Moxa Technologies EDR-G9010 Series Скачать руководство пользователя страница 220 | Manualshive

Страница: 220 / 274

background image

EDR-G9010 Series User Manual

220

Site-to-site IPsec VPN tunnel with Juniper systems

In this example, in order to establish a VPN tunnel, the central site router and remote site router have to
know the identity of each other and use the same authentication mechanism to verify each other. Here we
use a Juniper SSG5 as an example to elaborate how the Industrial Secure Router can build an IPsec VPN
connection with Juniper systems.

VPN Plan

•

All communication from the Central site network (192.168.127.0/24) to the Remote site Network
(192.168.128.0/24) needs to pass through the VPN tunnel.

•

The Intranet Network is 10.10.10.0/24.

•

The configuration of the WAN/LAN interface for the Industrial Secure Routers and Juniper SSG5 is
shown in the following table.

Configuration

EDR Series

Juniper SSG5

Router Setting

WAN IP

10.10.10.100

10.10.10.200

LAN IP

192.168.127.254

192.168.128.254

Based on the requirements and VPN plan, the recommended configuration for the IPsec VPN connection is
shown in the following table:

Configuration

EDR Series

Juniper SSG5

Tunnel Setting

Connection Type

Site to Site

Site to Site

Remote VPN gateway 10.10.10.200

10.10.10.100

Startup mode

Wait for Connection

Start in Initial

Local Network/
Netmask

192.168.127.0/
255.255.255.0

192.168.128.0/
25.255.255.0

Remote Network/
Netmask

192.168.128.0/
25.255.255.0

192.168.127.0/
255.255.255.0

Identity

IP address
Local ID: 10.10.10.100
Remote ID: 10.10.10.200

IP address
Local ID: 10.10.10.200
Remote ID: 10.10.10.100

Key Exchange

Authentication mode

Pre-Shared Key or X.509 with
CA

Pre-Shared Key or X.509 with
CA

Data Exchange

Encryption / Harsh

3DES/SHA-1

3DES/SHA-1

Note that to establish a VPN connection with Juniper systems, the Identity should set to “

IP Address

” and

the authentication mode should set to “

Pre-Shared Key

” or “

X.509 with CA

”. During the EDR Series

compliance test with the Juniper SSG5, all Identity modes except "IP Address” and all authentication modes
except “X.509 with CA” did not work with the Juniper SSG5. A summary of settings for VPN connections
with Juniper systems is listed in the table below.

EDR Series VPN settings for
compatibility with Juniper systems

Authentication mode
Pre-shared Key

X.509

X.509 With CA

Identity

IP Address

Supported

Not supported

Supported

FQDN

Not supported

Key ID
Auto(with Cisco)

«
...
218
219
220
221
222
...
»

Содержание EDR-G9010 Series

Страница 1: ...EDR G9010 Series User Manual Version 2 0 September 2022 www moxa com products 2022 Moxa Inc All rights reserved...

Страница 2: ...hout warranty of any kind either expressed or implied including but not limited to its particular purpose Moxa reserves the right to make improvements and or changes to this manual or to the products...

Страница 3: ...15 Device Summary 17 Model Information 18 Panel Status 18 Event Summary Last 3 Days 19 CPU Usage History 20 Memory Usage History 21 Setup Wizard 21 Step 1 Port Type 21 Step 2 Interface 22 Step 3 Servi...

Страница 4: ...Bidirectional 1 to 1 NAT 142 Double NAT 142 N to 1 NAT 143 PAT Port Address Translation 144 Advance 146 10 Object Management 150 Overview 150 Create a New Object 150 Create an IP Address and Subnet O...

Страница 5: ...tificate from PKCS 12 226 Trusted CA Certificate 227 Import a CA Certificate 227 Certificate Signing Request 227 Key Pair Generate 228 CSR Generate 229 14 Security 231 Device Security 231 Login Policy...

Страница 6: ...cure routers with firewall NAT VPN and managed Layer 2 switch functions These devices are designed for Ethernet based security applications in critical remote control or monitoring networks These secu...

Страница 7: ...engineers a simple way to configure the firewall filtering function for general automation protocols including EtherNet IP Modbus TCP EtherCAT FOUNDATION Fieldbus and PROFINET Industrial grade Design...

Страница 8: ...Telnet console only provide basic functions RS 232 Console Configuration 115200 None 8 1 VT100 ATTENTION We strongly suggest that you do NOT use more than one connection method at the same time Follow...

Страница 9: ...f the Property window will appear Select the appropriate COM port from the Serial Parameters list and configure the following values Baud Rate 115200 Data Bits 8 Parity None Stop Bits 1 4 Click the Te...

Страница 10: ...Secure Router is in console serial or Telnet mode Admin Account Commands Command Description quit Exit the Command Line Interface exit Exit the Command Line Interface reload Halt and perform a cold r...

Страница 11: ...0 then its IP address must have the form 192 168 xxx xxx On the other hand if your PC host s subnet mask is 255 255 255 0 then its IP address must have the form 192 168 127 xxx NOTE To use the Indust...

Страница 12: ...ion mark to display the command list Using a Web Browser to Configure the Industrial Secure Router The Industrial Secure Router s web browser interface provides a convenient way to modify the router s...

Страница 13: ...ps to access the Industrial Secure Router s web browser interface 1 Open a web browser and type the Industrial Secure Router s LAN IP address 192 168 127 254 in the address bar and press Enter 2 The w...

Страница 14: ...Manual 14 After successfully connecting to the router the Device Summary screen will automatically appear Use the menu tree on the left side of the window to open the function pages to access each of...

Страница 15: ...nd use administration functions from the web browser An RS 232 or Telnet console connection only provides basic functions In this chapter we use the web browser to introduce the Industrial Secure Rout...

Страница 16: ...elnet and the web browser interface Check the Keep certificate database and configuration option to keep certificate database and configuration information Leaving this option unchecked will delete al...

Страница 17: ...e Router you will be presented with the Device Summary page This overview page contains basic activity and performance information of the device If you are on another configuration page click Device S...

Страница 18: ...Router including product model name serial number firmware version system uptime etc Panel Status This panel illustrates the panel status For example the connecting ports will be shown in green while...

Страница 19: ...tive image of the device Click the icon in the upper right corner to close the panel view The panel view figure varies depending on the product model you are using Event Summary Last 3 Days This panel...

Страница 20: ...es User Manual 20 For Event Log settings refer to the Event Log section CPU Usage History This panel shows the device s CPU usage The data will be shown as a percentage over time Click the icon to ref...

Страница 21: ...a percentage over time Click the icon to refresh the graph Setup Wizard The EDR G9010 Series supports a Setup Wizard to help you quickly set up routing functionality between the user defined LAN WAN...

Страница 22: ...et of the Bridge LAN ports on the secure router The default IP address on the Bridge LAN side is 192 168 126 254 and the default subnet address is 255 255 255 0 WAN Configuration Configure the WAN por...

