W&T Microwall Gigabit 55210 Manual Download

Page: 38 / 75

W&T

Operation modes and rule configuration

5�3 IP inventories

In the menu branch

Firewall Settings -> IP Address Inventory

the Microwall provides a separate address inventory for each
network. The configuration of the destination/source addres-
s(es) when creating firewall rules is always done from these
address inventories.

Inventory entries can consist of individual IP addresses, as
well as areas or lists. The following entries are permitted:

•

any

Keyword for any IP address

•

single IP address

IP address in dot notation (e.g. 10.20.0.4)

•

Comma-separated IP address list

List of IP addresses in dot notation (e.g. 10.10.10.1,
20.20.20.2)

•

IP range

Continuous IP range in the form „from-to“ (e.g.
10.10.10.1 - 10.10.10.20)

•

IP- range CIDR notation

CIDR listed IP range (e.g. 10.10.0.0/16)

Summary of Contents for Microwall Gigabit 55210

Page 1: ...Manual Startup and application Microwall Gigabit Valid for the following models 55210 Microwall Gigabit as of firmware version 1 52 Release 1 02 11 2020 W T w w w Wu T d e...

Page 2: ...tructions completely Unauthorized action can cause dangers We are not liable for the consequences of arbitrary action In case of doubt please ask us or your dealer again This device contains software...

Page 3: ...000BaseT network connections and integrated whitelist based firewall It connects a network island e g with auto mation components to a higher level local network Suitable filter rules at TCP IP level...

Page 4: ...System LED green 18 2 4 2 Service LED red 18 2 5 Service button 19 3 Start up 21 3 1 IP assignment via DHCP 22 3 2 Initial assignment of IP parameters with WuTility 23 3 3 Start up via the default IP...

Page 5: ...6 2 Up Download of configuration backups 54 6 3 Firmware updates 56 8 3 1 Where is the latest firmware available 56 6 3 2 Firmware update with WuTility 56 6 2 3 Firmware Update via Web Based Manageme...

Page 6: ...W T...

Page 7: ...7 W T Subject to error and alteration 1 Legal information and safety...

Page 8: ...e injury if no appropriate preventive actions are taken 1CAUTION Indicates a hazard that can result in slight injury if no appropriate preventive actions are taken 1NOTE Indicates a hazard which can r...

Page 9: ...ipment may not be disposed of with normal waste but rather must be brought to a proper electrical scrap processing facility The complete declarations of conformity for the devices de scribed in the in...

Page 10: ...ts of the island network can be provided via the WireGuard VPN Suitable filter rules on TCP IP level protect all networks from unauthorized undesi red and harmful communication Any other use or modifi...

Page 11: ...s The power supply used for the Microwall must absolutely ensure safe isolation of the low voltage side from the supply mains according to EN62368 1 and must have LPS designation EMV 1NOTE Only shield...

Page 12: ...12 W T...

Page 13: ...13 W T Subject to error and alteration 2 Hardware interfaces and displays Hardware installation Power supply Network interfaces Service button...

Page 14: ...with alternative mounting methods the outlined air circulation must be gua ranteed A i r c i r c u l a t i o n iThe installation site must be adapted to the security requi rements of the respective sy...

Page 15: ...2 2 External power supply As an alternative to the PoE supply the Microwall can be sup plied externally via the pluggable screw terminal located on the underside of the housing The DC voltage used mu...

Page 16: ...ing with the factory settings and a possible sup ply via PoE is only possible via Network 1 yellow 2 3 1 Gigabit Ethernet Features Both Gigabit Ethernet connections have the following features RJ45 ja...

Page 17: ...nd that the connected devices are also operated in auto negotiation mode 2 3 2 Link state The link status is indicated by LEDs integrated in the RJ45 sockets Pin 1 2 3 4 5 6 7 8 Richtung Out Out In In...

Page 18: ...d 10s The emergency access of the Microwall is activated Further information on emergency access can be found in the chapter on emergency access iThe emergency access opens a non password protected HT...

Page 19: ...n both network connections via TCP port 446 Pressing the button again briefly performs a reset and ends the emergency access Further information on emergency access can be found in the chapter emergen...

Page 20: ...crowall continues with the standard operation of the current configuration iA reset to the factory setting causes all settings filter ru les IP parameters log files etc to be lost Recommissio ning mus...

Page 21: ...ess required for initial access is assi gned Subsequent browser access leads to the initial web page for configu ration of the basic parameters required for operation including the system password IP...

