EtherWAN AiR GUARD User Manual Download Page 1

Page: 1 / 90

AiR GUARD

Industrial IoT Cellular Smart Security
Gateway

Building Trust in IIoT Devices

Summary of Contents for AiR GUARD

Page 1: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway Building Trust in IIoT Devices...

Page 2: ...ment assumes the reader has moderate hardware computer and Internet skills Document Revision Level This section provides a history of the revision changes to this document Revision Document Version Da...

Page 3: ...ardware Guide 7 2 1 Product Overview 7 2 1 DC Power 8 2 3 LEDs 9 2 4 RESET key 10 2 5 Hardware Installation 11 Mount the Unit 11 Insert the Nano SIM Card 12 Connecting DI DO Devices 13 Connecting Seri...

Page 4: ...4 Static Routes 56 Diagnostics 58 Firewall 60 3 6 Data Tag Engine with Azure Sphere 66 AZsphere Port Setting 69 Data Tag Protocol Setting 73 Data Tag Uplink Setting 77 Data Tag Rule Setting 80 CA Cert...

Page 5: ...security is often an important concern for many projects There have already been instances where hackers have wreaked havoc by infiltrating connected IoT devices With security being so essential Ethe...

Page 6: ...Gateway 6 1 2 Contents List Package Contents Items Description Contents Quantity 1 AiR GUARD Security Gateway 1 pc 2 Cellular Antenna 2 pcs 3 3 pin Terminal Block 1 pc 4 4 pin Terminal Block 1 pc 5 6...

Page 7: ...er 2 Hardware Guide 2 1 Product Overview COM Port 2 x RS485 Power Terminal Block RJ 45 10 100 1000 BASE TX PoE PSE and LAN port RJ 45 10 100 1000 BASE TX WAN port D I D O Terminal Block RJ 45 10 100 B...

Page 8: ...lock It supports 12 to 24VDC power input VIN connects to DC 12V and GND connects to DC 0V from your Power Supply EGND is for Earth ground The following chart indicates the power terminal block pin ass...

Page 9: ...linking All COM ports failed LTE Cellular Link Status Red Blinking SIM is not ready Green Blinking Cellular Connected Orange RED Blinking PS call is not ready Green Light linked with good RSSI Orange...

Page 10: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 10 2 4 RESET key You can reboot device via a pin to RESET hole or you can long press RESET hole by a pin for 30 seconds...

Page 11: ...ribes how to install and configure the hardware Mount the Unit The AiR GUARD can be mounted on a wall horizontal plane or DIN Rail in a cabinet with the mounting accessories The mounting accessories a...

Page 12: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 12 Insert the Nano SIM Card Follow the figures sequence below to insert SIM card Fig 1 Fig 2 Fig 3 Fig 4 Fig 5 Fig 6 Fig 7...

Page 13: ...ial IoT Cellular Smart Security Gateway 13 Connecting DI DO Devices There is one DI digital input Isolated Logic 0 0 2V Logic 1 5 30V and one DO digital output Isolated Non Relayed Output 24V 300mA fo...

Page 14: ...SE port to connect 10 100 1000Mbps Ethernet It can auto detect the transmission speed on the network and configure itself automatically Connect one Ethernet cable to the RJ 45 port LAN of the device a...

Page 15: ...configuration RESET is to forget the settings just done 3 1 Introduction To configure AiR GUARD for the first time use an Ethernet cable to connect to the LANPSE port To connect to the AiR GUARD web c...

Page 16: ...y 16 At the first time login the system will request a renew password page to change password Be careful to save this information Otherwise the only way to re access is to long press RESET key to rese...

Page 17: ...connections They are Overview Firewall Routes System Log Kernel Log and Realtime Graphs Overview The Overview status screen is divided into System Memory Network Active DHCP Leases and Wireless sectio...

Page 18: ...GUARD Industrial IoT Cellular Smart Security Gateway 18 Memory Displays total available used buffered and cached memory Network Displays protocol IP address gateway and time connected for IPv4 upstre...

Page 19: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 19 Active DHCP Leases This section displays the hostname IPV4 address MAC address and leasetime remaining for IPV4 DHCP...

Page 20: ...isplays IPv4 firewall information selected by tabs at the top Sections include chain input chain forward chain output and existing chain forwarding rules Three buttons at the top right are Hide Empty...

Page 21: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 21 Routes The Routes screen displays IP and MAC addresses obtained by ARP and active IPv4 routes...

Page 22: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 22 System Log The System Log screen displays events related to the operating system OS and system processes...

Page 23: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 23 Kernel Log The Kernel Log displays information about hardware drivers kernel information and boot status...

Page 24: ...Industrial IoT Cellular Smart Security Gateway 24 Realtime Graphs The Realtime Graphs screen displays information graphically for load traffic wireless and connections selected by links at the top of...

Page 25: ...eboot System This screen is comprised of three sub pages which can be accessed through the corresponding text links General Settings Logging and Time Synchronization On the General Settings page use t...

Page 26: ...ress port and protocol UDP or TCP of External system log server filename to write the system log Log output level Debug Info Notice Warning Error critical Alert Emergency and the Cron Log Level Debug...

Page 27: ...ime Synchronization page to enable disable NTP client enable provide NTP server to set the device to act as an NTP forwarder If you select Use DHCP advertised servers enter the NTP server candidates i...

Page 28: ...urity Gateway 28 Administration This screen is comprised of two sub pages which can be accessed through the corresponding text links Router Password and SSH Access The Router Password page allows for...

Page 29: ...hentication to allow SSH password authentication and check the box next to Allow Root Logins with Password to allow the root user to log in with password Check the Gateway Ports check box to allow rem...

Page 30: ...tar archive of the current configuration files Previously generated backup files can be uploaded to restore a configuration To reset the firmware to its initial factory state click Perform Reset only...

Page 31: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 31 Reset to Default Click Firmware Upgrade Click Select the firmware bin file then...

Page 32: ...t configuration setting or uncheck to reset to default 3 4 mins later a buzzer will indicate new firmware is booting up 4 minutes later SYS LED will change from off to on then LEDs will indicate statu...

Page 33: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 33 Reboot Click PERFORM REBOOT to reboot system...

Page 34: ...nd their current state Use the Start button to start an existing instance To add a template based configuration enter an instance name and select a template from the drop down menu Then click the Add...

Page 35: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 35 Once Edit is selected enter parameters into fields for OpenVPN...

Page 36: ...y 36 There are 6 templates to select After selection you can adjust minor parameters as needed and save They are 3 pairs of configuration scenario for OpenVPN Client and OpenVPN Server Ethernet Bridge...

Page 37: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 37 3 5 Network There are five Network screens for managing the device They are Interfaces Hostnames Static Routes Diagnostics and Firewall...

Page 38: ...d MAC address etc On the right hand side there are four buttons Restart Stop Edit and Delete If the interface is not up User can go through RESTART to restart the interface Besides once edit each item...

Page 39: ...is product model not support any IPv6 capability Unmanaged This means no management settings the equivalent of disabling this interface This protocol is not used PPP It followed PPP protocol to get IP...

Page 40: ...Interface LAN This is for LAN PSE port setting It s also for Web Console port Interface WAN This is for WAN port parameter setting Interface LTE This is entry for LTE cellular module parameter setting...

Page 41: ...g the Edit button next to any interface opens the edit page which has four sub pages General Settings Advanced Settings Physical Settings Firewall Settings and DHCP Server The General Settings page ha...

Page 42: ...for entering override MAC address override MTU and gateway metric Click the Save button after modifying settings The Physical Settings page is for creating a bridge interface Don t click the Bridge ke...

Page 43: ...s Start the maximum number of leased addresses Limit and the Lease Time minimum of 2 minutes Below figure shows assigning addresses from 100 Advanced Settings page just keep this setting DHCP Server A...

Page 44: ...e suitable protocol should be DHCP client PPP Static address Then click SWITCH PROTOCOL for next level parameters to input When Bring up on boot is checked every time the system boots up this interfac...

Page 45: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 45 SWITCH PROTOCOL For DHCP client the WAN IP address are from DHCP server For PPPoE enter PPPoE User Name and Password given from ISP...

Page 46: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 46 For PPP enter Modem device and PPPoE User Name and Password For Static address enter specified IP address netmask gateway and DNS...

Page 47: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 47 Advanced Settings page Keep these settings Physical Settings page Interface selection eth0 2 is suitable for WAN...

Page 48: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 48 Firewall Settings page Assign firewall zone WAN...

Page 49: ...for Cellular link control interface Keep this as is Bring up on boot when checked every time system boots up this interface will bring it up If LTE and WAN are both Bring up on boot then LTE is final...

Page 50: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 50 Advanced Settings page keep this at defaults Firewall Settings page select WAN Firewall Settings Make sure the is selected...

Page 51: ...51 WiFi Do not change default settings for Wi Fi in order to prevent Azure Sphere from losing communication inside AiR GUARD Below figures are for reference in case it is needed to change settings bac...

Page 52: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 52...

Page 53: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 53...

Page 54: ...isting hostname entries Click the Add button to add a new hostname Enter the new hostname and select an IP address from the dropdown list Then click Save Existing hostnames can be edited by clicking t...

Page 55: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 55...

Page 56: ...ce and gateway a certain host or network can be reached To add a new static route click the Add button Select the interface for the route then enter the target IP address the netmask and the gateway C...

Page 57: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 57 Advanced Settings page with specific fields...

Page 58: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 58 Diagnostics Offers PING TraceRoute and NSLookUp for network diagnostics Below examples what will see PING Trace Route...

Page 59: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 59 NSLookUp...

Page 60: ...urce Zone Source from external or internet zone which means WAN port WAN LTE is default External Port Open external port for TCP UDP allowed user should avoid the management port for AiR GUARD instead...

Page 61: ...mart Security Gateway 61 Once settings are complete they will be displayed Remember to check Enable and SAVE APPLY to take effect This is an example to port forward from WAN port 50000 to internal IP...

Page 62: ...ecurity Gateway 62 Traffic Rules Traffic rules define policies for packets traveling between different zones User can edit specified IP or MAC to accept reject to reach MAC IP address filtering traffi...

Page 63: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 63...

Page 64: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 64 NAT Rules NAT rules allow fine grained control over the source IP to use for outbound or forwarded traffic...

Page 65: ...Outbound Zone Any LAN WAN Source Address Specified match forward traffic from this IP or range Destination Address Specified match forwarded traffic directed at the given IP address Action SNAT Rewrit...

Page 66: ...ink JSON format is flexible and easily customer defined User interface can be used to upload files and the device can be off line for definition and saving of files for upload CSV file is used for dat...

Page 67: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 67 rtu_1 the data coms from Modbus RTU slave of COM1 rtu_2 the data coms from Modbus RTU slave of COM2...

Page 68: ...data conversion Device is from COM1 slave ID is 1 Func code 3 Holding register address is from 0 and 1 data length Tag name called MB_temp is from rtu_2 COM2 and data type is in UINT16 for data conver...

Page 69: ...Save Apply for settings to take effect in AiR GUARD Azure Sphere Info It shows current Sphere application firmware version AZS COM1 2 Setting 2 RS 485 COM port setting Terminator on enable build in 1...

Page 70: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 70 Baud Rate support...

Page 71: ...dustrial IoT Cellular Smart Security Gateway 71 AZS LAN Setting Set IP address to AZS LAN port of AiR GUARD To fit communication with LAN port device under Sphere rule the IP must be under 192 168 100...

Page 72: ...nected Edge LAN Device This refers to LAN device connected to AZS LAN port regular devices are Modbus TCP slave devices The Edge device IP address is limited to 4 IP address 192 168 100 100 192 168 10...

Page 73: ...Protocol and Tags info Configure protocol for how the AiR GUARD connects Click the Edit button on Protocol page There are 3 Protocol Modes supported 1 Modbus to MQTT So called Generic MQTT protocol 2...

Page 74: ...ta If no data transfer within 60 seconds AiR GUARD will send a packet to the broker if no response the TCP connection will be closed SSL TLS Encryption Enable or disable SSL TLS Encryption and then yo...

Page 75: ...m Global device endpoint of Azure IoT Hub DPS default is global azure devices provisioning net Azure DPS ID Scope Copy from ID Scope of Azure IoT Hub DPS Naming is usually Onexxxxxxxx Azure Device ID...

Page 76: ...rotocol Mode Select Azure Connection String Service for Azure IoT Hub Azure host name Copy from Hostname of the Azure IoT Hub overview such as xxx azure devices net Azure Connection String Copy from P...

Page 77: ...ser defined symbol This text file can define constant names and any symbol Just keep the reserved rule for Data Tag Engine tag_name and TIME These two are reserved for retrieving tag name data and ret...

Page 78: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 78 An example for format file Click UPLOAD...

Page 79: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 79 Then click SUBMIT...

Page 80: ...way 80 Data Tag Rule Setting Upload Modbus CSV file To get data from Modbus device first upload Modbus device setting CSV file to AiR GUARD using Upload Modbus CSV It will fetch Modbus data every 5 se...

Page 81: ...t for a response before closing the TCP connection SlaveID Modbus device ID Modbus IP Modbus device IP Modbus Port Modbus device TCP port Modbus Function Modbus Function code for device Start Address...

Page 82: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 82 CA Certificate This is for Data Tag Protocol if needed for Certificated files upload purpose...

Page 83: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 83 Modbus Log Shows the Modbus log sequency...

Page 84: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 84 MQTT Log Shows the MQTT operation sequence...

Page 85: ...ration to update firmware automatically Keep user configuration when checked it will keep original configuration after firmware OTA done and keep system configuration Once time is reached time stamp t...

Page 86: ...8 Remote Service Remote Service is for configuration for remote service like MQTT Remote Service RESTful Remote service does not need to be configured here MQTT Remote Service Overview Click EDIT to...

Page 87: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 87 Click UPLOAD for Certificated files upload Certificate Status...

Page 88: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 88 Appendix Specifications...

Page 89: ...AiR GUARD Industrial IoT Cellular Smart Security Gateway 89...

Page 90: ...hall not be held liable to anyone for any indirect special or consequential damages due to omissions or errors The information and specifications in this document are subject to change without notice...

Search results

Summary of Contents for AiR GUARD

Reviews:

Related manuals for AiR GUARD

Brands by name

Popular brands

EtherWAN AiR GUARD, User Manual

Search results

Summary of Contents for AiR GUARD

Reviews:

Related manuals for AiR GUARD

Brands by name

Popular brands