OpenVPN tunnel to an OpenVPN server.
EZY VPN Cisco IPSec extension to use MODECFG + XAUTH.
Support X.509 certs with IPSec Certificate-based peer authentication.
Support RSA Signatures Public-key crypto for IKE authentication.
SCEP Connect to a Simple Certificate Enrolment Protocol server to obtain certificates for IPSec.
Max IPSec Authentication Level AES256GCM128
Max IPSec Encryption Level SHA512
Max IPSec DH Group DH32
IPSec Debug Logs Easy way via the UI for the user to enable and access IPSec + IKE debug logs, i.e. without using CLI.
Firewall & Security
Stateful packet filtering (basic security) Per-packet analysis to match with applicable firewall rules for traffic shaping and access restriction.
Firewall Zones Allow firewall groups of interfaces and access based on usage, etc.

Allows user to easily add rules to a number of interfaces/define interaction between different zones etc.
Custom firewall rules User may utilize complex low level rules (i.e. IPtables)
Basic web content filtering by DNS Basic web content filtering by DNS redirection.
Advanced web filtering - Cisco Umbrella Full umbrella support.
Address Translation NAT support for segmenting networks behind a firewall.
MAC Address filtering  Allow/deny network access based on MAC address of incoming device.
TLS Version 1.3 Secure HTTPS communication.
Certificates with HTTPs Customizable SSL certificate for HTTPS web UI access.
2 Factor Authentication Configurable 2FA user authentication.
Multi-user role based access Fine-grained permission control to determine whether a user has admin level access or read-only access.
Firmware update notifier Notification shown in the CLI, web UI, and Digi RM when new firmware is available.
Management
Support for multiple user levels including read-only. Role-Based Access Control specifically to allow a user to log into a device, view configuration and status but not change it.
Digi Remote Manager® (Digi RM) Digi’s central portal for monitoring, managing, and performing automated interactions with Digi devices.
Digi RM Profile Manager Compatible with Digi Remote Manager Profile Manager for fleet management, remote firmware updates, and OTA modem firmware updates.
Digi RM CLI Remote access to the admin CLI on the Digi device through Digi Remote Manager.
Benefit: when combined with Digi RM's automations feature, users can perform a series of defined tasks to automate a number of actions on the DAL device.
Digi RM SMS Digi Remote Manager can configure a device via encrypted SMS messages.
Digi RM http proxy connection support Devices in a secure network can connect to an HTTP proxy for all outbound communication to Digi Remote Manager.
Remote console access Device can be remotely accessed using the cloud server.
CLI Digi command line interface with a large set of commands available for administering the Digi device, including tab auto-completion.
HTTPS SSLv3 secure web UI login.
HTTP/s banner Custom text displayed when user logs into the device.
Telnet/SSH banner Custom text displayed when user logs into the device.
Syslog Can send events to an external syslog server.
Telnet server Access to admin CLI, serial port(s), and shell console (available on select products; disabled by default).
SSH server Access to admin CLI, serial port(s), and shell console.
SFTP server Available for the user to transfer config files, scripts and firmware.
SCP server Available for the user to transfer config files, scripts and firmware.
SNMP server SNMPv3 read-only access.
DRM Health Digi Remote Manager Health Metrics.
SMS cmd execution Change the configuration or reboot the device via SMS messages, either through Digi Remote Manager or a custom python script.
TACACS+ TACACS+ for system admin and authentication.
RADIUS RADIUS for system admin and authentication.
LDAP LDAP for system admin and authentication.
USB analyzer trace Configurable to enable logging of packet analyzer trace to a USB mass storage device (e.g. flash drive).
Web UI to configure tracing Web UI to configure and view analyzer traces.
Access to the Linux shell Linux shell console available for sysadmin tasks.
NetFlow NetFlow allows for in depth traffic analysis and bandwidth monitoring.
intelliFlow Netflow is too data hungry; Intelliflow provides on-device netflow summarys as well as data-friendly offsite uploads (aView).
Initial config via Bluetooth Configure the cellular connection settings via Bluetooth.
iPerf bandwidth testing Ability to act as an iPerf server or client.
Wi-Fi
Wi-Fi 2.4/5GHz Dual-band Wi-Fi support (available on select products).