Page 22: ...twork 1 is connected to the network the initial web page for assigning the system password is accessible via the default IP or the IP address assigned via WuTility or DHCP Make sure that no unauthoriz...

Page 23: ...until the password is assigned on the initial web page e g by commissioning with a direct connection to the respective PC To assign the IP address the PC and the Interface Network 1 of the Microwall m...

Page 24: ...IP address is 190 107 233 110 Select the desired Microwall and then press the IP address button Enter the desired values for IP address subnet mask gateway and DNS server When you click Next the netwo...

Page 25: ...error and alteration using standard web based management The additional parameters required for initial commissioning are set via an initial web page using a browser For more in formation refer to th...

Page 26: ...The commissioning of several Microwalls via their default IP can only take place one after the other Only after one Microwall has received a new IP address may the next Micro wall be connected to the...

Page 27: ...ress assigned by WuTility Make sure that no unauthorized access to the Microwall occurs until the password is assigned on the initial web page e g by commissioning with a direct connection to the resp...

Page 28: ...28 W T Start up...

Page 29: ...tained via DHCP In static operation assign the IP parameters for the Network 1 connection yellow iFor operational use of the Microwall we recommend ope ration with a static IP address Especially in th...

Page 30: ...ng and to re duce the attack surface we therefore recommend disab ling this option in critical environments Configuration backup Allows you to upload a configuration backup previously secu red by anot...

Page 31: ...agement The configuration of the Microwall is only possible encrypted via HTTPS The WBM Web based management works session oriented Changes made on the respective pages are immediately saved and valid...

Page 32: ...the IP address of the Microwall and if necessary the port number to be used https IP address Port no 4 1 1 Navigation concept of the Microwall The WBM of the Microwall works session oriented via a pas...

Page 33: ...Login Enter the password and press the Log in button After suc cessful login the extended navigation tree with all configurati on options is available iTo protect against brute force attacks password...

Page 34: ...nfiguration items are not self explanatory the assigned info symbols contain the necessary descriptions explanations and notes For detailed information on the operating modes release ru les and VPN se...

Page 35: ...35 W T Subject to error and alteration 5 Operating modes and rule configuration Mode NAT router Mode Standard router Rule configuration and labels IP inventories...

Page 36: ...twork by the local IP address of the Microwall and are therefore not visible in the intranet at any time The island IP range can be selected completely freely in NAT mode Even several islands with ide...

Page 37: ...static route If the island network is a marginal network without connecti on to further networks the local IP address of the Mircowall VPN is configured as default gateway on the island hosts If furth...

Page 38: ...ways done from these address inventories Inventory entries can consist of individual IP addresses as well as areas or lists The following entries are permitted any Keyword for any IP address single IP...

Page 39: ...r and alteration 5 3 1 Scan of Network 2 Using the magnifying glass in the area of Network 2 it is possible to search the island network for participants Newly found stations found during a scan can t...

Page 40: ...rewall rules The overview contains information about the existing rules with the possibility to activate and deactivate them using the respective slide switch The Plus button at the upper right edge o...

Page 41: ...to create additional labels Direction Clicking on the direction arrow sets the direction for the rule from the point of view of establishing a TCP connecti on For UDP the direction is determined by t...

Page 42: ...d address ranges any Keyword for any IP address single IP address IP address in dot notation e g 10 20 0 4 Comma separated IP address list List of IP addresses in dot notation e g 10 10 10 1 20 20 20...

Page 43: ...en works on a request reply principle e g DNS In these cases the option Allow response in reverse direction must be activated The Microwall will automatically accept an incoming reply datagram within...

Page 44: ...re 10 110 0 1 and 10 20 0 55 For view fil tering in the rule overview the rule is marked with the label Normal mode Network 1 Intranet Net ID 10 20 0 0 16 Standard Gateway 10 20 0 1 10 20 0 55 Network...

Page 45: ...45 W T Operation modes and rule configuration Subject to error and alteration The rule dialog to be filled out for this example...

Page 46: ...of the Microwall is used as the destination address in the browser where it is usually replaced by the island IP 10 110 0 10 Network 1 Intranet Net ID 10 20 0 0 16 Standard Gateway 10 20 0 1 10 20 0...

Page 47: ...and rule configuration Subject to error and alteration The rule dialog to be filled out for this example iFurther control examples for many standard applications can be found on our website at https w...

Page 48: ...48 W T Operation modes and rule configuration...

Page 49: ...49 W T Subject to error and alteration 6 Security Maintenance Security and operating notes Firmware updates Individual certificates Emergency access via service button Reset to factory defaults...

Page 50: ...N server 6 1 2 Installation location The installation location of the Microwall must ensure that no unauthorized physical access can occur e g suitably secured room or network cabinet Physical access...

Page 51: ...aracters consisting of upper and lower case letters numbers and special characters Registration for security relevant information Devices can be registered with W T via the inventory tool In case of s...

Page 52: ...be chan ged In environments with increased security requirements it may make sense to deactivate some or all of these services after the communication rules have been set up during operation For any...

Page 53: ...ser friendliness Only choose this method if you can guarantee a confidential transmission of this key to the VPN client For applications with increased pro tection requirements we recommend generating...

Page 54: ...nfiguration The Download configuration button starts the download of all current configuration parameters of the Microwall If the file is to receive an individual backup password this must be ente red...

Page 55: ...t to error and alteration iBackup files also contain the new IP address of the Micro wall To avoid an IP conflict make sure that the original or a previously programmed Microwall is no longer connecte...

Page 56: ...ype number of your de vice in the input field If you do not know the type number you can find it on the sticker on the narrow side of the housing which also contains the Ethernet address Type number E...

Page 57: ...d and also the actual upload is encryp ted and therefore confidential To transfer the new firmware to the Microwall select the desi red Microwall in the WuTility inventory list and click on the Firmwa...

Page 58: ...ctivated for security reasons the firmware update can be performed from the Web based management Switch to the Maintenance page in the menu tree of the Micro wall The Upload File button starts the sel...

Page 59: ...n of a CSR Certificate Signing Request with asso ciated private key in the Microwall Download the CSR and external signature to a certificate by a trusted certificate authority Upload and installation...

Page 60: ...rnal signature The download is in PEM format After the signature by a trustworthy certification authority CA the certificate and any certificate chain that may be re quired can be loaded into the Micr...

Page 61: ...The router firewall function is completely retained in this state iThe emergency access activates a non password protected web page on the Microwall with the possibility to overwrite the current passw...

Page 62: ...t of the Microwall should sub sequently be accessible Terminating the emergency access Changes are applied with a click on Apply and the Microwall restarts the affected services Afterwards access to t...

Page 63: ...ED starts flashing slowly and after approx 10s it starts flashing fast After a total of approx 20s the device is reset to the factory settings If the service button is released while the service LED i...

Page 64: ...64 W T Security Maintenanceh...

Page 65: ...65 W T Subject to error and alteration 7 Appendix Technical data and form factor Licenses...

Page 66: ...24V DC max 200mA 24V DC Galvanic isolation Network interfaces min 500V LAN Port Network 1 10 100 1000BaseT RJ45 au tosensing autocrossing PoE LAN Port Network 2 10 100 1000BaseT RJ45 autosensing autoc...

Page 67: ...instead You can apply it to your programs too When we speak of free software we are referring to freedom not price Our General Public Licenses are designed to make sure that you have the freedom to di...

Page 68: ...ITIONS FOR COPYING DISTRIBUTION AND MODIFICATION 0 This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms...

Page 69: ...a whole at no charge to all third parties under the terms of this License c If the modified program normally reads commands interactively when run you must cause it when started running for such inte...

Page 70: ...company it with a written offer valid for at least three years to give any third party for a charge no more than your cost of physically performing source distribution a complete machine readable copy...

Page 71: ...e the Program or its derivative works These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indi...

Page 72: ...f that system it is up to the author donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice This section is intended to make t...

Page 73: ...E LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE PROGRAM AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO...

Page 74: ...orm factor 66 H Hardware installation 14 I IP inventories 38 L Licenses 67 Link state 17 Login 33 Logout 33 N NAT router 36 navigation concept 32 Network Interfaces 16 P PoE 15 Power supply 15 R Reset...

Page 75: ...75 W T Index...

Search results

Summary of Contents for Microwall Gigabit 55210

Reviews:

Related manuals for Microwall Gigabit 55210

Brands by name

Popular brands

W&T Microwall Gigabit 55210, Manual

Search results

Summary of Contents for Microwall Gigabit 55210

Reviews:

Related manuals for Microwall Gigabit 55210

Brands by name

Popular brands