Viola Systems M2M Скачать руководство пользователя страница 13 | Manualshive

Страница: 13 / 40

Viola Systems M2M Скачать руководство пользователя страница 13

User Manual
Viola M2M Gateway Enterprise
Edition

Firmware Version 2.4

13

Document Version 3.0

2.3

Routing Setup

When the M2M Gateway is installed to the existing network, some
configuration is required to add the route to the M2M Gateway and devices
behind it. For example, local firewall to router needs to be aware of routes
going via the M2M Gateway. Routing can be complex to setup in large
networks and it is recommend to consult local network administrator also
about routing.

2.4

Other Network Services

M2M Gateway network services are listed in table 1. The only mandatory
service is Secure Shell (SSH). SSH server listen to the incoming connections
from Arctic devices in port 22 (default). This port must not be blocked by
any firewall otherwise the remote Arctic devices are not able to open VPN
connections to the M2M Gateway.

Arctic uses ICMP ECHO (ping) messages to check its network connection to
the M2M Gateway. By default, the private IP address of the VPN peer is used
as the target for the network connection status check. i.e. the M2M Gateway is
not required to accept ICMP ECHO messages.

The network connection status check can also be made using some public
IP address (e.g. the public IP address of the M2M Gateway). In this case the
target host of the network connection check is required to accept ICMP ECHO
messages and that they are not blocked by any firewall.

2.5

Recommended Network Setup

The M2M Gateway is recommended to be connected to a DMZ of a firewall.
This way the M2M Gateway can have public or private IP address depending
on the firewall configuration. When placed in DMZ, the firewall protects
efficiently against any unauthorized access to the M2M Gateway. Only
incoming SSH connections are required to have access to DMZ zone.
Services other than SSH are optional.

If the M2M Gateway is located in the DMZ and it has a private IP address,
the firewall has to support port forwarding or destination network address
translation (DNAT). For firewall configuration, please refer to your firewall
documentation or to your local network administrator.

«
...
11
12
13
14
15
...
»

Содержание M2M

Страница 1: ...Viola M2M Gateway Enterprise Edition User Manual Viola M2M Gateway Enterprise Edition 2505 Firmware Version 2 4 Document Version 3 0 October 2010 ...

Страница 2: ... prior written permission from Viola Systems Ethernet is a trademark of XEROX Corporation Windows and Internet Explorer are trademarks of Microsoft Corporation Netscape is a trademark of Netscape Communications Corporation All other product names mentioned in this manual are the property of their respective owners whose rights regarding the trademarks are acknowledged Viola Systems Ltd Lemminkäise...

Страница 3: ...no circumstance is the manufacturer or the developer of a program responsible for any damage possibly caused by the use of a program The names of the programs as well as all copyrights relating to the programs are the sole property of Viola Systems Any transfer licensing to a third party leasing renting transportation copying editing translating modifying into another programming language or rever...

Страница 4: ...2 Conducted Emissions 0 15 30MHz EN 50082 1 Immunity Test 1 IEC 801 3 Radio Frequency Electromagnetic Field 2 IEC 801 2 Electrostatic Discharge 3 IEC 801 4 Fast Transients AC Power Ports and Signal cables Supplementary Information The product complies with the requirements of the Low Voltage Directive 73 23 EEC and EMC directive 89 336 EEC Warning This is a Class A product In a domestic environmen...

Страница 5: ...nce of the products To prevent damage both the product and any terminal devices must always be switched OFF before connecting or disconnecting any cables It should be ascertained that different devices used have the same ground potential Before connecting any power cables the output voltage of the power supply should be checked This product is not fault tolerant and is not designed manufactured or...

Страница 6: ...User Manual Viola M2M Gateway Enterprise Edition Firmware Version 2 4 6 Document Version 3 0 Revisions Date Document Version Firmware Version Description of Changes 10 2010 3 0 2 4 Manual released ...