Multi SSIDs Up to 8 concurrent SSIDs per radio.
Client mode Connect to another Wi-Fi device’s SSID.
Background scanning Ability to regularly scan for a SSID with better coverage and automatically switch to that.
AP mode SSID setup for Wi-Fi client devices to connect to.
Client isolation Option to prevent client devices from communicating with each other.
WPA2 Enterprise  RADIUS authentication for Wi-Fi connectivity.
Client + AP concurrently with a single Wi-Fi module.  
Wi-Fi Bridged Client A simple example is bridging a LAN over a Wi-Fi client connection to another LAN.
Generic Wi-Fi Hotspot  Local captive portal and hotspot.
Coovachilli Hotspot tive portal access controller.
WDS Wireless distribution system.
Access Control List Allow or deny clients based upon MAC address.
Wi-Fi scanner Scan for nearby client devices, including rogue APs, stationary clients, or moving clients.
Location
GPS/GNSS Multiple options for obtaining GPS/GNSS locations, including external USB GNSS modules, internal GNSS module (available on select products), manual lat/lon, or cellular modems with GPS support.
Inbound UDP Configuration option to accept incoming UDP/TCP packets containing NMEA data.
Outbound UDP Configuration option to send GPS NMEA stream to server via UDP/TCP with optional filtering.
Geo-fencing Multiple geo-fences can be defined and multiple actions can be taken when the device enters/leaves any of the geo-fences.
Time
SNTP client Simple NTP protocol support in client mode.
SNTP Server Simple NTP protocol support in server mode.
NTP server Act as NTP server for local clients.
SNTP client wait for WAN to connect NTP sync automatically occurs after the Digi device obtains a WAN connection.
SNTP daylight saving offset Wait for WAN to connect before attempting SNTP.
NTP client Outbound date/time sync with remote NTP server.
Serial
Configurable modes Login, remote access, Modbus, or custom application.
Modbus TCP to RTU conversion Serial communication and protocol conversion using Modbus.
Inbound TCP to serial Inbound TCP socket connection to serial port(s).
Accept multiple inbound TCP connections for same serial port concurrently. Shared serial port access (can be locked for exclusive access if needed).
Inbound SSH to serial Inbound SSH connection to serial port(s).
Inbound Telnet to serial Inbound Telnet connection to serial port(s).  Disabled by default.
USB to serial adapters Support USB to serial adaptors on USB port.
Serial port tracing Trace traffic in and out of the serial port for debugging purposes (analyzer trace).
Web based serial access (Shellinabox or similar).
Digi RealPort Virtual PC comport connection to serial port of DAL device.
Support for external analogue modems via RS232 or USB Legacy
Multi TX Sends serial data to multiple destinations (IP and UDP/TCP ports).
Programmability
Python3 Modern Python scripting.
Python PIP Dynamically install and add Python modules via Python PIP.
Python method to control device LEDs Customizable LED behavior with automated Python scripts.
Python module to post datapoints to Remote Manager  Custom Digi Python modules for automated and custom interactions with Digi Remote Manager.
Python module to access OS CLI / change configuration PIP Python module installer.
Shell scripts Linux shell scripting.
Execute own Linux cross compiled programs Ability to run custom-compiled applications natively on the Digi device.
Python support to send data to AWS Python AWS module support.
Python support to send data to Azure Python Azure IoT module support.
DIA (Device Integration Application) Compatibility with Digi DIA Python framework.
Script/Application Sandboxing Python and Linux shell scripting run with full access to the device’s system or in a locked-down sandbox environment.
MQTT Client Report custom metrics and analytics to a customer's infrastructure. Primarily used when integrating with Azure IoT Hub.
Fleet
Ignition sense delayed power off Monitor ignition sense input to control power off sequence.
Device Configuration
Binary ".all" file Flash image for configuration or factory reset function.
Device Configuration Export/Import Abilty to export the configuration for (re)configuring other/same router.
Custom factory config file Ability to define customer's own default config file that will be instigated after a factory reset.
Local web API Use cases: users need to setup config automation for devices without Internet access.

Benefit: the web UI of the DAL device provides a RESTful API that can perform multiple configuration updates on the device.