About RansNet Products

RansNet Appliances

RansNet offers SD-WAN / SD-Branch and Wi-Fi Hotspot (mbox product family), and mfusion cloud as an end-to-end solution for enterprise customers and service providers.

RansNet mbox product family includes all the hardware required to provide reliable end-to-end wireless Internet access to end-users, including Mbox Access Points (MAP), HotSpot Access (HSA), Universal Access (UA), HotSpot Gateway (HSG), and Cloud Managed Gateway (CMG).

As a technology vendor of strong networking fundamentals, RansNet has developed mbox with robust networking and security features, being a perfect gateway appliance for any size of enterprise networks. HSG is used if the captive portal feature is required, else CMG (lower cost device) will be used. Different models are available depending on the size of the network and number of users etc.

RansNet mfusion cloud platform helps administrators or service providers remotely monitor and manage massive RansNet gateway appliances. mfusion delivers centralized orchestration, patch management, fault/threshold alerting and real-time/scheduled reporting, etc. 

SD-WAN Solution (CMG, HSA, UA)

CMG – Cloud Managed Gateway

CMG is deployed as an SD-Branch Integrated Gateway/CPE appliance, with TCP/IP routing, Multi-WAN link balancing, Virtual Private Networking, bandwidth control (QoS), stateful firewall inspection & Proxy/Caching all packed into a powerful purpose-built appliance in one device, saving the cost for additional router and firewall, while enjoying the maximum performance and reducing point of failures.

The “zero-touch provision” feature enables speedy onsite deployment without the need of any certified network engineer, with its cloud management capabilities enable Managed Service Provider (MSP) to massively manage and monitor all deployed boxes at their fingertips. Refer to datasheet for hardware details.

HSA – Hotspot Access

HSA is designed to be an all-in-one SD-Branch gateway for the smaller network environments, providing router, firewall, wireless, and hotspot access control features in a single cost-effective box. Refer to datasheet for hardware details.

UA – Universal Access

Universal Access SD-Branch Gateway is an integrated 4G/5G cellular, Machine-To-Machine (M2M), IoT, and with all essential enterprise and security features.

The UA-800 Series can be easily configured and managed using mfusion SD-WAN / SD-Branch orchestration platform, cloud-based network operations, assurance, and security platform. UA-800’s “zero-config” feature enables speedy onsite deployment without the need of any certified network engineer and empowers Managed Service Provider (MSP) to massively deploy, manage and monitor all UA-800 at fingertips.

Ideally suited for banking, Retail, and F&B chain networks, the UA-800 Gateway Series serves a key role within the RansNet SD-WAN / SD-Branch solution, which unifies WLAN, LAN, SD-WAN / SD-Branch for distributed enterprises.

Wi-Fi HotSpot Solution (HSG, MAP)

HSG – Captive Portal HotSpot Gateway

HSG is a HotSpot Gateway to provide guest Internet access with granular user access control and security enforcement. It allows enterprises or venue owners (hotels, malls, clubs, F&B, etc) to offer flexible and differentiated Internet access for guests, VIP members or visitors. Refer to datasheet for hardware details.

Sitting at the Internet edge, mbox HSG manages user Internet access through a few key modules:

  • Router, Stateful firewall, DHCP server, Multi-WAN
  • HotSpot Access Controller (hotspot instance)
  • Captive Portal (CP)
  • User Authentication Authorization and Accounting (AAA, also called RADIUS).
  • mbox Access Point Cloud Controller (MACC)
  • Advertising gateway

HotSpot Access Controller combines DHCP server, firewall, and bandwidth control engines, granting user Internet access, and enforces their respective rights based on AAA/RADIUS client policies. It intercepts user’s initial browsing requests and redirects to a captive portal (also called landing page in many places) for entering authentication credentials and accepting terms and enforces the authorization (client rights) returned by AAA/RADIUS server for each authenticated users.


The HotSpot Access Controller here is not referring to wireless access controller

A single mbox HSG can support multiple instances of HotSpot Access Controller. Typically each instance maps to a different VLAN or network for different access controls (Ex: different login/landing pages, different bandwidth control policies, etc), so that we can enforce different user experiences for users coming from different networks.

