This topic provides information about discrepancies in functionality that exist between the AMM Configuration Template, the LCI of MG devices, and MG devices in general.
The GPS configuration screen in the LCI of MG devices, provides one set of fields each for NMEA and TAIP messaging and , in which to specify the response and sentence formatting. This means that these same formatting settings will be used for TAIP and NMEA messaging on TCP, UDP, and serial connections, as well as for remote forwarding:
Furthermore, the NMEA and TAIP messaging settings are applied to all servers listed for remote forwarding :
In AMM 2.17+, the GPS Event Forwarding Settings Building Block, allows you to define separate NMEA and TAIP messaging configurations for TCP, UDP, and serial connections and :
The GPS Event Forwarding Settings Building Block also allows you to add an arbitrary number of remote hosts for Remote Forwarding , each with its own NMEA and TAIP messaging settings :
If you define NMEA and TAP messaging in the LCI, the settings will apply to all three connection types for local forwarding, whereas defining it in an AMM Configuration Template will apply only the connection-specific messaging settings that have been defined. If you define the settings via the LCI after applying a template, this will overwrite the messaging settings of all three connections types.
Similarly, if you define a server list in the LCI for remote forwarding, the local and remote forwarding settings will be applied to each server, overwriting any remote forwarding settings defined by an AMM Configuration Template.
Unsupported Characters in Friendly Names
For MG devices, a Configuration Template does not currently support back quote (`) or comma characters when entering a Friendly Name (e.g. in the Friendly Name field of the WAN Monitor Building Block) but these characters can be included when defining a Friendly Name via the LCI. The Configuration Template screen will prevent the entry of these characters.
Special Characters in Friendly Names Cause Failures
For MG devices, a Configuration Template does not currently support the single quote (‘) character when entering a Friendly Name (e.g. in the Friendly Name field of the WAN Monitor Building Block) but the Configuration Template screen does not prevent the entry of this character.
Ensure that these characters are not entered in the Configuration Template as they will cause failures to occur on the gateway.
TAIP and NMEA Require Multiple Building Blocks
When enabling and configuring TAIP or NMEA messaging for MG devices using a Configuration Template, the template will require the GPS Event Forwarding Settings building block in addition to the GPS General Settings building block.
The GPS General Settings building block is used to enable NMEA and TAIP messaging while the GPS Event Forwarding Settings building block is used to enable forwarding for TCP, UDP, and/or serial.
The Software Upgrade Status is not Updated when Upgrading from 4.2.2-xxx to 4.3.xxx
When upgrading an MG90 running 4.2.2-xxx to 4.3.0-xxx using the AMM, MGOS does not report the “Firmware download started” event, but does report the “Firmware download completed” event.
Note: This issue will be fixed in a future release.
Card-specific Settings of MG WAN Links are not Available in the Configuration Template
Card-specific settings of MG WAN links are not supported as configurable options in the AMM’s configuration management functionality. It is recommended that most users do not modify these fields.
Using the LCI, it’s possible to create a VPN profile with a friendly name containing double quote characters:
However, double quotes are not permitted in the friendly name within a configuration template.
When creating a configuration template to remove a VPN profile with a friendly name containing double quotes , an error message is displayed and the template cannot be created:
To resolve this issue, first remove the double quotes using the LCI and then proceed to create the configuration template with the updated friendly name.
Double Quotes are Removed from a VPN Profile's Friendly Name When Creating a Template from a Gateway
Using the LCI, it’s possible to create a VPN profile with a friendly name containing double quote characters:
However, double quotes are not permitted in the friendly name within a configuration template.
When creating a template from an MG gateway where a VPN profile name contains double quotes, the AMM will ignore the double quotes and they will not be present in the friendly name within the template (e.g., “vpn1” is imported as vpn1).
This can be an issue if you intend to deploy the configuration template back to the same gateway after updating the settings. In this situation, the original friendly name with double quotes (e.g. “vpn1”) will not be updated, and a new VPN without double quotes (e.g., vpn1) will be added to the gateway instead.
