PDF Datasheet

CPE Gateway Solution (CGS)

Tech Specification

Device software for service-provider managed home gateways

The SecureF1rst CPE Gateway Solution (CGS) from TeamF1 is a comprehensive turnkey software package enabling the next-generation of rich, auto-provisioned residential gateways and CPE routers deployed by broadband Service Providers (SPs).

As a member of TeamF1’s SecureF1rst line of prepackaged solutions, SecureF1rst CGS enables OEMs/ODMs/SPs to deliver advanced home area networking devices for a seamless and secure “connected-home” experience to end-customers.

The Need for Sophisticated RGs
Today, with the increase in IP connected devices in every home, a variety of applications such as IPTV, media streaming, video-on-demand, remote security surveillance, online gaming, peer-to-peer and social networking have to be supported by SP-deployed devices. In fact, these may frequently form an integral part of the SP’s offerings. At the heart of this IP “home area network” is usually a wired/wireless router that is deployed and managed by the SP. With highspeed delivery of rich content now proliferating, SP-provisioned CPE gateways have grown more sophisticated and are no longer just traditional Wi-Fi/NAT/routers, but pack capabilities like media storage / sharing, control of other DLNA and VoIP devices in the home, home automation and security/lighting control – and even have the ability to load SP and third-party apps for subscription or other services. These intelligent CPE devices demand iron-clad security, rock-solid stability, high performance and smart management of bandwidth through advanced QoS techniques. TeamF1’s SecureF1rst CGS offers all of these (and more), enabling SPs to offer leading-edge services to their customers, with faster time-to-revenue, lower R&D costs and lower risk.

Advanced Connectivity Features
To enable service providers to deliver value-added services to end-users, SecureF1rst CGS offers a multitude of networking capabilities including:

  • Enhanced TCP/IP stack for higher performance, future ready with full support for IPv6 (host and router mode).
  • Supports IPv6 - IPv4 tunnel formation for internet connectivity through hybrid networks.
  • Extensive QoS features for efficient bandwidth management for varied value-added services and triple-play requirements.
  • Various networking applications support for service providers to offer advanced features to end users such as media sharing, peer-to-peer networking, online gaming, netmeeting, instant messaging, etc.
  • Load balancing support for wireless networks for low and high bandwidth demanding application requirements for smooth wireless connectivity.
  • VLAN trunking on WAN to enable multiple logical WANs for various ISP services such as IPTV, voice and internet connection with their specific QoS and queues management for better user experience.
  • Routing, bridging or hybrid network configuration based on specific requirements of service providers to help them cater to specific needs of network elements such as IPTV and VoIP phones.

Built-in Security Features
SecureF1rst CGS is packed with advanced security features including:

  • NAT for exposing only desired IP addresses to the Internet with Port Forwarding.
  • Capability of forming DMZ for an extra security zone to protect localarea network.
  • A robust yet easy-to-configure packet filtering firewall for stateful packet inspection (SPI) and denial of service (DoS) avoidance.
  • Fine grained time of day (ToD) based parental control features such as website, keyword or internet blocking.
  • Enhanced Wi-Fi security features such as MAC access list, SSID broadcast control, known computer list and rogue AP detection that helps in countering intruders from entering private home network.
  • Capability to support service provider’s RADIUS server for authentication.
  • Controlled access to house-guests, e.g., only internet access and no access to other home network devices, media sharing only etc.

Automatic Configuration, Provisioning & Setup
SecureF1rst CGS’ feature-set enables remote configuration and provisioning for service providers to manage the end-user device with ease by offering features such as:

  • Multi-instance DHCP server with option 60 vendor class identification (VCI) support to automatically configure various home network devices such as set-top boxes.
  • Multi-instance DHCP client for WAN to provide service specific IP addresses to network devices for efficient service delivery based on device requirements.
  • DNS server and multi-instance DNS clients for various network devices to access designated servers for serving the content (voice / video / data).
  • Support for dynamic DNS to easily access the device remotely without knowing the IP address.
  • Wireless Protected Setup (WPS) for easy and secure wireless connectivity of devices to the home gateway.
  • TR-069 support (including extensions such as TR-098, TR-104, and TR- 111) for automated remote configuration, reporting and provisioning by the SP.
  • Elementary firmware support – to boot up the device with basic functionality for setting up the router with main firmware automatically when the firmware upgrade fails or corrupts – without the need of dual firmware.
  • USB connectivity for plug-and-play configuration backup, firmware load and 3G WAN.

Applications Support
SecureF1rst CGS offers various preintegrated applications packed in the solution with various home networking features for offering intelligent consumer premises equipment to endcustomers. Application features include:

  • Sharing Manager to share media and other files/folders as well as printers across home network devices and the Internet for a truly connected user experience.
  • Streaming Manager with access control for playing/controlling media files from any media server (including the local one) to any DLNA capable player (such as a TV).
  • Download Manager enabling download of files from the internet through URLs and torrents on a predefined location and/or schedule to local and networked storage without needing to keep a PC on.
  • App Manager to dynamically install and use OSGi based Java programs (Apps) allowing home network users to enjoy custom applications and services.