Страница 7: ...3 2 5 Recommended Network Setup 13 2 6 Using the Second Ethernet Port 14 3 QUICK INSTALLATION 15 3 1 Setting IP Address Using Web Browser 15 4 NETWORK CONFIGURATION 18 4 1 Configuration screens 18 5 VPN CONNECTIVITY 19 5 1 VPN requirements 19 5 2 Available VPN types 19 5 3 Typical connection scheme 19 5 4 Typical connection scheme with routing 20 6 SSH VPN CONFIGURATION 22 6 1 Introduction to SSH ...

Страница 8: ...figuration 31 9 3 2 Automatic configuration with NTP 31 9 4 Backup 31 9 4 1 Backup screen 31 9 4 2 Creating backups 32 9 4 3 Restoring backups 32 9 4 4 Moving backups between units 32 9 5 System logs 33 9 6 Supportlog 33 9 7 Factory default settings 34 10 ADVANCED SETTINGS 35 10 1 Command Line Shell 35 10 2 Advanced UI Menus 35 10 2 1 System menu 35 10 2 2 Networking menu 35 10 2 3 Others menu 35 ...

Страница 9: ...r For the rest of this documentation the Viola M2M Gateway is referred as M2M Gateway 1 2 M2M Gateway Features The M2M Gateway offers different advanced features for network usage In most simple usage only VPN feature is used but M2M Gateway makes possible to make complex network configurations Routing M2M Gateway can forward packets to local Ethernet eth0 which it is connected to company network ...

Страница 10: ...M Gateway Quick Start Guide 1 4 Hardware description 1 4 1 Front panel Table 1 Front panel LED description LED color Name Description Green Power Lit when power is on Yellow HDD Lit when IDE hard drive is accessed Figure 2 M2M Gateway front panel 1 4 2 Back Panel The M2M Gateway has power connector on the right side of the back panel Ethernet interfaces are located in the left side of the back pan...

Страница 11: ... 1 5 NIC 2 eth1 6 NIC 2 eth1 7 Keyboard ps2 connector 8 Mouse 9 VGA connector 10 Serial connector 11 USB connector 12 USB connector 13 iLO 2 NIC connector Mandatory connections 1 4 3 Product label Product label is found on the bottom of the device and it contains the basic information about the unit such as product name serial number and Ethernet MAC address Figure 4 Product label ...

Страница 12: ...Zone DMZ of the firewall This configuration allows hosts from Company Intranet to connect via firewall to the M2M Gateway Other configurations are also possible E g subnets and proxy ARP can be used Figure 5 DMZ Connection Note It is possible that the internal routing in company intranet may require configuration in order to integrate M2M Gateway to an existing network 2 2 Minimum Network Requirem...

Страница 13: ...e private IP address of the VPN peer is used as the target for the network connection status check i e the M2M Gateway is not required to accept ICMP ECHO messages The network connection status check can also be made using some public IP address e g the public IP address of the M2M Gateway In this case the target host of the network connection check is required to accept ICMP ECHO messages and tha...

Страница 14: ...ave access to the M2M Gateway the second Ethernet can be used The second Ethernet of the M2M Gateway can be enabled from the Webmin configuration interface Web user interface The IP address of the second Ethernet of the M2M Gateway is then used as the default gateway for the devices connected to the second Ethernet port This configuration is relatively easy to setup and it is the easiest way of se...

Страница 15: ...Viola M2M Gateway laptop IP for example 10 10 10 11 with netmask 255 0 0 0 Check with ping command 3 Connect to the Viola M2M Gateway using your web browser The default IP address of Viola M2M Gateway is 10 10 10 10 netmask 255 0 0 0 Note that you have to connect to a HTTPS port 10000 see figure 8 Figure 8 Browser https example 4 Your browser might mention about certificates you can safely ignore ...

Страница 16: ...wer are secondary navigation icons and clicking them allows the user to change the specific settings they represent See figure 10 Figure 10 Main Configuration Menu 7 Select Network Configuration icon on the first page 8 From the next screen select Network Interfaces icon 9 Below the text Interfaces Activated at Boot Time select eth0 Figure 11 Select eth0 interface 10 Enter your preferred configura...

Страница 17: ...Save and Apply button when you are ready to activate your new settings Note The existing web browser connection hangs up after you apply the settings so open a new connection to the new IP address check your Ethernet cabling 12 Now you should be able to connect to the M2M Gateway with your new IP address ...

Страница 18: ... Now list This list contains all the interfaces running locally including VPN interfaces On the bottom there is a listing of physical interfaces eth0 and eth1 Interface confiuration can be changed by pressing underlined interface name See figure 14 Figure 14 Network Interface List Routing and Gateways Configures default route static routes and displays running routes Default route can be changed f...

Страница 19: ...o access remote nodes laptop central management Note The M2M Gateway needs a fixed IP address 5 2 Available VPN types The available VPN types are L2TP SSH and OpenVPN A comparison is shown in table 2 Table 2 VPN comparison table VPN Type Description EncryptionDefault port SSH VPN Default tunnel for Viola Arctic products yes 22 TCP L2TP VPN Lighter but less secure alternative to SSH VPN no 1701 UDP...

Страница 20: ... to prevent network overlapping Draw a network diagram with all the relevant information about the network you are building 5 4 Typical connection scheme with routing This example shows a little larger system This common setup is practical in connecting remote networks to as a part of local network This could be used to connect isolated remote stations to local monitor station Figure 16 Typical ne...

Страница 21: ...Document Version 3 0 Select routing mode to Tunnel the following network IP address and netmask is the address that is located in the opposite side of the tunnel For example on Arctic set IP address to be the address that is assigned to the eth1 of M2M Gateway and vice versa ...

Страница 22: ...n screen On the top are summary about peers and their last check Configured connections are listed next If the number of peers is over 500 list is divided to multiple pages Below the list are connection test buttons Key management field is located below peer list Here are listed only those peers that do not have a key yet If existing key for a peer needs to be changed it must be done by editing th...

Страница 23: ...ated between peer list and key management box See figure 17 3 Enter values to fields Required fields are peer name and IP pair See figure 19 Note Peer name must be same than hostname on Arctic 4 Press Confirm button and return to previous screen Figure 19 SSH VPN peer creation screen After a new peer has been created it will show up in peer list and its status will be disabled To enable it the key...

Страница 24: ...g connection The Connection status displayed on SSH VPN page does not update automatically it has to be updated manually and the current status needs to be checked To check the current status of a peer 1 Checked peers are selected by using checkboxes next to peer names Peers can be selected individually or they all can be selected using Check all button 2 Connection check is started by pressing St...

Страница 25: ...peer name can be changed from this edit screen Note that the keys must be unlocked if keys need to be changed Figure 21 SSH VPN Peer Edit screen 6 7 SSH port configuration Default port for SSH is 22 It is recommended to change this to something less common to increase system security Changing SSH port on M2M Gateway is done by entering new port to a configuration field located in the bottom of the...

Страница 26: ...wn in figure 22 Figure 22 L2TP VPN configuration screen Using action buttons on the peer list the connections can be managed and monitored easily See figure 23 Possible actions are from left to right Figure 23 L2TP VPN peer listing 1 Connectivity test selection box 2 Peer status icon enabled or disabled 3 Peer name 4 Interface available if peer is up 5 IP pair assigned to tunnel 6 Routing mode non...

Страница 27: ... forms the other end of the tunnel IP pair is an IP pair that does not con ict with any other address used See figure 24 3 Routing mode selects if the network on the other side of the tunnel is routed thorough the tunnel Remote network IP and network mask define the remote network routed thorough the tunnel 4 Username and password must be the same than on the Viola Arctic 5 When you are done press...

Страница 28: ...User Manual Viola M2M Gateway Enterprise Edition Firmware Version 2 4 28 Document Version 3 0 8 OpenVPN Configuration Please refer to Viola Systems OpenVPN application note ...

