background image

EAGLE

 mGuard

248

Innominate Security Technologies

I15007_en_02

After successful connection establishment

Once a connection has been established successfully, a security alert may be displayed.

Explanation:

As administrative tasks can only be performed using encrypted access, a self-signed certif-

icate is supplied with the device.

Click “Yes

 to acknowledge the security alert.

The login window is displayed.

Figure

 13-6

Login

 

To log in, enter the preset user name and password (please note these settings are 

case-sensitive):

The mGuard can then be configured via the web interface.

 

For additional information, 

please refer to the software reference manual. 

User Name:

admin

Password:

mGuard

For security reasons, we recommend you change the default root and administrator pass-

words during initial configuration.

Summary of Contents for mGuard

Page 1: ...Hardware Reference Manual Innominate Security Technologies Configuration of the mGuard Security Appliances...

Page 2: ...d rs4000 rs2000 rs4000 TX TX rs4000 TX TX VPN rs2000 TX TX VPN mGuard rs4000 rs2000 Switch rs4000 4TX TX rs4000 4TX TX VPN rs2000 5TX TX VPN mGuard rs4000 rs2000 3G rs4000 4TX 3G TX VPN rs2000 4TX 3G...

Page 3: ...assumed In general the provisions of the current standard Terms and Conditions of Innominate apply exclusively in particular as concerns any warranty liability This user manual including all illustra...

Page 4: ...are pending Published by Innominate Security Technologies AG Rudower Chaussee 13 12489 Berlin Germany Phone 49 0 30 92 10 28 0 contact innominate com www innominate com 24 July 2015 Innominate Securi...

Page 5: ...ly with the limits for a Class B digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interfer ence in a residential installat...

Page 6: ...Innominate Security Technologies...

Page 7: ...ablishing a local configuration connection 43 2 7 Remote configuration 45 2 8 Restart recovery procedure and flashing the firmware 46 2 9 Technical data 50 3 mGuard rs4000 rs2000 3G 51 3 1 Operating e...

Page 8: ...ion in Stealth mode 114 6 6 Establishing a local configuration connection 117 6 7 Remote configuration 119 6 8 Restart recovery procedure and flashing the firmware 120 6 9 Technical data 123 7 mGuard...

Page 9: ...g the configuration 187 10 5 Establishing a local configuration connection 189 10 6 Remote configuration 191 10 7 Restart recovery procedure and flashing the firmware 192 10 8 Technical data 195 11 mG...

Page 10: ...3 Installation of EAGLE mGuard 240 13 4 Preparing the configuration 243 13 5 Configuration in Stealth mode 244 13 6 Establishing a local configuration connection 247 13 7 Remote configuration 249 13 8...

Page 11: ...It is suitable for secure remote maintenance applications in industry and enables the quick startup of robust field devices for industrial use thereby facilitating error free independent operation Bot...

Page 12: ...ng Heartbeat The device is correctly connected and operating ERR Red Flashing System error Restart the device Press the Reset button for 1 5 seconds Alternatively briefly disconnect the device power s...

Page 13: ...f firmware version 8 1 the configured VPN connections are being established or aborted or the defined firewall rule records are activated or deactivated LAN Green On The LAN WAN LEDs are located in th...

Page 14: ...Package slip Plug in screw terminal blocks for the power supply connection and inputs outputs in serted NOTE Risk of material damage due to incorrect wiring Only connect the mGuard network ports to LA...

Page 15: ...rail according to DIN EN 60715 Figure 1 3 Mounting the mGuard rs4000 rs2000 on a DIN rail Attach the top snap on foot of the mGuard rs4000 rs2000 to the DIN rail and then press the mGuard rs4000 rs200...

Page 16: ...ions also use RJ45 sockets these must not be connected to the RJ45 sockets of the mGuard NOTE Do not connect the voltage and ground outputs GND CMD V to an external voltage source Please note that onl...

Page 17: ...press and hold the push button for a few seconds and then release the push button To switch off the selected VPN connections or firewall rule records press and hold the push button for a few seconds...

Page 18: ...light up this generally indicates that the defined VPN connection is not present Either the VPN connection was not established or it has failed due to an error If the INFO LED is illuminated the VPN c...

Page 19: ...age connection The mGuard boots the firmware Status STAT LED flashes green The mGuard is ready for operation as soon as the Ethernet socket LEDs light up Additionally status LEDs P1 P2 light up green...

Page 20: ...ards the EIS Easy Initial Setup procedure en ables startup to be performed via preset or user defined management addresses without actually having to connect to an external network The mGuard is confi...

Page 21: ...work interface is not connected on startup Computers can access the mGuard via https 1 1 1 1 if they are directly or indirectly con nected to the LAN port of the mGuard For this purpose the mGuard wit...

Page 22: ...This is the case if it is connected in an existing network connection and if the default gateway can be accessed via the WAN port of the mGuard at the same time In this case the web browser establish...

Page 23: ...ansmits BootP requests without interruption until it re ceives a valid IP address After receiving a valid IP address the mGuard no longer sends BootP requests The product can then no longer be accesse...

Page 24: ...e reset to the default set tings specified above for the IP address using the Recovery procedure see Performing a recovery procedure on page 28 If the administrator web page is not displayed If the we...

Page 25: ...cate is supplied with the device Click Yes to acknowledge the security alert The login window is displayed Figure 1 5 Login To log in enter the preset user name and password please note these settings...

Page 26: ...Start the web browser on the remote computer Under address enter the IP address where the mGuard can be accessed externally over the Internet or WAN together with the port number if required Example I...

Page 27: ...following states Performing a restart Performing a recovery procedure Flashing the firmware rescue procedure Figure 1 6 Reset button 1 8 1 Performing a restart Objective The device is restarted with t...

Page 28: ...e recovery procedure The mGuard is in Router or PPPoE mode The configured device address of the mGuard differs from the default setting The current IP address of the device is not known Action Slowly...

Page 29: ...e mGuard The relevant firmware files are available for download from the download page of www innominate com The files must be located under the following path names or in the following folders on the...