Страница 23: ...EDR G9010 Series User Manual 23 Dynamic IP Static IP PPPoE...

Страница 24: ...the corresponding services The Enable DHCP Server and Enable N 1 NAT are enabled by default The default IP address range will be set automatically To modify the IP range refer to the DHCP Server sect...

Страница 25: ...EDR G9010 Series User Manual 25 NOTE The settings configured in the Setup Wizard will override any existing configuration...

Страница 26: ...Secure Router From the System menu you can access the System Management Account Management License Management Management Interface Time and Setting Check configuration pages System Management From the...

Страница 27: ...ocation Setting Description Factory Default Max 80 characters Enter a location for the device This is useful for quickly identifying the location of different units For example Production line 1 Devic...

Страница 28: ...are file stored locally on the host computer With the firmware selected click UPGRADE to start the upgrade process This procedure will take several minutes to complete TFTP Server Select TFTP from the...

Страница 29: ...SB For more details about the ABC 02 USB please visit https www moxa com product Automatic_Backup_Configurator_ABC 02 USB htm Moxa s Automatic Backup Configurator ABC 02 USB To use the Moxa USB based...

Страница 30: ...rial Secure Router with advanced functions Status Setting Description Factory Default Enabled The package is installed and is working normally Enabled Disabled The package is installed but was abnorma...

Страница 31: ...te www moxa com Source Select Local from the drop down menu under Source to update an existing package using a local file Select File Click to select the package file stored locally on the host comput...

Страница 32: ...stall or update a package through firmware Package Version This shows the target firmware version Click UPGRADE to start the upgrade process This procedure will take several minutes to complete Config...

Страница 33: ...Setting Description Factory Default Backup file name Enter the file name of the configuration backup file None When finished click BACK UP to back up the system configuration file USB Select USB from...

Страница 34: ...using a previously back up configuration file There are three ways to restore the configurations of your Industrial Secure Router from a local configuration file by remote TFTP server or using a Moxa...

Страница 35: ...r the file name of the configuration restore file None When finished click RESTORE to restore the system configuration USB Select USB from the drop down list under Method Insert the Moxa ABC 02 USB ba...

Страница 36: ...e Signature Setting Description Factory Default Enabled or Disabled Enables or disables the use of a digital signature for checking the configuration file integrity None Signature Information Setting...

Страница 37: ...user accounts There are three levels of configuration access Admin Supervisor and User The admin accounts have read write access to all configuration parameters Supervisors have full editing rights b...

Страница 38: ...username for the account None Authority Setting Description Factory Default Admin The account has read write access to all configuration parameters None Supervisor The account has read write access to...

Страница 39: ...nt has read write access to all configuration parameters None Supervisor The account has read write access to all configuration parameters except create delete and modify accounts User The account can...

Страница 40: ...ct one or multiple accounts from the Account List table and click the icon Click DELETE to delete the account Search for an Existing Account Enter the full or partial account username in the Search fi...

Страница 41: ...Default Enabled or Disabled Enable or disable the password complexity strength check Disabled Must contain at least one digit 0 9 Setting Description Factory Default Enabled or Disabled Enable or dis...

Страница 42: ...licenses Overview The Overview section displays the license name the valid duration in days the start date the end date and the status of the current license License History The license history sectio...

Страница 43: ...used to activate the license on the Industrial Secure Router 1 Go to System License Management 2 Click the ADD NEW LICENSE button in the Overview section The Add New License screen appears 3 Click Nex...

Страница 44: ...ived after activating the license in the license management portal 7 Click APPLY The license is now activated on the Industrial Secure Router Management Interface From the Management Interface section...

Страница 45: ...y Default Enabled or Disabled Enable or disable HTTP connections Enabled TCP Port HTTP Setting Description Factory Default 2 to 65535 Enter the TCP port number for HTTP 80 HTTPS Setting Description Fa...

Страница 46: ...nections option is enabled in Trusted Access MOXA Service Setting Description Factory Default Enabled or Disabled Enable or disable the MOXA Service Enabled NOTE Moxa Service is only used for Moxa net...

Страница 47: ...n to enhance data security SNMP security modes and security levels supported by the Industrial Secure Router are listed in the following table Protocol Version UI Setting Authentication Type Data Encr...

Страница 48: ...or V3 only Select the SNMP protocol version used to manage the secure router Disabled If you selected an SNMP version configure the following settings Community Name 1 2 Setting Description Factory De...

Страница 49: ...comes with two preconfigured SNMP Accounts which are disabled by default Modify an Existing SNMP Account In the SNMP Account list click the icon next to the SNMP account you want to modify Select Ena...

Страница 50: ...ey The key must be at least 8 characters long None When finished click APPLY to save your changes MXsecurity The Industrial Secure Router supports management of firmware software package firewall poli...

Страница 51: ...software Service Address Setting Description Factory Default 0 to 64 characters Enter the MXsecurity server IP address or domain name address None Click CONNECT to connect to the MXsecurity service Ti...

Страница 52: ...n the upper right corner to refresh all the information on the page Clock Source Setting Description Factory Default Local Set the clock source to local time This will require you to manually specify...

Страница 53: ...iption Factory Default 0 to 60 characters Specify the IP or domain address of the primary time server e g 192 168 1 1 time stdtime gov tw or time nist gov None Time Server 2 Setting Description Factor...

Страница 54: ...ermine the local time offset from UTC Coordinated Universal Time UTC Coordinated Universal Time Daylight Saving The Daylight Saving settings are used to automatically set the Moxa router s time forwar...

Страница 55: ...onth the Daylight Saving time begins None Week Setting Description Factory Default User specified week Specify the week the Daylight Saving time begins None Day Setting Description Factory Default Use...

Страница 56: ...Daylight Saving time ends None Hour Setting Description Factory Default User specified hour Specify the hour the Daylight Saving time ends 00 Minutes Setting Description Factory Default User specified...

Страница 57: ...ch takes up time and resources Enabling the Setting Check function will execute these new policy changes temporarily until confirmed by the user If not confirmed the Industrial Secure Router will reve...

Страница 58: ...PPLY button on the Trusted IP list page the Industrial Secure Router will execute the configuration change and the web browser will attempt to go to the Setting Check Confirmed page automatically Beca...

Страница 59: ...the physical ports and network interfaces of the Industrial Secure Router From the Network Configuration section you can configure the Ports Layer 2 Switching and Network Interfaces settings Ports Fro...

Страница 60: ...er Manual 60 Port Settings Port settings let you manage port access port transmission speed flow control and port type MDI or MDIX The EDR G9010 Series has eight RJ45 Ethernet ports and two mini GBIC...

Страница 61: ...n Factory Default Max 127 characters Enter a description for the port This helps administrators differentiate between different ports more easily Example PLC 1 None Speed Duplex Mode Setting Descripti...

Страница 62: ...isable flow control for this port when the port s Speed is set to Auto Disabled MDI MDIX Setting Description Factory Default Auto Allow the port to auto detect the port type of the connected Ethernet...

Страница 63: ...ng protocol that provides the following benefits Greater flexibility in setting up your network connections since the bandwidth of a link can be doubled tripled or quadrupled Redundancy if one link is...

Страница 64: ...ption Factory Default Port drop down menu Select the ports you want to add to the link aggregation group None When finished click CREATE to save your configuration Edit Existing Link Aggregation Click...

Страница 65: ...aggregation groups you want to delete in the Link Aggregation list and click the icon Click DELETE to delete the selected items Layer 2 Switching From the Layer 2 Switching section the following funct...

Страница 66: ...ide a network segmentation system that is far more flexible than traditional networks Using VLANs also provides you with three other benefits VLANs ease the relocation of devices on networks With trad...

Страница 67: ...port is on a single VLAN it can be an untagged member but if the port needs to be a member of multiple VLANs a tagged membership must be defined A typical host e g clients will be an untagged member...

Страница 68: ...Port with PVID 5 Port 7 connects a single untagged device and assigns it to VLAN 4 it should be configured as an Access Port with PVID 4 After the application is properly configured Packets from Devic...

Страница 69: ...Management Port Quick Settings Use this for quick and easy configuration of VLAN settings for multiple ports at once Management Port Setting Description Factory Default 1 to 10 Select the management p...

Страница 70: ...D Setting Description Factory Default 1 to 16 Set the default VLAN ID for untagged devices that connect to the port 1 Tagged VLAN Setting Description Factory Default All Member VIDs 1 to 16 If the Mod...

Страница 71: ...EDR G9010 Series User Manual 71 Settings...

Страница 72: ...N ID max 16 VLANs Specify the VLAN ID You can create multiple VLANs at once by entering single VLAN IDs or a range of IDs For example 2 4 8 10 13 None When finished click CREATE to create the VLAN Del...

Страница 73: ...devices and or other routers hubs PVID Setting Description Factory Default 1 to 16 Set the default VLAN ID for untagged devices that connect to the port 1 Tagged VLAN Setting Description Factory Defau...

Страница 74: ...ddress Table shows the MAC address of devices that go through the Moxa industrial secure router The Aging Time 10 to 300 seconds is the duration that a MAC address entry can remain in the Moxa router...

Страница 75: ...can inspect both IEEE 802 1p 1Q Layer 2 CoS Class of Service tags and even Layer 3 DSCP Differentiated Services Code Point information to provide consistent classification of the entire network The s...

Страница 76: ...Point DSCP field in the IP header to specify the packet priority DSCP is an advanced intelligent method of traffic marking that allows you to choose how your network prioritizes different types of tr...

Страница 77: ...switches support two different queuing mechanisms Weight Fair This method services all the traffic queues giving priority to the higher priority queues Under most circumstances the Weight Fair method...

Страница 78: ...he CoS level 0 to 3 When finished click APPLY to save your changes DSCP Mapping Click the icon to configure the priority queue settings of the corresponding DSCP value Priority Queue Setting Descripti...

Страница 79: ...s approach prevents the lower priority frames from being starved of opportunity for transmission with only a slight delay to the higher priority frames Weight Fair 8 4 2 1 Strict High Priority First A...

Страница 80: ...the priority of each frame Enabled Priority Setting Description Factory Default 0 to 7 Specify the priority The port priority ranges from 0 lowest to 7 highest 3 When finished click APPLY to save you...

Страница 81: ...re routers not only prevent broadcast storms but can also be configured to have a different ingress rate for all packets giving administrators full control of their limited bandwidth to prevent undesi...

Страница 82: ...stations on a LAN or VLAN that belong to the multicast group Multicast group members can be distributed across multiple subnets so that multicast transmissions can occur within a campus LAN or over a...

Страница 83: ...t filtering ensures that only end stations that have joined certain groups receive multicast traffic With multicast filtering network devices only forward multicast traffic to the ports that are conne...

Страница 84: ...ping enabled the switch knows that the port should forward traffic for the multicast group and then proceeds to forward the packet to the router When the router receives the report packet it registers...

Страница 85: ...he settings of the corresponding VLAN IGMP Snooping Setting Description Factory Default Enabled or Disabled Enable or disable the IGMP Snooping function for that particular VLAN Disabled Version Setti...

Страница 86: ...he currently active IGMP groups that were detected for each VLAN The information shown in the table includes Auto Learned Multicast Router Port This indicates that a multicast router connects to sends...

Страница 87: ...lays the multicast group IP address Source Address Displays the multicast source IP address Port Displays the port which receives the multicast stream Member port Displays the port the multicast strea...

Страница 88: ...ory Default Integer Enter the Static Multicast MAC address None Port Setting Description Factory Default 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 1 9 1 10 checkbox Check the boxes to add the corresponding port...

Страница 89: ...scription Factory Default 1 to 4093 Enter the VLAN ID None Alias Setting Description Factory Default Max 31 characters Enter an alias for the VLAN interface None IP Address Setting Description Factory...

Страница 90: ...N ID can be configured as one WAN interface Setting Description Factory Default VLAN ID Select a VLAN ID The Moxa Industrial Secure Router s WAN interface is VLAN based All ports associated with the s...

Страница 91: ...rected Broadcast Status Setting Description Factory Default Enabled or Disabled Enable or disable the directed broadcasting Enabled Source IP Overwrite Setting Description Factory Default Enabled or D...

Страница 92: ...0 Username Setting Description Factory Default Max 30 Characters Enter the username used for dialing in to the PPTP service None Password Setting Description Factory Default Max 30 characters Enter t...

Страница 93: ...y DNS Server Setting Description Factory Default IP Address Enter the primary DNS IP address 0 0 0 0 Secondary DNS Server Setting Description Factory Default IP Address Enter the secondary DNS IP addr...

Страница 94: ...EDR G9010 Series User Manual 94 Static IP Connection Directed Broadcast Status Setting Description Factory Default Enabled or Disabled Enable or disable the directed broadcasting Enabled...

Страница 95: ...the PPTP service IP address 0 0 0 0 Username Setting Description Factory Default Max 30 Characters Enter the username used for dialing in to the PPTP service None Password Setting Description Factory...

Страница 96: ...vers from the PPPoE or DHCP server PPPoE Connection Directed Broadcast Status Setting Description Factory Default Enabled or Disabled Enable or disable the directed broadcasting Enabled Source IP Over...

Страница 97: ...IP address 0 0 0 0 Tertiary DNS Server Setting Description Factory Default IP Address Enter the tertiary DNS IP address 0 0 0 0 When finished click APPLY to save your changes NOTE Manually configured...

Страница 98: ...ion Factory Default Enabled or Disabled Enable or disable the bridge interface Disabled Goose Message Pass Through Setting Description Factory Default Enabled or Disabled Enable or disable GOOSE messa...

Страница 99: ...name for the bridge zone interface None Status Setting Description Factory Default Enabled or Disabled Enable or disable the bridge zone interface Disabled Goose Message Pass Through Setting Descripti...

Страница 100: ...bridge interface is disabled the bridge interface will still exist in the system Even if no ports are assigned to it you can view the VLAN ID of the bridge interface in the VLAN table To fully remove...

Страница 101: ...tory Default IP Address Specify the IP address of the secondary interface None Netmask Setting Description Factory Default Subnet Mask Specify the subnet mask of the secondary interface None When fini...

Страница 102: ...nd Layer 3 Redundancy settings Layer 2 Redundancy From the Layer 2 Redundancy section the following functions can be configured Spanning Tree and Turbo Ring V2 Spanning Tree From the Spanning Tree scr...

Страница 103: ...es of 4096 Specify the bridge priority A lower number represents a higher priority A device with a higher bridge priority has a greater chance of being established as the root of the Spanning Tree top...

Страница 104: ...on the network are recognized as a root the devices will renegotiate to set up a new Spanning Tree topology 20 When finished click APPLY to save your changes Editing Spanning Tree for a Port To edit...

Страница 105: ...de for the Spanning Tree topology If set to 0 the path cost will be automatically calculated based on different port speeds 20000 When finished click APPLY to save your changes Status The Status page...

Страница 106: ...ns Click the icon to refresh the Spanning Tree status of each port Turbo Ring V2 From the Turbo Ring V2 screen you can configure general Turbo Ring V2 settings and view the status of the current Turbo...

Страница 107: ...enable both Ring 1 and Ring 2 Master Setting Description Factory Default Enabled or Disabled Enable or disable this Ring as the Master ring Disabled Ring Port 1 Setting Description Factory Default Sel...

Страница 108: ...ng Mode is set to Dual Homing configure the following settings Primary Port Setting Description Factory Default Select the port from the list Select the port that will act as the backup port 1 3 Backu...

Страница 109: ...ealthy The Ring and the ports are working properly Break One or more Rings are broken Master The device is the Master Slave in this Ring Ring Port 1 The first Ring port Ring Port 2 The second Ring por...

Страница 110: ...r with a virtual IP address The LAN clients can then be configured with the virtual router s virtual IP address as their default gateway This virtual router consisting of a group of routers is also kn...

Страница 111: ...r Manual 111 Create a Virtual Router Click the icon to create a new virtual router VRRP Interface Setting Entry Enable Setting Description Factory Default Enabled or Disabled Enable or disable the vir...

Страница 112: ...ault Enabled or Disabled Enable or disable Accept Mode When enabled the virtual router with the role of Master will allow others to access its own virtual IP address Enabled Preemption Setting Descrip...

Страница 113: ...tion This indicates the time the router will wait for a response before timing out 3 Success Count Setting Description Factory Default Enabled or Disabled Specify the success count This indicates how...

Страница 114: ...HCP and configure the various DHCP Server modes General Settings DHCP Server Mode Setting Description Factory Default Disabled DHCP MAC based assignment Port based IP assignment Select the DHCP Server...

Страница 115: ...utomatically assign an IP address from a user configured IP address pool to connected Ethernet devices Create a DHCP Server Pool Click to create a new DHCP Server Pool Status Setting Description Facto...

Страница 116: ...ption Factory Default IP Address Specify the IP address for the first DNS server for DHCP clients None DNS Server 2 Setting Description Factory Default IP Address Specify the IP address for the second...

Страница 117: ...was added to the Static DHCP list with a static IP address set to 192 168 127 101 and MAC address set to 00 09 ad 00 aa 01 When a device with a MAC address of 00 09 ad 00 aa 01 is connected to the Ind...

Страница 118: ...ss Specify the default gateway of the device None Lease Time Setting Description Factory Default 5 99999 minutes Specify the lease time for IP addresses assigned by the DHCP server 1440 DNS Server 1 S...

Страница 119: ...ting Description Factory Default Enabled or Disabled Enable or disable Port based IP assignment functionality None Port Setting Description Factory Default Port Select the physical port on the device...

Страница 120: ...he first DNS server for the connected device None DNS Server 2 Setting Description Factory Default IP Address Specify the IP address for the second DNS server for the connected device None NTP Server...

Страница 121: ...elect a DNS server Disabled Service Name Setting Description Factory Default Max 45 characters The DNS server s name None Username Setting Description Factory Default Max 45 characters Enter the DNS s...

Страница 122: ...tems the destination address the next hop address which is the next router along the path to the destination address and a metric that represents the cost to access a different network From the Unicas...

Страница 123: ...IP address None Subnet Mask Setting Description Factory Default Subnet mask Specify the subnet mask for this IP address None Next Hop Setting Description Factory Default Next hop IP address Specify th...

Страница 124: ...up the RIP parameters Status Setting Description Factory Default Enabled or Disabled Enable or disable the RIP protocol Disabled Version Setting Description Factory Default V1 V2 Select the RIP proto...

Страница 125: ...ing protocol OSPF establishes and maintains neighbor relationships in order to exchange routing updates with other routers The neighbor relationship table is called an adjacency database in OSPF OSPF...

Страница 126: ...Setting Description Factory Default Enabled or Disabled Enable or disable the global OSPF function Disabled Router ID Setting Description Factory Default Router ID Specify the router ID 0 0 0 0 Curren...

Страница 127: ...uces the amount of routing traffic between parts of an autonomous system Create a New Area Click the icon to create a new area Area ID Setting Description Factory Default Area ID Specify the Area ID w...

Страница 128: ...te a New Interface Click the icon to create a new OSPF Interface Interface Setting Description Factory Default LAN WAN Select an interface to assign to the area None Area ID Setting Description Factor...

Страница 129: ...ple or MD5 Authentication does not need to be configured If it is configured all Industrial Secure Routers on the same segment must have the same password and authentication method None Auth Key Setti...

Страница 130: ...create a new OSPF Area Aggregation Area ID Setting Description Factory Default Area ID Select the Area ID that you want to configure None IP Address Setting Description Factory Default IP address Spe...

Страница 131: ...ick the icon to create a new virtual link Area ID Setting Description Factory Default Area ID Select the Area ID which defines the areas that this Industrial Secure Router connect to None Router ID Se...

Страница 132: ...t OSPF neighbors Click the icon to refresh the table Database The Database table shows the current OSPF LSA information Click the icon to refresh the table Multicast Route From the Multicast Route sec...

Страница 133: ...Multicast Route Mode Setting Description Factory Default Static Multicast Route Disabled Disable multicast routing or select which multicast routing protocol to use Static multicast route Disabled Whe...

Страница 134: ...ce Set the source to a specified IP address only Source Address Setting Description Factory Default IP address If the Source Address Type is Specify Source enter the source IP address None Inbound Int...

Страница 135: ...s devices However normally broadcast packets cannot pass through the router Broadcast Forwarding allows users to configure which interface and UDP port numbers broadcast packets will pass through Stat...

Страница 136: ...Number Specify the service port number You can enter multiple port numbers up to a total of 8 ports For example entering 67 68 520 1701 means the device will listen on UDP ports 67 68 520 and 1701 No...

Страница 137: ...will check if incoming or outgoing packets match the policy It starts by checking the packet against the first policy Index 1 if the packet matches this policy the Industrial Secure Router will trans...

Страница 138: ...ame private IP addresses of internal devices in each production line The internal private IP addresses of these devices will map to different public IP addresses Configuring a group of devices for 1 t...

Страница 139: ...tion Factory Default Enabled or Disabled Enable or disable the NAT policy Enabled Description Setting Description Factory Default Description Enter a name for the NAT rule None Priority Setting Descri...

Страница 140: ...ich VRRP settings the 1 to 1 NAT rule should use Disabled NOTE VRRP Binding is only supported in 1 to 1 NAT If a VRRP index is selected the 1 to 1 NAT rule is only valid when the system is the master...

Страница 141: ...le The EDR G9010 will receive the request packet because the NAT rule has created a secondary IP 10 10 10 20 The EDR G9010 sends the response packet to Host itself Host will access the EDR G9010 s web...

Страница 142: ...below With Double NAT only 1 to 1 rule is necessary The EDR G9010 will automatically translate the incoming and outgoing addresses as if it was handling two separate rules one for inbound and one for...

Страница 143: ...or IP Masquerading Status Setting Description Factory Default Enabled or Disabled Enable or disable the NAT policy Enabled Description Setting Description Factory Default Description Enter a name for...

Страница 144: ...PAT NAT function The user can specify the port number of an external IP address WAN1 or WAN2 in the Port Forwarding policy list For example if the IP address of a web server in the internal network i...

Страница 145: ...actory Default Enabled or Disabled Enable or disable the NAT policy Enabled Description Setting Description Factory Default Description Enter a name for the NAT rule None Priority Setting Description...

Страница 146: ...e NAT function Refer to Double NAT for more information Disabled Original Packet Condition Incoming Interface Setting Description Factory Default All LAN WAN Select the interface for the NAT policy LA...

Страница 147: ...EDR G9010 Series User Manual 147...

Страница 148: ...al Packet Condition Incoming Interface Setting Description Factory Default All LAN WAN Select the interface for the NAT policy LAN Source IP Mapping Type Setting Description Factory Default Any Single...

Страница 149: ...ng Description Factory Default Any Single Range Select the source port mapping type Any Destination IP Mapping Type Setting Description Factory Default Any Single Range Subnet mask Select the destinat...

Страница 150: ...tion page In addition objects allow for more efficient firewall rule management A single object can be assigned to multiple rules and changes to the object will apply to all associated rules saving us...

Страница 151: ...vice Object Create an Industrial Application Service Object Create a User defined Service Object None Create an IP Address and Subnet Object IP address subnet based objects allow traffic filtering for...

Страница 152: ...starting IP address of the IP range None IP Address End Setting Description Factory Default IP address Specify the ending IP address of the IP range None Subnet Subnet Setting Description Factory Def...

Страница 153: ...Create a Network Service Object Service based objects allow for traffic filtering based on specific network services On the Object Management page click the icon to create a new object and select Net...

Страница 154: ...CP 995 SMTP TCP 25 SMTPS TCP 465 File Transfer FTP TCP 21 FTPS TCP 990 SFTP TCP 115 UDP 115 TFTP UDP 69 NFS TCP 111 2049 UDP 111 2049 SAMBA TCP 139 AFS3 TCP 7000 7009 UDP 7000 7009 SMB TCP 445 Web Acc...

Страница 155: ...s the Object Type Select Industrial Application Service Select the industrial application service s you want to enable Refer to the table below for more details about each service Service Name Port Nu...

Страница 156: ...o create a new object and select User defined Service as the Object Type IP Protocol Setting Description Factory Default TCP UDP TCP and UDP ICMP Custom IP Protocol Select a protocol Refer to the foll...

Страница 157: ...Port as the port type you also need to specify a port number The port number range is between 1 to 65535 If you selected TCP and UDP Port Range as the port type you also need to specify the starting...

Страница 158: ...55 Specify the ICMP type value None ICMP Code Decimal Setting Description Factory Default Blank 0 to 255 Specify the ICMP code value None Custom IP protocol IP Protocol Decimal Setting Description Fac...

Страница 159: ...t In the object list click the Edit icon next to entry you want to modify When finished click APPLY to save your changes Delete an Object Select the item s in the object list click the Delete icon Whe...

Страница 160: ...EDR G9010 Series User Manual 160 Search for an Object Enter a search term in the Search field Any object matching the search criteria will be shown in the object list...

Страница 161: ...Packets Session Control DoS Policy and Advanced Protection settings Policy Concept A firewall device is commonly used to provide secure traffic control over an Ethernet network as illustrated in the f...

Страница 162: ...9010 supports advanced Layer 2 firewall policies for secure traffic control Layer 2 firewall policies can filter packets from bridge ports and have a higher priority than L3 policies Create a New Laye...

Страница 163: ...the specified source MAC address of the packet 00 00 00 00 00 00 Destination MAC Type Setting Description Factory Default Any The Firewall will check all destination MAC addresses of the packet Any Si...

Страница 164: ...oto 0x6001 DEC DNA Dump Load 0x6002 DEC DNA Remote Console 0x6003 DEC DNA Routing 0x6004 DEC LAT 0x6005 DEC Diagnostics 0x6006 DEC Customer use 0x6007 DEC Systems Comms Arch 0x6558 Trans Ether Bridgin...

Страница 165: ...h any of the configured rules on the router Enforcement Setting Description Factory Default Enabled or Disabled Enable or disable the global Policy Enforcement feature Disabled Default Action Setting...

Страница 166: ...Click to create a new Layer 3 7 policy Index Setting Description Factory Default Max 1024 The index number is generated automatically 1 Enforcement Setting Description Factory Default Enabled or Disa...

Страница 167: ...e firewall event logs are sent to a SNMP Trap Incoming Interface Setting Description Factory Default Any WAN LAN Select the incoming interface Any Outgoing Interface Setting Description Factory Defaul...

Страница 168: ...3 7 Protocol for a list of all destination ports Any When finished click CREATE to save your configuration NOTE The Industrial Secure Router s firewall function will check if incoming or outgoing pac...

Страница 169: ...e system Status Setting Description Factory Default Enabled or Disabled Enable or disable the system to record event logs when malformed packets are dropped Disabled Severity Severity Description Fact...

Страница 170: ...between the last data transmission on the connection exceeds 300 seconds the connection will also be released Create a New Session Control Policy Click to create a new Session Control policy Index Set...

Страница 171: ...ol event logs will be sent by SNMP Trap Action Setting Description Factory Default Monitor Monitor the network traffic that matches this rule Drop Drop Drop the network traffic that matches this rule...

Страница 172: ...is 64 Modify an Existing Session Control Policy Click the icon next to the entry you want to modify When finished click APPLY to save your changes Delete an Existing Session Control Policy Select the...

Страница 173: ...ked Enable or disable the DoS policy for all types Unchecked Null Scan Setting Description Factory Default Checked or Unchecked Enable or disable Null Scan Unchecked Xmas Scan Setting Description Fact...

Страница 174: ...ked Limit 1 to 4000 Packets Second If enabled specify the limit that will trigger SYN Flood protection 1000 ARP Flood Setting Description Factory Default Checked or Unchecked Enable or disable ARP Flo...

Страница 175: ...c based on specific protocols to detect anomalies and protect your network NOTE The application firewall requires a security package to be installed Refer to Software Package Management for more infor...

Страница 176: ...ently installed on the Industrial Secure Router Intrusion Prevention System IPS This section shows the current number of intrusion prevention system IPS events ADP Anomaly Detection Protection This se...

Страница 177: ...re Router s configuration settings as a file to the local host To restore the device s configuration using a backup file click the icon and navigate to the configuration backup file on the local host...

Страница 178: ...he Backup Restore section Click BACK UP to export the Industrial Secure Router s debug information as a file to the local host Global Settings Intrusion Prevention System IPS IPS Setting Description F...

Страница 179: ...cription Factory Default Enabled or Disabled Enable or disable the DNP3 protocol filter engine Enabled DNP3 ADP Setting Description Factory Default Enabled or Disabled Enable or disable the DNP3 proto...

Страница 180: ...ect On the Protocol Filter Objects tab click the icon to create a new filter object The configuration settings depend on the selected Category Refer to the following sections for more details on each...

Страница 181: ...Any The Slave ID is used to identify Modbus devices This ID can be used to communicate via devices such as bridges and gateways which use a single IP address to support multiple independent end units...

Страница 182: ...lect a preset or user configured protocol filter profile for this protocol filter object Refer to Protocol Filter Profile for more information about user configured profiles Select Manual to manually...

Страница 183: ...cription Factory Default 0 to 64 characters Enter a name for the protocol filter object None Category Setting Description Factory Default MMS Select the MMS protocol None Protocol Filter Profile Setti...

Страница 184: ...he selected Category Refer to the following sections for more details on each category Create a Modbus TCP Profile Create a DNP3 Profile Create an IEC 104 profile Create a MMS Profile Modify an Existi...

Страница 185: ...col Length Field 2 bytes Number of remaining following bytes in this frame Unit Identifier 1 byte Slave Address 255 is used for device broadcast information Function code 1 byte Defines the message ty...

Страница 186: ...Com Event Log 12 Report Slave ID 17 Read Device Identification 43 When finished click CREATE to save your configuration Create a DNP3 Profile Distributed Network Protocol 3 DNP3 is a set of communica...

Страница 187: ...rce Address Setting Description Factory Default 0 to 65535 0x0000 to 0xFFFF Specify the source address which will be checked in the DNP3 packet None Destination Address Setting Description Factory Def...

Страница 188: ...15 Initialize application 16 Start application 17 Stop application 18 Save configuration 19 Enable unsolicited 20 Disable unsolicited 21 Assign class 22 Delay measurement 23 Record current time 24 Op...

Страница 189: ...iable Structure Qualifier 1 byte Describes how the information objects are organized Cause of Transmission 1 2 bytes Includes the reason for sending the ASDU and one byte with an identifier of the con...

Страница 190: ...y interrogation group 8 29 interrogated by interrogation group 9 30 interrogated by interrogation group 10 31 interrogated by interrogation group 11 32 interrogated by interrogation group 12 33 interr...

Страница 191: ...ion with time tag CP56Time2a 32 Step position information with time tag CP56Time2a 33 Bit string of 32 bit with time tag CP56Time2a 34 Measured value normalized value with time tag CP56Time2a 35 Measu...

Страница 192: ...11 Parameter of measured value scaled value 112 Parameter of measured value short floating point value 113 Parameter activation File transfer 120 File ready 121 Section ready 122 Call directory select...

Страница 193: ...that the MMS client can access The VMD object represents a container in which all other objects are located The client issues MMS service requests and the server responds to these requests Name Setti...

Страница 194: ...d 15 deleteEventAction 56 readJournal 16 deleteEventCondition 57 relinquishControl 17 deleteEventEnrollment 58 rename 18 deleteJournal 59 reportActionStatus 19 deleteNamedType 60 reportEventActionStat...

Страница 195: ...l protocol packets which allows users to control protocol traffic based on the configured policy and Anomaly Detection Protection ADP settings Refer to the Add a New Protocol Filter Policy and ADP Ano...

Страница 196: ...tination IP addresses in the packet Any Single The policy will only check for the specified destination IP address in the packet Range The policy will check all destination IP addresses in the packet...

Страница 197: ...click DELETE to delete the item s ADP Anomaly Detection Protection Modify an Existing ADP Entry Click the icon to modify the Anomaly Detection Protection ADP parameters Index Setting Description Fact...

Страница 198: ...t Accept The packet will be allowed through the firewall when it matches this ADP setting Monitor Reset The packet will by dropped by the firewall when it matches this ADP setting The session will als...

Страница 199: ...E A separate license is required to enable IPS functionality on the device Refer to the table below for a description of each field Field Description ID The pattern rule ID Name The pattern name of th...

Страница 200: ...ct the criteria for one or more fields and click APPLY Any pattern rules matching the filter criteria will be shown in the table Click CLEAR to reset all filter criteria Quick Settings Quick Settings...

Страница 201: ...Modify Settings for All IPS Pattern Rules 1 Select All under general common source 2 Select the Status and Action in the Rule Settings section 3 Click APPLY to save your changes The changes will be a...

Страница 202: ...Select Filter Rule under general common source 2 Select the filter criteria in the Filters section 3 Select the Status and Action in the Rule Settings section 4 Click APPLY to save your changes The ch...

Страница 203: ...le check the box of the IPS pattern rule s you want to modify 2 Click the icon and click Quick Settings 3 User Selected will selected by automatically 4 Select the Status and Action in the Rule Settin...

Страница 204: ...t to any rule to bring up a panel with detailed information about the IPS rule Click the icon again to close the panel Modify an Existing IPS Rule Action 1 Click the icon next to the rule you want to...

Страница 205: ...nge IPsec uses the IKE Internet Key Exchange protocol for Authentication Key exchange and provides a way for the VPN gateway data to be protected by different encryption methods There are 2 phases for...

Страница 206: ...Industrial Secure Router provides 3 Global Settings for IPsec VPN applications Status Setting Description Factory Default Enabled or Disabled Enable or disable all IPsec VPN services Disabled NOTE IPs...

Страница 207: ...vanced Settings sections for more information IPsec Quick Settings The Industrial Secure Router s Quick Settings mode can be used to easily set up a site to site VPN tunnel between two Industrial Secu...

Страница 208: ...ey configuration should be identical for both Industrial Secure Router units IPsec Advanced Settings Select Advanced Settings to manually configure the full range of VPN settings Tunnel Settings Statu...

Страница 209: ...iption Factory Default Start in Initial The VPN tunnel will actively initiate the connection with the remote VPN gateway Start in Initial Wait for Connecting The VPN tunnel will wait for the remote VP...

Страница 210: ...55 0 Identity Setting Description Factory Default Type Select an ID type There are four ID types IP address FQDN Key ID and Auto with Cisco Key ID is a user defined string Auto with Cisco is for used...

Страница 211: ...e details N A X 509 With CA In this mode two systems authenticate the VPN connection using certificates imported in advance by the user on the Local Certificate page and a CA certificate imported on t...

Страница 212: ...orward Secrecy When enabled different security keys are used for different IPsec phases in order to enhance security Disabled DH Group Setting Description Factory Default DH 1 modp768 DH 2 modp1024 DH...

Страница 213: ...When finished click CREATE to save your configuration Modify an Existing IPsec Entry Select the item in the IPsec VPN List and click the icon next to the entry you want to modify When finished click...

Страница 214: ...X 509 Mode Two Certificates Users will sometimes use certificates generated from a server or from the Internet If users get different certificates for different systems users can import these certifi...

Страница 215: ...ructions in the diagram below to learn how to install the CA and build an IPsec VPN connection Scenario 4 X 509 with CA Mode Two CAs In some large scale systems users may find it difficult to get cert...

Страница 216: ...R the certificate belongs only to one system and cannot be installed on other systems By following this method CSR significantly reduces the risk of certificates being used illegitimately Consider the...

Страница 217: ...Tunnel Protocol L2TP is a popular choice for VPN applications with remote roaming users since an L2TP client is built into the Microsoft Windows operating system Since L2TP does not provide any encry...

Страница 218: ...anges L2TP User Name Settings Create a New Account for L2TP Click the icon to create a new L2TP account Username Setting Description Factory Default Max 32 characters Enter a username for the L2TP con...

Страница 219: ...ace for the 2 Industrial Secure Routers is shown in the following table Configuration Industrial Secure Router 1 Industrial Secure Router 2 Interface Setting WAN IP 100 100 2 1 100 100 2 2 LAN IP 100...

Страница 220: ...Tunnel Setting Connection Type Site to Site Site to Site Remote VPN gateway 10 10 10 200 10 10 10 100 Startup mode Wait for Connection Start in Initial Local Network Netmask 192 168 127 0 255 255 255...

Страница 221: ...ration EDR Series Cisco ASA5510 Router Setting WAN IP 10 10 10 100 10 10 10 200 LAN IP 192 168 127 254 192 168 128 254 Based on the requirements and VPN plan the recommended configuration for the IPse...

Страница 222: ...VPN tunnel Communication goes through the Internet The configuration of the WAN LAN interface for the Industrial Secure Router is shown in the following table Configuration Industrial Secure Router 1...

Страница 223: ...based form of authentication Before processing certificates please ensure that the industrial secure router is synced with the local device For more information about syncing device time please refer...

Страница 224: ...ificate Label Setting Description Factory Default 0 to 30 Specify the certification number None Select Certificate Setting Description Factory Default Click the icon to select a certificate file Uploa...

Страница 225: ...abel Setting Description Factory Default 0 to 30 Specify the certification number None CSR Common Name Setting Description Factory Default Domain name Select the CSR Common Name This is the domain nam...

Страница 226: ...certificate type Certificate Label Setting Description Factory Default 0 to 30 Specify the certification number None Import Password Setting Description Factory Default Max 32 characters Enter the im...

Страница 227: ...ecure Router may not recognize the certificate and reject the connection Click the icon to add a CA Certificate Click the icon to select a CA certificate file then click UPGRADE to import the certific...

Страница 228: ...the receiver can use the public key to decrypt the data Click the icon to generate a RSA key Name Setting Description Factory Default 0 to 30 characters Enter a name for the RSA key None Key Pair Size...

Страница 229: ...te Key Select the private key generated on the Key Pair Generate tab If you have not generated a private key yet refer to Step 1 Generate a Private Key None Country Name 2 letter code Setting Descript...

Страница 230: ...Max 16 characters Enter the common name for the CSR None Email Address Setting Description Factory Default Max 64 characters Enter the email address for the CSR None Subject Alternative Name Setting D...

Страница 231: ...the Security section you can configure Device Security Network Security RADIUS and MXview Alert Notification settings Device Security From the Device Security section the following functions can be c...

Страница 232: ...h will temporarily prevent users from logging in after several failed login attempts Disabled Login Failure Retry Threshold Setting Description Factory Default 1 to 10 times Specify the number of logi...

Страница 233: ...device Enabled Accept All LAN Port Connections Setting Description Factory Default Enabled or Disabled Enable or disable the device to accept all connections on the LAN interface Enabled Log Setting...

Страница 234: ...all hosts Disable the Trusted Access list Select Disabled in Trusted IP List Disabling this will allow all IP connections The following table shows additional configuration examples Hosts That Need Ac...

Страница 235: ...H SSL SSH The Industrial Secure Router will generate a SSH certificate automatically by default If not click REGENERATE to regenerate the SSH host key SSL On the SSL page you can generate an SSL certi...

Страница 236: ...E 802 1X provides an authentication mechanism to prevent unauthorized access to the LAN Without this mechanism users can access the LAN by simply physically connecting to any LAN device on the network...

Страница 237: ...retry interval in second 3600 When finished click APPLY to save your changes Modify IEEE 802 1X Port Settings Click the icon to refresh the port status To configure the IEEE 802 1X settings for a spe...

Страница 238: ...cting to a network service RADIUS is based on a client server protocol that runs in the application layer and can use either TCP or UDP as the mode of transport The network access servers that contain...

Страница 239: ...server by default If the primary RADIUS is unavailable it will use the secondary RADIUS server Local Database Click the icon to create add a user account to the local database Username Setting Descrip...

Страница 240: ...lt Enabled or Disabled Enable or disable RADIUS login authentication Disabled Authentication Type Setting Description Factory Default PAP Select the authentication type for the RADIUS server EAP PEAP...

Страница 241: ...s Disabled DoS Attack Event Notification Setting Description Factory Default Enabled or Disabled Enable or disable notifications for DoS attack events Disabled Access Violation Event Notification Sett...

Страница 242: ...EDR G9010 Series User Manual 242 Security Status The Security Status screen shows the status of all event types Click the icon to clear all event statuses...

Страница 243: ...rk Status Event Logs and Notifications and Tools configurations System Status Users can monitor the data transmission activity of all the Industrial Secure Router ports from two perspectives Bandwidth...

Страница 244: ...r Check is used to diagnose the link status of fiber connectors including SFP and fixed type Multi mode SC ST and Single mode SC connectors Fiber Check allows you to monitor the temperature TX RX powe...

Страница 245: ...er optic cable can receive Fiber Check Threshold Values Model Name Temperature Threshold C Max Min Tx Power dBm Min Rx Power dBm FEMST 120 11 0 23 0 31 0 FEMSC 120 11 0 23 0 31 0 FESSC 120 3 0 8 0 34...

Страница 246: ...ics page shows the Packet Counter status by default To switch views click the Packet Counter drop down menu and select Bandwidth Utilization to see the current bandwidth usage Display Mode Setting Des...

Страница 247: ...ckets received from connected devices Additionally users can also choose which packet types to monitor including unicast broadcast multicast and error There are three function icons in the upper right...

Страница 248: ...Port Selection Setting Description Factory Default All ports FE Ports GE Ports Port 1 Port 2 Port 3 Port 4 Port 5 Port 6 Port 7 Port 8 Port G1 Port G2 If Display Type is set to Port select which port...

Страница 249: ...page to view the current bandwidth usage There are three function icons in the upper right corner of the page The table below provides a description for each function Icon Name Description Refresh Re...

Страница 250: ...IP Interface IP Interface Monitor the total traffic per interface e g LAN WAN Bridge Interface Selection Setting Description Factory Default Any LAN WAN Bridge LAN Select which interface to monitor t...

Страница 251: ...nd its configuration This way all devices are aware of each other LLDP can be enabled or disabled Additionally users can configure the interval at which LLDP packets are sent and view each switch s ne...

Страница 252: ...ber of the connecting neighbor device Neighbor Port Description The description of the neighbor device s interface Neighbor System The hostname of the neighbor device Click the icon to refresh the tab...

Страница 253: ...53 Event Log System Log By default the System Log shows details of all system related event logs Click the icon to refresh the system logs Click the icon to delete all system logs Click the icon to ex...

Страница 254: ...or other policy patterns including Trusted Access Malformed Packets DoS Policy Layer 3 7 Policy Protocol Filter Policy ADP IPS Session Control Click the icon to refresh the firewall logs Click the ico...

Страница 255: ...hreshold Settings On the Threshold Settings screen users can set up capacity warnings and oversize actions that trigger when the log storage has exceeded the specified storage threshold Click the icon...

Страница 256: ...Threshold Setting Description Factory Default 50 to 100 Specify the threshold percentage of the current storage Once the storage exceeds this value the warning will trigger 0 Registered Action Settin...

Страница 257: ...ow what is happening elsewhere on the network This means that an industrial secure router that connects to these devices must provide system maintainers with real time alarm messages Even when control...

Страница 258: ...258 System Event Settings System Events are related to the overall functions of the device Each event can be activated independently with different warning methods Administrator also can decide the s...

Страница 259: ...tate is 0 DI On The digital input state is 1 Config Change A configuration setting was changed Auth Failure An incorrect password was entered Ring RSTP Topology Changed The Ring RSTP topology was chan...

Страница 260: ...is recorded to a Syslog server defined in the Syslog section Relay The industrial secure router supports digital inputs to integrate sensors When event is triggered the device will automate alarm noti...

Страница 261: ...EDR G9010 Series User Manual 261 Port Event Settings Port Events are related to the activity of a specific port...

Страница 262: ...disable Link Off events If enabled an event is triggered when the port is disconnected e g the cable is unplugged or the connected device is shut down Disabled Registered Action There are four respon...

Страница 263: ...d to set up Syslog servers for storing event logs Up to three Syslog servers can be set up When an event occurs the event will be sent as a syslog UDP packet to the specified Syslog servers Each Syslo...

Страница 264: ...n Ring RSTP Topology Change activated Master Mismatch Coupling Topology Change activated Fiber Check Warning VRRP State Change activated 802 1X Auth fail VPN connected disconnected Firewall policy Fir...

Страница 265: ...rap server used by your network None Inform Retries Setting Description Factory Default 1 to 99 times Specify the allowed number of retries for attempting to reconnect to a server 0 Inform Timeout Set...

Страница 266: ...Authentication Type is set to MD5 or SHA and the Encryption Method is set to Enabled also configure the following settings Authentication Key Setting Description Factory Default 8 to 30 characters Ent...

Страница 267: ...rver 25 Username Setting Description Factory Default Max 60 characters Enter the username used to log in to the email server None Password Setting Description Factory Default Max 60 characters Enter t...

Страница 268: ...assword if auto warning e mail messages can be delivered without using an authentication mechanism Tools From the Tools section the following functions can be configured Port Mirror and Ping Port Mirr...

Страница 269: ...eam Select this option to monitor only those data packets coming into the Moxa industrial secure router s port Egress Stream Select this option to monitor only those data packets being sent out throug...

Страница 270: ...ature is that even though the ping command is entered from the user s PC keyboard the actual ping command originates from the Industrial Secure Router itself In this way the user can essentially contr...

Страница 271: ...System Group sysORTable MIB II 2 Interfaces Group ifTable MIB II 4 IP Group ipAddrTable ipNetToMediaTable IpGroup IpBasicStatsGroup IpStatsGroup MIB II 5 ICMP Group IcmpGroup IcmpInputStatus IcmpOutpu...

Страница 272: ...ore R W R W R Account Management User Account R W R R Password Policy R W R W R License Management R W R W R Management Interface User Interface R W R W R Hardware Interface R W R W R SNMP R W R W R M...

Страница 273: ...n R W R W R Protocol Filter Policy R W R W R ADP R W R W R IPS R W R W R VPN Admin Supervisor User IPsec R W R W R L2TP Server R W R W R Certification Management Admin Supervisor User Local Certificat...

Страница 274: ...EDR G9010 Series User Manual 274 Function Account Privilege Ping R W R W R...

Отзывы:

Нет отзывов

Похожие инструкции для EDR-G9010 Series

Бренд: Belkin Страницы: 72

Бренд: Helmholz Страницы: 28

Бренд: Lanner Страницы: 109

Бренд: QUNDIS Страницы: 42

Бренд: Caen Страницы: 14

Бренд: ACTi Страницы: 12

Бренд: ICP DAS USA Страницы: 8

Бренд: ACTi Страницы: 14

Бренд: Vacron Страницы: 16

D-Link DSL-2640U

Бренд: Broadband Products Страницы: 12

Бренд: Teldat Страницы: 23

Бренд: Ubiquiti Страницы: 20

Бренд: ADTRAN Страницы: 4

Home Base F5L049ea

Бренд: Belkin Страницы: 59

Бренд: MicroNet Страницы: 49

Бренд: Cleerline Страницы: 2

Бренд: LevelOne Страницы: 142

Бренд: ORiNG Страницы: 101

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды