manualshive.com logo in svg

Moxa Technologies EDR-G9010 Series, User Manual

The Moxa Technologies EDR-G9010 Series is a cutting-edge industrial router designed to provide reliable and secure connectivity for industrial applications. Ensure optimal performance by downloading the free User Manual from manualshive.com, allowing you to configure and troubleshoot your device with ease.

Share
Download
background image

 

 

EDR-G9010 Series User Manual 

137

 

9.

 

NAT (Network Address Translation) 

NAT Concept 

NAT (Network Address Translation) is a common security function for changing the IP address during 
Ethernet packet transmission. When the user wants to hide the internal IP address (LAN) from the external 
network (WAN), the NAT function will translate the internal IP address to a specific IP address, or an 
internal IP address range to one external IP address. The benefits of using NAT include: 

 

The N-1 or port forwarding NAT function to hide the internal IP address of a critical network or device to 
increase the level of security of industrial network applications. 

 

The Industrial Secure Router uses the same private IP address for different, but identical, groups of 
Ethernet devices. For example, 1-to-1 NAT makes it easy to duplicate or extend identical production 
lines. 

 

NOTE 

 

The NAT function will check if incoming or outgoing packets match the policy. It starts by checking the 
packet against the first policy (Index=1); if the packet matches this policy, the Industrial Secure Router 
will translate the address immediately and then start checking the next packet. If the packet does not 

match this policy, it will check with the next policy. 

 

 

NOTE 

 

The Industrial Secure Router supports a maximum of 512 NAT policies. 

 

1-to-1 NAT Overview 

If the internal device and external device need to communicate with each other, choose 1-to-1 NAT, which 
offers bi-directional communication (N-to-1 and Port forwarding are both single-directional communication 
NAT functions). 

 

1-to-1 NAT is usually used when you have a group of internal servers with private IP addresses that must 
connect to the external network. You can use 1-to-1 NAT to map the internal servers to public IP addresses. 
The IP address of the internal device will not change. 1-to-1 NAT will also create a corresponding secondary 
IP address (10.10.10.1) if the device is in the same subnet as the incoming interface. 

 

 

Summary of Contents for EDR-G9010 Series

Page 1: ...EDR G9010 Series User Manual Version 2 0 September 2022 www moxa com products 2022 Moxa Inc All rights reserved...

Page 2: ...hout warranty of any kind either expressed or implied including but not limited to its particular purpose Moxa reserves the right to make improvements and or changes to this manual or to the products...

Page 3: ...15 Device Summary 17 Model Information 18 Panel Status 18 Event Summary Last 3 Days 19 CPU Usage History 20 Memory Usage History 21 Setup Wizard 21 Step 1 Port Type 21 Step 2 Interface 22 Step 3 Servi...

Page 4: ...Bidirectional 1 to 1 NAT 142 Double NAT 142 N to 1 NAT 143 PAT Port Address Translation 144 Advance 146 10 Object Management 150 Overview 150 Create a New Object 150 Create an IP Address and Subnet O...

Page 5: ...tificate from PKCS 12 226 Trusted CA Certificate 227 Import a CA Certificate 227 Certificate Signing Request 227 Key Pair Generate 228 CSR Generate 229 14 Security 231 Device Security 231 Login Policy...

Page 6: ...cure routers with firewall NAT VPN and managed Layer 2 switch functions These devices are designed for Ethernet based security applications in critical remote control or monitoring networks These secu...

Page 7: ...engineers a simple way to configure the firewall filtering function for general automation protocols including EtherNet IP Modbus TCP EtherCAT FOUNDATION Fieldbus and PROFINET Industrial grade Design...

Page 8: ...Telnet console only provide basic functions RS 232 Console Configuration 115200 None 8 1 VT100 ATTENTION We strongly suggest that you do NOT use more than one connection method at the same time Follow...

Page 9: ...f the Property window will appear Select the appropriate COM port from the Serial Parameters list and configure the following values Baud Rate 115200 Data Bits 8 Parity None Stop Bits 1 4 Click the Te...

Page 10: ...Secure Router is in console serial or Telnet mode Admin Account Commands Command Description quit Exit the Command Line Interface exit Exit the Command Line Interface reload Halt and perform a cold r...

Page 11: ...0 then its IP address must have the form 192 168 xxx xxx On the other hand if your PC host s subnet mask is 255 255 255 0 then its IP address must have the form 192 168 127 xxx NOTE To use the Indust...

Page 12: ...ion mark to display the command list Using a Web Browser to Configure the Industrial Secure Router The Industrial Secure Router s web browser interface provides a convenient way to modify the router s...

Page 13: ...ps to access the Industrial Secure Router s web browser interface 1 Open a web browser and type the Industrial Secure Router s LAN IP address 192 168 127 254 in the address bar and press Enter 2 The w...

Page 14: ...Manual 14 After successfully connecting to the router the Device Summary screen will automatically appear Use the menu tree on the left side of the window to open the function pages to access each of...

Page 15: ...nd use administration functions from the web browser An RS 232 or Telnet console connection only provides basic functions In this chapter we use the web browser to introduce the Industrial Secure Rout...

Page 16: ...elnet and the web browser interface Check the Keep certificate database and configuration option to keep certificate database and configuration information Leaving this option unchecked will delete al...

Page 17: ...e Router you will be presented with the Device Summary page This overview page contains basic activity and performance information of the device If you are on another configuration page click Device S...

Page 18: ...Router including product model name serial number firmware version system uptime etc Panel Status This panel illustrates the panel status For example the connecting ports will be shown in green while...

Page 19: ...tive image of the device Click the icon in the upper right corner to close the panel view The panel view figure varies depending on the product model you are using Event Summary Last 3 Days This panel...

Page 20: ...es User Manual 20 For Event Log settings refer to the Event Log section CPU Usage History This panel shows the device s CPU usage The data will be shown as a percentage over time Click the icon to ref...

Page 21: ...a percentage over time Click the icon to refresh the graph Setup Wizard The EDR G9010 Series supports a Setup Wizard to help you quickly set up routing functionality between the user defined LAN WAN...

Page 22: ...et of the Bridge LAN ports on the secure router The default IP address on the Bridge LAN side is 192 168 126 254 and the default subnet address is 255 255 255 0 WAN Configuration Configure the WAN por...

Page 23: ...EDR G9010 Series User Manual 23 Dynamic IP Static IP PPPoE...

Page 24: ...the corresponding services The Enable DHCP Server and Enable N 1 NAT are enabled by default The default IP address range will be set automatically To modify the IP range refer to the DHCP Server sect...

Page 25: ...EDR G9010 Series User Manual 25 NOTE The settings configured in the Setup Wizard will override any existing configuration...

Page 26: ...Secure Router From the System menu you can access the System Management Account Management License Management Management Interface Time and Setting Check configuration pages System Management From the...