Page 30: ...repares for a new firmware installation The STAT MOD and SIG LEDs form a running light The jffs2 img p7s firmware file is downloaded from the TFTP server or SD card and written to the Flash memory Thi...

Page 31: ...x 114 mm up to DIN rail support Weight 725 g TX TX 722 g TX TX Firmware and power values mGuard rs4000 mGuard rs2000 Firmware compatibility For mGuard v7 4 0 or later Innominate recommends the use of...

Page 32: ...mGuard rs4000 rs2000 32 Innominate Security Technologies I15007_en_02...

Page 33: ...server is integrated For software independent remote maintenance the mGuard rs4000 Switch can be used as a VPN router for up to 250 parallel IPsec encrypted VPN tunnels The mGuard rs2000 Switch is a...

Page 34: ...en On Power supply 2 is active mGuard rs2000 Switch not used Stat Green Flashing Heartbeat The device is correctly connected and operating Err Red Flashing System error Restart the device Press the re...

Page 35: ...vated Flashing The configured VPN connections are being established or aborted at output O2 or the firewall rule records defined at output O2 are activated or deactivated WAN 1 Green On The LEDs are l...

Page 36: ...lecommunications connections also use RJ45 sockets these must not be connected to the RJ45 sockets of the device For connecting a modem or serial terminal to the RS 232 interface you will need a null...

Page 37: ...the mGuard rs4000 rs2000 Switch on a DIN rail Attach the top snap on foot of the mGuard rs4000 rs2000 Switch to the DIN rail and then press the mGuard rs4000 rs2000 Switch down towards the DIN rail un...

Page 38: ...supply Connect the internal network interface LAN of the device to the corresponding Ethernet network card of the configuration computer or a valid network connection of the internal network LAN NOTE...

Page 39: ...se ensure the same potential as well as voltage and current specifications are defined Depending on the firmware version used the service contacts can be used for various switching or signaling tasks...

Page 40: ...ld the push button for a few seconds and then release the push button Operating a connected on off switch To switch on the selected VPN connections or firewall rule records set the switch to ON To swi...

Page 41: ...oots the firmware The Stat LED flashes green The device is ready for opera tion as soon as the Ethernet socket LEDs light up Additionally the P1 P2 LEDs light up green and Stat LED flashes green at he...

Page 42: ...open the Network and Sharing Center Click on LAN connection The LAN connection item is only displayed if a connection exists from the LAN interface on the computer to a mGuard in operation or another...

Page 43: ...s been set to a different value and the current address is not known the device must be reset to the default settings specified above for the IP address using the Recovery procedure see Performing a r...

Page 44: ...rtif icate is supplied with the device Click Yes to acknowledge the security alert The login window is displayed Figure 2 5 Login To log in enter the preset user name and password please note these se...

Page 45: ...as follows Start the web browser on the remote computer Under address enter the IP address where the device can be accessed externally over the Internet or WAN together with the port number if requir...

Page 46: ...the following states Performing a restart Performing a recovery procedure Flashing the firmware rescue procedure Figure 2 6 Reset button 2 8 1 Performing a restart Objective The device is restarted wi...

Page 47: ...the firewall are retained including passwords Possible reasons for performing the recovery procedure The device is in Router or PPPoE mode The device address has been configured and is not known The c...

Page 48: ...ad page of www innominate com The files must be located under the following path names in the following folders on the SD card Firmware install ubi mpc83xx p7s Firmware ubifs img mpc83xx p7s NOTE Duri...

Page 49: ...rocedure deletes the current contents of the Flash memory and prepares for a new firmware installation The Stat Mod and Sig LEDs form a running light The jffs2 img p7s firmware file is downloaded from...

Page 50: ...IN rail support Weight 835 g 835 g Firmware and power values mGuard rs4000 Switch mGuard rs2000 Switch Firmware compatibility Firmware 8 1 5 Innominate recommends the use of the latest firmware versio...

Page 51: ...te automation devices with serial interfaces into networks as a COM server is integrated For software independent remote maintenance the mGuard rs4000 3G can be used as a VPN router for up to 250 para...

Page 52: ...s2000 3G LED State Meaning P1 Green On Power supply 1 is active P2 Green On Power supply 2 is active mGuard rs2000 3G not used Stat Green Flashing Heartbeat The device is correctly connected and opera...

Page 53: ...s being established or aborted at output O2 The configured VPN connections are being established or aborted at output O2 or the firewall rule records defined at output O2 are activated or deactivated...

Page 54: ...Some telecommunications connections also use RJ45 sockets these must not be connected to the RJ45 sockets of the mGuard For connecting a modem or serial terminal to the RS 232 interface you will need...

Page 55: ...ing the mGuard rs4000 rs2000 3G on a DIN rail Attach the top snap on foot of the mGuard rs4000 rs2000 3G to the DIN rail and then press the mGuard rs4000 rs2000 3G down towards the DIN rail until it e...

Page 56: ...ith an impedance of 100 Connect the internal network interface LAN of the mGuard to the corresponding Ether net network card of the configuration computer or a valid network connection of the in terna...

Page 57: ...ts and switching outputs can be connected with signals from external de vices e g with PLC signals In this case ensure the same potential as well as voltage and current specifications are defined Depe...

Page 58: ...set whether certain VPN connections or firewall rule records are monitored and displayed via the LED Info 1 out put ACK O1 or LED Info 2 output ACK O2 If VPN connections are being monitored an illumin...

Page 59: ...mGuard rs4000 rs2000 and thus enables re mote diagnostics The FAULT LED lights up red if the signal output takes low level due to an error inverted logic The voltage at the signal contact corresponds...

Page 60: ...ot available The mobile network function is preset The mGuard rs2000 3G can only be operated in Router mode Connecting antennas Figure 3 5 Antenna connection Connect a suitable antenna to the antenna...

Page 61: ...lashes green Quality of the mobile network connection The signal strength of the mobile network connection is indicated by three LEDs on the front of the mGuard rs4000 rs2000 3G The LEDs function as a...

