How to Whitelist MAC Address for Remote HTTPS Access | RobustOS Pro & EG Series

How to Whitelist a MAC Address for WWAN Access to HTTPS Services on RobustOS Pro Devices

Overview

By default, RobustOS Pro-based devices (such as the EG series) have specific security settings that may allow or block remote access depending on the firewall configuration. In high-security environments, you may want to drop all incoming traffic from the WWAN/WAN by default and only permit a specific trusted host, identified by its MAC address, to access the device's web management interface via HTTPS.

This guide explains how to configure a MAC address whitelist to secure remote HTTPS access over a cellular connection.

What You'll Need

Hardware: 1 x Robustel EG series gateway (e.g., EG5120) with an active SIM card providing a public IP address.
Information:
The MAC address of the host machine allowed to access the gateway (format: XX:XX:XX:XX:XX:XX).
The public WWAN IP address of the gateway.

Step-by-Step Configuration Guide

Step 1: Secure the External Firewall Zone

1. First, we must configure the device to drop all unsolicited traffic from the external (WWAN/WAN) network.
2. Log in to the device web interface (default: https://192.168.0.1).
3. Navigate to Network > Firewall > General Setting.
4. In the Zones section, find the external zone and click the Modify (pencil) icon.

5. Set the Input policy to Drop.

6. Disable access for all listed protocols (SSH, HTTP, HTTPS, and Ping) to ensure no general remote access is allowed.

7. Click Submit at the bottom of the page.

Step 2: Create a MAC Whitelist Rule

Once all general access is blocked, you must create a specific traffic rule to allow your trusted MAC address.
1. Navigate to Network > Firewall > Traffic Rules.
2. Click the + (Add) button to create a new entry.
3. Configure the rule with the following parameters:
  1. Name: Allow_Host_MAC_HTTPS (or any descriptive name).
  2. Protocol: TCP (HTTPS services use the TCP protocol).
  3. Source zone: external (Incoming traffic from the cellular/WAN network).
  4. Source MAC: Enter the MAC address of the public host (e.g., MAC-B).
  5. Destination zone: device_input (Indicates traffic is destined for the gateway's own services).
  6. Destination Address: Device active link IP address
  7. Destination port: 443 (The default port for HTTPS).
  8. Action: Accept.
  9. Click Submit.
  10. Click the Save & Apply button at the top right of the WebUI to commit the changes.

Results Confirmation

To verify the configuration:
1. On the host machine with the whitelisted MAC address, open a web browser.
2. Enter https://[Device_Public_IP_A] in the address bar.
3. The browser should display the login page of the Robustel gateway.
4. Attempt to access the same URL from a different device (with a different MAC address); the connection should be dropped and time out.

    • Related Articles

    • RobustOS Pro SDK

      Robustel's router allows 3rd party to develop their applications. We provide a Software Development Kit (SDK), which offers a simple and fast way to implement customer-specific functions and applications. This SDK is compatible with EG5100, LG5100, ...

    • RobustOS Pro UCI Configuration Manual

      This document serves as a general reference manual for the UCI configuration interface of the Robustel RobustOS Pro system. Important Notice: UCI configuration parameters vary depending on device model and firmware version. The parameter lists, value ...

    • How to Configure APN on RobustOS Pro Gateways (EV8100, EG5100 Series, R1520LG, LG5100, EG5200, MG460)

      Overview This guide provides step-by-step instructions for configuring a custom Access Point Name (APN) on Robustel gateways running the RobustOS Pro system, including models such as EV8100, EG51xx series, R1520LG, LG5100, EG5200, and MG460. It ...

    • RobustOS Pro Application Development Getting Started

      Preface Welcome to RobustOS Pro! This guide provides a step-by-step roadmap for understanding, developing, and deploying applications on the platform. This document is only applicable to RobustOS Pro 2.4.x firmware versions. System Architecture ...

    • Deploying Applications with Docker on RobustOS Pro

      This document guides developers on installing and using Docker on RobustOS Pro devices (firmware version 2.4.0 or higher), and demonstrates application deployment and management in containers through a specific example: creating a Web application ...