To resolve this issue, first remove the double quotes using the LCI and then proceed to create a configuration template from the device with the updated friendly name.
How to Select the Correct Key Algorithm in the Certificate Management Specification Building Block
The Certificate Management Specification > Certificate Profiles > Certificate Key building block includes a field called Key Algorithm which can be set to either ECDSA or RSA.
While both ECDSA and RSA certificates can be used for configuring Wi-Fi EAP-TLS authentication, the correct certificate type must be chosen as follows when configuring IPsec VPN authentication:
Note: Currently the AMM does not display an alert/warning if the wrong certificate type is selected for IPsec VPN authentication.
Imperial Values can Change/Lose Precision when Saving and Re-Opening a Configuration Template
Imperial values can lose precision after saving a configuration template and re-opening it.
For example, entering the value “15” in Odometer Value (ft) will correctly display back the value “15” after saving and reopening the template. However, other values may result in different values appearing after saving and reopening the template.
The unit value conversion used by the configuration template converts distance values from “feet” to “meters” based on the following rules:
For example, the value “130 feet” will be converted to “40 meters” and then converted back as “131 feet”.”
The "Last update status" on the Software Distribution screen is not always updated
The Last update status field on the Software Distribution screen may remain as Ready to Update even though an upgrade of an MG or oMG device has completed.
This can occur when the incorrect time has been set on the gateway, which prevents the software upgrade status from being updated on the AMM after the update has completed.
To verify that the update completed successfully, run an Event Viewer report and look for the update status event. For example:
522 Nov 1 11:03:45 PM ND73... - target dels Gateway software update status: Download Started
523 Nov 1 11:03:47 PM ND73... - target dels Gateway software update status: Download Completed
You can also optionally click Show Raw Events once the report has been generated, and verify that DELS event 338 is present which indicates successful completion of an update. For example:
522 Nov 1 11:03:45 PM ND73... - target dels 338,114294874:0,0,
523 Nov 1 11:03:47 PM ND73... - target dels 338,114294875:1,0,
When two non-network device profiles are linked (e.g., a WiFi network using a VPN defined in the same Configuration Template) and both of them are renamed at the same time during deployment, the link dependent on the friendly name is not correctly updated because it is still referencing the old friendly name of the dependency.
This occurs because the old friendly name of the dependency is stored in the device’s underlying configuration file, preventing the link to the dependent network profile from being maintained upon deployment.
To work around this issue, rename the non-network device profiles separately (i.e., rename them one at a time via two separate configuration template deployment steps).
When configuring entries for devices such as WANs, renaming a linked dependency such as monitors, VPNs, etc. will fail if you include ‘.’ character in the dependency’s new name. In this situation, the deployment of the Configuration Template will fail due to a “friendly name error”. Note that this does not occur for other special characters like “:”, “-“, or “#”.
The work around the issue, select the gateway on the Configuration Control screen, click Apply, and confirm to continue the renaming deployment operation to the target gateway.
An MG90 can support 10 VPNs and one management tunnel. However, the MG90 does not enforce this limit when VPNs are added using a configuration template, and it is therefore possible to add more than 10 VPNs via a configuration template. However, when creating a template from an MG90 that has been configured with more than 10 VPNs, a “Data Validation Error” will occur indicating that the number of VPNs exceeds the allowable limit of 10.
Users should try to avoid this issue by checking the number of VPNs that are currently configured on the target MG90, before adding additional VPNs via a configuration template. Doing so will ensure that the total number of VPNs after deployment of the template will not exceed 10, and any subsequent templates created from that device will not result in errors in regards to this limit.
VPN Configuration Changes for MG90 Devices may Require a Reboot
Making changes to an MG90’s VPN configuration settings post deployment, may require a reboot of the gateway in order for those changes to take effect.
Radio Module Firmware Available Options Missing in the AMM Configuration Template
As of MGOS 4.3, a set of options for managing radio module software are available in the LCI under General > Auto Software Updates > Radio Module Firmware Available. These options control the ability to purge and add various radio module software versions on the device.
These options cannot be modified by AMM configuration templates since they currently do not exist in the “Automatic Software Update Specification” building block.
The CertExpireIn stat, introduced in AMM 2.17 for certificate management, is populated when a valid certificate has been uploaded to an MG90 gateway for a certificate profile.
The stat is measured in days, but the actual certificate expiry date is measured down to the second. In the LCI, the expiry date can be observed on the Security > Certificate Management screen (e.g., “Sun Mar 15 20:37:47 UTC 2020”). However, the corresponding CertExpiresIn stat value will appear on the AMM’s Stats Tab in days (e.g., 94 days).
As a result, the CertExpireIn value will appear as “0 days” on the last day that the certificate is valid, even though the certificate is still valid for the remainder of that last day (i.e., up to 24 hours).
Temperature Settings are not Supported in Configuration Templates
The MG90’s temperature settings (High Temperature and Low Temperature ) are not supported in AMM Configuration Templates:
An Error Occurs when Deploying a Template with an external USB or Serial GPS Source to an MG90
A template containing a GPS Event Forwarding Settings building block, with a GPS source entry of External GPS via Serial or USB Port, causes an error when attempting to deploy it to an MG90. The reason stated on the “Config History Page” may look similar to the following:
Error: GPS Event Forwarding Settings->sources->[0]>externalserial: Key "attachment" is required because under parent externalserial but not present
Currently the AMM does not support creation of a new template created from scratch with a GPS source set to External GPS via Serial or USB. Instead, you must create the template from a device where this source was already configured via the LCI.
When attempting to deploy a template, the validation of the template fails with an error indicating that the passphrase doesn’t match the regex pattern. The error that is logged may look similar to the following:
Nov 28 10:03:10 AM: Remote Config: template validation failed.
Error: LAN Settings Specification->devices->LOCALAP->ap->aps->[0]>securitySettings>wpaOpenAuthentication->key->passphrase: Value 2434788 does not match the regex pattern [ -~]{8,63}
Nov 28 10:03:10 AM: Remote Config: set state to Template deployment failure - invalid configuration
on ATE source: ND60510...
target: ND6343...
This is due to a discrepancy between AMM templates and the MG90 LCI in the handling of passphrases that start with ‘0’ and contain only digits (i.e., do not contain letters). To resolve this issue, ensure that any passphrases that consist of all digits, do not start with ‘0’.
Template does not support SIM slot when configured as A2 or B2
When deploying a template, the validation of the template fails with an error indicating that there is an invalid configuration. The error that is logged may look similar to the following:
Mar 19 3:18:47 PM: Remote Config: template validation failed.
Error: Startup and Shutdown Specification->SIMCARDCONTROLPU: Value is greater than max range 3 (val=66)
Please fix the configuration and try again; or if you are sure the configuration is all right, click "Apply" button in configuration control page to push pending changes to the gateway.
This is due to a discrepancy between how the MG90 sends its configuration to the AMM. MGOS versions 4.1, 4.3 and 4.4 should not be configured where the target gateway(s) uses SIM slot A2 or B2. Otherwise an error will occur when deploying a template that has been generated from this configuration.
Time policy format mismatch between LCI and when generating a template
For MG90 version 4.3.1 and lower, the time policy format used by the LCI is hh:mm:ss+0000, which corresponds to hour, minute, second and timezone. The timezone is the offset from UTC(Zulu).
If a template is generated from this MG90, it will return an error saying the time format is wrong and will not generate a template.
If a template is created on the AMM using the WAN Specification->WAN Devices->Time Period Policy, the AMM will request a time in the format hh:mm:ss.
When the template is deployed to the MG90, it will convert the time to UTC(Zulu). However the conversion does not match the format that the MG90 expects. If a Save is done, an error will show on the LCI.
If you plan to use the Time Period Policy in your deployment, you must first create and test the golden template from a device where this has not been configured. This golden template would then be deployed to your field gateways.
Next on your test device, you would configure the Time Period Policy, test it, and sync its configuration to the AMM. An administrator would then use the Configuration->Deployment->Copy feature to copy the wan.yaml file to the field gateways.