Page 27: ...ocation Setting Description Factory Default Max 80 characters Enter a location for the device This is useful for quickly identifying the location of different units For example Production line 1 Devic...

Page 28: ...are file stored locally on the host computer With the firmware selected click UPGRADE to start the upgrade process This procedure will take several minutes to complete TFTP Server Select TFTP from the...

Page 29: ...SB For more details about the ABC 02 USB please visit https www moxa com product Automatic_Backup_Configurator_ABC 02 USB htm Moxa s Automatic Backup Configurator ABC 02 USB To use the Moxa USB based...

Page 30: ...rial Secure Router with advanced functions Status Setting Description Factory Default Enabled The package is installed and is working normally Enabled Disabled The package is installed but was abnorma...

Page 31: ...te www moxa com Source Select Local from the drop down menu under Source to update an existing package using a local file Select File Click to select the package file stored locally on the host comput...

Page 32: ...stall or update a package through firmware Package Version This shows the target firmware version Click UPGRADE to start the upgrade process This procedure will take several minutes to complete Config...

Page 33: ...Setting Description Factory Default Backup file name Enter the file name of the configuration backup file None When finished click BACK UP to back up the system configuration file USB Select USB from...

Page 34: ...using a previously back up configuration file There are three ways to restore the configurations of your Industrial Secure Router from a local configuration file by remote TFTP server or using a Moxa...

Page 35: ...r the file name of the configuration restore file None When finished click RESTORE to restore the system configuration USB Select USB from the drop down list under Method Insert the Moxa ABC 02 USB ba...

Page 36: ...e Signature Setting Description Factory Default Enabled or Disabled Enables or disables the use of a digital signature for checking the configuration file integrity None Signature Information Setting...

Page 37: ...user accounts There are three levels of configuration access Admin Supervisor and User The admin accounts have read write access to all configuration parameters Supervisors have full editing rights b...

Page 38: ...username for the account None Authority Setting Description Factory Default Admin The account has read write access to all configuration parameters None Supervisor The account has read write access to...

Page 39: ...nt has read write access to all configuration parameters None Supervisor The account has read write access to all configuration parameters except create delete and modify accounts User The account can...

Page 40: ...ct one or multiple accounts from the Account List table and click the icon Click DELETE to delete the account Search for an Existing Account Enter the full or partial account username in the Search fi...

Page 41: ...Default Enabled or Disabled Enable or disable the password complexity strength check Disabled Must contain at least one digit 0 9 Setting Description Factory Default Enabled or Disabled Enable or dis...

Page 42: ...licenses Overview The Overview section displays the license name the valid duration in days the start date the end date and the status of the current license License History The license history sectio...

Page 43: ...used to activate the license on the Industrial Secure Router 1 Go to System License Management 2 Click the ADD NEW LICENSE button in the Overview section The Add New License screen appears 3 Click Nex...

Page 44: ...ived after activating the license in the license management portal 7 Click APPLY The license is now activated on the Industrial Secure Router Management Interface From the Management Interface section...

Page 45: ...y Default Enabled or Disabled Enable or disable HTTP connections Enabled TCP Port HTTP Setting Description Factory Default 2 to 65535 Enter the TCP port number for HTTP 80 HTTPS Setting Description Fa...

Page 46: ...nections option is enabled in Trusted Access MOXA Service Setting Description Factory Default Enabled or Disabled Enable or disable the MOXA Service Enabled NOTE Moxa Service is only used for Moxa net...

Page 47: ...n to enhance data security SNMP security modes and security levels supported by the Industrial Secure Router are listed in the following table Protocol Version UI Setting Authentication Type Data Encr...

Page 48: ...or V3 only Select the SNMP protocol version used to manage the secure router Disabled If you selected an SNMP version configure the following settings Community Name 1 2 Setting Description Factory De...

Page 49: ...comes with two preconfigured SNMP Accounts which are disabled by default Modify an Existing SNMP Account In the SNMP Account list click the icon next to the SNMP account you want to modify Select Ena...

Page 50: ...ey The key must be at least 8 characters long None When finished click APPLY to save your changes MXsecurity The Industrial Secure Router supports management of firmware software package firewall poli...

Page 51: ...software Service Address Setting Description Factory Default 0 to 64 characters Enter the MXsecurity server IP address or domain name address None Click CONNECT to connect to the MXsecurity service Ti...

Page 52: ...n the upper right corner to refresh all the information on the page Clock Source Setting Description Factory Default Local Set the clock source to local time This will require you to manually specify...

Page 53: ...iption Factory Default 0 to 60 characters Specify the IP or domain address of the primary time server e g 192 168 1 1 time stdtime gov tw or time nist gov None Time Server 2 Setting Description Factor...

Page 54: ...ermine the local time offset from UTC Coordinated Universal Time UTC Coordinated Universal Time Daylight Saving The Daylight Saving settings are used to automatically set the Moxa router s time forwar...

Page 55: ...onth the Daylight Saving time begins None Week Setting Description Factory Default User specified week Specify the week the Daylight Saving time begins None Day Setting Description Factory Default Use...

Page 56: ...Daylight Saving time ends None Hour Setting Description Factory Default User specified hour Specify the hour the Daylight Saving time ends 00 Minutes Setting Description Factory Default User specified...

Page 57: ...ch takes up time and resources Enabling the Setting Check function will execute these new policy changes temporarily until confirmed by the user If not confirmed the Industrial Secure Router will reve...

Page 58: ...PPLY button on the Trusted IP list page the Industrial Secure Router will execute the configuration change and the web browser will attempt to go to the Setting Check Confirmed page automatically Beca...

Page 59: ...the physical ports and network interfaces of the Industrial Secure Router From the Network Configuration section you can configure the Ports Layer 2 Switching and Network Interfaces settings Ports Fro...

Page 60: ...er Manual 60 Port Settings Port settings let you manage port access port transmission speed flow control and port type MDI or MDIX The EDR G9010 Series has eight RJ45 Ethernet ports and two mini GBIC...

Page 61: ...n Factory Default Max 127 characters Enter a description for the port This helps administrators differentiate between different ports more easily Example PLC 1 None Speed Duplex Mode Setting Descripti...

Page 62: ...isable flow control for this port when the port s Speed is set to Auto Disabled MDI MDIX Setting Description Factory Default Auto Allow the port to auto detect the port type of the connected Ethernet...

Page 63: ...ng protocol that provides the following benefits Greater flexibility in setting up your network connections since the bandwidth of a link can be doubled tripled or quadrupled Redundancy if one link is...

Page 64: ...ption Factory Default Port drop down menu Select the ports you want to add to the link aggregation group None When finished click CREATE to save your configuration Edit Existing Link Aggregation Click...

Page 65: ...aggregation groups you want to delete in the Link Aggregation list and click the icon Click DELETE to delete the selected items Layer 2 Switching From the Layer 2 Switching section the following funct...

Page 66: ...ide a network segmentation system that is far more flexible than traditional networks Using VLANs also provides you with three other benefits VLANs ease the relocation of devices on networks With trad...

Page 67: ...port is on a single VLAN it can be an untagged member but if the port needs to be a member of multiple VLANs a tagged membership must be defined A typical host e g clients will be an untagged member...

Page 68: ...Port with PVID 5 Port 7 connects a single untagged device and assigns it to VLAN 4 it should be configured as an Access Port with PVID 4 After the application is properly configured Packets from Devic...

Page 69: ...Management Port Quick Settings Use this for quick and easy configuration of VLAN settings for multiple ports at once Management Port Setting Description Factory Default 1 to 10 Select the management p...

Page 70: ...D Setting Description Factory Default 1 to 16 Set the default VLAN ID for untagged devices that connect to the port 1 Tagged VLAN Setting Description Factory Default All Member VIDs 1 to 16 If the Mod...

Page 71: ...EDR G9010 Series User Manual 71 Settings...

Page 72: ...N ID max 16 VLANs Specify the VLAN ID You can create multiple VLANs at once by entering single VLAN IDs or a range of IDs For example 2 4 8 10 13 None When finished click CREATE to create the VLAN Del...

Page 73: ...devices and or other routers hubs PVID Setting Description Factory Default 1 to 16 Set the default VLAN ID for untagged devices that connect to the port 1 Tagged VLAN Setting Description Factory Defau...

Page 74: ...ddress Table shows the MAC address of devices that go through the Moxa industrial secure router The Aging Time 10 to 300 seconds is the duration that a MAC address entry can remain in the Moxa router...

Page 75: ...can inspect both IEEE 802 1p 1Q Layer 2 CoS Class of Service tags and even Layer 3 DSCP Differentiated Services Code Point information to provide consistent classification of the entire network The s...

Page 76: ...Point DSCP field in the IP header to specify the packet priority DSCP is an advanced intelligent method of traffic marking that allows you to choose how your network prioritizes different types of tr...

Page 77: ...switches support two different queuing mechanisms Weight Fair This method services all the traffic queues giving priority to the higher priority queues Under most circumstances the Weight Fair method...

Page 78: ...he CoS level 0 to 3 When finished click APPLY to save your changes DSCP Mapping Click the icon to configure the priority queue settings of the corresponding DSCP value Priority Queue Setting Descripti...

Page 79: ...s approach prevents the lower priority frames from being starved of opportunity for transmission with only a slight delay to the higher priority frames Weight Fair 8 4 2 1 Strict High Priority First A...

Page 80: ...the priority of each frame Enabled Priority Setting Description Factory Default 0 to 7 Specify the priority The port priority ranges from 0 lowest to 7 highest 3 When finished click APPLY to save you...

Page 81: ...re routers not only prevent broadcast storms but can also be configured to have a different ingress rate for all packets giving administrators full control of their limited bandwidth to prevent undesi...

Page 82: ...stations on a LAN or VLAN that belong to the multicast group Multicast group members can be distributed across multiple subnets so that multicast transmissions can occur within a campus LAN or over a...

Page 83: ...t filtering ensures that only end stations that have joined certain groups receive multicast traffic With multicast filtering network devices only forward multicast traffic to the ports that are conne...

Page 84: ...ping enabled the switch knows that the port should forward traffic for the multicast group and then proceeds to forward the packet to the router When the router receives the report packet it registers...

Page 85: ...he settings of the corresponding VLAN IGMP Snooping Setting Description Factory Default Enabled or Disabled Enable or disable the IGMP Snooping function for that particular VLAN Disabled Version Setti...

Page 86: ...he currently active IGMP groups that were detected for each VLAN The information shown in the table includes Auto Learned Multicast Router Port This indicates that a multicast router connects to sends...

Page 87: ...lays the multicast group IP address Source Address Displays the multicast source IP address Port Displays the port which receives the multicast stream Member port Displays the port the multicast strea...

Page 88: ...ory Default Integer Enter the Static Multicast MAC address None Port Setting Description Factory Default 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 1 9 1 10 checkbox Check the boxes to add the corresponding port...

Page 89: ...scription Factory Default 1 to 4093 Enter the VLAN ID None Alias Setting Description Factory Default Max 31 characters Enter an alias for the VLAN interface None IP Address Setting Description Factory...

Page 90: ...N ID can be configured as one WAN interface Setting Description Factory Default VLAN ID Select a VLAN ID The Moxa Industrial Secure Router s WAN interface is VLAN based All ports associated with the s...

Page 91: ...rected Broadcast Status Setting Description Factory Default Enabled or Disabled Enable or disable the directed broadcasting Enabled Source IP Overwrite Setting Description Factory Default Enabled or D...

Page 92: ...0 Username Setting Description Factory Default Max 30 Characters Enter the username used for dialing in to the PPTP service None Password Setting Description Factory Default Max 30 characters Enter t...

Page 93: ...y DNS Server Setting Description Factory Default IP Address Enter the primary DNS IP address 0 0 0 0 Secondary DNS Server Setting Description Factory Default IP Address Enter the secondary DNS IP addr...

Page 94: ...EDR G9010 Series User Manual 94 Static IP Connection Directed Broadcast Status Setting Description Factory Default Enabled or Disabled Enable or disable the directed broadcasting Enabled...

Page 95: ...the PPTP service IP address 0 0 0 0 Username Setting Description Factory Default Max 30 Characters Enter the username used for dialing in to the PPTP service None Password Setting Description Factory...

Page 96: ...vers from the PPPoE or DHCP server PPPoE Connection Directed Broadcast Status Setting Description Factory Default Enabled or Disabled Enable or disable the directed broadcasting Enabled Source IP Over...

Page 97: ...IP address 0 0 0 0 Tertiary DNS Server Setting Description Factory Default IP Address Enter the tertiary DNS IP address 0 0 0 0 When finished click APPLY to save your changes NOTE Manually configured...

Page 98: ...ion Factory Default Enabled or Disabled Enable or disable the bridge interface Disabled Goose Message Pass Through Setting Description Factory Default Enabled or Disabled Enable or disable GOOSE messa...

Page 99: ...name for the bridge zone interface None Status Setting Description Factory Default Enabled or Disabled Enable or disable the bridge zone interface Disabled Goose Message Pass Through Setting Descripti...

Page 100: ...bridge interface is disabled the bridge interface will still exist in the system Even if no ports are assigned to it you can view the VLAN ID of the bridge interface in the VLAN table To fully remove...

Page 101: ...tory Default IP Address Specify the IP address of the secondary interface None Netmask Setting Description Factory Default Subnet Mask Specify the subnet mask of the secondary interface None When fini...

Page 102: ...nd Layer 3 Redundancy settings Layer 2 Redundancy From the Layer 2 Redundancy section the following functions can be configured Spanning Tree and Turbo Ring V2 Spanning Tree From the Spanning Tree scr...

Page 103: ...es of 4096 Specify the bridge priority A lower number represents a higher priority A device with a higher bridge priority has a greater chance of being established as the root of the Spanning Tree top...

Page 104: ...on the network are recognized as a root the devices will renegotiate to set up a new Spanning Tree topology 20 When finished click APPLY to save your changes Editing Spanning Tree for a Port To edit...

Page 105: ...de for the Spanning Tree topology If set to 0 the path cost will be automatically calculated based on different port speeds 20000 When finished click APPLY to save your changes Status The Status page...

Page 106: ...ns Click the icon to refresh the Spanning Tree status of each port Turbo Ring V2 From the Turbo Ring V2 screen you can configure general Turbo Ring V2 settings and view the status of the current Turbo...

Page 107: ...enable both Ring 1 and Ring 2 Master Setting Description Factory Default Enabled or Disabled Enable or disable this Ring as the Master ring Disabled Ring Port 1 Setting Description Factory Default Sel...

Page 108: ...ng Mode is set to Dual Homing configure the following settings Primary Port Setting Description Factory Default Select the port from the list Select the port that will act as the backup port 1 3 Backu...

Page 109: ...ealthy The Ring and the ports are working properly Break One or more Rings are broken Master The device is the Master Slave in this Ring Ring Port 1 The first Ring port Ring Port 2 The second Ring por...

Page 110: ...r with a virtual IP address The LAN clients can then be configured with the virtual router s virtual IP address as their default gateway This virtual router consisting of a group of routers is also kn...

Page 111: ...r Manual 111 Create a Virtual Router Click the icon to create a new virtual router VRRP Interface Setting Entry Enable Setting Description Factory Default Enabled or Disabled Enable or disable the vir...

Page 112: ...ault Enabled or Disabled Enable or disable Accept Mode When enabled the virtual router with the role of Master will allow others to access its own virtual IP address Enabled Preemption Setting Descrip...

Page 113: ...tion This indicates the time the router will wait for a response before timing out 3 Success Count Setting Description Factory Default Enabled or Disabled Specify the success count This indicates how...

Page 114: ...HCP and configure the various DHCP Server modes General Settings DHCP Server Mode Setting Description Factory Default Disabled DHCP MAC based assignment Port based IP assignment Select the DHCP Server...

Page 115: ...utomatically assign an IP address from a user configured IP address pool to connected Ethernet devices Create a DHCP Server Pool Click to create a new DHCP Server Pool Status Setting Description Facto...

Page 116: ...ption Factory Default IP Address Specify the IP address for the first DNS server for DHCP clients None DNS Server 2 Setting Description Factory Default IP Address Specify the IP address for the second...

Page 117: ...was added to the Static DHCP list with a static IP address set to 192 168 127 101 and MAC address set to 00 09 ad 00 aa 01 When a device with a MAC address of 00 09 ad 00 aa 01 is connected to the Ind...

Page 118: ...ss Specify the default gateway of the device None Lease Time Setting Description Factory Default 5 99999 minutes Specify the lease time for IP addresses assigned by the DHCP server 1440 DNS Server 1 S...

Page 119: ...ting Description Factory Default Enabled or Disabled Enable or disable Port based IP assignment functionality None Port Setting Description Factory Default Port Select the physical port on the device...

Page 120: ...he first DNS server for the connected device None DNS Server 2 Setting Description Factory Default IP Address Specify the IP address for the second DNS server for the connected device None NTP Server...

Page 121: ...elect a DNS server Disabled Service Name Setting Description Factory Default Max 45 characters The DNS server s name None Username Setting Description Factory Default Max 45 characters Enter the DNS s...

Page 122: ...tems the destination address the next hop address which is the next router along the path to the destination address and a metric that represents the cost to access a different network From the Unicas...

Page 123: ...IP address None Subnet Mask Setting Description Factory Default Subnet mask Specify the subnet mask for this IP address None Next Hop Setting Description Factory Default Next hop IP address Specify th...

Page 124: ...up the RIP parameters Status Setting Description Factory Default Enabled or Disabled Enable or disable the RIP protocol Disabled Version Setting Description Factory Default V1 V2 Select the RIP proto...

Page 125: ...ing protocol OSPF establishes and maintains neighbor relationships in order to exchange routing updates with other routers The neighbor relationship table is called an adjacency database in OSPF OSPF...

Page 126: ...Setting Description Factory Default Enabled or Disabled Enable or disable the global OSPF function Disabled Router ID Setting Description Factory Default Router ID Specify the router ID 0 0 0 0 Curren...

Page 127: ...uces the amount of routing traffic between parts of an autonomous system Create a New Area Click the icon to create a new area Area ID Setting Description Factory Default Area ID Specify the Area ID w...

Page 128: ...te a New Interface Click the icon to create a new OSPF Interface Interface Setting Description Factory Default LAN WAN Select an interface to assign to the area None Area ID Setting Description Factor...

Page 129: ...ple or MD5 Authentication does not need to be configured If it is configured all Industrial Secure Routers on the same segment must have the same password and authentication method None Auth Key Setti...

Page 130: ...create a new OSPF Area Aggregation Area ID Setting Description Factory Default Area ID Select the Area ID that you want to configure None IP Address Setting Description Factory Default IP address Spe...

Page 131: ...ick the icon to create a new virtual link Area ID Setting Description Factory Default Area ID Select the Area ID which defines the areas that this Industrial Secure Router connect to None Router ID Se...

Page 132: ...t OSPF neighbors Click the icon to refresh the table Database The Database table shows the current OSPF LSA information Click the icon to refresh the table Multicast Route From the Multicast Route sec...

Page 133: ...Multicast Route Mode Setting Description Factory Default Static Multicast Route Disabled Disable multicast routing or select which multicast routing protocol to use Static multicast route Disabled Whe...

Page 134: ...ce Set the source to a specified IP address only Source Address Setting Description Factory Default IP address If the Source Address Type is Specify Source enter the source IP address None Inbound Int...

Page 135: ...s devices However normally broadcast packets cannot pass through the router Broadcast Forwarding allows users to configure which interface and UDP port numbers broadcast packets will pass through Stat...

Page 136: ...Number Specify the service port number You can enter multiple port numbers up to a total of 8 ports For example entering 67 68 520 1701 means the device will listen on UDP ports 67 68 520 and 1701 No...

Page 137: ...will check if incoming or outgoing packets match the policy It starts by checking the packet against the first policy Index 1 if the packet matches this policy the Industrial Secure Router will trans...

Page 138: ...ame private IP addresses of internal devices in each production line The internal private IP addresses of these devices will map to different public IP addresses Configuring a group of devices for 1 t...

Page 139: ...tion Factory Default Enabled or Disabled Enable or disable the NAT policy Enabled Description Setting Description Factory Default Description Enter a name for the NAT rule None Priority Setting Descri...

Page 140: ...ich VRRP settings the 1 to 1 NAT rule should use Disabled NOTE VRRP Binding is only supported in 1 to 1 NAT If a VRRP index is selected the 1 to 1 NAT rule is only valid when the system is the master...

Page 141: ...le The EDR G9010 will receive the request packet because the NAT rule has created a secondary IP 10 10 10 20 The EDR G9010 sends the response packet to Host itself Host will access the EDR G9010 s web...

Page 142: ...below With Double NAT only 1 to 1 rule is necessary The EDR G9010 will automatically translate the incoming and outgoing addresses as if it was handling two separate rules one for inbound and one for...

Page 143: ...or IP Masquerading Status Setting Description Factory Default Enabled or Disabled Enable or disable the NAT policy Enabled Description Setting Description Factory Default Description Enter a name for...

Page 144: ...PAT NAT function The user can specify the port number of an external IP address WAN1 or WAN2 in the Port Forwarding policy list For example if the IP address of a web server in the internal network i...

Page 145: ...actory Default Enabled or Disabled Enable or disable the NAT policy Enabled Description Setting Description Factory Default Description Enter a name for the NAT rule None Priority Setting Description...

Page 146: ...e NAT function Refer to Double NAT for more information Disabled Original Packet Condition Incoming Interface Setting Description Factory Default All LAN WAN Select the interface for the NAT policy LA...

Page 147: ...EDR G9010 Series User Manual 147...

Page 148: ...al Packet Condition Incoming Interface Setting Description Factory Default All LAN WAN Select the interface for the NAT policy LAN Source IP Mapping Type Setting Description Factory Default Any Single...

Page 149: ...ng Description Factory Default Any Single Range Select the source port mapping type Any Destination IP Mapping Type Setting Description Factory Default Any Single Range Subnet mask Select the destinat...

Page 150: ...tion page In addition objects allow for more efficient firewall rule management A single object can be assigned to multiple rules and changes to the object will apply to all associated rules saving us...

Page 151: ...vice Object Create an Industrial Application Service Object Create a User defined Service Object None Create an IP Address and Subnet Object IP address subnet based objects allow traffic filtering for...

Page 152: ...starting IP address of the IP range None IP Address End Setting Description Factory Default IP address Specify the ending IP address of the IP range None Subnet Subnet Setting Description Factory Def...

Page 153: ...Create a Network Service Object Service based objects allow for traffic filtering based on specific network services On the Object Management page click the icon to create a new object and select Net...

Page 154: ...CP 995 SMTP TCP 25 SMTPS TCP 465 File Transfer FTP TCP 21 FTPS TCP 990 SFTP TCP 115 UDP 115 TFTP UDP 69 NFS TCP 111 2049 UDP 111 2049 SAMBA TCP 139 AFS3 TCP 7000 7009 UDP 7000 7009 SMB TCP 445 Web Acc...

Page 155: ...s the Object Type Select Industrial Application Service Select the industrial application service s you want to enable Refer to the table below for more details about each service Service Name Port Nu...

Page 156: ...o create a new object and select User defined Service as the Object Type IP Protocol Setting Description Factory Default TCP UDP TCP and UDP ICMP Custom IP Protocol Select a protocol Refer to the foll...

Page 157: ...Port as the port type you also need to specify a port number The port number range is between 1 to 65535 If you selected TCP and UDP Port Range as the port type you also need to specify the starting...

Page 158: ...55 Specify the ICMP type value None ICMP Code Decimal Setting Description Factory Default Blank 0 to 255 Specify the ICMP code value None Custom IP protocol IP Protocol Decimal Setting Description Fac...

Page 159: ...t In the object list click the Edit icon next to entry you want to modify When finished click APPLY to save your changes Delete an Object Select the item s in the object list click the Delete icon Whe...

Page 160: ...EDR G9010 Series User Manual 160 Search for an Object Enter a search term in the Search field Any object matching the search criteria will be shown in the object list...

Page 161: ...Packets Session Control DoS Policy and Advanced Protection settings Policy Concept A firewall device is commonly used to provide secure traffic control over an Ethernet network as illustrated in the f...

Page 162: ...9010 supports advanced Layer 2 firewall policies for secure traffic control Layer 2 firewall policies can filter packets from bridge ports and have a higher priority than L3 policies Create a New Laye...

Page 163: ...the specified source MAC address of the packet 00 00 00 00 00 00 Destination MAC Type Setting Description Factory Default Any The Firewall will check all destination MAC addresses of the packet Any Si...

Page 164: ...oto 0x6001 DEC DNA Dump Load 0x6002 DEC DNA Remote Console 0x6003 DEC DNA Routing 0x6004 DEC LAT 0x6005 DEC Diagnostics 0x6006 DEC Customer use 0x6007 DEC Systems Comms Arch 0x6558 Trans Ether Bridgin...

Page 165: ...h any of the configured rules on the router Enforcement Setting Description Factory Default Enabled or Disabled Enable or disable the global Policy Enforcement feature Disabled Default Action Setting...

Page 166: ...Click to create a new Layer 3 7 policy Index Setting Description Factory Default Max 1024 The index number is generated automatically 1 Enforcement Setting Description Factory Default Enabled or Disa...

Page 167: ...e firewall event logs are sent to a SNMP Trap Incoming Interface Setting Description Factory Default Any WAN LAN Select the incoming interface Any Outgoing Interface Setting Description Factory Defaul...

Page 168: ...3 7 Protocol for a list of all destination ports Any When finished click CREATE to save your configuration NOTE The Industrial Secure Router s firewall function will check if incoming or outgoing pac...

Page 169: ...e system Status Setting Description Factory Default Enabled or Disabled Enable or disable the system to record event logs when malformed packets are dropped Disabled Severity Severity Description Fact...

Page 170: ...between the last data transmission on the connection exceeds 300 seconds the connection will also be released Create a New Session Control Policy Click to create a new Session Control policy Index Set...

Page 171: ...ol event logs will be sent by SNMP Trap Action Setting Description Factory Default Monitor Monitor the network traffic that matches this rule Drop Drop Drop the network traffic that matches this rule...

Page 172: ...is 64 Modify an Existing Session Control Policy Click the icon next to the entry you want to modify When finished click APPLY to save your changes Delete an Existing Session Control Policy Select the...

Page 173: ...ked Enable or disable the DoS policy for all types Unchecked Null Scan Setting Description Factory Default Checked or Unchecked Enable or disable Null Scan Unchecked Xmas Scan Setting Description Fact...

Page 174: ...ked Limit 1 to 4000 Packets Second If enabled specify the limit that will trigger SYN Flood protection 1000 ARP Flood Setting Description Factory Default Checked or Unchecked Enable or disable ARP Flo...

Page 175: ...c based on specific protocols to detect anomalies and protect your network NOTE The application firewall requires a security package to be installed Refer to Software Package Management for more infor...

Page 176: ...ently installed on the Industrial Secure Router Intrusion Prevention System IPS This section shows the current number of intrusion prevention system IPS events ADP Anomaly Detection Protection This se...

Page 177: ...re Router s configuration settings as a file to the local host To restore the device s configuration using a backup file click the icon and navigate to the configuration backup file on the local host...

Page 178: ...he Backup Restore section Click BACK UP to export the Industrial Secure Router s debug information as a file to the local host Global Settings Intrusion Prevention System IPS IPS Setting Description F...

Page 179: ...cription Factory Default Enabled or Disabled Enable or disable the DNP3 protocol filter engine Enabled DNP3 ADP Setting Description Factory Default Enabled or Disabled Enable or disable the DNP3 proto...

Page 180: ...ect On the Protocol Filter Objects tab click the icon to create a new filter object The configuration settings depend on the selected Category Refer to the following sections for more details on each...

Page 181: ...Any The Slave ID is used to identify Modbus devices This ID can be used to communicate via devices such as bridges and gateways which use a single IP address to support multiple independent end units...

Page 182: ...lect a preset or user configured protocol filter profile for this protocol filter object Refer to Protocol Filter Profile for more information about user configured profiles Select Manual to manually...

Page 183: ...cription Factory Default 0 to 64 characters Enter a name for the protocol filter object None Category Setting Description Factory Default MMS Select the MMS protocol None Protocol Filter Profile Setti...

Page 184: ...he selected Category Refer to the following sections for more details on each category Create a Modbus TCP Profile Create a DNP3 Profile Create an IEC 104 profile Create a MMS Profile Modify an Existi...

Page 185: ...col Length Field 2 bytes Number of remaining following bytes in this frame Unit Identifier 1 byte Slave Address 255 is used for device broadcast information Function code 1 byte Defines the message ty...

Page 186: ...Com Event Log 12 Report Slave ID 17 Read Device Identification 43 When finished click CREATE to save your configuration Create a DNP3 Profile Distributed Network Protocol 3 DNP3 is a set of communica...

Page 187: ...rce Address Setting Description Factory Default 0 to 65535 0x0000 to 0xFFFF Specify the source address which will be checked in the DNP3 packet None Destination Address Setting Description Factory Def...

Page 188: ...15 Initialize application 16 Start application 17 Stop application 18 Save configuration 19 Enable unsolicited 20 Disable unsolicited 21 Assign class 22 Delay measurement 23 Record current time 24 Op...

Page 189: ...iable Structure Qualifier 1 byte Describes how the information objects are organized Cause of Transmission 1 2 bytes Includes the reason for sending the ASDU and one byte with an identifier of the con...

Page 190: ...y interrogation group 8 29 interrogated by interrogation group 9 30 interrogated by interrogation group 10 31 interrogated by interrogation group 11 32 interrogated by interrogation group 12 33 interr...

Page 191: ...ion with time tag CP56Time2a 32 Step position information with time tag CP56Time2a 33 Bit string of 32 bit with time tag CP56Time2a 34 Measured value normalized value with time tag CP56Time2a 35 Measu...

Page 192: ...11 Parameter of measured value scaled value 112 Parameter of measured value short floating point value 113 Parameter activation File transfer 120 File ready 121 Section ready 122 Call directory select...

Page 193: ...that the MMS client can access The VMD object represents a container in which all other objects are located The client issues MMS service requests and the server responds to these requests Name Setti...

Page 194: ...d 15 deleteEventAction 56 readJournal 16 deleteEventCondition 57 relinquishControl 17 deleteEventEnrollment 58 rename 18 deleteJournal 59 reportActionStatus 19 deleteNamedType 60 reportEventActionStat...

Page 195: ...l protocol packets which allows users to control protocol traffic based on the configured policy and Anomaly Detection Protection ADP settings Refer to the Add a New Protocol Filter Policy and ADP Ano...

Page 196: ...tination IP addresses in the packet Any Single The policy will only check for the specified destination IP address in the packet Range The policy will check all destination IP addresses in the packet...

Page 197: ...click DELETE to delete the item s ADP Anomaly Detection Protection Modify an Existing ADP Entry Click the icon to modify the Anomaly Detection Protection ADP parameters Index Setting Description Fact...

Page 198: ...t Accept The packet will be allowed through the firewall when it matches this ADP setting Monitor Reset The packet will by dropped by the firewall when it matches this ADP setting The session will als...

Page 199: ...E A separate license is required to enable IPS functionality on the device Refer to the table below for a description of each field Field Description ID The pattern rule ID Name The pattern name of th...

Page 200: ...ct the criteria for one or more fields and click APPLY Any pattern rules matching the filter criteria will be shown in the table Click CLEAR to reset all filter criteria Quick Settings Quick Settings...

Page 201: ...Modify Settings for All IPS Pattern Rules 1 Select All under general common source 2 Select the Status and Action in the Rule Settings section 3 Click APPLY to save your changes The changes will be a...

Page 202: ...Select Filter Rule under general common source 2 Select the filter criteria in the Filters section 3 Select the Status and Action in the Rule Settings section 4 Click APPLY to save your changes The ch...

Page 203: ...le check the box of the IPS pattern rule s you want to modify 2 Click the icon and click Quick Settings 3 User Selected will selected by automatically 4 Select the Status and Action in the Rule Settin...

Page 204: ...t to any rule to bring up a panel with detailed information about the IPS rule Click the icon again to close the panel Modify an Existing IPS Rule Action 1 Click the icon next to the rule you want to...

Page 205: ...nge IPsec uses the IKE Internet Key Exchange protocol for Authentication Key exchange and provides a way for the VPN gateway data to be protected by different encryption methods There are 2 phases for...

Page 206: ...Industrial Secure Router provides 3 Global Settings for IPsec VPN applications Status Setting Description Factory Default Enabled or Disabled Enable or disable all IPsec VPN services Disabled NOTE IPs...

Page 207: ...vanced Settings sections for more information IPsec Quick Settings The Industrial Secure Router s Quick Settings mode can be used to easily set up a site to site VPN tunnel between two Industrial Secu...

Page 208: ...ey configuration should be identical for both Industrial Secure Router units IPsec Advanced Settings Select Advanced Settings to manually configure the full range of VPN settings Tunnel Settings Statu...

Page 209: ...iption Factory Default Start in Initial The VPN tunnel will actively initiate the connection with the remote VPN gateway Start in Initial Wait for Connecting The VPN tunnel will wait for the remote VP...

Page 210: ...55 0 Identity Setting Description Factory Default Type Select an ID type There are four ID types IP address FQDN Key ID and Auto with Cisco Key ID is a user defined string Auto with Cisco is for used...

Page 211: ...e details N A X 509 With CA In this mode two systems authenticate the VPN connection using certificates imported in advance by the user on the Local Certificate page and a CA certificate imported on t...

Page 212: ...orward Secrecy When enabled different security keys are used for different IPsec phases in order to enhance security Disabled DH Group Setting Description Factory Default DH 1 modp768 DH 2 modp1024 DH...

Page 213: ...When finished click CREATE to save your configuration Modify an Existing IPsec Entry Select the item in the IPsec VPN List and click the icon next to the entry you want to modify When finished click...

Page 214: ...X 509 Mode Two Certificates Users will sometimes use certificates generated from a server or from the Internet If users get different certificates for different systems users can import these certifi...

Page 215: ...ructions in the diagram below to learn how to install the CA and build an IPsec VPN connection Scenario 4 X 509 with CA Mode Two CAs In some large scale systems users may find it difficult to get cert...

Page 216: ...R the certificate belongs only to one system and cannot be installed on other systems By following this method CSR significantly reduces the risk of certificates being used illegitimately Consider the...

Page 217: ...Tunnel Protocol L2TP is a popular choice for VPN applications with remote roaming users since an L2TP client is built into the Microsoft Windows operating system Since L2TP does not provide any encry...

Page 218: ...anges L2TP User Name Settings Create a New Account for L2TP Click the icon to create a new L2TP account Username Setting Description Factory Default Max 32 characters Enter a username for the L2TP con...

Page 219: ...ace for the 2 Industrial Secure Routers is shown in the following table Configuration Industrial Secure Router 1 Industrial Secure Router 2 Interface Setting WAN IP 100 100 2 1 100 100 2 2 LAN IP 100...

Page 220: ...Tunnel Setting Connection Type Site to Site Site to Site Remote VPN gateway 10 10 10 200 10 10 10 100 Startup mode Wait for Connection Start in Initial Local Network Netmask 192 168 127 0 255 255 255...

Page 221: ...ration EDR Series Cisco ASA5510 Router Setting WAN IP 10 10 10 100 10 10 10 200 LAN IP 192 168 127 254 192 168 128 254 Based on the requirements and VPN plan the recommended configuration for the IPse...

Page 222: ...VPN tunnel Communication goes through the Internet The configuration of the WAN LAN interface for the Industrial Secure Router is shown in the following table Configuration Industrial Secure Router 1...

Page 223: ...based form of authentication Before processing certificates please ensure that the industrial secure router is synced with the local device For more information about syncing device time please refer...

Page 224: ...ificate Label Setting Description Factory Default 0 to 30 Specify the certification number None Select Certificate Setting Description Factory Default Click the icon to select a certificate file Uploa...

Page 225: ...abel Setting Description Factory Default 0 to 30 Specify the certification number None CSR Common Name Setting Description Factory Default Domain name Select the CSR Common Name This is the domain nam...

Page 226: ...certificate type Certificate Label Setting Description Factory Default 0 to 30 Specify the certification number None Import Password Setting Description Factory Default Max 32 characters Enter the im...

Page 227: ...ecure Router may not recognize the certificate and reject the connection Click the icon to add a CA Certificate Click the icon to select a CA certificate file then click UPGRADE to import the certific...

Page 228: ...the receiver can use the public key to decrypt the data Click the icon to generate a RSA key Name Setting Description Factory Default 0 to 30 characters Enter a name for the RSA key None Key Pair Size...

Page 229: ...te Key Select the private key generated on the Key Pair Generate tab If you have not generated a private key yet refer to Step 1 Generate a Private Key None Country Name 2 letter code Setting Descript...

Page 230: ...Max 16 characters Enter the common name for the CSR None Email Address Setting Description Factory Default Max 64 characters Enter the email address for the CSR None Subject Alternative Name Setting D...

Page 231: ...the Security section you can configure Device Security Network Security RADIUS and MXview Alert Notification settings Device Security From the Device Security section the following functions can be c...

Page 232: ...h will temporarily prevent users from logging in after several failed login attempts Disabled Login Failure Retry Threshold Setting Description Factory Default 1 to 10 times Specify the number of logi...

Page 233: ...device Enabled Accept All LAN Port Connections Setting Description Factory Default Enabled or Disabled Enable or disable the device to accept all connections on the LAN interface Enabled Log Setting...

Page 234: ...all hosts Disable the Trusted Access list Select Disabled in Trusted IP List Disabling this will allow all IP connections The following table shows additional configuration examples Hosts That Need Ac...

Page 235: ...H SSL SSH The Industrial Secure Router will generate a SSH certificate automatically by default If not click REGENERATE to regenerate the SSH host key SSL On the SSL page you can generate an SSL certi...

Page 236: ...E 802 1X provides an authentication mechanism to prevent unauthorized access to the LAN Without this mechanism users can access the LAN by simply physically connecting to any LAN device on the network...

Page 237: ...retry interval in second 3600 When finished click APPLY to save your changes Modify IEEE 802 1X Port Settings Click the icon to refresh the port status To configure the IEEE 802 1X settings for a spe...

Page 238: ...cting to a network service RADIUS is based on a client server protocol that runs in the application layer and can use either TCP or UDP as the mode of transport The network access servers that contain...

Page 239: ...server by default If the primary RADIUS is unavailable it will use the secondary RADIUS server Local Database Click the icon to create add a user account to the local database Username Setting Descrip...

Page 240: ...lt Enabled or Disabled Enable or disable RADIUS login authentication Disabled Authentication Type Setting Description Factory Default PAP Select the authentication type for the RADIUS server EAP PEAP...

Page 241: ...s Disabled DoS Attack Event Notification Setting Description Factory Default Enabled or Disabled Enable or disable notifications for DoS attack events Disabled Access Violation Event Notification Sett...

Page 242: ...EDR G9010 Series User Manual 242 Security Status The Security Status screen shows the status of all event types Click the icon to clear all event statuses...

Page 243: ...rk Status Event Logs and Notifications and Tools configurations System Status Users can monitor the data transmission activity of all the Industrial Secure Router ports from two perspectives Bandwidth...

Page 244: ...r Check is used to diagnose the link status of fiber connectors including SFP and fixed type Multi mode SC ST and Single mode SC connectors Fiber Check allows you to monitor the temperature TX RX powe...

Page 245: ...er optic cable can receive Fiber Check Threshold Values Model Name Temperature Threshold C Max Min Tx Power dBm Min Rx Power dBm FEMST 120 11 0 23 0 31 0 FEMSC 120 11 0 23 0 31 0 FESSC 120 3 0 8 0 34...

Page 246: ...ics page shows the Packet Counter status by default To switch views click the Packet Counter drop down menu and select Bandwidth Utilization to see the current bandwidth usage Display Mode Setting Des...

Page 247: ...ckets received from connected devices Additionally users can also choose which packet types to monitor including unicast broadcast multicast and error There are three function icons in the upper right...

Page 248: ...Port Selection Setting Description Factory Default All ports FE Ports GE Ports Port 1 Port 2 Port 3 Port 4 Port 5 Port 6 Port 7 Port 8 Port G1 Port G2 If Display Type is set to Port select which port...

Page 249: ...page to view the current bandwidth usage There are three function icons in the upper right corner of the page The table below provides a description for each function Icon Name Description Refresh Re...

Page 250: ...IP Interface IP Interface Monitor the total traffic per interface e g LAN WAN Bridge Interface Selection Setting Description Factory Default Any LAN WAN Bridge LAN Select which interface to monitor t...

Page 251: ...nd its configuration This way all devices are aware of each other LLDP can be enabled or disabled Additionally users can configure the interval at which LLDP packets are sent and view each switch s ne...

Page 252: ...ber of the connecting neighbor device Neighbor Port Description The description of the neighbor device s interface Neighbor System The hostname of the neighbor device Click the icon to refresh the tab...

Page 253: ...53 Event Log System Log By default the System Log shows details of all system related event logs Click the icon to refresh the system logs Click the icon to delete all system logs Click the icon to ex...

Page 254: ...or other policy patterns including Trusted Access Malformed Packets DoS Policy Layer 3 7 Policy Protocol Filter Policy ADP IPS Session Control Click the icon to refresh the firewall logs Click the ico...

Page 255: ...hreshold Settings On the Threshold Settings screen users can set up capacity warnings and oversize actions that trigger when the log storage has exceeded the specified storage threshold Click the icon...

Page 256: ...Threshold Setting Description Factory Default 50 to 100 Specify the threshold percentage of the current storage Once the storage exceeds this value the warning will trigger 0 Registered Action Settin...

Page 257: ...ow what is happening elsewhere on the network This means that an industrial secure router that connects to these devices must provide system maintainers with real time alarm messages Even when control...

Page 258: ...258 System Event Settings System Events are related to the overall functions of the device Each event can be activated independently with different warning methods Administrator also can decide the s...

Page 259: ...tate is 0 DI On The digital input state is 1 Config Change A configuration setting was changed Auth Failure An incorrect password was entered Ring RSTP Topology Changed The Ring RSTP topology was chan...

Page 260: ...is recorded to a Syslog server defined in the Syslog section Relay The industrial secure router supports digital inputs to integrate sensors When event is triggered the device will automate alarm noti...

Page 261: ...EDR G9010 Series User Manual 261 Port Event Settings Port Events are related to the activity of a specific port...

Page 262: ...disable Link Off events If enabled an event is triggered when the port is disconnected e g the cable is unplugged or the connected device is shut down Disabled Registered Action There are four respon...

Page 263: ...d to set up Syslog servers for storing event logs Up to three Syslog servers can be set up When an event occurs the event will be sent as a syslog UDP packet to the specified Syslog servers Each Syslo...

Page 264: ...n Ring RSTP Topology Change activated Master Mismatch Coupling Topology Change activated Fiber Check Warning VRRP State Change activated 802 1X Auth fail VPN connected disconnected Firewall policy Fir...

Page 265: ...rap server used by your network None Inform Retries Setting Description Factory Default 1 to 99 times Specify the allowed number of retries for attempting to reconnect to a server 0 Inform Timeout Set...

Page 266: ...Authentication Type is set to MD5 or SHA and the Encryption Method is set to Enabled also configure the following settings Authentication Key Setting Description Factory Default 8 to 30 characters Ent...

Page 267: ...rver 25 Username Setting Description Factory Default Max 60 characters Enter the username used to log in to the email server None Password Setting Description Factory Default Max 60 characters Enter t...

Page 268: ...assword if auto warning e mail messages can be delivered without using an authentication mechanism Tools From the Tools section the following functions can be configured Port Mirror and Ping Port Mirr...

Page 269: ...eam Select this option to monitor only those data packets coming into the Moxa industrial secure router s port Egress Stream Select this option to monitor only those data packets being sent out throug...

Page 270: ...ature is that even though the ping command is entered from the user s PC keyboard the actual ping command originates from the Industrial Secure Router itself In this way the user can essentially contr...

Page 271: ...System Group sysORTable MIB II 2 Interfaces Group ifTable MIB II 4 IP Group ipAddrTable ipNetToMediaTable IpGroup IpBasicStatsGroup IpStatsGroup MIB II 5 ICMP Group IcmpGroup IcmpInputStatus IcmpOutpu...

Page 272: ...ore R W R W R Account Management User Account R W R R Password Policy R W R W R License Management R W R W R Management Interface User Interface R W R W R Hardware Interface R W R W R SNMP R W R W R M...

Page 273: ...n R W R W R Protocol Filter Policy R W R W R ADP R W R W R IPS R W R W R VPN Admin Supervisor User IPsec R W R W R L2TP Server R W R W R Certification Management Admin Supervisor User Local Certificat...

Page 274: ...EDR G9010 Series User Manual 274 Function Account Privilege Ping R W R W R...

Reviews:

No comments

Related manuals for EDR-G9010 Series

D-Link Air DCS-1000W Setting-Up Manual preview
Air DCS-1000W
Brand: D-Link Pages: 13
Cabletron Systems Netlink FRX4000 Installation And Setup Manual preview
Netlink FRX4000
Brand: Cabletron Systems Pages: 8
Cabletron Systems 9C300-1 Upgrade Instructions preview
9C300-1
Brand: Cabletron Systems Pages: 4
Cabletron Systems MMAC-Plus 9F106-02 Reference Manual preview
MMAC-Plus 9F106-02
Brand: Cabletron Systems Pages: 7
SAF Phoenix G2 IDU Quick Start Manual preview
Phoenix G2 IDU
Brand: SAF Pages: 30
NETGEAR WAG302 Installation Manual preview
WAG302
Brand: NETGEAR Pages: 2
Perle P841 Specifications preview
P841
Brand: Perle Pages: 2
Valcom VIP-822A Quick Start Manual preview
VIP-822A
Brand: Valcom Pages: 4
Gemtek Systems WLTFQR-121 User Manual preview
WLTFQR-121
Brand: Gemtek Systems Pages: 51
RubyTech VS-820S User Manual preview
VS-820S
Brand: RubyTech Pages: 25
ACTi GNR-310 Quick Installation Manual preview
GNR-310
Brand: ACTi Pages: 12
eWON 2101CD Installation Manual preview
2101CD
Brand: eWON Pages: 34
3Com EtherLink 3C905C-TX User Manual preview
EtherLink 3C905C-TX
Brand: 3Com Pages: 96
Intercoax IXWB-450 Quick Start Manual preview
IXWB-450
Brand: Intercoax Pages: 2
Ubiquiti EdgeRouter 12 Quick Start Manual preview
EdgeRouter 12
Brand: Ubiquiti Pages: 23
B&B Electronics Elinx EIR510 Series Quick Start Manual preview
Elinx EIR510 Series
Brand: B&B Electronics Pages: 2
Casablanca W-500 Technical Bulletin preview
W-500
Brand: Casablanca Pages: 13
INNOSILICON T3-43T User Manual preview
T3-43T
Brand: INNOSILICON Pages: 11

Brands by name

Popular brands

Load more brands