Media Streaming
To fulfill the appetite of end-users for smooth and safe media sharing and consumption, SecureF1rst CGS includes media streaming capabilities for an easily manageable media centric and secure residential gateway device. Streaming features include:

  • DLNA based audio and video media sharing and streaming through support for various device classes such as digital media server (DMS) and digital media control (DMC).
  • Support for streaming media services for iTunes clients and Roku SoundBridge.
  • Home Media Director feature for forming global playlists based on media available in the network. Supports m3u and iTunes playlists.
  • Universal Plug and Play (UPnP) capabilities for zero-touch device discovery and control of A/V devices for media content sharing.

Features & Benefits

  • Complete turnkey solution for building feature rich, secure and easy-to-use SP CPE gateways reduces development costs, risk, and time to market.
  • Enables OEMs and SPs to differentiate their products through advanced security and end-user features such as content filtering, parental control and easy-to-use media sharing capabilities.
  • Standards based networking features enable:
    • 802.11 a/b/g/n support for maximum flexibility and high performance.
    • Differentiated QoS based on various home network devices’ requirements.
    • Media storage and sharing among various digital devices through UPnP and DLNA capabilities.
    • WEP, WAPI, WPA, WPA2 (802.11i), and WPS for easily configurable advanced wireless security.
    • OSGi based dynamic services management and App Manager.
  • Comprehensive remote management capabilities for configuration and provisioning through TR-069 family of protocols.
  • Intuitive user interface and setup wizards for better user experience.
  • Branding options offer a cost effective, customized look and feel.

OS Platforms: Linux®, VxWorks® and other OSs.
Hardware platforms: MIPS®, ARM/Xscale®, PowerPC®, x86.

Benefits for End-Customers

  • A seamless “connected home” experience for media, gaming and internet.
  • Hassle-free setup and configuration without security worries.
  • Ability to upgrade to more advanced services such as VPN, remote personal clouds, and business-class features.


The SecureF1rst Advantage
TeamF1 SecureF1rst CGS is a turnkey solution that provides OEMs and service providers with flexible connectivity options and security technologies from SecureF1rst platform's field-proven and validated modules. Along with network storage and media sharing abilities, OEMs can select modules for building routers with leading-edge networking and security options of their choice. In addition to a standard Ethernet interface on the wired side, SecureF1rst line of products support a variety of other back-haul options such as broadband and serial interfaces, and cellular data (3G/LTE) links.


Intuitive and easy-to-use GUI
SecureF1rst CGS enables service providers to offer enhanced userexperience to home network users through its easily navigable and intuitive GUI, with features such as:

  • Interactive wizard based gateway setup for automatic configuration of the router settings.
  • User friendly, browser-based device management for easy device configuration and set-up, coupled with advanced options available for “prosumers” and tinkerers.
  • Advanced AJAX-enabled front-end using TeamF1's DynaMO (Dynamic Management Objects) technology.
  • Interactive features including dynamic refresh, RSS feeds and search tags for enhanced userexperience.

Aggravation-free GUI branding
TeamF1 offers easy branding of its enduser visible management interfaces, including the ability to co-brand or customize device functionality for other service providers or partners to address various target markets, all without firmware changes. Options include:

  • Support for multiple themes that provide an SP-branded look and feel with no programming or HTML changes.
  • Support for multiple GUI skins that provide GUI design customization beyond the use of SP-branded colors and graphics, while requiring no code changes or retesting.
  • Advanced user interface control requiring some programming—using documented APIs supported by the flexible management infrastructure. This enables options such as dynamic graphics, Flash, and Java that provide the ultimate in branding with a unique look and feel.

Field-proven software modules
In order to create specific instances of the CPE Gateway Solution, TeamF1 leverages pre-existing software blocks that have proven their merit in thousands of deployments, not only minimizing risk for OEMs and SPs but also keeping licensing terms flexible. And only SecureF1rst CPE Gateway Solution can offer such a comprehensive set of features with completely modular packaging that allows for full customization to meet an OEM's / SP’s specific requirements.

Mix and match software modules
To create a fully customized device, customers first select from a comprehensive set of software modules. In addition to TeamF1 modules, customers can select from third-party modules provided by TeamF1 partners or modules developed in-house by the customer. TeamF1 then integrates these modules to create validated software packages that meet a customer’s specific needs.The final custom touches are added by TeamF1's professional services experts, who develop specific features such as BSPs, bootloaders, drivers, and hardware accelerators for OS platforms running a CPE Gateway Solution; integrate non-TeamF1 software modules; and customize enduser device management interfaces.

The result is a standard, field-tested software solution in a production-ready custom package, with all hardware integration, porting, testing, and validation completed by TeamF1.

Flexible Licensing
TeamF1’s embedded software products are licensed with very flexible terms from cost-effective object-code licenses to full-source and licenses to best suit our customers' financial and technology requirements, with production-license fee as well as royalty-free options available.

Customization Flexibility
SecureF1rst CGS is based on an advanced home networking platform with well-integrated modular technologies tailored to the residential gateway market. The modular approach enables endproduct requirements technically as well as from the perspective of each device’s look and feel. TeamF1's solution engineering team specializes in integrating and customizing our technologies into branded, ready-to-deploy turnkey solutions meeting specific market requirements.

Technical Specifications


  • Ethernet WAN (single or multiple)
  • xDSL / Cable / WWAN ISP
  • Wireless WAN (GPRS / EVDO / 3G / LTE / WiMAX)
  • Dialup WAN (primary or backup)
  • Ethernet LAN port or switch (managed / unmanaged)
  • Wi-Fi LAN Access Point or client (e.g. Muni Wi-Fi or travel router)

Protocol Support

  • IP routing (IPv4 and IPv6)
  • PPPoE, PPTP, L2TP client, including multi-instance capabilities
  • DHCP (with option 60 VCI support)
  • DNS / DNSsec Server / Proxy
  • NTP, NTPv4
  • IEEE 802.11 standards including 802.11n
  • SIP, FTP and other common ALGs
  • UPnP, Bonjour (zeroconfig), LLDP & other common discovery protocols
  • DLNA HND device class capabilities
  • OSGi framework & applications
  • Support for music streaming to iTunes clients and Roku SoundBridge

Networking Capabilities

  • Static Routing, Dynamic Routing
  • Bridge and routing mode of operation
  • Logical WANs for different SP services
  • Static IP address assignment
  • Advanced QoS – 802.1p, priority marking and remarking, DSCP Diffserv
  • Classless and class based scheduling and packet queuing such as RED, CBQ, WFQ
  • Internal DHCP server on LAN, including multi-instance DHCP server
  • Multi-instance DHCP client on each logical WAN
  • DHCP address reservation and MAC filtering
  • Outbound protocol binding
  • PPPoE client support: Static and dynamic
  • Multi-PPPoE for SPs world-wide
  • PPTP (e.g. Austria DSL) client support for login
  • Telestra BigPond (Australia) authentication support
  • IGMP (v2, v3), IGMP snooping and directed multicast
  • Dynamic DNS clients (DynDNS, Iego, PeanutHull, DDNS 3322, others)
  • NAT or classical routing
  • Port-Triggering
  • UPnP IGD discovery and features
  • Multiple LAN sub-nets
  • USB connectivity (NAS, printer, 3G, WCN, WPS, thumb-drive for firmware update)
  • Peer-to-peer networking and online gaming support

Network Attached Storage

  • Disk Management features
  • User based disk access control features
  • Remote and automatic backup
  • Extensive support for file transfer protocols
  • Support for all popular audio, video and other media file types

Wireless Features

  • 802.11 a/b/g/n radio support
  • Customizable SSID, Guest SSIDs
  • MAC Access List
  • Disable SSID broadcast
  • Auto Channel selection
  • Rogue AP detection
  • QoS (WMM)
  • Multi-radio, Multi-Virtual AP
  • Client Isolation on same AP
  • ToD (Time of Day) active AP
  • SSID based VLANs

Security Features

  • One to one and many to one NAT
  • SPI Firewall
  • DoS Attack Resistance
  • Packet-filtering Firewall
  • Port / service blocking
  • Firewall with multiple zones
  • Schedule based firewall rules
  • Pre-set security levels in Firewall
  • Intrusion Detection System (IDS)
  • Intrusion Prevention System (IPS)
  • Web Content Filtering (WCF)
  • GAV (Gateway Anti-Virus)
  • Java / URL / ActiveX blocking
  • E-mail alerts
  • Wireless security (WEP, WPA, WPA2)
  • WPS (Wireless Protected Setup)
  • WIPS (Wireless Intrusion Prevention System)
  • PNAC (Port based Network Access Control)
  • Internal local user database
  • DNSsec
  • Hardened software components and GUI
  • Choice of advanced encryption and integrity algorithms

Management & Administration

  • Intuitive, easily branded browser based GUI
  • Multiple profiles and rights management
  • Search supported with search tags
  • RSS feeds and dynamic refresh
  • Extensive help sections for all features
  • Cross-linking of features for better configuration experience
  • Home Media Director for forming global playlists
  • SNMP v2.c and v3 (control / monitor)
  • Parental Control and scheduling based on services
  • TR-069 family of protocols for remote access & provisioning
  • Serial console (RS232/USB) CLI support
  • Display usage-reports & router status
  • Localization & Internationalization
  • SSL (HTTPS) based remote mgmt with IP address restrictions
  • Save/Restore configuration settings
  • USB thumb-drive booting and configuration/firmware backup/ restore
  • GUI based firmware upgrade
  • Captive Portal feature for guests
  • Email logs and alerts
  • SMTP authentication for emails
  • Traffic Metering
  • Support for manufacturing tests access for ODMs / SPs