HSG hotspot Access controller supports following features:

  • Multi-instance, multi-VLAN support, Multi-WAN.
  • Built-In DHCP server for client DHCP address assignment for each VLAN. Each instance of HotSpot Access controller (for each VLAN) can issue different subnets of DHCP addresses and redirects to the different captive portal login page.
  • MAC address bypass (eg. default pass-through for some devices), domain bypass, and URL bypass (eg. default pass-through for some destination domains or URLs).
  • Per-user, per session bandwidth control based on username or user VLANs
  • Dynamic bandwidth allocation per user, dynamically re-allocating per user bandwidth by adapting to backhaul link utilization.

HSG captive portal is a built-in web server that prompts users with a customizable web login page. It also interacts with Access Controller and AAA/RADIUS server to enable user credential inputs and integrates with RansNet cloud advertising server to stream landing page ads etc.

HSG AAA server (or RADIUS server) validates user credentials and passes user access policies (bandwidth per user, session time, volume/usage, etc) to the Access Controller for enforcement.


MACC and advertising gateway modules will be covered in separate sections.

A. Workflow of HSG HotSpot User Access – Deployed on-premise:

  1. User device (Mobile/Computer) connects to the Local Area Network (LAN) through Wireless-open SSID (can be any wireless   Infra with MAP or 3rd-party Access Point) or to normal switch port, and then the client device gets IP address from DHCP server.
  2. User browses Internet using a standard browser, The browsing request hits the mbox LAN/VLAN interface and intercepted by HotSpot Access Controller.


Modern Smart Phone will auto initiate a browsing request once the device gets IP from the DHCP.

Image 1 : HotSpot Gateway workflow
  1. mbox HotSpot Access controller redirects the User’s device browser to a Captive Portal login page.
  2. The user entries the Login credentials In the Captive Portal login page, which is forwarded to HotSpot Access Controller, which then sends to the RADIUS server for validation.
  3. RADIUS server validates user credentials and returns Access/Reject result to HotSpot Access Controller, together with a set of authorized profiles access rights for the authenticated user.
  4. HSG HotSpot Access Controller grants users Internet access and enforces respective rights passed by RADIUS.
  5. User traffic breaks out from the HSG WAN interface to the Internet and it performs NAT for user’s source IP.


If landing page ads are enabled (integrated with RansNet cloud advertising server), the user will see an ads pop-up and will appear for few seconds (configurable), before seeing the Captive Portal page to login.
If in-session ads injection is enabled (integrated with RansNet cloud advertising server), the user will periodically (configurable) see pop up ads in their browser.
The radius server in HotSpot Access Controller can be the local RADIUS or 3rd-party standard RADIUS server.

B. Workflow of MAP/UA with external (HSG) HotSpot Gateway.


MAP (Mbox Access Point), HSA (HotSpot Access ), and UA (Universal Access) have only the Access Controller module available when it comes to HotSpot in a distributed architecture. MAP/UA/HSA will do the Access Controlling part and HotSpot Gateway will push the Captive Portal and radius for Authentication. 

  1. The user device (Mobile | Computer) connects to MAP/UA/HSA open wireless SSID. Because in cloud-based deployment, MAP is configured in NAT mode, mbox HotSpot Access Controller (MAP/UA) will issue DHCP address to the client device. (if MAP is configured in bridge mode in an on-premise design model, then the scenario will be the same as above #A).
Image 2 : MAP/HSA/UA workflow
  1. User browses Internet using a standard browser, The browsing request hits the mbox MAP/UA/HSA device and intercepted by HotSpot Access Controller.
  2. HotSpot Access controller redirects user browsing request to the external HSG for captive portal and AAA.
  3. The user enters the login credentials, which are forwarded to the external radius server for validation. RADIUS server validates user credentials and returns Access/Reject result to HSA/MAP/UA HotSpot Access Controller, together with a set of authorized profiles access rights for the authenticated user.
  4. HSA/MAP/UA HotSpot Access Controller grants user Internet access and enforces the respective rights passed by radius.
  5. User traffic breaks out from MAP/UA directly to the Internet. HSA/MAP/UA performs NAT for the user’s source IP.


The MAP doesn’t support in-session ads and dynamic bandwidth control.

1 HSG can support multiple HSA/MAP/UA. Sizing of HSG is based on 10 x (no. of MAP/HSA).
Ex: To support 20 HSA/MAP/UA, HSG-200 is required. To support 80 HSA/MAP/UA, HSG-800 is required, and each organization needs to have a dedicated HSG since the radius database can not be shared.

In the cloud model, the external HSG can be running on a virtual machine since it’s not functioning as a gateway, and only hosting RADIUS and Captive Portals for MAP/HSA/UA.

MAP – Mbox Access Point

MAP-820 is the latest enterprise-grade AP that supports next-generation Wi-Fi 6 technology, with backward compatibility to existing legacy devices. The 802.11ax AP is designed for intensive Wi-Fi usages, such as malls, exhibition centers, enterprise offices, schools, hospitalities, and dormitories. It supports up to 1024 Wi-Fi clients and provides up to 65% higher total throughput than legacy Wi-Fi 5. The 2 x 2 MIMO MAP-820 supports selectable dual-band dual-radio (2.4G + 5G or 5G+5G) mode with up to 2.4Gbps wireless throughput. It is also IoT ready integrated with BLE.

MAP-130 is specially designed to be deployed in individual rooms (1 MAP-130 per room). The dual-band AC wall-mountable AP has the same size as a standard 86-type faceplate with integrated Ethernet and voice ports.

MACC (MAP Control Center) is a Wireless LAN Controller software module embedded inside HSG & CMG gateways, for mass deploying and managing mbox Access Points (MAP).

Image 3 : MAP-820 (Wi-Fi 6)

All MAP can operate in 3 modes:

  • Fat mode (autonomous). The MAP can operate as a standalone AP and be configured via both CLI and web GUI.
  • Fit mode (light-weight). The MAP will completely depend on the AC controller to manage and operate the AP, like how other typical light-weight AP works.
  • Fit-macc mode (Hybrid). This is the most unique and powerful operating mode for MAP. When MAP is integrated with MACC, MAP uses MACC for provisioning, monitoring, policy management, and wireless optimization, but will continue to function standalone when the connection to MACC is lost due to whatever reasons. For example, during HSG/MACC maintenance, we can upgrade or reboot MACC without any downtime to the wireless network.

Advanced features of MAP:

  • Dual-radio, dual-band, supporting 2×2 spatial streams and the latest OFDMA, MU-MIMO, and BSS technology. Enterprise-grade hardware. High performance and reliability. All support PoE LAN switches.
  • Wi-Fi Alliance certified.  Support all standard WFA security, EAP, WPA, WPA2/3, WPA2/3-dot1x
  • Support advanced wireless security, such as client isolation, rogue AP detection, wireless intrusion detection, per device rate limiting, etc.
  • Support up to 1024 devices (for MAP-820), multiple 16 SSID per AP. Each SSID can be configured either in bridge mode (map to a VLAN) or nat mode (functions as a router). This flexibility makes MAP ideal for both large WLAN networks (bridge) or small F&B outlets (nat).
  • By working with MACC, MAP supports adaptive radio management, mobile access, QoS, seamless roaming, load balancing,  and many other Wi-Fi optimizations.
  • MAP also comes with a built-in HotSpot Access Controller to redirect user traffic to external captive portals for guest Wi-Fi access and Wi-Fi monetization.

All MAPs are built with the latest wireless technologies and all features are fully available upon purchase of the hardware. No separate license is required for different wireless features. Other than warranty costs, there’s no yearly software or cloud subscription costs.

MACC comes as a default module of HSG and there’s no licensing limit for the no. of MAP to manage, except there are certain guidelines for different HSG based on hardware resource availability.

Refer to datasheet for further technical details.

RansNet mfusion Orchestrator

RansNet mfusion platform is a multi-tenant and customizable cloud platform that provides proactive monitoring on all critical components of the IP network devices to detect and alert faults/errors in accordance with the pre-defined thresholds and escalate for prompt resolution. At the same time, it provides SD-WAN orchestration, configuration management, patch/firmware management, and service provisioning for RansNet hardware.

mbox (CMG/HSG/HSA/UA) seamlessly integrates with mfusion for cloud monitoring and management. Once a mbox is online (eg. through ISP DHCP connection), it will “call home” to establish a secure management session and register with mfusion. The mbox will authenticate itself to mfusion with a pre-provisioned unique MAC address for this device only.

Refer to mfusion provisioning for more details.

RansNet has a hosted mfusion platform shared for all customers and partners to manage RansNet appliances with valid support licenses. However, some customers or partners my prefer to host their own private mfusion cloud and/or have dedicated mfusion to monitor 3rd-party devices as well. Please refer to datasheet for mfusion datasheet for details.