Page 62: ...ard rs4000 3G the status indicator P2 also lights up if there is a redundant supply voltage connection The mGuard boots the firmware The Stat LED flashes green The mGuard is ready for op eration as so...

Page 63: ...If the supply voltage is not redundant the mGuard rs4000 3G indicates the failure of the supply voltage via the signal contact This message can be prevented by feeding the supply voltage via both inp...

Page 64: ...the Network and Sharing Center Click on LAN connection The LAN connection item is only displayed if a connection exists from the LAN interface on the computer to a mGuard in operation or another part...

Page 65: ...known the mGuard must be reset to the default set tings specified above for the IP address using the Recovery procedure see Performing a recovery procedure on page 69 If the administrator web page is...

Page 66: ...security alert The login window is displayed Figure 3 8 Login To log in enter the preset user name and password please note these settings are case sensitive The mGuard can then be configured via the...

Page 67: ...Start the web browser on the remote computer Under address enter the IP address where the mGuard can be accessed externally over the Internet or WAN together with the port number if required Example...

Page 68: ...e following states Performing a restart Performing a recovery procedure Flashing the firmware rescue procedure Figure 3 9 Reset button 3 8 1 Performing a restart Objective The device is restarted with...

Page 69: ...recovery procedure The mGuard is in Router or PPPoE mode The configured device address of the mGuard differs from the default setting The current IP address of the device is not known Action Slowly p...

Page 70: ...age of www innominate com The files must be located under the following path names or in the following folders on the SD card Firmware install ubi mpc83xx p7s Firmware ubifs img mpc83xx p7s NOTE Durin...

Page 71: ...l procedure deletes the current contents of the Flash memory and prepares for a new firmware installation The Stat Mod and Sig LEDs form a running light The jffs2 img p7s firmware file is downloaded f...

Page 72: ...C storage Dimensions H x W x D 130 x 45 x 114 mm up to DIN rail support 130 x 45 x 114 mm up to DIN rail support Weight 850 g 835 g Firmware and power values mGuard rs4000 3G mGuard rs2000 3G Firmwar...

Page 73: ...nologies 73 Other mGuard rs4000 3G mGuard rs2000 3G Conformance CE FCC UL 508 electrical isolation VCC PE ANSI ISA 12 12 Class I Div 2 Special features GPS GLONASS receiver realtime clock Trusted Plat...

Page 74: ...mGuard rs4000 rs2000 3G 74 Innominate Security Technologies I15007_en_02...

Page 75: ...se to production processes with low requirements for industrial hardening Individual devices or network segments can be safely networked and comprehensively pro tected The mGuard delta can be used as...

Page 76: ...s LAN 1 WAN 1 LEDs Figure 4 2 Operating elements and LEDs on the Table 4 2 LEDs on the mGuard delta LEDs State Meaning WAN 1 LAN 1 Green On Full duplex Off Half duplex WAN 2 LAN 2 Yellow On 10 Mbps Fl...

Page 77: ...mGuard delta Package slip 12 V DC power supply including different country adapters NOTE Risk of material damage due to incorrect wiring Only connect the mGuard network ports to LAN installations Som...

Page 78: ...Figure 4 3 Low voltage plug of the power supply unit The status LED PWR lights up green when the supply voltage has been connected properly The mGuard boots the firmware Status LED STAT flashes green...

Page 79: ...he EIS Easy Initial Setup procedure en ables startup to be performed via preset or user defined management addresses without actually having to connect to an external network The mGuard is configured...

Page 80: ...interface is not connected on startup Computers can access the mGuard via https 1 1 1 1 if they are directly or indirectly con nected to the LAN port of the mGuard For this purpose the mGuard with LAN...

Page 81: ...is the case if it is connected in an existing network connection and if the default gateway can be accessed via the WAN port of the mGuard at the same time In this case the web browser establishes a...

Page 82: ...s BootP requests without interruption until it re ceives a valid IP address After receiving a valid IP address the mGuard no longer sends BootP requests The FL MGUARD can then no longer be accessed vi...

Page 83: ...known the mGuard must be reset to the default set tings specified above for the IP address using the Recovery procedure see Performing a recovery procedure on page 87 If the administrator web page is...

Page 84: ...is supplied with the device Click Yes to acknowledge the security alert The login window is displayed Figure 4 4 Login To log in enter the preset user name and password please note these settings are...

Page 85: ...t the web browser on the remote computer Under address enter the IP address where the mGuard can be accessed externally over the Internet or WAN together with the port number if required Example If th...

Page 86: ...owing states Performing a restart Performing a recovery procedure Flashing the firmware rescue procedure Figure 4 5 Reset button 4 8 1 Performing a restart Objective The device is restarted with the c...

Page 87: ...easons for performing the recovery procedure The mGuard is in Router or PPPoE mode The configured device address of the mGuard differs from the default setting The current IP address of the device is...

Page 88: ...uard The relevant firmware files are available for download from the download page of www innominate com The files must be located under the following path names or in the following folders on the SD...

Page 89: ...res for a new firmware installation The STAT MOD and SIG LEDs form a running light The jffs2 img p7s firmware file is downloaded from the TFTP server or SD card and written to the Flash memory This fi...

Page 90: ...te recommends the use of the latest firmware version and patch releases in each case For the scope of functions please refer to the relevant firmware data sheet Data throughput router firewall Router...

Page 91: ...with PCI Express bus To aid understanding mGuard pci SD is used for the two device versions in this user man ual The mGuard pci SD is suitable for distributed protection of industrial and panel PCs i...

Page 92: ...lash ing 10 Mbps data transmission active Green On 100 Mbps Flash ing 100 Mbps data transmission active LAN 1 LAN 2 WAN 1 Various LED light codes Recovery procedure flashing See Restart recovery proce...

Page 93: ...ard network ports to LAN installations Some telecommunications connections also use RJ45 sockets these must not be connected to the RJ45 sockets of the mGuard NOTE Connection notes A free PCI slot 3 3...

Page 94: ...supply lines must be isolated or laid separately to live circuits NOTE Electrostatic discharge Before installation touch the metal frame of the PC in which the mGuard pci SD is to be installed in ord...

Page 95: ...this version onwards the EIS Easy Initial Setup procedure en ables startup to be performed via preset or user defined management addresses without actually having to connect to an external network Th...

Page 96: ...network con nection of the internal network Connect the external network interface WAN 1 of the mGuard pci SD to the external network e g Internet The STAT status LED lights up green when the supply...

Page 97: ...owledge this message with Accept this certificate always temporarily Mozilla Firefox Continue loading this website Internet Explorer Continue anyway Google Chrome Click Yes to acknowledge the security...

Page 98: ...ection of the internal network Disconnect the external network interface WAN 1 of the mGuard pci SD from the ex ternal network WAN Switch on the system The STAT LED lights up green when the supply vol...

Page 99: ...nnominate com under Downloads Software If an non configured mGuard pci SD accesses a BootP server after booting the BootP pro tocol assigns an IP address a subnet mask and optionally a default gateway...

Page 100: ...mits BootP requests without interruption until it re ceives a valid IP address After receiving a valid IP address the mGuard no longer sends BootP requests The product can then no longer be accessed v...

Page 101: ...n the mGuard must be reset to the default set tings specified above for the IP address using the Recovery procedure see Performing a recovery procedure on page 105 If the administrator web page is not...

Page 102: ...e is supplied with the device Click Yes to acknowledge the security alert The login window is displayed Figure 5 5 Login To log in enter the preset user name and password please note these settings ar...

Page 103: ...rt the web browser on the remote computer Under address enter the IP address where the mGuard can be accessed externally over the Internet or WAN together with the port number if required Example If t...

Page 104: ...the following states Performing a restart Performing a recovery procedure Flashing the firmware rescue procedure Figure 5 6 Reset button 5 8 1 Performing a restart Objective The device is restarted wi...

Page 105: ...easons for performing the recovery procedure The mGuard is in Router or PPPoE mode The configured device address of the mGuard differs from the default setting The current IP address of the device is...

Page 106: ...his SD card has been inserted into the mGuard The relevant firmware files are available for download from the download page of www innominate com The files must be located under the following path nam...

Page 107: ...950 mm X 18 mm X 130 mm Weight 72 g Firmware and power values Firmware compatibility For mGuard v7 5 0 or later Innominate recommends the use of the latest firmware version and patch releases in each...

Page 108: ...mGuard pci SD 108 Innominate Security Technologies I15007_en_02...

Page 109: ...ice or when traveling The mGuard smart is a further development of the mGuard smart To aid understanding mGuard smart is mostly used for the two device versions in this user manual The proper ties des...

Page 110: ...d to the power supply After a few seconds this LED changes to the heartbeat state Green Flashing Heartbeat The device is correctly connected and operating Red Flashing System error Restart the device...

Page 111: ...ing The scope of supply includes mGuard smart Package slip NOTE Risk of material damage due to incorrect wiring Only connect the mGuard network ports to LAN installations Some telecommunications conne...

Page 112: ...Con nections to the remote device or network are established via this network Use a UTP cable CAT5 Figure 6 3 mGuard smart Connection in the network Before After A LAN can also be on the left If your...

Page 113: ...tup of mGuard products provided in Stealth mode is considerably easier From this version onwards the EIS Easy Initial Setup procedure en ables startup to be performed via preset or user defined manage...

Page 114: ...twork interface is not connected on startup Computers can access the mGuard via https 1 1 1 1 if they are directly or indirectly con nected to the LAN port of the mGuard For this purpose the mGuard wi...

Page 115: ...This is the case if it is connected in an existing network connection and if the default gateway can be accessed via the WAN port of the mGuard at the same time In this case the web browser establishe...

Page 116: ...nsmits BootP requests without interruption until it re ceives a valid IP address After receiving a valid IP address the mGuard no longer sends BootP requests The product can then no longer be accessed...

Page 117: ...ot known the mGuard must be reset to the default set tings specified above for the IP address using the Recovery procedure see Performing a recovery procedure on page 121 If the administrator web page...

Page 118: ...cate is supplied with the device Click Yes to acknowledge the security alert The login window is displayed Figure 6 4 Login To log in enter the preset user name and password please note these settings...

Page 119: ...tart the web browser on the remote computer Under address enter the IP address where the mGuard can be accessed externally over the Internet or WAN together with the port number if required Example If...

Page 120: ...rocedure Flashing the firmware rescue procedure Figure 6 5 Reset button 6 8 1 Performing a restart Objective The device is restarted with the configured settings Action Press the Reset button for arou...

Page 121: ...easons for performing the recovery procedure The mGuard is in Router or PPPoE mode The configured device address of the mGuard differs from the default setting The current IP address of the device is...

Page 122: ...y and prepares for a new firmware installation The three green LEDs form a running light The jffs2 img p7s firmware file is downloaded from the TFTP server or SD card and written to the Flash memory T...

Page 123: ...y For mGuard v7 2 or later Innominate recommends the use of the latest firm ware version and patch releases in each case For the scope of functions please refer to the relevant firmware data sheet Dat...

Page 124: ...condensing Degree of protection IP30 Dimensions H x W x D 27 x 77 x 115 mm Weight 158 g Firmware and power values Firmware compatibility mGuard v5 0 or later Innominate recommends firmware version 6 x...

Page 125: ...c IP address The mGuard centerport performs secure remote services such as remote support remote diagnostics remote maintenance and condition monitoring for a large number of machines and systems via...

Page 126: ...perating elements and LEDs on the mGuard centerport front side LEDs 19 angled connector ON OFF button SD card slot Front 19 angled connector USB ports Display Table 7 2 LEDs on the mGuard centerport L...

Page 127: ...ckage slip 2 x AC mains connecting cables 19 server rails telescopic rails 2 x short 2 x long Screw set Installation instructions for 19 frame industrial cabinet Quickrails installation instruc tions...

Page 128: ...ockets to the mains or power supply source 100 240 V AC using a mains connecting cable 3 Connect the network connections see Connecting the network connections on page 129 4 Optional Connect a PC moni...

Page 129: ...port of the device to a network connection of the local network LAN This network is used for communication according to the firewall rules of the demilita rized zone DMZ IPMI port Use a UTP cable CAT5...

Page 130: ...lug the mains plug to disconnect the device from the mains If the device is installed in a control cabinet where the sockets cannot be accessed an ad equate disconnecting device must be installed duri...

Page 131: ...Check the file system s of firmware on rootfs1 If required checks and repairs all firmware file systems This menu item is only to be used in special cases when the user has the appropriate knowledge o...

Page 132: ...gura tion of your computer Example Under Windows 7 proceed as follows In the Control Panel open the Network and Sharing Center Click on LAN connection The LAN connection item is only displayed if a co...

Page 133: ...PPPoE or PPTP mode has been set to a different value and the current address is not known the mGuard must be reset to the default set tings specified above for the IP address using the Recovery proce...

Page 134: ...acknowledge the security alert The login window is displayed Figure 7 5 Login Enter your user name and password which are specified for this access type For access type Administration the user name an...

Page 135: ...Start the web browser on the remote computer Under address enter the IP address where the mGuard can be accessed externally over the Internet or WAN together with the port number if required Example...

Page 136: ...reset to router mode with the fixed IP address The CIFS integrity monitoring function is also disabled because this only works when the management IP is active In addition MAU configuration is activat...

Page 137: ...ebsite and has been saved on the installation medium of your choice or on the local installation computer If your current firmware version is newer than the version by default upon delivery a li cense...

Page 138: ...Start rescue procedure via DHCP BootP TFTP Effect The mGuard downloads the necessary files from the TFTP server install x86_64 p7s firmware img x86_64 p7s Start rescue procedure from CD DVD USB stick...

Page 139: ...CD DVD with the mGuard firmware into the CD DVD drive For security reasons the mGuard centerport does not boot from the CD DVD Once the rescue procedure is complete a corresponding message appears on...

Page 140: ...he mGuard centerport does not boot from an SD card Once the rescue procedure is complete a corresponding message appears on the monitor Follow any further on screen instructions The mGuard is in the d...

Page 141: ...x D 44 mm x 447 mm x 458 mm 1 HU x 19 x 18 5 Weight 9 kg Firmware and power values Firmware compatibility mGuard v8 1 2 or later Innominate recommends using the latest patch releases For the scope of...

Page 142: ...mGuard centerport 142 Innominate Security Technologies I15007_en_02...

Page 143: ...d network environments where the locally connected computers networks share the mGuard functions An additional serial interface enables configuration via a telephone dial up connection or a terminal W...

Page 144: ...t LAN Figure 8 2 Operating elements and LEDs on the mGuard delta Table 8 2 LEDs on the mGuard delta LED State Meaning Power On The power supply is active Status On The mGuard starts Heartbeat Flash fl...

Page 145: ...cludes mGuard delta Package slip One 5 V DC power supply Two UTP Ethernet cables NOTE Risk of material damage due to incorrect wiring Only connect the mGuard network ports to LAN installations Some te...

Page 146: ...local computer or the local network to one of the Ethernet LAN connections 4 to 7 of the mGuard delta using a UTP Ethernet cable CAT5 WARNING The serial interface DE 9 plug in connection must not be c...

Page 147: ...ons must be working 8 4 2 Local configuration on startup EIS As of firmware version 7 2 initial startup of mGuard products provided in Stealth mode is considerably easier From this version onwards the...

Page 148: ...Click on Properties Select the menu item Internet protocol Version 4 TCP IPv4 Click on Properties First select Use the following IP address under Internet Protocol Version 4 Proper ties then enter the...

Page 149: ...is not known the mGuard must be reset to the default set tings specified above for the IP address using the Recovery procedure see Performing a recovery procedure on page 153 If the administrator web...

Page 150: ...e is supplied with the device Click Yes to acknowledge the security alert The login window is displayed Figure 8 4 Login To log in enter the preset user name and password please note these settings ar...

Page 151: ...t the web browser on the remote computer Under address enter the IP address where the mGuard can be accessed externally over the Internet or WAN together with the port number if required Example If th...

Page 152: ...ng states Performing a restart Performing a recovery procedure Flashing the firmware rescue procedure Figure 8 5 Reset button 8 7 1 Performing a restart Objective The device is restarted with the conf...

Page 153: ...The current IP address of the device is not known Action Slowly press the Reset button six times After approximately 2 seconds the Status LED lights up green Press the Reset button slowly again six ti...

Page 154: ...ents of the Flash memory and prepares for a new firmware installation The Status LED flashes faster The jffs2 img p7s firmware file is downloaded from the TFTP server or SD card and written to the Fla...

Page 155: ...f protection IP20 Temperature range 0 C 40 C operation 20 C 70 C storage Dimensions H x W x D 30 x 239 x 156 mm Weight 1300 g Firmware and power values Firmware compatibility mGuard v5 0 or later Inno...

Page 156: ...mGuard delta 156 Innominate Security Technologies I15007_en_02...

Page 157: ...ter in which the card is installed with all mGuard functions as well as acting as a normal network card In Power over PCI mode an existing network card in the computer or another com puter network can...

Page 158: ...e Reset button for 1 5 seconds Alternatively briefly disconnect the device power supply and then connect it again If the error is still present start the recovery procedure see Performing a recov ery...

Page 159: ...rect wiring Only connect the mGuard network ports to LAN installations Some telecommunications connections also use RJ45 sockets these must not be connected to the RJ45 sockets of the mGuard NOTE Conn...

Page 160: ...like an mGuard stand alone device In this operating mode the mGuard pci actu ally only uses the PCI slot of a computer in order to receive power and as housing This op erating mode of the mGuard is r...

Page 161: ...ot appear as a separate device with its own address for data traffic to and from the computer In Stealth mode PPPoE and PPTP cannot be used Router mode in Driver mode Figure 9 4 Driver mode Router mod...

Page 162: ...e Figure 9 5 Power over PCI mode Stealth mode Since the network card functions of the mGuard pci are switched off in Power over PCI mode no driver software is installed for it A previously installed n...

Page 163: ...as a separate network For the IP configuration of the network interface of the operating system for the computer in which the network card is installed this means that an IP address must be assigned t...

Page 164: ...d pci is to be in stalled in order to remove electrostatic discharge The device contains components that can be damaged or destroyed by electrostatic dis charge When handling the device observe the ne...

Page 165: ...therboard and then press the card evenly into the socket strip Tighten the card slot plate Close the computer cover again Connect the computer power cable again and switch on the computer 9 3 4 Instal...

Page 166: ...the computer Log on with administrator rights and wait until the following window appears Figure 9 8 Driver installation under Windows XP 1 After inserting the data carrier select the Install from a...

Page 167: ...switch on the computer Log on with administrator rights and wait until the following window appears Figure 9 9 Driver installation under Windows 2000 1 1 Click Next 2 Select Search for a suitable dri...

Page 168: ...must be compiled before use First set up and compile the Linux kernel 2 4 25 in the directory usr src linux Extract the drivers from the ZIP to the directory usr src pci driver Execute the following...

Page 169: ...rd products provided in Stealth mode is considerably easier From this version onwards the EIS Easy Initial Setup procedure en ables startup to be performed via preset or user defined management addres...

Page 170: ...computer that is connected to the LAN interface of the mGuard has not yet been configured This network interface must be configured before the mGuard can be configured Under Windows XP proceed as foll...

Page 171: ...ddresses for example In DOS Start Programs Accessories Command Prompt enter the following arp s IP address of the default gateway 00 aa aa aa aa aa Example You have determined or specified the address...

Page 172: ...known the mGuard must be reset to the default set tings specified above for the IP address using the Recovery procedure see Performing a recovery procedure on page 176 If the administrator web page is...

Page 173: ...is supplied with the device Click Yes to acknowledge the security alert The login window is displayed Figure 9 12 Login To log in enter the preset user name and password please note these settings are...

Page 174: ...the web browser on the remote computer Under address enter the IP address where the mGuard can be accessed externally over the Internet or WAN together with the port number if required Example If the...

Page 175: ...ing states Performing a restart Performing a recovery procedure Flashing the firmware rescue procedure Figure 9 13 Reset button 9 8 1 Performing a restart Objective The device is restarted with the co...

Page 176: ...e reasons for performing the recovery procedure The mGuard is in Router or PPPoE mode The configured device address of the mGuard differs from the default setting The current IP address of the device...

Page 177: ...sword have been lost Requirements Requirements for flashing If the mGuard is operated in Power over PCI mode the DHCP TFTP server must be connected via the LAN socket of the mGuard If the mGuard is op...

Page 178: ...ver or SD card and written to the Flash memory This file contains the actual mGuard operating system and is signed electronically Only files signed by Innominate are accepted This process takes around...

Page 179: ...C 70 C storage Dimensions H x W x D Low profile PCI Weight 72 g Firmware and power values Firmware compatibility mGuard v5 0 or later Innominate recommends firmware version 6 x or 7 x to be used with...

Page 180: ...mGuard pci 180 Innominate Security Technologies I15007_en_02...

Page 181: ...on is therefore ideal for use in industrial applica tions where several server systems can be protected individually and independently of one another An additional serial interface enables remote conf...

Page 182: ...eset button for 1 5 seconds If the error is still present start the recovery procedure see Performing a re covery procedure on page 193 or contact your dealer WAN LAN Green On or flash ing Ethernet st...

Page 183: ...the controller Two power supply units Two power cables 12 place holders 12 labeling plates M1 to M12 Screws for mounting the mGuard bladebase NOTE Risk of material damage due to incorrect wiring Only...

Page 184: ...on the front of the power supplies are now green Installation of mGuard blade The mGuard bladebase does not have to be switched off when installing or removing an mGuard blade Loosen the top and bott...

Page 185: ...he firewall CIFS integrity monitoring and VPN functions are reset and deactivated Connecting the mGuard blade Figure 10 4 Connecting the mGuard blade to the network NOTE If your computer is already co...

Page 186: ...GSM network The user of a remote PC which is also connected to the telephone network by a modem can then establish a PPP Point to Point Protocol dial up connection to the mGuard and config ure it via...

Page 187: ...products provided in Stealth mode is considerably easier From this version onwards the EIS Easy Initial Setup procedure en ables startup to be performed via preset or user defined management addresse...

Page 188: ...lick on Properties Select the menu item Internet protocol Version 4 TCP IPv4 Click on Properties First select Use the following IP address under Internet Protocol Version 4 Proper ties then enter the...

Page 189: ...ot known the mGuard must be reset to the default set tings specified above for the IP address using the Recovery procedure see Performing a recovery procedure on page 193 If the administrator web page...

Page 190: ...is supplied with the device Click Yes to acknowledge the security alert The login window is displayed Figure 10 6 Login To log in enter the preset user name and password please note these settings ar...

Page 191: ...rt the web browser on the remote computer Under address enter the IP address where the mGuard can be accessed externally over the Internet or WAN together with the port number if required Example If t...

Page 192: ...owing states Performing a restart Performing a recovery procedure Flashing the firmware rescue procedure Figure 10 7 Reset button 10 7 1 Performing a restart Objective The device is restarted with the...

Page 193: ...The current IP address of the device is not known Action Slowly press the Reset button six times After approximately 2 seconds the LAN LED lights up red Press the Reset button slowly again six times...

Page 194: ...d are executed The control procedure deletes the current contents of the Flash memory and prepares for a new firmware installation The green LEDs and the red LAN LED form a running light The jffs2 img...

Page 195: ...C storage Dimensions H x W x D blade 100 x 26 x 160 mm bladebase 133 x 483 x 235 mm 3 HU Weight blade 245 g bladepack 7 7 kg Firmware and power values Firmware compatibility mGuard v5 0 or later Inno...

Page 196: ...mGuard blade 196 Innominate Security Technologies I15007_en_02...

Page 197: ...usand simultaneous tunnels which all belong to the same unique public IP address The mGuard centerport performs secure remote services such as remote support remote diagnostics remote maintenance and...

Page 198: ...ments and LEDs on the mGuard centerport front side Figure 11 3 Operating elements for the mGuard centerport with front flap open Table 11 2 LEDs on the mGuard centerport LED State Meaning Green On Lig...

Page 199: ...erport Package slip 2 x keys for front flap lock 2 x AC mains connecting cables Rubber feet self adhesive NOTE Risk of material damage due to incorrect wiring Only connect the mGuard network ports to...

Page 200: ...drives reset button and ON OFF switch Ensure that you keep safe hold of the two keys provided Housing on page 202 8 Connect the two power supply units to the mains or power supply source via the two...

Page 201: ...ne Or a modem is connected to the serial interface of the mGuard This modem is connect ed to the telephone network fixed line or GSM network The user of a remote PC which is also connected to the tele...

Page 202: ...ing booting mGuard centerport Press the ON OFF button The mGuard centerport boots the firmware and is ready to operate 11 3 4 1 Boot options when monitor and keyboard are connected If a monitor and a...

Page 203: ...when the user has the appropriate knowledge or upon instruction from the dealer support team The mGuard firmware checks and repairs the file systems if required even during the normal startup process...

Page 204: ...d must be connected i e the required connections must be working 11 4 2 Local configuration on startup EIS As of firmware version 7 2 initial startup of mGuard products provided in Stealth mode is con...

Page 205: ...er Click on Properties Select the menu item Internet protocol Version 4 TCP IPv4 Click on Properties First select Use the following IP address under Internet Protocol Version 4 Proper ties then enter...

Page 206: ...is not known the mGuard must be reset to the default set tings specified above for the IP address using the Recovery procedure see Performing a recovery procedure on page 210 If the administrator web...

Page 207: ...ate is supplied with the device Click Yes to acknowledge the security alert The login window is displayed Figure 11 6 Login To log in enter the preset user name and password please note these settings...

Page 208: ...tart the web browser on the remote computer Under address enter the IP address where the mGuard can be accessed externally over the Internet or WAN together with the port number if required Example If...

Page 209: ...ey which can be used to perform a restart The res cue procedure and therefore the reloading of mGuard firmware is initiated via the boot menu Figure 11 7 Reset button 11 8 Performing a restart Objecti...

Page 210: ...rs from the default setting The current IP address of the device is not known Action Requirement a monitor and a keyboard are connected to the device Press the following keyboard shortcut Alt SysRq a...

Page 211: ...r using this update This applies to major release upgrades e g from Version 4 x y to Version 5 x y to Version 6 x y etc DHCP and TFTP servers can be accessed under the same IP address Action To flash...

Page 212: ...he mGuard centerport does not boot from the CD Start rescue procedure from USB mass storage Requirement The firmware of the mGuard has been previously copied to a USB stor age medium USB stick As the...

Page 213: ...e rescue procedure Rescue Config serial lic As above only the wildcard serial is replaced by the serial number of the device The same CD can be used for various devices simultaneously Rescue Config pr...

Page 214: ...of service Degree of protection Front IP20 Temperature range 0 C 50 C operation 20 C 70 C storage Dimensions H x W x D 88 x 482 x 472 mm 2 HE x 19 x 18 58 Weight 10 kg Firmware and power values Firmw...

Page 215: ...ostics re mote configuration The device is designed for standard DIN rail mounting and is therefore ideal for use in industrial applications The VPN tunnels can be initiated using software or hardware...

Page 216: ...contact is open due to an error see Signal contact on page 222 The signal contact is interrupted during a restart State Green Flash ing Heartbeat The device is correctly connected and operating Error...

Page 217: ...power supply connection inserted Terminal block for the signal contact button and an optional ISDN or telephone con nection 2 cover caps for RJ45 sockets NOTE Risk of material damage due to incorrect...

Page 218: ...Attach the top snap on foot of the mGuard industrial rs to the DIN rail and then press the mGuard industrial rs down towards the DIN rail until it engages with a click Insert the wired terminal block...

Page 219: ...dustrial rs alone The supply voltage is electrically isolated from the housing If the supply voltage is not redundant the mGuard industrial rs indicates the failure of the supply voltage via the signa...

Page 220: ...rd industrial rs is available in three versions which can be distinguished by the connection options on the lower terminal strip Figure 12 5 mGuard industrial rs Lower terminal strip Please note that...

Page 221: ...unctional earth ground Signal contact in terrupted in the event of an error Service contacts CMD ACK for establishing a predefined VPN connection Button or on off switch Signal LED 20 mA ACK CMD Lower...

Page 222: ...ted between service contacts CMD and _ _ A standard LED up to 3 5 V or a corresponding optocoupler can be connected between contacts ACK and _ _ The contact is short circuit proof and supplies 20 mA m...

Page 223: ...N network The table below describes the as signment of the contacts to 8 pos connections both for plugs and for sockets for example RJ45 In the case of direct connection to an ISDN NTBA the mGuard con...

Page 224: ...connected to the telephone network by a modem can then establish a PPP Point to Point Protocol dial up connection to the mGuard and configure it via a web browser To manage data traffic via the serial...

Page 225: ...to be performed via preset or user defined management addresses without actually having to connect to an external network The mGuard is configured using a web browser on the computer used for configu...

Page 226: ...twork interface is not connected on startup Computers can access the mGuard via https 1 1 1 1 if they are directly or indirectly con nected to the LAN port of the mGuard For this purpose the mGuard wi...

Page 227: ...This is the case if it is connected in an existing network connection and if the default gateway can be accessed via the WAN port of the mGuard at the same time In this case the web browser establish...

Page 228: ...nsmits BootP requests without interruption until it re ceives a valid IP address After receiving a valid IP address the mGuard no longer sends BootP requests The FL MGUARD can then no longer be access...

Page 229: ...known the mGuard must be reset to the default set tings specified above for the IP address using the Recovery procedure see Performing a recovery procedure on page 233 If the administrator web page i...

Page 230: ...cate is supplied with the device Click Yes to acknowledge the security alert The login window is displayed Figure 12 10 Login To log in enter the preset user name and password please note these settin...

Page 231: ...Start the web browser on the remote computer Under address enter the IP address where the mGuard can be accessed externally over the Internet or WAN together with the port number if required Example...

Page 232: ...ming a recovery procedure Flashing the firmware rescue procedure Figure 12 11 Reset button 12 8 1 Performing a restart Objective The device is restarted with the configured settings Action Press the R...

Page 233: ...sons for performing the recovery procedure The mGuard is in Router or PPPoE mode The configured device address of the mGuard differs from the default setting The current IP address of the device is no...

Page 234: ...gned are executed The control procedure deletes the current contents of the Flash memory and prepares for a new firmware installation The Modem State and LAN LEDs form a running light The jffs2 img p7...

Page 235: ...nge 0 C 55 C operation 20 C 70 C storage Dimensions H x W x D 100 x 45 x 112 mm Weight 250 g Firmware and power values Firmware compatibility mGuard v5 0 or later Innominate recommends firmware versio...

Page 236: ...mGuard industrial rs 236 Innominate Security Technologies I15007_en_02...

Page 237: ...15 and is therefore ideal for use in industrial applications The optional configuration connection and option to establish a phone dial up connection via the RS 232 interface open up a wealth of appli...

Page 238: ...Ground connection Link status data 1 LAN USB Figure 13 2 Operating elements and LEDs on the EAGLE mGuard Table 13 2 LEDs on the EAGLE mGuard LED State Meaning P1 P2 Green On Power supply 1 or 2 is ac...

Page 239: ...ng The scope of supply includes EAGLE mGuard Package slip NOTE Risk of material damage due to incorrect wiring Only connect the mGuard network ports to LAN installations Some telecommunications connec...

Page 240: ...e sup plies the EAGLE mGuard alone The supply voltage is electrically isolated from the housing Startup Start up the EAGLE mGuard with the connection of the supply voltage via the 6 pos terminal block...

Page 241: ...ace There are two options A PC is connected directly to the serial interface of the mGuard via the serial interface of the PC The PC user can then use a terminal program to configure the mGuard via th...

Page 242: ...ed via the ground connection Network connection Both network interfaces of the EAGLE mGuard are configured for connection on a comput er Removal To remove the EAGLE mGuard from the DIN rail insert a s...

Page 243: ...ier From this version onwards the EIS Easy Initial Setup procedure en ables startup to be performed via preset or user defined management addresses without actually having to connect to an external ne...

Page 244: ...k interface is not connected on startup Computers can access the mGuard via https 1 1 1 1 if they are directly or indirectly con nected to the LAN port of the mGuard For this purpose the mGuard with L...

Page 245: ...s is the case if it is connected in an existing network connection and if the default gateway can be accessed via the WAN port of the mGuard at the same time In this case the web browser establishes a...

Page 246: ...its BootP requests without interruption until it re ceives a valid IP address After receiving a valid IP address the mGuard no longer sends BootP requests The product can then no longer be accessed vi...

Page 247: ...known the mGuard must be reset to the default set tings specified above for the IP address using the Recovery procedure see Performing a recovery procedure on page 251 If the administrator web page i...

Page 248: ...is supplied with the device Click Yes to acknowledge the security alert The login window is displayed Figure 13 6 Login To log in enter the preset user name and password please note these settings ar...

Page 249: ...rt the web browser on the remote computer Under address enter the IP address where the mGuard can be accessed externally over the Internet or WAN together with the port number if required Example If t...

Page 250: ...rescue procedure Figure 13 7 Reset button 13 8 1 Performing a restart Objective The device is restarted with the configured settings Action Press the Reset button for around 1 5 seconds until the midd...

Page 251: ...ns for performing the recovery procedure The mGuard is in Router or PPPoE mode The configured device address of the mGuard differs from the default setting The current IP address of the device is not...

Page 252: ...e current contents of the Flash memory and prepares for a new firmware installation The 1 2 and V 24 LEDs form a running light The jffs2 img p7s firmware file is downloaded from the TFTP server or SD...

Page 253: ...IP20 Temperature range 0 C 60 C operation 40 C 80 C storage Dimensions H x W x D 131 x 47 x 111 mm Weight 340 g Firmware and power values Firmware compatibility mGuard v5 0 or later Innominate recomm...

Page 254: ...EAGLE mGuard 254 Innominate Security Technologies I15007_en_02...

Page 255: ...he start screen of the addressing tool appears The program is mainly in English However the program buttons change according to the country specific settings The start screen displays the IP address o...

Page 256: ...settings Figure 14 2 Set IP Address window with incorrect settings Adjust the IP parameters according to your requirements If inconsistencies are no longer detected a message appears indicating that...

Page 257: ...hat address assignment has been successfully com pleted It gives an overview of the IP parameters that have been transmitted to the device with the MAC address shown To assign IP parameters for additi...

Page 258: ...host IP to be specified is 192 168 10 1 It must also be used as the address for the net work card Click on Browse to switch to the folder where the mGuard image files are saved in stall p7s jffs2 img...

Page 259: ...tion provides 20 IP addresses 100 to 119 It is assumed that the DHCP server has the address 192 168 134 1 settings for ISC DHCP 2 0 The required TFTP server is configured in the following file etc ine...

Page 260: ...Assigning IP addresses and setting up DHCP TFTP servers 260 Innominate Security Technologies I15007_en_02...

Reviews: