DAL OS Feature List

Feature Description
Ethernet
DHCP Server Provide a pool of IP address to provide to DHCP clients.  There is no imposed limit to the DHCP address range.
DHCP mac reservations Reserve IP addresses for user configured MAC addresses.
DHCP server custom options List user-definable DHCP option for number of responses.
DHCP server per layer 2 "group" Define a DHCP server instance for each layer 2 or hub group.
DHCP Relay A DHCP relay agent will forward DHCP requests between client and servers.
DHCP Client The device can request an IP address for its own interfaces from a DHCP server.
VLANs Virtual LAN networks.
VLANs inside VLANs Used by some IP phones, for example.
Multiple IP's per "LAN" Router can own multiple IP addresses in the same layer 2 "LAN group".
Port Isolation/Grouping Each Ethernet port is individually configurable.
Arbitrary network plumbing VLAN bridging, VLANs on Bridged VLANs/Wifi/Ethernet, ...
Duplex/speed control Adjustable Ethernet link duplex and speed.
Network analyzer Configurable to enable logging of packet analyzer trace for network troubleshooting.
Ethernet bonding Bond multiple Ethernet ports together for higher throughput and/or redundancy.
PPPoE server Support for running a PPPoE server in IP passthrough mode.
802.1x Port-based network access control, configurable per network interface.
Routing
Static routing Static routes to interfaces with metrics.
Multicast routes 1-to-many data transmission.
Policy based routes Traffic shaping based on 5-tuple packet filtering.
STP Spanning Tree Protocol.
RSTP Rapid Spanning Tree Protocol.
RIP Routing Information Protocol.
BGP Border Gateway Protocol.
OSPF Open Shortest Path First routing protocol.
NEMO/DMNR Verizon Dynamic Mobile Network Routing.
GRE Generic Routing Encapsulation.
Respond to GRE keepalives Send a reply if a GRE keepalive is received.
PPPoE Useful so router can own IP address from an xDSL router.
QoS DSCP and Priority Queuing.
Load balancing between different WANs Example: load-balance cellular and Ethernet.
IPv6 Independently configurable IPv6 network for all available network interfaces.
IPv6: DHCPv6 IPv6 DHCP client.
IPv6: SLAAC / Prefix Delegation IPv6 Stateless Address Autoconfiguration.
NHRP Next-hop routing protocol
Failover
Digi SureLink® Range of connectivity tests for any type of network interface (WAN, cellular, LAN, VRRP, VPN, bridge, etc.) along with recovery options to ensure the interface automatically re-establishes.
Ethernet to Cellular Automatic failover with Digi SureLink tests to validate both connections.
Cellular to Ethernet Automatic failback with Digi SureLink tests to validate both connections.
SIM to SIM failover on failure to connect Automatically switch between SIM slots if either SIM cannot connect.
SIM to SIM failover on problem with automated ping test probes or similar allowing reconnect attempt. Failover between SIM cards if an automatic ping test probe or similar fails, allowing a re-connection attempt of the current SIM first. If the re-connection attempt of the current SIM is successful but end to end probe test still fails, then failover to the other SIM.
SIM prioritization Allow one SIM to be given priority over the other if both are working. Return to the higher priority SIM after running on lower priority SIM for a period of time.
Wi-Fi to cellular Wi-Fi-as-WAN client connectivity can be used in addition to cellular or wired Ethernet for Internet connectivity. Each Internet connection can be individually prioritized to control primary vs backup.
VRRP Basic hardware redundancy sharing of MAC and IP address between two devices.
VRRP+ Digi patented feature to increase/lower VRRP priority based upon the results of probe tests; allows for intelligent failover.
Supports pings and/or other automated probe tests on all interfaces. Allow recovery or failover action to be initiated if the test fails.
Support for a second ping or probe target. Only take action if both the primary and secondary ping/probe targets are failing.
In VPN tunnel pings Interface ping/probe tests can be directed through a VPN tunnel to prove end to end connectivity and disconnect WAN interface when problem detected.
Recovery Pings (firewall) Routes/interfaces can be brought back into service only after a successful ping / probe test.
No IPSec SA deact Detect when there are no IPSec Security Associations on an interface and initiate a recovery procedure; e.g. reconnect module, reboot router etc.
DNS
Routing - DNS Sel Route requests for different host/domain names to different DNS servers including wildcard definitions.
Dynamic DNS Automated DNS updates for dynamic IP addresses.
Custom DNS entries Custom IP/name/domain entries via DNS server configuration.
Cellular
Radio technology locking Supports locking to specific radio access tech (2G-only, 3G-only, or 4G-only).
SIM PIN Ability to configure and unlock SIMs with PINs.
Dual APN Connect to two APNs at the same time and obtain an IP address on each. Typical use is for private APN and public APN simultaneous connections.
APN Search APN lookup/search based on global database/SIM provider/carrier.
User configurable APN search Full control over what APNs are utilized to establish a cellular connection.
External USB Modems Support for plug-in USB modems.
OTA/Remote Modem Firmware Update Manually or automatically trigger remote firmware updates to the cellular modem(s) in the Digi device.
CLI/WebUI Modem Firmware Update Apply local firmware update to cellular modem.
Carrier/SIM based firmware switching Change modem firmware to suit SIM/Carrier.
Carrier/SIM locking Use cases: cellular MVNO/partner SIM cards can connect to multiple carriers in an area.

Benefit: users need the SIM to connect to a specific carrier due to better signal strength, performance, or data plan.
User Configurable Antenna Control Main-only, diversity-only, or both.
Cellular IP Passthrough Mode Cellular addressing is passed through to upstream device. IP passthrough can also be done for Wired WAN or Wi-Fi-as-WAN connections.
5G NSA (non-standalone) and SA (standalone) modes Options to set the cellular modem to 5G-only (including setting to 5G SA-only, NSA-only, or both NSA/SA-modes).
5G slicing Single-slice support for configuring the slice type to set in the 5G modem.
Carrier scan Scan for available carriers the modem and SIM card can connect to and allow manual selection of the carrier.
VPN
LAN to LAN IPsec Flat LAN networking setup with multiple remote sites.
Support for 0.0.0.0/0 traffic selector Needed if all the traffic received from the LAN is to be routed down the IPSec VPN tunnel.
IPv4-over-IPv6 IPv4 networking through an IPv6 tunnel.
IPv6-over-IPv4 IPv6 networking through an IPv4 tunnel.
IPsec tunnel inside of another IPSec tunnel Network segmentation with tunnels within another IPsec tunnel.
Number of Consecutive tunnels There is no fixed limit.
IKEv2 Modern IPsec protocol support.
Multiple subnets in single IKEv2 policy Dynamic networking within IPsec tunnels.
IPSec tunnel follows best WAN interface Automatic tunnel establishment on WAN failover/failback.
Failover IPsec tunnel with same local/remote subnet between two remote VPN concentrators Simple IPSec VPN failover configuration (back up tunnel IP address or other method that allows the same remote subnet to failover between two IPSec concentrators).
OpenVPN Server Secure VPN for point-to-point or site-to-site connections.  Both clients and servers can be configured simultaneously.
Accept OpenVPN pushed routes Routes pushed to the client by the OpenVPN server.
OpenVPN Client Outbound OpenVPN tunnel to an OpenVPN server.
EZY VPN Cisco IPSec extension to use MODECFG + XAUTH.
Support X.509 certs with IPSec Certificate-based peer authentication.
Support RSA Signatures Public-key crypto for IKE authentication.
SCEP Connect to a Simple Certificate Enrolment Protocol server to obtain certificates for IPSec.
Max IPSec Authentication Level AES256GCM128
Max IPSec Encryption Level SHA512
Max IPSec DH Group DH32
IPSec Debug Logs Easy way via the UI for the user to enable and access IPSec + IKE debug logs, i.e. without using CLI.
Protocol-based IKE policies Ability to configure IPsec networks by protocol and/or port instead of a network address range.
XFRM or strict routing IPsec tunnels Options for configuring route-based XFRM IPsec tunnels or policy-based IPsec tunnels.
L2TP Layer 2 Tunneling Protocol. Includes options for configuring PPP-over-L2TP and L2TP-over-IPsec tunnels.
L2TPv3 Layer 2 Tunneling Protocol Version 3 static unmanaged Ethernet tunnels.
Multiple IPsec remote endpoints Add multiple endpoints and either round-robin between the endpoint or randomly select an endpoint to establish the tunnel to.
Firewall & Security
Stateful packet filtering (basic security) Per-packet analysis to match with applicable firewall rules for traffic shaping and access restriction.
Firewall Zones Allow firewall groups of interfaces and access based on usage, etc.

Allows user to easily add rules to a number of interfaces/define interaction between different zones etc.
Custom firewall rules User may utilize complex low level rules (i.e. IPtables)
Basic web content filtering by DNS Basic web content filtering by DNS redirection.
Advanced web filtering - Cisco Umbrella Full umbrella support.
Address Translation NAT support for segmenting networks behind a firewall.
MAC Address filtering  Allow/deny network access based on MAC address of incoming device.
TLS Version 1.3 Secure HTTPS communication.
Certificates with HTTPs Customizable SSL certificate for HTTPS web UI access.
2 Factor Authentication Configurable 2FA user authentication.
Multi-user role based access Fine-grained permission control to determine whether a user has admin level access or read-only access.
Firmware update notifier Notification shown in the CLI, web UI, and Digi RM when new firmware is available.
Port forwarding Forward incoming traffic on a port to another IP address. Support a range of ports, including 1:1 and many-to-one port mappings.
Management
Support for multiple user levels including read-only. Role-Based Access Control specifically to allow a user to log into a device, view configuration and status but not change it.
Digi Remote Manager® (Digi RM) Digi’s central portal for monitoring, managing, and performing automated interactions with Digi devices, utilizing best-in-class secure connectivity with client-side TLS certificates
Digi RM Profile Manager Compatible with Digi Remote Manager Profile Manager for fleet management, remote firmware updates, and OTA modem firmware updates.
Digi RM CLI Remote access to the admin CLI on the Digi device through Digi Remote Manager.
Benefit: when combined with Digi RM's automations feature, users can perform a series of defined tasks to automate a number of actions on the DAL device.
Digi RM SMS Digi Remote Manager can configure a device via encrypted SMS messages.
Digi RM http proxy connection support Devices in a secure network can connect to an HTTP proxy for all outbound communication to Digi Remote Manager.
Remote console access Device can be remotely accessed using the cloud server.
CLI Digi command line interface with a large set of commands available for administering the Digi device, including tab auto-completion.
HTTPS SSLv3 secure web UI login.
HTTP/s banner Custom text displayed when user logs into the device.
Telnet/SSH banner Custom text displayed when user logs into the device.
Syslog Can send events to an external syslog server.
Telnet server Access to admin CLI, serial port(s), and shell console (available on select products; disabled by default).
SSH server Access to admin CLI, serial port(s), and shell console.
SFTP server Available for the user to transfer config files, scripts and firmware.
SCP server Available for the user to transfer config files, scripts and firmware.
SNMP server SNMPv3 and SNMPv2c read-only access.
DRM Health Digi Remote Manager Health Metrics.
SMS cmd execution Change the configuration or reboot the device via SMS messages, either through Digi Remote Manager or a custom python script.
TACACS+ TACACS+ for system administration, authorization, authentication, and accounting.
RADIUS RADIUS for system admin and authentication.
LDAP LDAP for system admin and authentication.
USB analyzer trace Configurable to enable logging of packet analyzer trace to a USB mass storage device (e.g. flash drive).
Web UI to configure tracing Web UI to configure and view analyzer traces.
Access to the Linux shell Linux shell console available for sysadmin tasks.
NetFlow NetFlow allows for in depth traffic analysis and bandwidth monitoring.
intelliFlow Netflow is too data hungry; Digi Intelliflow™ is a tool that provides a graphical way of visualizing your network’s application data. Intelliflow, combined with Digi Remote Manager, provides a powerful tool for combating excessive data usage. Digi Remote Manager provides custom alarms that can be set up to notify you when you approach your monthly data limit or exceed your monthly data limit. You can use those alerts to know when an action is needed on your network to address excess usage.
Initial config via Bluetooth Configure the cellular connection settings via Bluetooth.
iPerf bandwidth testing Ability to act as an iPerf server or client.
Device event logging Send system logs to Digi Remote Manager for cloud-based analysis and information aggregation.
Remote commands Digi Remote Manager can perform remote actions on the device.
Digi AnywhereUSB® Plus debug wizard Web UI tool for collecting USB debug logs from an AnywhereUSB Plus device.
nuttcp bandwidth testing Provides the ability to act as a nuttcp client.
NFS client Enables the ability to mount an NFS server onto the local filesystem and provides support for logging to an external NFS.
Email notifications Send system event logs via email (Connect IT 16/48 only).
SNMP traps Send system event logs via SNMP (Connect IT 16/48 only).
Wi-Fi
Wi-Fi 2.4/5GHz Dual-band Wi-Fi support (available on select products).
Multi SSIDs Up to 8 concurrent SSIDs per radio.
Client mode Connect to another Wi-Fi device’s SSID.
Background scanning Ability to regularly scan for a SSID with better coverage and automatically switch to that.
AP mode SSID setup for Wi-Fi client devices to connect to.
Client isolation Option to prevent client devices from communicating with each other.
WPA2 Enterprise  RADIUS authentication for Wi-Fi connectivity.
Client + AP concurrently with a single Wi-Fi module.  
Wi-Fi Bridged Client A simple example is bridging a LAN over a Wi-Fi client connection to another LAN.
Generic Wi-Fi Hotspot  Local captive portal and hotspot.
Coovachilli Hotspot tive portal access controller.
WDS Wireless distribution system.
Access Control List Allow or deny clients based upon MAC address.
Wi-Fi scanner Scan for nearby client devices, including rogue APs, stationary clients, or moving clients, then report the results to one or more remote servers.
DFS client Support 5 GHz DFS Wi-Fi channels in client mode.
WPA3 encryption WPA2/WPA3 Personal, WPA3 Enhanced Open, WPA3 Personal, and WPA3 Enterprise.
Certificate-based WPA2/WPA2 Enterprise client PKI certificate-based authentication for WPA2/WPA3 Enterprise Wi-Fi client connections, including options for user-provided certificates or SCEP client integration for automatic certificate generation.
Location
GPS/GNSS Multiple options for obtaining GPS/GNSS locations, including external USB GNSS modules, internal GNSS module (available on select products), manual lat/lon, or cellular modems with GPS support.
Inbound UDP Configuration option to accept incoming UDP/TCP packets containing NMEA data.
Outbound UDP Configuration option to send GPS NMEA stream to server via UDP/TCP with optional filtering.
Geo-fencing Multiple geo-fences can be defined and multiple actions can be taken when the device enters/leaves any of the geo-fences.
UDR (untethered dead reckoning) Ultra-precise positioning and location tracking that takes into account acceleration, speed and angular rate (available on TX-series Digi routers).
Time
SNTP client Simple NTP protocol support in client mode.
SNTP Server Simple NTP protocol support in server mode.
NTP server Act as NTP server for local clients.
SNTP client wait for WAN to connect NTP sync automatically occurs after the Digi device obtains a WAN connection.
SNTP daylight saving offset Wait for WAN to connect before attempting SNTP.
NTP client Outbound date/time sync with remote NTP server.
GNSS module as time source Use the Digi device’s internal or USB GNSS module (if included) as a date/time sync source.
Serial
Configurable modes Login, remote access, Modbus, or custom application.
Modbus TCP to RTU conversion Serial communication and protocol conversion using Modbus.
Inbound TCP to serial Inbound TCP socket connection to serial port(s).
Accept multiple inbound TCP connections for same serial port concurrently. Shared serial port access (can be locked for exclusive access if needed).
Inbound SSH to serial Inbound SSH connection to serial port(s).
Inbound Telnet to serial Inbound Telnet connection to serial port(s).  Disabled by default.
USB to serial adapters Support USB to serial adaptors on USB port.
Serial port tracing Trace traffic in and out of the serial port for debugging purposes (analyzer trace).
Web based serial access (Shellinabox or similar).
Digi RealPort Virtual PC comport connection to serial port of DAL device.
Support for external analogue modems via RS232 or USB Legacy
Multi TX Sends serial data to multiple destinations (IP and UDP/TCP ports).
Modbus gateway Use the Modbus protocol to provide serial-to-Ethernet connectivity to Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and other industrial devices.
Serial PPP dial-in mode Answer Point-to-Point Protocol (PPP) connections over serial ports.
Automatic serial detection Query connected serial devices and auto-configure serial port settings in remote access mode.
autoconnect mode Stream outbound serial traffic when in remote access mode.
outbound serial-over-UDP Outbound access to the serial port using UDP.
Programmability
Python3 Modern Python scripting.
Python PIP Dynamically install and add Python modules via Python PIP.
Python method to control device LEDs Customizable LED behavior with automated Python scripts.
Python module to post datapoints to Remote Manager  Custom Digi Python modules for automated and custom interactions with Digi Remote Manager.
Python module to access OS CLI / change configuration PIP Python module installer.
Shell scripts Linux shell scripting.
Execute own Linux cross compiled programs Ability to run custom-compiled applications natively on the Digi device.
Python support to send data to AWS Python AWS module support.
Python support to send data to Azure Python Azure IoT module support.
DIA (Device Integration Application) Compatibility with Digi DIA Python framework.
Script/Application Sandboxing Python and Linux shell scripting run with full access to the device’s system or in a locked-down sandbox environment.
MQTT Client Report custom metrics and analytics to a customer's infrastructure. Primarily used when integrating with Azure IoT Hub.
Containers as a Service Containers-as-a-Service is a tool to simplify and centralize the process to build, deploy, run, monitor, and manage your custom applications on Digi devices run DAL OS, utilizing Digi Remote Manager as the central portal for controlling your containerized applications.
containerized python environment Add on Python to your EX-series Digi device via Digi Remote Manager.
Fleet
Ignition sense delayed power off Monitor ignition sense input to control power off sequence.
Device Configuration
Binary ".all" file Flash image for configuration or factory reset function.
Device Configuration Export/Import Abilty to export the configuration for (re)configuring other/same router.
Custom factory config file Ability to define customer's own default config file that will be instigated after a factory reset.
Local web API Use cases: users need to setup config automation for devices without Internet access.

Benefit: the web UI of the DAL device provides a RESTful API that can perform multiple configuration updates on the device.
Low power mode Options to adjust the CPU frequency, system performance, Ethernet ports, serial ports, and LED behavior for reduced power consumption.