Страница 29: ... figure 9 1 Figure 25 Password change screen The only users who can log in a system are viola adm and root User viola adm is the only one who can log in to a web user interface User root can log in only locally remote root access is restricted 9 2 Firewall Firewall in an important part of the M2M Gateway product Firewall should always be turned on and configured as strict as possible to keep out a...

Страница 30: ...apply or revert the changes Figure 27 Firewall Action buttons 9 2 2 Changing firewall rules Default firewall rules allow only Arctic traffic Rules can be changed in firewall configuration screen 1 Existing firewall rules can be modified by clicking the Action text colored Drop Accept 2 Adding new rules can be done by clicking the blue arrows on the left side of the rules 3 Modified rules can be ap...

Страница 31: ...m time and press Apply then Set system time to hardware time Figure 28 Manual System Time Configuration 9 3 2 Automatic configuration with NTP To configure system time automatically with NTP protocol Enter valid ntp server address to timeserver field and press Sync and Apply button on the bottom of the screen Figure 29 Automatic System Time Configuration 9 4 Backup The Backup module saves user mad...

Страница 32: ...ring backups Press open button to select the backup you want to restore and press restore backup button to restore the backup Figure 32 Backup Restore Selection 9 4 4 Moving backups between units To restore a backup on a different machine the backup file has to be copied into the opt viola m2mBackups directory on the second machine In addition the MD5 file also has to be copied onto the new machin...

Страница 33: ...ackground select System icon 3 From the System page select System Logs icon Logs can be searched with defined text or just show last n entries Figure 33 System Log View OpenVPN has its own logs which can be found from OpenVPN configuration 9 6 Supportlog Supportlog is a module that helps Viola Systems technical support team in troubleshooting situations It generates a collection of data from syste...

Страница 34: ...prise Edition Firmware Version 2 4 34 Document Version 3 0 Figure 34 Supportlog Screen 9 7 Factory default settings Factory default settings can be restored by selecting factoryBackup from backup restore selection screen See section 9 4 ...

Страница 35: ...nd Shutdown change process and system level services on startup Bootup and Shutdown change process and system level services on startup Figure 35 System Menu SysV Init Configuration innitab configuration runlevels for system startup System and Server Status N A reserved for future use 10 2 2 Networking menu SSH Server Advanced SSH server configurations Under normal operation only SSH port is chang...

Страница 36: ...User Manual Viola M2M Gateway Enterprise Edition Firmware Version 2 4 36 Document Version 3 0 Figure 37 Others Menu ...

Страница 37: ... for information about contacting Viola Systems Technical Support representatives Q When setting up routing mode tunnel the following network routing to M2M Gateway eth1 does not work A Check that IP forwarding has been enabled and internal firewall does not block packets Q From Arctic Ethernet connection to M2M Gateway Ethernet is not working A Check that IP forwarding has been enabled on Arctic ...

Страница 38: ... 3 Technical specifications Processor Intel Celeron 2 5GHz Memory 512Mb Hard Drive 80Gb Input voltage 100 240VAC 5A max Casing Metal 19in rack mountable Operating temperature 0 to 45 C Storage temperature 20 to 45 C Humidity 10 to 90 RH non cond Network connection 2x Ethernet RJ 45 10 100 1000 Base T Approvals CE FCC ...

Страница 39: ...ystems may use new or refurbished parts or products to do so If Viola Systems is unable to repair or replace a defective product your alternate exclusive remedy shall be a refund of the original purchase price The above is Viola Systems entire obligation to you under this warranty IN NO EVENT SHALL VIOLA SYSTEMS BE LIABLE FOR INDIRECT INCIDENTAL CONSEQUENTIAL OR SPECIAL DAMAGES OR LOSSES INCLUDING...

Страница 40: ...ng information about your Arctic product Product name ___________________________________________________ Serial no _______________________________________________________ Note the status of your Arctic in the space below before contacting technical support Include information about error messages diagnostic test results and problems with specific applications _____________________________________...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды