Page 1 Installing and starting up the mGuard hardware User manual...
Page 2 – TC MGUARD RS4000 4G – TC MGUARD RS2000 4G – FL MGUARD RS2000 TX/TX-B – FL MGUARD RS4000 TX/TX-P – FL MGUARD RS4000 TX/TX VPN-M – FL MGUARD GT/GT – FL MGUARD SMART2 – FL MGUARD PCI(E)4000 – FL MGUARD CENTERPORT –...
Page 3 How to contact us Internet Up-to-date information on Phoenix Contact products and our Terms and Conditions can be found on the Internet at: phoenixcontact.com Make sure you always use the latest documentation.
Page 4 The receipt of technical documentation (in particular user documentation) does not consti- tute any further duty on the part of Phoenix Contact to furnish information on modifications to products and/or technical documentation. You are responsible to verify the suitability and intended use of the products in your specific application, in particular with regard to observ- ing the applicable standards and regulations.
Page 5 20 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter expect in accor- dance with the FCC multi-transmitter policy. PHOENIX CONTACT...
Page 6 PHOENIX CONTACT...
Page 7: Table Of Contents
Table of contents FL MGUARD RS4000/RS2000 ....................11 Operating elements and LEDs................12 Startup......................... 14 Installation of FL MGUARD RS4000/RS2000............15 Preparing the configuration.................. 21 Configuration in Stealth mode ................22 Establishing a local configuration connection ............25 Remote configuration ..................27 Serial interface.....................
Page 8 FL MGUARD RS4000 TX/TX-P .....................119 Operating elements and LEDs................120 Safety notes ...................... 122 Startup....................... 123 Installation of FL MGUARD RS4000 TX/TX-P ........... 124 Preparing the configuration................129 Configuration in Stealth mode ................130 Establishing a local configuration connection ............ 132 Remote configuration ..................
Page 9 Table of contents FL MGUARD RS4000 TX/TX VPN-M ..................143 Operating elements and LEDs................144 Startup....................... 146 Installation of FL MGUARD RS4000 TX/TX VPN-M .......... 147 Preparing the configuration................152 Configuration in Stealth mode ................153 Establishing a local configuration connection ............ 156 Remote configuration ..................
Page 10 Restart, recovery procedure, and flashing the firmware........258 12.10 Technical data ....................263 13 Assigning IP addresses and setting up DHCP/TFTP servers ..........265 13.1 Assigning the IP address using IPAssign.exe ............ 265 13.2 Installing the DHCP and TFTP server ..............268 PHOENIX CONTACT 105656_en_05...
Page 11: Fl Mguard Rs4000/Rs2000
2700642 Product description The FL MGUARD RS4000 is a security router with intelligent firewall and optional IPsec VPN (optionally up to 10 or up to 250 tunnels). It has been designed for use in industry to accommodate strict distributed security and high availability requirements.
Page 12: Operating Elements And Leds
LEDs, see Table 1-2 Configuration (SD card) Figure 1-2 Operating elements and LEDs on the FL MGUARD RS4000 Table 1-2 LEDs on the FL MGUARD RS4000 and FL MGUARD RS2000 State Meaning Green On Power supply 1 is active Green On...
Page 13 FL MGUARD RS4000/RS2000 Table 1-2 LEDs on the FL MGUARD RS4000 and FL MGUARD RS2000 [...] State Meaning INFO Green On Up to firmware version 8.0: the configured VPN connection has been established As of firmware version 8.1, the configured VPN connections are established or the...
Page 14: Startup
FL MGUARD RS4000/RS2000 Startup 1.2.1 Safety notes To ensure correct operation and the safety of the environment and of personnel, the device must be installed, operated, and maintained correctly. NOTE: Risk of material damage due to incorrect wiring Only connect the device network ports to LAN installations. Some telecommunications connections also use RJ45 sockets;...
Page 15: Installation Of Fl Mguard Rs4000/Rs2000
Mounting the FL MGUARD RS4000/RS2000 on a DIN rail • Attach the top snap-on foot of the FL MGUARD RS4000/RS2000 to the DIN rail and then press the FL MGUARD RS4000/RS2000 down towards the DIN rail until it engag- es with a click.
Page 16 FL MGUARD RS4000/RS2000 1.3.2 Connecting to the network NOTE: Only connect the device network ports to LAN installations. Some telecommuni- cations connections also use RJ45 sockets; these must not be connected to the RJ45 sockets of the device. • Connect the device to the network. To do this, you need a suitable UTP cable (CAT5) which is not included in the scope of supply.
Page 17 FL MGUARD RS4000/RS2000 I1/I2 O1/O2 Voltage out- Switching Ground out- Short-cir- +24 V +24 V put (+) input 11 ... put (-) cuit-proof See Section 1.3.4 Only for 36 V DC switching FL MGUARD RS4000 Supply volt- Supply volt- output See Section 1.3.4...
Page 18 If VPN connections are being monitored, an illuminated Info LED indicates that VPN con- nections are established. Alarm output O4 resp. The O4 alarm output monitors the function of the FL MGUARD RS4000/RS2000 and there- FAULT fore enables remote diagnostics.
Page 19 If the INFO LED is illuminated, the VPN connection is present. If the INFO LED is flashing, the VPN connection is being established or released. Signal contact (signal out- The signal contact monitors the function of the FL MGUARD RS4000/RS2000 and thus en- put) ables remote diagnostics.
Page 20 Figure 1-4). Status LED P1 lights up green when the supply voltage has been connected properly. On the FL MGUARD RS4000, the status indicator P2 also lights up if there is a redundant sup- ply voltage connection. The device boots the firmware. Status STAT LED flashes green. The device is ready for op- eration as soon as the Ethernet socket LEDs light up.
Page 21: Preparing The Configuration
Preparing the configuration 1.4.1 Connection requirements – The FL MGUARD RS4000/RS2000 must be connected to at least one active power supply unit. – For local configuration: The computer that is to be used for configuration must be connected to the LAN socket on the device.
Page 22: Configuration In Stealth Mode
FL MGUARD RS4000/RS2000 Configuration in Stealth mode On initial startup, the device can be accessed via two addresses: – https://192.168.1.1/ (see Page 23) – https://1.1.1.1/ (see Page 23) Alternatively, an IP address can be assigned via BootP (see “Assigning the IP address via BootP”...
Page 23 FL MGUARD RS4000/RS2000 1.5.1 IP address 192.168.1.1 In Stealth mode, the device can be accessed via the LAN interface via IP address 192.168.1.1 within network 192.168.1.0/24, if one of the following conditions applies. – The device is in the delivery state.
Page 24 FL MGUARD RS4000/RS2000 1.5.3 Assigning the IP address via BootP After assigning an IP address via BootP, the product can no longer be accessed via IP ad- dress 192.168.1.1 For IP address assignment, the device uses the BootP protocol. The IP address can also be assigned via BootP.
Page 25: Establishing A Local Configuration Connection
FL MGUARD RS4000/RS2000 Establishing a local configuration connection Web-based administrator The device is configured via a web browser that is executed on the configuration computer. interface NOTE: The web browser used must support SSL encryption (i.e., HTTPS). The device can be accessed via one of the following addresses:...
Page 26 FL MGUARD RS4000/RS2000 After successful connection establishment Once a connection has been established successfully, a security alert may be displayed. Explanation: As administrative tasks can only be performed using encrypted access, a self-signed certif- icate is supplied with the device.
Page 27: Remote Configuration
FL MGUARD RS4000/RS2000 Remote configuration Requirement The device must be configured so that remote configuration is permitted. The option for remote configuration is disabled by default. Switch on the remote configuration option in the web interface under “Management >> Web Settings”.
Page 28: Restart, Recovery Procedure, And Flashing The Firmware
FL MGUARD RS4000/RS2000 Restart, recovery procedure, and flashing the firm- ware The Reset button is used to set the device to one of the following states: – Performing a restart – Performing a recovery procedure – Flashing the firmware/rescue procedure...
Page 29 FL MGUARD RS4000/RS2000 1.9.2 Performing a recovery procedure Objective (up to 8.3.x) Up to mGuard firmware version 8.3.x The network configuration (but not the rest of the configuration) is to be reset to the de- livery state, as it is no longer possible to access the device.
Page 30 FL MGUARD RS4000/RS2000 The configuration profile named "Recovery DATE" subsequently appears in the list of con- figuration profiles and can be edited and restored with or without changes. Action • Slowly press the Reset button six times. After approximately 2 seconds, the STAT LED lights up green.
Page 31 FL MGUARD RS4000/RS2000 1.9.3 Flashing the firmware/rescue procedure Objective The entire mGuard firmware should be reloaded on the device. – All configured settings are deleted. The device is set to the delivery state. – In mGuard firmware version 5.0.0 or later, the licenses installed on the device are re- tained after flashing the firmware.
Page 32 The “jffs2.img.p7s” firmware file is downloaded from the TFTP server or SD card and written to the Flash memory. This file contains the actual mGuard operating system and is signed electronically. Only files signed by Phoenix Contact are accepted. This process takes around 3 to 5 minutes. The STAT LED is lit continuously.
Page 33: Technical Data
FL MGUARD RS2000 Firmware compatibility For mGuard v7.4.0 or later: Phoenix Contact recommends the use of the latest firm- ware version and patch releases in each case. For the scope of functions, please refer to the relevant firmware data sheet.
Page 34 FL MGUARD RS4000/RS2000 PHOENIX CONTACT 105656_en_05...
Page 35: Fl Mguard Rs4004/Rs2005
FL MGUARD RS4004/RS2005 FL MGUARD RS4004/RS2005 Table 2-1 Currently available products Product designation Phoenix Contact order number FL MGUARD RS4004 DTX/TX 2701876 FL MGUARD RS4004 TX/TX VPN 2701877 FL MGUARD RS2005 TX VPN 2701875 Product description The FL MGUARD RS4004 is suitable for distributed protection of production cells or indi- vidual machines against manipulation.
Page 36: Operating Elements And Leds
LED changes to the heartbeat state. Green Connection via modem established Fault The signal output changes to the low level due to an error (inverted control logic). The signal output is inactive during a restart. PHOENIX CONTACT 105656_en_05...
Page 37 LAN 1–4/5 Green is a connection to the network partner in the LAN, WAN or DMZ. When data pack- ets are transmitted, the LED goes out briefly. FL MGUARD RS4004 only FL MGUARD RS2005 only 105656_en_05 PHOENIX CONTACT...
Page 38: Startup
The scope of supply includes: – Device – Package slip – Plug-in screw terminal blocks for the power supply connection and inputs/outputs (in- serted) 2.2.3 mGuard-Firmware The device must be operated with mGuard firmware version 8.1.5 or higher. PHOENIX CONTACT 105656_en_05...
Page 39: Installing The Fl Mguard Rs4004/Rs2005
To remove the FL MGUARD RS4004/RS2005 from the DIN rail, insert a screwdriver horizontally in the locking slide under the housing, pull it down – without tilting the screwdriver – and then pull up the FL MGUARD RS4004/RS2005. 105656_en_05 PHOENIX CONTACT...
Page 40 NOTE: Do not connect the voltage and ground outputs US (resp. CMD V+) and GND to an external voltage source. The plug-in screw terminal blocks of the service contacts may be removed or inserted during operation of the device. PHOENIX CONTACT 105656_en_05...
Page 41 +24 V +24 V put (+) input 11 ... put (-) cuit-proof See Section 2.3.4 Only for 36 V DC switching FL MGUARD RS4000 Supply volt- Supply volt- output See Section 2.3.4 Example Example Not used Not used Signal out-...
Page 42 PLCs. In this case, ensure the same potential as well as voltage and current specifications are defined. Depending on the firmware version used, the service contacts can be used for various switching or signaling tasks. PHOENIX CONTACT 105656_en_05...
Page 43 2.3.4 Connecting the supply voltage WARNING: The FL MGUARD RS4000/RS2000 is designed for operation with a DC volt- age of 11 V DC ... 36 V DC/SELV, 1.5 A, maximum. Therefore, only SELV circuits with voltage limitations according to EN 60950-1 may be connected to the supply connections and the signal contact.
Page 44: Preparing The Configuration
IP address: 192.168.1.2 Subnet mask: 255.255.255.0 Default gateway: 192.168.1.1 Depending on the configuration of the device, it may then be necessary to adapt the net- work interface of the locally connected computer or network accordingly. – PHOENIX CONTACT 105656_en_05...
Page 45: Establishing A Local Configuration Connection
If other LAN connections are active on the computer, deactivate them until the configu- ration has been completed. Under the Windows menu “Start, Settings, Control Panel, Network Connections” or “Network and Dial-up Connections”, right-click on the corresponding icon and select “Disable” in the context menu. 105656_en_05 PHOENIX CONTACT...
Page 46 The device can then be configured via the web interface. For additional information, please refer to software reference manual. For security reasons, we recommend you change the default root and administrator pass- words during initial configuration. PHOENIX CONTACT 105656_en_05...
Page 47: Remote Configuration
Via the serial interface (RS232), a user can access the command line of the device. The fol- lowing parameters must be configured device-specific: – Baud rate: 57600 – Data bits / parity bit / stop bit: 8-N-1 – Hardware handshake RTS/CTS: Off (default) 105656_en_05 PHOENIX CONTACT...
Page 48: Restart, Recovery Procedure, And Flashing The Firmware
Performing a restart Objective The device is restarted with the configured settings. Action • Press the reset button for around 1.5 seconds until the Err LED lights up. (Alternatively, disconnect the power supply and then connect it again.) PHOENIX CONTACT 105656_en_05...
Page 49 ( "Recovery-DATE"). After the recovery proce- dure has finished, the device starts with the Factory Default settings. The configuration profile named "Recovery DATE" subsequently appears in the list of con- figuration profiles and can be edited and restored with or without changes. 105656_en_05 PHOENIX CONTACT...
Page 50 Choose the configuration profile, generated during the recovery procedure: „Recov- ery-DATE“ (e.g. “Recovery-2016.12.01-18:02:50). • Click on the Icon „Edit profile“ to analyze the configuration profile and to restore it with or without changes. • Click on the Icon „Save“ to apply the changes. PHOENIX CONTACT 105656_en_05...
Page 51 This SD card has been inserted into the device. – The relevant firmware files are available for download from the download page of phoe- nixcontact.net/products. The files must be located under the following path names in the following folders on the SD card: Firmware/install-ubi.mpc83xx.p7s Firmware/ubifs.img.mpc83xx.p7s 105656_en_05 PHOENIX CONTACT...
Page 52 Restart the device. To do so, press the reset button. (Alternatively, disconnect the power supply and then connect it again.) The device is in the delivery state. You can now configure it again (see “Establishing a local configuration connection” on page 45). PHOENIX CONTACT 105656_en_05...
Page 53: Technical Data
FL MGUARD RS4004 FL MGUARD RS2005 Firmware compatibility Firmware 8.1.5: Phoenix Contact recommends the use of the latest firmware version and patch releases in each case. For the scope of functions, please refer to the relevant firmware data sheet. Data throughput (Firewall)
Page 54 FL MGUARD RS4004/RS2005 PHOENIX CONTACT 105656_en_05...
Page 55: Tc Mguard Rs4000/Rs2000 3G
TC MGUARD RS4000/RS2000 3G TC MGUARD RS4000/RS2000 3G Table 3-1 Currently available products Product designation Phoenix Contact order number TC MGUARD RS4000 3G VPN 2903440 TC MGUARD RS2000 3G VPN 2903441 Product description The TC MGUARD RS4000 3G is suitable for distributed protection of production cells or in- dividual machines against manipulation.
Page 56: Operating Elements And Leds
After a few seconds, this LED changes to the heartbeat state. Green Connection via modem established Fault The signal output changes to the low level due to an error (inverted control logic). The signal output is inactive during a restart. PHOENIX CONTACT 105656_en_05...
Page 57 Sufficient Good Very good SIM 1 Green SIM card 1 active Flashing No PIN or incorrect one entered SIM 2 Green SIM card 2 active Flashing No PIN or incorrect one entered only TC MGUARD RS4000 3G 105656_en_05 PHOENIX CONTACT...
Page 58: Startup
The scope of supply includes: – The device – Package slip – Plug-in screw terminal blocks for the power supply connection and inputs/outputs (in- serted) 3.2.3 mGuard-Firmware – The device must be operated with mGuard firmware version 8.0 or higher. PHOENIX CONTACT 105656_en_05...
Page 59: Installation Of Tc Mguard Rs4000/Rs2000 3G
To remove the TC MGUARD RS4000/RS2000 3G from the DIN rail, insert a screw- driver horizontally in the locking slide under the housing, pull it down – without tilting the screwdriver – and then pull up the TC MGUARD RS4000/RS2000 3G. 105656_en_05 PHOENIX CONTACT...
Page 60 Use UTP cables with an impedance of 100 Ω. • Connect the internal network interface LAN of the device to the corresponding Ethernet network card of the configuration computer or a valid network connection of the internal network (LAN). PHOENIX CONTACT 105656_en_05...
Page 61 PLC signals. In this case, ensure the same potential as well as voltage and current specifications are defined. Depending on the firmware version used, the service contacts can be used for various switching or signaling tasks. 105656_en_05 PHOENIX CONTACT...
Page 62 NOTE: Removing operator permissions Operation of the wireless system is only permitted with accessories supplied by Phoenix Contact. The use of other accessory components may invalidate the operating license. You can find the approved accessories for this wireless system listed with the product at: phoenixcontact.net/products.
Page 63 Remove the SIM card holder. • Insert the SIM card so that the SIM chip remains visible. • Insert the SIM card holder together with the SIM card into the device until this ends flush with the housing. 105656_en_05 PHOENIX CONTACT...
Page 64 A redundant supply voltage can be connected. Both inputs are isolated. The load is not dis- tributed. With a redundant supply, the power supply unit with the higher output voltage sup- plies the TC MGUARD RS4000 3G alone. The supply voltage is electrically isolated from the housing. PHOENIX CONTACT 105656_en_05...
Page 65 If the supply voltage is not redundant, the TC MGUARD RS4000 3G indicates the failure of the supply voltage via the signal contact. This message can be prevented by feeding the supply voltage via both inputs or by installing an appropriate wire jumper between the con- nections. 105656_en_05 PHOENIX CONTACT...
Page 66: Preparing The Configuration
IP address: 192.168.1.2 Subnet mask: 255.255.255.0 Default gateway: 192.168.1.1 Depending on the configuration of the device, it may then be necessary to adapt the net- work interface of the locally connected computer or network accordingly. PHOENIX CONTACT 105656_en_05...
Page 67: Establishing A Local Configuration Connection
Under the Windows menu “Start, Settings, Control Panel, Network Connections” or “Network and Dial-up Connections”, right-click on the corresponding icon and select “Disable” in the context menu. After successful connection establishment Once a connection has been established successfully, a security alert may be displayed. 105656_en_05 PHOENIX CONTACT...
Page 68 The device can then be configured via the web interface. For additional information, please refer to the software reference manual. For security reasons, we recommend you change the default root and administrator pass- words during initial configuration. PHOENIX CONTACT 105656_en_05...
Page 69: Remote Configuration
Via the serial interface (RS232), a user can access the command line of the device. The fol- lowing parameters must be configured device-specific: – Baud rate: 57600 – Data bits / parity bit / stop bit: 8-N-1 – Hardware handshake RTS/CTS: Off (default) 105656_en_05 PHOENIX CONTACT...
Page 70: Restart, Recovery Procedure, And Flashing The Firmware
Performing a restart Objective The device is restarted with the configured settings. Action • Press the Reset button for around 1.5 seconds until the Err LED lights up. (Alternatively, disconnect the power supply and then connect it again.) PHOENIX CONTACT 105656_en_05...
Page 71 The configuration profile named "Recovery DATE" subsequently appears in the list of con- figuration profiles and can be edited and restored with or without changes. Action • Slowly press the Reset button six times. After approximately two seconds, the Stat LED lights up green. 105656_en_05 PHOENIX CONTACT...
Page 72 Choose the configuration profile, generated during the recovery procedure: „Recov- ery-DATE“ (e.g. “Recovery-2016.12.01-18:02:50). • Click on the Icon „Edit profile“ to analyze the configuration profile and to restore it with or without changes. • Click on the Icon „Save“ to apply the changes. PHOENIX CONTACT 105656_en_05...
Page 73 – The relevant firmware files are available for download from the download page of phoe- nixcontact.net/products. The files must be located under the following path names or in the following folders on the SD card: Firmware/install-ubi.mpc83xx.p7s Firmware/ubifs.img.mpc83xx.p7s 105656_en_05 PHOENIX CONTACT...
Page 74 The “jffs2.img.p7s” firmware file is downloaded from the TFTP server or SD card and written to the Flash memory. This file contains the actual mGuard operating system and is signed electronically. Only files signed by Phoenix Contact are accepted. This process takes around 3 to 5 minutes. The Stat LED is lit continuously.
Page 75: Technical Data
TC MGUARD RS2000 3G Firmware compatibility For mGuard v8.0 or later: Phoenix Contact recommends the use of the latest firmware version and patch releases in each case. For the scope of functions, please refer to the relevant firmware data sheet.
Page 76 CE | FCC | UL 508 | electrical isolation (VCC//PE) | ANSI / ISA 12.12 Class I Div. 2 Special features GPS / GLONASS receiver | realtime clock | Trusted Platform Module (TPM) | tempera- ture sensor | mGuard Secure Cloud ready PHOENIX CONTACT 105656_en_05...
Page 77: Tc Mguard Rs4000/Rs2000 4G
TC MGUARD RS4000/RS2000 4G TC MGUARD RS4000/RS2000 4G Table 4-1 Currently available products Product designation Phoenix Contact order number TC MGUARD RS4000 4G VPN 2903586 TC MGUARD RS2000 4G VPN 2903588 Product description The TC MGUARD RS4000 4G is suitable for distributed protection of production cells or in- dividual machines against manipulation.
Page 78: Operating Elements And Leds
After a few seconds, this LED changes to the heartbeat state. Green Connection via modem established Fault The signal output changes to the low level due to an error (inverted control logic). The signal output is inactive during a restart. PHOENIX CONTACT 105656_en_05...
Page 79 Sufficient Good Very good SIM 1 Green SIM card 1 active Flashing No PIN or incorrect one entered SIM 2 Green SIM card 2 active Flashing No PIN or incorrect one entered only TC MGUARD RS4000 4G 105656_en_05 PHOENIX CONTACT...
Page 80: Startup
The scope of supply includes: – The device – Package slip – Plug-in screw terminal blocks for the power supply connection and inputs/outputs (in- serted) 4.2.3 mGuard-Firmware – The device must be operated with mGuard firmware version 8.4 or higher. PHOENIX CONTACT 105656_en_05...
Page 81: Installation Of Tc Mguard Rs4000/Rs2000 4G
To remove the TC MGUARD RS4000/RS2000 4G from the DIN rail, insert a screw- driver horizontally in the locking slide under the housing, pull it down – without tilting the screwdriver – and then pull up the TC MGUARD RS4000/RS2000 4G. 105656_en_05 PHOENIX CONTACT...
Page 82 Use UTP cables with an impedance of 100 Ω. • Connect the internal network interface LAN of the device to the corresponding Ethernet network card of the configuration computer or a valid network connection of the internal network (LAN). PHOENIX CONTACT 105656_en_05...
Page 83 PLC signals. In this case, ensure the same potential as well as voltage and current specifications are defined. Depending on the firmware version used, the service contacts can be used for various switching or signaling tasks. 105656_en_05 PHOENIX CONTACT...
Page 84 NOTE: Removing operator permissions Operation of the wireless system is only permitted with accessories supplied by Phoenix Contact. The use of other accessory components may invalidate the operating license. You can find the approved accessories for this wireless system listed with the product at: phoenixcontact.net/products.
Page 85 Remove the SIM card holder. • Insert the SIM card so that the SIM chip remains visible. • Insert the SIM card holder together with the SIM card into the device until this ends flush with the housing. 105656_en_05 PHOENIX CONTACT...
Page 86 A redundant supply voltage can be connected. Both inputs are isolated. The load is not dis- tributed. With a redundant supply, the power supply unit with the higher output voltage sup- plies the TC MGUARD RS4000 4G alone. The supply voltage is electrically isolated from the housing. PHOENIX CONTACT 105656_en_05...
Page 87 If the supply voltage is not redundant, the TC MGUARD RS4000 4G indicates the failure of the supply voltage via the signal contact. This message can be prevented by feeding the supply voltage via both inputs or by installing an appropriate wire jumper between the con- nections. 105656_en_05 PHOENIX CONTACT...
Page 88: Preparing The Configuration
IP address: 192.168.1.2 Subnet mask: 255.255.255.0 Default gateway: 192.168.1.1 Depending on the configuration of the device, it may then be necessary to adapt the net- work interface of the locally connected computer or network accordingly. PHOENIX CONTACT 105656_en_05...
Page 89: Establishing A Local Configuration Connection
After successful connection establishment Once a connection has been established successfully, a security alert may be displayed. Explanation: As administrative tasks can only be performed using encrypted access, a self-signed certif- icate is supplied with the device. 105656_en_05 PHOENIX CONTACT...
Page 90 The device can then be configured via the web interface. For additional information, please refer to the software reference manual. For security reasons, we recommend you change the default root and administrator pass- words during initial configuration. PHOENIX CONTACT 105656_en_05...
Page 91: Remote Configuration
Via the serial interface (RS232), a user can access the command line of the device. The fol- lowing parameters must be configured device-specific: – Baud rate: 57600 – Data bits / parity bit / stop bit: 8-N-1 – Hardware handshake RTS/CTS: Off (default) 105656_en_05 PHOENIX CONTACT...
Page 92: Restart, Recovery Procedure, And Flashing The Firmware
Performing a restart Objective The device is restarted with the configured settings. Action • Press the Reset button for around 1.5 seconds until the Err LED lights up. (Alternatively, disconnect the power supply and then connect it again.) PHOENIX CONTACT 105656_en_05...
Page 93 Choose the configuration profile, generated during the recovery procedure: „Recov- ery-DATE“ (e.g. “Recovery-2016.12.01-18:02:50). • Click on the Icon „Edit profile“ to analyze the configuration profile and to restore it with or without changes. • Click on the Icon „Save“ to apply the changes. 105656_en_05 PHOENIX CONTACT...
Page 94 – The relevant firmware files are available for download from the download page of phoe- nixcontact.net/products. The files must be located under the following path names or in the following folders on the SD card: Firmware/install-ubi.mpc83xx.p7s Firmware/ubifs.img.mpc83xx.p7s PHOENIX CONTACT 105656_en_05...
Page 95 The “jffs2.img.p7s” firmware file is downloaded from the TFTP server or SD card and written to the Flash memory. This file contains the actual mGuard operating system and is signed electronically. Only files signed by Phoenix Contact are accepted. This process takes around 3 to 5 minutes. The Stat LED is lit continuously.
Page 96: Technical Data
TC MGUARD RS2000 4G Firmware compatibility For mGuard v8.4.1 or later: Phoenix Contact recommends the use of the latest firm- ware version and patch releases in each case. For the scope of functions, please refer to the relevant firmware data sheet.
Page 97 TC MGUARD RS4000 4G TC MGUARD RS2000 4G Conformance CE | electrical isolation (VCC//PE) Special features GPS / GLONASS receiver | realtime clock | Trusted Platform Module (TPM) | tempera- ture sensor | mGuard Secure Cloud ready 105656_en_05 PHOENIX CONTACT...
Page 98 TC MGUARD RS4000/RS2000 4G PHOENIX CONTACT 105656_en_05...
Page 99: Fl Mguard Rs2000 Tx/Tx-B
FL MGUARD RS2000 TX/TX-B FL MGUARD RS2000 TX/TX-B Table 5-1 Currently available products Product designation Phoenix Contact order number FL MGUARD RS2000 TX/TX-B 2702139 Product description The FL MGUARD RS2000 TX/TX-B is an industrial router which offers static routing, NAT routing, 1:1 NAT routing, and port forwarding functions.
Page 100: Operating Elements And Leds
Ethernet status: Indicates the status of the LAN or WAN port. As soon as the device is connected to the relevant network, a continuous light indicates that there is a con- nection to the network partner in the LAN or WAN. When data packets are transmit- ted, the LED goes out briefly. PHOENIX CONTACT 105656_en_05...
Page 101: Startup
Before startup, check the scope of supply to ensure nothing is missing. The scope of supply includes: – The device – Package slip – Plug-in screw terminal blocks for the power supply connection and inputs/outputs (in- serted) 105656_en_05 PHOENIX CONTACT...
Page 102: Installation Of Fl Mguard Rs2000 Tx/Tx-B
To remove the FL MGUARD RS2000 TX/TX-B from the DIN rail, insert a screwdriver horizontally in the locking slide under the housing, pull it down – without tilting the screwdriver – and then pull up the FL MGUARD RS2000 TX/TX-B. PHOENIX CONTACT 105656_en_05...
Page 103 Please note that only the “Service 1” contacts are used with firmware version up to and including 7.6.x. The “Service 2” contacts shall be made available as of firmware version 8.1. The plug-in screw terminal blocks of the service contacts may be removed or inserted during operation of the device. 105656_en_05 PHOENIX CONTACT...
Page 104 +24 V +24 V put (+) input 11 ... put (-) cuit-proof See Section 5.3.4 Only for 36 V DC switching FL MGUARD RS4000 Supply volt- Supply volt- output See Section 5.3.4 Example Example Not used Not used Signal out- Signal out- †...
Page 105 The O4 alarm output reports the following when “Management, Service I/O, Alarm output” has been activated. – Monitoring of the link status of the Ethernet connections – Monitoring of the temperature condition – Monitoring of the connection state of the internal modem 105656_en_05 PHOENIX CONTACT...
Page 106 During a restart, the signal contact is switched off until the FL MGUARD RS2000 TX/TX-B has started up completely. This also applies when the signal contact is manually set to “Closed” under “Manual settings” in the software configuration. PHOENIX CONTACT 105656_en_05...
Page 107 5.3.4 Connecting the supply voltage WARNING: The FL MGUARD RS4000/RS2000 is designed for operation with a DC volt- age of 11 V DC ... 36 V DC/SELV, 1.5 A, maximum. Therefore, only SELV circuits with voltage limitations according to EN 60950-1 may be connected to the supply connections and the signal contact.
Page 108: Preparing The Configuration
According to the default setting, the device can be accessed via the following addresses: Table 5-3 Preset addresses Default setting Network mode Management IP #1 (IP address of the internal interface) FL MGUARD RS2000 TX/TX-B Router https://192.168.1.1/ PHOENIX CONTACT 105656_en_05...
Page 109 The device can then be configured via the web interface. For additional information, please refer to the software reference manual. For security reasons, we recommend you change the default root and administrator pass- words during initial configuration. 105656_en_05 PHOENIX CONTACT...
Page 110: Serial Interface
Via the serial interface (RS232), a user can access the command line of the device. The fol- lowing parameters must be configured device-specific: – Baud rate: 57600 – Data bits / parity bit / stop bit: 8-N-1 – Hardware handshake RTS/CTS: Off (default) PHOENIX CONTACT 105656_en_05...
Page 111: Restart, Recovery Procedure, And Flashing The Firmware
Performing a restart Objective The device is restarted with the configured settings. Action • Press the Reset button for around 1.5 seconds until the ERR LED lights up. (Alternatively, disconnect the power supply and then connect it again.) 105656_en_05 PHOENIX CONTACT...
Page 112 If successful, the STAT LED lights up green. If unsuccessful, the ERR LED lights up red. If successful, the device restarts after two seconds and switches to Stealth mode. The de- vice can then be reached again under the corresponding addresses. PHOENIX CONTACT 105656_en_05...
Page 113 Choose the configuration profile, generated during the recovery procedure: „Recov- ery-DATE“ (e.g. “Recovery-2016.12.01-18:02:50). • Click on the Icon „Edit profile“ to analyze the configuration profile and to restore it with or without changes. • Click on the Icon „Save“ to apply the changes. 105656_en_05 PHOENIX CONTACT...
Page 114 This SD card has been inserted into the device. – The relevant firmware files are available for download from the download page of phoenixcontact.net/products. The files must be located under the following path names or in the following folders on the SD card: Firmware/install-ubi.mpc83xx.p7s Firmware/ubifs.img.mpc83xx.p7s PHOENIX CONTACT 105656_en_05...
Page 115 The “jffs2.img.p7s” firmware file is downloaded from the TFTP server or SD card and written to the Flash memory. This file contains the actual mGuard operating system and is signed electronically. Only files signed by Phoenix Contact are accepted. This process takes around 3 to 5 minutes. The STAT LED is lit continuously.
Page 116 Make sure that this is the correct license file for the device (under “Management >> Up- date” on the web interface). • Then restart the inetd process to apply the configuration changes. • When using a different mechanism, e.g., xinetd, please consult the relevant documen- tation. PHOENIX CONTACT 105656_en_05...
Page 117: Technical Data
FL MGUARD RS2000 TX/TX-B Firmware compatibility mGuard v8.x or later: Phoenix Contact recommends the use of the latest firm- ware version and patch releases in each case. For the scope of functions, please refer to the relevant firmware data sheet.
Page 118 FL MGUARD RS2000 TX/TX-B PHOENIX CONTACT 105656_en_05...
Page 119: Fl Mguard Rs4000 Tx/Tx-P
2702259 Product description The FL MGUARD RS4000 TX/TX-P is a security router with intelligent firewall and IPsec VPN (up to 250 tunnels). Providing a special DPI (Deep Packet Inspection) functionality for OPC Classic and Modbus TCP, it has been designed for use in the process industry to ac- commodate strict distributed security and high availability requirements.
Page 120: Operating Elements And Leds
Connections below: RS-232 interface LEDs, see Table 6-2 Configuration (SD card) Figure 6-2 Operating elements and LEDs on the FL MGUARD RS4000 TX/TX-P Table 6-2 LEDs on the FL MGUARD RS4000 TX/TX-P Status Meaning Green On Power supply 1 is active...
Page 121 FL MGUARD RS4000 TX/TX-P Table 6-2 LEDs on the FL MGUARD RS4000 TX/TX-P[...] Status Meaning INFO Green On Up to firmware version 8.0: the configured VPN connection has been established As of firmware version 8.1, the configured VPN connections are established or the...
Page 122: Safety Notes
FL MGUARD RS4000 TX/TX-P Safety notes 6.2.1 Installation notes – This category 3 device (ATEX directive) is designed for installation in zone 2 potentially explosive areas. It meets the requirements of EN 60079-0:2009 and EN 60079-15:2010. – This device is not designed for use in atmospheres with danger of dust explosions.
Page 123: Startup
FL MGUARD RS4000 TX/TX-P Startup 6.3.1 Safety notes To ensure correct operation and the safety of the environment and of personnel, the device must be installed, operated, and maintained correctly. NOTE: Risk of material damage due to incorrect wiring Only connect the device network ports to LAN installations. Some telecommunications connections also use RJ45 sockets;...
Page 124: Installation Of Fl Mguard Rs4000 Tx/Tx-P
Mounting the FL MGUARD RS4000 TX/TX-P on a DIN rail • Attach the top snap-on foot of the FL MGUARD RS4000 TX/TX-P to the DIN rail and then press the FL MGUARD RS4000 TX/TX-P down towards the DIN rail until it engag- es with a click.
Page 125 FL MGUARD RS4000 TX/TX-P 6.4.2 Connecting to the network NOTE: Only connect the device network ports to LAN installations. Some telecommuni- cations connections also use RJ45 sockets; these must not be connected to the RJ45 sockets of the device. •...
Page 126 FL MGUARD RS4000 TX/TX-P I1/I2 O1/O2 Voltage out- Switching Ground out- Short-cir- +24 V +24 V put (+) input 11 ... put (-) cuit-proof See section 6.4.4 Only for 36 V DC switching FL MGUARD RS4000 Supply volt- Supply volt- output See section 6.4.4...
Page 127 If VPN connections are being monitored, an illuminated Info LED indicates that VPN con- nections are established. Alarm output O4 resp. The O4 alarm output monitors the function of the FL MGUARD RS4000/RS2000 and there- FAULT fore enables remote diagnostics.
Page 128 FL MGUARD RS4000 TX/TX-P 6.4.4 Connecting the supply voltage WARNING: The device is designed for operation at DC voltages of 11 V DC ... 36 V DC/SELV. Therefore, only SELV circuits with voltage limitations according to IEC 60950/EN 60950/VDE 0805 may be connected to the supply connections and the signal contact.
Page 129: Preparing The Configuration
Preparing the configuration 6.5.1 Connection requirements – The FL MGUARD RS4000 TX/TX-P must be connected to at least one active power supply unit. – For local configuration: The computer that is to be used for configuration must be connected to the LAN socket on the device.
Page 130: Configuration In Stealth Mode
FL MGUARD RS4000 TX/TX-P Configuration in Stealth mode On initial startup, the device can be accessed via two addresses: – https://192.168.1.1/ (see page 130) – https://1.1.1.1/ (see page 131) Alternatively, an IP address can be assigned via BootP (see “Assigning the IP address via BootP”...
Page 131 FL MGUARD RS4000 TX/TX-P 6.6.2 IP address https://1.1.1.1/ With a configured network In order for the device to be addressed via address https://1.1.1.1/, it must be connected interface to a configured network interface. This is the case if it is connected in an existing network connection and if the default gateway can be accessed via the WAN port of the device at the same time.
Page 132: Establishing A Local Configuration Connection
FL MGUARD RS4000 TX/TX-P Establishing a local configuration connection Web-based administrator The device is configured via a web browser that is executed on the configuration computer. interface NOTE: The web browser used must support SSL encryption (i.e., HTTPS). The device can be accessed via one of the following addresses:...
Page 133 FL MGUARD RS4000 TX/TX-P Explanation As administrative tasks can only be performed using encrypted access, a self-signed certif- icate is supplied with the device. • Click “Yes” to acknowledge the security alert. The login window is displayed. Figure 6-5 Login •...
Page 134: Remote Configuration
FL MGUARD RS4000 TX/TX-P Remote configuration Requirement The device must be configured so that remote configuration is permitted. The option for remote configuration is disabled by default. Switch on the remote configuration option in the web interface under “Management >> Web Settings”.
Page 135: Restart, Recovery Procedure, And Flashing The Firmware
FL MGUARD RS4000 TX/TX-P 6.10 Restart, recovery procedure, and flashing the firm- ware The reset button is used to set the device to one of the following states: – Performing a restart – Performing a recovery procedure – Flashing the firmware/rescue procedure...
Page 136 FL MGUARD RS4000 TX/TX-P 6.10.2 Performing a recovery procedure Objective (up to 8.3.x) Up to mGuard firmware version 8.3.x The network configuration (but not the rest of the configuration) is to be reset to the de- livery state, as it is no longer possible to access the device.
Page 137 FL MGUARD RS4000 TX/TX-P Action • Slowly press the reset button six times. After approximately 2 seconds, the STAT LED lights up green. • When the green STAT LED has gone out, slowly press the reset button again six times.
Page 138 FL MGUARD RS4000 TX/TX-P 6.10.3 Flashing the firmware/rescue procedure Objective The entire mGuard firmware should be reloaded on the device. – All configured settings are deleted. The device is set to the delivery state. – In mGuard firmware version 5.0.0 or later, the licenses installed on the device are re- tained after flashing the firmware.
Page 139 The “jffs2.img.p7s” firmware file is downloaded from the TFTP server or SD card and written to the Flash memory. This file contains the actual mGuard operating system and is signed electronically. Only files signed by Phoenix Contact are accepted. This process takes around 3 to 5 minutes. The STAT LED is lit continuously.
Page 140: Technical Data
Firmware and power values FL MGUARD RS4000 TX/TX-P Firmware compatibility For mGuard v8.1.0 or newer: Phoenix Contact recommends the use of the lat- est firmware version and patch releases. For the scope of functions, please refer to the relevant firmware data sheet.
Page 141 FL MGUARD RS4000 TX/TX-P Miscellaneous FL MGUARD RS4000 TX/TX-P Conformance CE | FCC | UL 508 ANSI/ISA 12.12 Class I Div. 2 Approvals Further approvals ISA-S71.04-1985 G3 Harsh Group A Special features Realtime clock | Trusted Platform Module (TPM) | temperature sensor |...
Page 142 FL MGUARD RS4000 TX/TX-P PHOENIX CONTACT 105656_en_05...
Page 143: Fl Mguard Rs4000 Tx/Tx Vpn-M
The FL MGUARD RS4000 TX/TX VPN-M is functionally identical to the FL MGUARD RS4000. In contrast to the FL MGUARD RS4000 it has the approval for ma- rine and offshore applications and an extended temperature range.
Page 144: Operating Elements And Leds
Connections below: RS-232 interface LEDs, see Table 7-2 Configuration (SD card) Figure 7-2 Operating elements and LEDs on the FL MGUARD RS4000 TX/TX VPN-M Table 7-2 LEDs on the FL MGUARD RS4000 TX/TX VPN-M State Meaning Green On Power supply 1 is active...
Page 145 FL MGUARD RS4000 TX/TX VPN-M Table 7-2 LEDs on the FL MGUARD RS4000 TX/TX VPN-M[...] State Meaning INFO Green On Up to firmware version 8.0: the configured VPN connection has been established As of firmware version 8.1, the configured VPN connections are established or the...
Page 146: Startup
FL MGUARD RS4000 TX/TX VPN-M Startup 7.2.1 Safety notes To ensure correct operation and the safety of the environment and of personnel, the device must be installed, operated, and maintained correctly. NOTE: Risk of material damage due to incorrect wiring Only connect the device network ports to LAN installations.
Page 147: Installation Of Fl Mguard Rs4000 Tx/Tx Vpn-M
FL MGUARD RS4000 TX/TX VPN-M Installation of FL MGUARD RS4000 TX/TX VPN-M 7.3.1 Mounting/removal Mounting The device is ready to operate when it is supplied. The recommended sequence for mount- ing and connection is as follows: • Mount the device on a grounded 35 mm DIN rail according to DIN EN 60715.
Page 148 FL MGUARD RS4000 TX/TX VPN-M 7.3.2 Connecting to the network NOTE: Only connect the device network ports to LAN installations. Some telecommuni- cations connections also use RJ45 sockets; these must not be connected to the RJ45 sockets of the device.
Page 149 FL MGUARD RS4000 TX/TX VPN-M I1/I2 O1/O2 Voltage out- Switching Ground out- Short-cir- +24 V +24 V put (+) input 11 ... put (-) cuit-proof See Section 7.3.4 Only for 36 V DC switching FL MGUARD RS4000 Supply volt- Supply volt- output See Section 7.3.4...
Page 150 If VPN connections are being monitored, an illuminated Info LED indicates that VPN con- nections are established. Alarm output O4 resp. The O4 alarm output monitors the function of the FL MGUARD RS4000/RS2000 and there- FAULT fore enables remote diagnostics.
Page 151 FL MGUARD RS4000 TX/TX VPN-M 7.3.4 Connecting the supply voltage WARNING: The device is designed for operation at DC voltages of 11 V DC ... 36 V DC/SELV. Therefore, only SELV circuits with voltage limitations according to IEC 60950/EN 60950/VDE 0805 may be connected to the supply connections and the signal contact.
Page 152: Preparing The Configuration
FL MGUARD RS4000 TX/TX VPN-M Preparing the configuration 7.4.1 Connection requirements – The device must be connected to at least one active power supply unit. – For local configuration: The computer that is to be used for configuration must be connected to the LAN socket on the device.
Page 153: Configuration In Stealth Mode
FL MGUARD RS4000 TX/TX VPN-M Configuration in Stealth mode On initial startup, the device can be accessed via two addresses: – https://192.168.1.1/ (see Page 154) – https://1.1.1.1/ (see Page 154) Alternatively, an IP address can be assigned via BootP (see “Assigning the IP address via BootP”...
Page 154 FL MGUARD RS4000 TX/TX VPN-M 7.5.1 IP address 192.168.1.1 In Stealth mode, the device can be accessed via the LAN interface via IP address 192.168.1.1 within network 192.168.1.0/24, if one of the following conditions applies. – The device is in the delivery state.
Page 155 FL MGUARD RS4000 TX/TX VPN-M 7.5.3 Assigning the IP address via BootP After assigning an IP address via BootP, the product can no longer be accessed via IP ad- dress 192.168.1.1 For IP address assignment, the device uses the BootP protocol. The IP address can also be assigned via BootP.
Page 156: Establishing A Local Configuration Connection
FL MGUARD RS4000 TX/TX VPN-M Establishing a local configuration connection Web-based administrator The device is configured via a web browser that is executed on the configuration computer. interface NOTE: The web browser used must support SSL encryption (i.e., HTTPS). The device can be accessed via one of the following addresses:...
Page 157 FL MGUARD RS4000 TX/TX VPN-M After successful connection establishment Once a connection has been established successfully, a security alert may be displayed. Explanation: As administrative tasks can only be performed using encrypted access, a self-signed certif- icate is supplied with the device.
Page 158: Remote Configuration
FL MGUARD RS4000 TX/TX VPN-M Remote configuration Requirement The device must be configured so that remote configuration is permitted. The option for remote configuration is disabled by default. Switch on the remote configuration option in the web interface under “Management >> Web Settings”.
Page 159: Restart, Recovery Procedure, And Flashing The Firmware
FL MGUARD RS4000 TX/TX VPN-M Restart, recovery procedure, and flashing the firm- ware The Reset button is used to set the device to one of the following states: – Performing a restart – Performing a recovery procedure – Flashing the firmware/rescue procedure...
Page 160 FL MGUARD RS4000 TX/TX VPN-M 7.9.2 Performing a recovery procedure Objective (up to 8.3.x) Up to mGuard firmware version 8.3.x The network configuration (but not the rest of the configuration) is to be reset to the de- livery state, as it is no longer possible to access the device.
Page 161 FL MGUARD RS4000 TX/TX VPN-M Action • Slowly press the Reset button six times. After approximately 2 seconds, the STAT LED lights up green. • Press the Reset button slowly again six times. If successful, the STAT LED lights up green.
Page 162 FL MGUARD RS4000 TX/TX VPN-M 7.9.3 Flashing the firmware/rescue procedure Objective The entire mGuard firmware should be reloaded on the device. – All configured settings are deleted. The device is set to the delivery state. – In Version mGuard firmware version 5.0.0 or later, the licenses installed on the device are retained after flashing the firmware.
Page 163 The “jffs2.img.p7s” firmware file is downloaded from the TFTP server or SD card and written to the Flash memory. This file contains the actual mGuard operating system and is signed electronically. Only files signed by Phoenix Contact are accepted. This process takes around 3 to 5 minutes. The STAT LED is lit continuously.
Page 164: Technical Data
FL MGUARD RS4000 TX/TX VPN-M Firmware compatibility For mGuard v8.1.8 or later: Phoenix Contact recommends the use of the latest firm- ware version and patch releases in each case. For the scope of functions, please refer to the relevant firmware data sheet.
Page 165: Fl Mguard Gt/Gt
FL MGUARD GT/GT FL MGUARD GT/GT Table 8-1 Currently available products Product designation Phoenix Contact order number FL MGUARD GT/GT 2700197 FL MGUARD GT/GT VPN 2700198 Product description The FL MGUARD GT/GT supports hybrid use as a router/firewall/VPN router both via Ethernet and for serial dial-up connections.
Page 166: Operating Elements And Leds
Signal contact open, i.e., an error has occurred Signal contact closed, i.e., an error has not occurred A Link LED is located on the front of the device for the LAN and WAN port. Green Link active (Link) Link not active PHOENIX CONTACT 105656_en_05...
Page 167 LAN port is in half duplex mode and the WAN port is in full duplex mode. B: The switch has been set to display the Activity (ACT); the mode LEDs now indicate that incoming data packets are detected on both ports. 105656_en_05 PHOENIX CONTACT...
Page 168 Messages in Smart mode: For Smart Mode, see “Restart, recovery procedure, and flashing the firmware” on page 186 Display Meaning Smart mode “No changes” Smart mode “Recovery procedure” Smart mode “Flash procedure” Smart mode “Customized default profile” PHOENIX CONTACT 105656_en_05...
Page 169 MRP master The points under “Remedy” are recommendations; they do not all have to be carried out for every error. For all other message codes that are not listed here, please contact Phoenix Contact. 105656_en_05 PHOENIX CONTACT...
Page 170: Startup
Before startup, check the scope of supply to ensure nothing is missing. The scope of supply includes: – The device – Package slip – Terminal block for the power supply connection (inserted) – Terminal block for the signal contact, button PHOENIX CONTACT 105656_en_05...
Page 171: Installation Of Fl Mguard Gt/Gt
To remove the FL MGUARD GT/GT from the DIN rail, insert a screwdriver horizontally in the locking slide under the housing, pull it down – without tilting the screwdriver – and then pull up the FL MGUARD GT/GT. 105656_en_05 PHOENIX CONTACT...
Page 172 Connect the external network via the WAN socket, e.g., WAN, Internet. (Connections to the remote device or network are established via this network.) Driver installation is not required. For security reasons, we recommend you change the default root and administrator pass- words during initial configuration. PHOENIX CONTACT 105656_en_05...
Page 173 TD+ (transmit) BI_DA+ (bidirectional) TD- (transmit) TD- (transmit) BI_DA- (bidirectional) RD+ (receive) RD+ (receive) BI_DB+ (bidirectional) – – BI_DC+ (bidirectional) – – BI_DC- (bidirectional) RD- (receive) RD- (receive) BI_DB- (bidirectional) – – BI_DD+ (bidirectional) – – BI_DD- (bidirectional) 105656_en_05 PHOENIX CONTACT...
Page 174 Ensure correct mechanical alignment of the SFP mod- ules. Connecting the FO cable • Ensure correct mechanical alignment when inserting the fiber optic plugs. Removing the fiber optic plugs • Press the arresting latch (A) and pull out the plug (B). PHOENIX CONTACT 105656_en_05...
Page 175 This also applies when the signal contact is manually set to “Closed” in the software config- uration. The switch has a floating signal contact. An error is indicated when the contact is opened. 67842015 Figure 8-5 Basic circuit diagram for the signal contact 105656_en_05 PHOENIX CONTACT...
Page 176 Either the VPN connection was not established or it has failed due to an error. If the INF LED is illuminated, the VPN connection is present. If the INF LED is flashing, the VPN connection is being established or released. PHOENIX CONTACT 105656_en_05...
Page 177 FL MGUARD GT/GT VPN - you can connect a VPN enable button to the MCI/GND con- nection terminal blocks. The MC1/GND connection terminal blocks can be used either for the connection of a (re- dundant) power supply or a VPN enable button. 105656_en_05 PHOENIX CONTACT...
Page 178 This message can be prevented by feeding the supply voltage via both inputs. GND R1 R2 76120026 24 V DC Figure 8-7 Redundant connection of the supply voltage/signal contact without VPN en- able button PHOENIX CONTACT 105656_en_05...
Page 179 To enable a VPN enable button/switch connected externally to the device to establish/re- lease a VPN tunnel, this switch/button should be connected to MC1/GND. GND R1 R2 24 V DC Figure 8-9 Redundant connection of the supply voltage with VPN enable button 105656_en_05 PHOENIX CONTACT...
Page 180 Set the following transmission parameters: RS-232 (V.24) interface Bits per second 38,400 Data bits Parity None res. Stop bits Flow control None 6151007 Figure 8-10 Transmission parameters and assignment of the RS-232 interface PHOENIX CONTACT 105656_en_05...
Page 181: Preparing The Configuration
According to the default setting, the device can be accessed via the following address: Table 8-4 Preset addresses Default setting Network Management IP address #1 (IP address of mode the internal interface) FL MGUARD GT/GT Router https://192.168.1.1/ 105656_en_05 PHOENIX CONTACT...
Page 182 IP address: 192.168.1.2 Subnet mask: 255.255.255.0 Default gateway: 192.168.1.1 Depending on the configuration of the device, it may then be necessary to adapt the net- work interface of the locally connected computer or network accordingly. PHOENIX CONTACT 105656_en_05...
Page 183: Establishing A Local Configuration Connection
Under the Windows menu “Start, Settings, Control Panel, Network Connections” or “Network and Dial-up Connections”, right-click on the corresponding icon and select “Disable” in the context menu. After successful connection establishment Once a connection has been established successfully, a security alert may be displayed. 105656_en_05 PHOENIX CONTACT...
Page 184 The device can then be configured via the web interface. For additional information, please refer to the software reference manual. For security reasons, we recommend you change the default root and administrator pass- words during initial configuration. PHOENIX CONTACT 105656_en_05...
Page 185: Remote Configuration
Via the serial interface (RS232), a user can access the command line of the device. The fol- lowing parameters must be configured device-specific: – Baud rate: 38400 – Data bits / parity bit / stop bit: 8-N-1 – Hardware handshake RTS/CTS: Off (default) 105656_en_05 PHOENIX CONTACT...
Page 186: Restart, Recovery Procedure, And Flashing The Firmware
Selecting the desired setting • To select the different settings, press the Mode button briefly and select the desired op- erating mode using a binary light pattern of the mode LEDs and a code on the 7-seg- ment display. PHOENIX CONTACT 105656_en_05...
Page 187 The settings configured for VPN connections and the firewall are retained, including passwords. Possible reasons for performing the recovery procedure: – The device is in Router or PPPoE mode. – The configured IP address of the device differs from the default setting. 105656_en_05 PHOENIX CONTACT...
Page 188 Select the configuration profile created during the recovery procedure named "Recov- ery-DATE" (e.g. "Recovery-2016.12.01-18:02:50"). • Click on the "Edit profile" icon to analyze the configuration profile and subsequently restore it with or without changes. • Click on the "Save" icon to apply the changes. PHOENIX CONTACT 105656_en_05...
Page 189 The jffs2.img.mpc83xx.p7s firmware file is downloaded from the TFTP server and written to the Flash memory. This file contains the actual mGuard operating system and is signed electronically. Only files signed by Phoenix Contact are accepted. The process takes several minutes, during which the numbers on the 7-segment display change constantly and the ACT, SPD and FD LEDs flash continuously.
Page 190 Make sure that this is the correct license file for the device (under “Management >> Up- date” on the web interface). Figure 8-13 Entering the host IP PHOENIX CONTACT 105656_en_05...
Page 191 Make sure that this is the correct license file for the device (under “Management >> Up- date” on the web interface). • Then restart the inetd process to apply the configuration changes. • If a different mechanism should be used, e.g., xinetd, please consult the relevant doc- umentation. 105656_en_05 PHOENIX CONTACT...
Page 192: Technical Data
Current consumption on US at 24 V DC, maximum 270 mA Maximum power consumption at nominal voltage 6.5 W Interfaces FL MGUARD GT/GT Number of Ethernet ports 2, should be operated as RJ45 port or SFP port RS-232 configuration interface Connection format Mini-DIN socket PHOENIX CONTACT 105656_en_05...
Page 193 FL MGUARD GT/GT Shock testing according to IEC 60068-2-27 Operation: 30g/11 ms, Half-sine shock pulse Storage/transport: 50g, Half-sine shock pulse Vibration resistance according to IEC 60068-2-6 Operation/storage/transport: 5g, 57 Hz ... 150 Hz Free fall according to IEC 60068-2-32 105656_en_05 PHOENIX CONTACT...
Page 194 Temporary adverse effects on the operating behavior, which the device corrects automatically. Criterion A: Normal operating behavior within the specified limits. EN 55011 corresponds to CISPR11 Class A: Industrial application, without special installation measures Class B: residential Additional certification FL MGUARD GT/GT RoHS EEE 2002/95/EC - WEEE 2002/96/EC PHOENIX CONTACT 105656_en_05...
Page 195: Fl Mguard Pci(E)4000
FL MGUARD PCI(E)4000 FL MGUARD PCI(E)4000 Table 9-1 Currently available products Product designation Phoenix Contact order number FL MGUARD PCI4000 2701274 FL MGUARD PCI4000 VPN 2701275 FL MGUARD PCIE4000 2701277 FL MGUARD PCIE4000 2701278 Product description The FL MGUARD PCI(E)4000 has the design of a PCI-compatible plug-in board. It is avail- able in two versions: –...
Page 196: Operating Elements And Leds
Press the Reset button (for 1.5 seconds). • Alternatively, briefly disconnect the device power supply and then connect it again. If the error is still present, start the recovery procedure (see “Performing a recovery proce- dure” on page 209) or contact your dealer. PHOENIX CONTACT 105656_en_05...
Page 197: Startup
Clean the device housing with a soft cloth. Do not use aggressive solvents. 9.2.2 Checking the scope of supply Before startup, check the scope of supply to ensure nothing is missing. The scope of supply includes: – FL MGUARD PCI4000 – Package slip 105656_en_05 PHOENIX CONTACT...
Page 198: Installation Of Fl Mguard Pci4000
Use a UTP cable (CAT5). The cable is not supplied as standard. Figure 9-3 FL MGUARD PCI4000 structure • Install the FL MGUARD PCI4000 in a free PCI or PCI Express slot. Observe the notes in the documentation for your system. PHOENIX CONTACT 105656_en_05...
Page 199: Preparing The Configuration
The device is preset to the “multiple Clients” stealth configuration. You need to configure a management IP address and default gateway if you want to use VPN connections (see Page 205). Alternatively, you can select a different stealth configuration or use another net- work mode. 105656_en_05 PHOENIX CONTACT...
Page 200: Configuration In Stealth Mode
The device is configured via a web browser that is executed on the locally connected com- puter. NOTE: The web browser used must support SSL encryption (i.e., HTTPS). The device is preset and can be accessed via address https://1.1.1.1/ PHOENIX CONTACT 105656_en_05...
Page 201 The connection to the FL MGUARD PCI4000 is established. (If not, see Section 9.5.2). A security message indicating a possible invalid/not trusted certificate is displayed. This message results from the use of an mGuard certificate from Phoenix Contact that is not yet known to the browser but necessary for encryption of the communication.
Page 202 IP address: 192.168.1.10 Subnet mask: 255.255.255.0 Default gateway: 192.168.1.2 • Enter the address assigned into the browser: https://192.168.1.1/ • Configure the device as described in “Configuring the FL MGUARD PCI4000” on page 201. PHOENIX CONTACT 105656_en_05...
Page 203 In initial startup mode, the FL MGUARD PCI4000 additionally starts a BootP client on the in- ternal network interface (LAN 1). The BootP client is compatible with the “IPAssign” BootP servers from Phoenix Contact as well as “DHCPD” under Linux. This software can be downloaded free of charge at phoenixcontact.net/products.
Page 204 After receiving a BootP reply, the device no longer sends BootP requests, not even after it has been restarted. For the device to send BootP requests again, it must either be set to the default settings or one of the procedures (recovery or flash) must be performed. PHOENIX CONTACT 105656_en_05...
Page 205: Establishing A Local Configuration Connection
Under the Windows menu “Start, Settings, Control Panel, Network Connections” or “Network and Dial-up Connections”, right-click on the corresponding icon and select “Disable” in the context menu. After successful connection establishment Once a connection has been established successfully, a security alert may be displayed. 105656_en_05 PHOENIX CONTACT...
Page 206 The device can then be configured via the web interface. For additional information, please refer to the software reference manual. For security reasons, we recommend you change the default root and administrator pass- words during initial configuration. PHOENIX CONTACT 105656_en_05...
Page 207: Remote Configuration
If a different port number is used, it should be entered after the IP address, e.g., https://123.45.67.89:442/ Configuration The device can then be configured via the web interface. For additional information, please refer to the software reference manual. 105656_en_05 PHOENIX CONTACT...
Page 208: Restart, Recovery Procedure, And Flashing The Firmware
Performing a restart Objective The device is restarted with the configured settings. Action • Press the Reset button until the STAT LED lights up orange. • Alternatively, restart the computer that contains the FL MGUARD PCI card. PHOENIX CONTACT 105656_en_05...
Page 209 ( "Recovery-DATE"). After the recovery proce- dure has finished, the device starts with the Factory Default settings. The configuration profile named "Recovery DATE" subsequently appears in the list of con- figuration profiles and can be edited and restored with or without changes. 105656_en_05 PHOENIX CONTACT...
Page 210 Choose the configuration profile, generated during the recovery procedure: „Recovery- DATE“ (e.g. “Recovery-2016.12.01-18:02:50). • Click on the Icon „Edit profile“ to analyze the configuration profile and to restore it with or without changes. • Click on the Icon „Save“ to apply the changes. PHOENIX CONTACT 105656_en_05...
Page 211 The STAT LED on the front plate briefly lights up orange. Then the STAT LED and the upper two LEDs of the Ethernet sockets light up green one after the other. • Release the Reset button during the green light phase. The flashing procedure is started. 105656_en_05 PHOENIX CONTACT...
Page 212: Technical Data
FL MGUARD PCI4000 | FL MGUARD PCIE4000 Firmware compatibility For mGuard v7.5.0 or later: Phoenix Contact recommends the use of the lat- est firmware version and patch releases in each case. For the scope of functions, please refer to the relevant firmware data sheet.
Page 213: 10 Fl Mguard Smart2
FL MGUARD SMART2 10 FL MGUARD SMART2 Table 10-1 Currently available products Product designation Phoenix Contact order number FL MGUARD SMART2 2700640 FL MGUARD SMART2 VPN 2700639 Product description The FL MGUARD SMART2 is the smallest device version. For example, it can be inserted between the computer or local network and an available router, without having to make con- figuration changes or perform driver installations on the existing system.
Page 214: Operating Elements And Leds
WAN: connection to the network partner is present Flashing WAN: data transmission is active 1, 2, 3 Various LED light Recovery mode. After pressing the Reset button. codes See “Restart, recovery procedure, and flashing the firmware” on page 224. PHOENIX CONTACT 105656_en_05...
Page 215: Startup
Clean the device housing with a soft cloth. Do not use aggressive solvents. 10.2.2 Checking the scope of supply Before startup, check the scope of supply to ensure nothing is missing. The scope of supply includes: – FL MGUARD SMART2 – Package slip 105656_en_05 PHOENIX CONTACT...
Page 216: Connecting The Fl Mguard Smart2
For security reasons, we recommend you change the default root and administrator pass- words during initial configuration. WARNING: This is a Class A item of equipment. This equipment can cause radio interfer- ence in residential areas; in this case, the operator may be required to implement appro- priate measures. PHOENIX CONTACT 105656_en_05...
Page 217: Preparing The Configuration
The device is preset to the “multiple Clients” stealth configuration. You need to configure a management IP address and default gateway if you want to use VPN connections (see Page 221). Alternatively, you can select a different stealth configuration or use another net- work mode. 105656_en_05 PHOENIX CONTACT...
Page 218: Configuration In Stealth Mode
After access via IP address 192.168.1.1 and successful login, IP address 192.168.1.1 is set as a fixed management IP address. – After access via IP address 1.1.1.1 or after IP address assignment via BootP, the product can no longer be accessed via IP address 192.168.1.1. PHOENIX CONTACT 105656_en_05...
Page 219 (see “Establishing a local configuration con- nection” on page 221). Continue from this point. After access via IP address 1.1.1.1, the product can no longer be accessed via IP address 192.168.1.1 105656_en_05 PHOENIX CONTACT...
Page 220 After receiving a BootP reply, the device no longer sends BootP requests, not even after it has been restarted. For the device to send BootP requests again, it must either be set to the default settings or one of the procedures (recovery or flash) must be performed. PHOENIX CONTACT 105656_en_05...
Page 221: Establishing A Local Configuration Connection
Under the Windows menu “Start, Settings, Control Panel, Network Connections” or “Network and Dial-up Connections”, right-click on the corresponding icon and select “Disable” in the context menu. After successful connection establishment Once a connection has been established successfully, a security alert may be displayed. 105656_en_05 PHOENIX CONTACT...
Page 222 The device can then be configured via the web interface. For additional information, please refer to the software reference manual. For security reasons, we recommend you change the default root and administrator pass- words during initial configuration. PHOENIX CONTACT 105656_en_05...
Page 223: Remote Configuration
If a different port number is used, it should be entered after the IP address, e.g., https://123.45.67.89:442/ Configuration The device can then be configured via the web interface. For additional information, please refer to the software reference manual. 105656_en_05 PHOENIX CONTACT...
Page 224: Restart, Recovery Procedure, And Flashing The Firmware
The device is restarted with the configured settings. Action • Press the Reset button for around 1.5 seconds until the middle LED lights up in red. (Alternatively, you can disconnect and insert the USB cable, as it is only used for the power supply.) PHOENIX CONTACT 105656_en_05...
Page 225 ( "Recovery-DATE"). After the recovery proce- dure has finished, the device starts with the Factory Default settings. The configuration profile named "Recovery DATE" subsequently appears in the list of con- figuration profiles and can be edited and restored with or without changes. 105656_en_05 PHOENIX CONTACT...
Page 226 Choose the configuration profile, generated during the recovery procedure: „Recovery- DATE“ (e.g. “Recovery-2016.12.01-18:02:50). • Click on the Icon „Edit profile“ to analyze the configuration profile and to restore it with or without changes. • Click on the Icon „Save“ to apply the changes. PHOENIX CONTACT 105656_en_05...
Page 227 The “jffs2.img.p7s” firmware file is downloaded from the TFTP server or SD card and written to the Flash memory. This file contains the actual mGuard operating system and is signed electronically. Only files signed by Phoenix Contact are accepted. This process takes around 3 to 5 minutes. The middle LED is lit continuously.
Page 228: Technical Data
Firmware and power values FL MGUARD SMART2 Firmware compatibility For mGuard v7.2 or later: Phoenix Contact recommends the use of the latest firmware version and patch releases in each case. For the scope of functions, please refer to the relevant firmware data sheet.
Page 229: 11 Fl Mguard Centerport
FL MGUARD CENTERPORT 11 FL MGUARD CENTERPORT Table 11-1 Currently available products Product designation Phoenix Contact order number FL MGUARD CENTERPORT 2702547 Product description The FL MGUARD CENTERPORT is a high-end firewall and a VPN gateway in 19" format. It is suitable as a central network infrastructure for remote service solutions. With its Gigabit Ethernet interfaces and corresponding throughput as the router and as the stateful inspec- tion firewall, the device can also be used in the backbone in industrial networks.
Page 230: Operating Elements And Leds
Operating elements and LEDs on the FL MGUARD CENTERPORT front side Table 11-2 LEDs on the FL MGUARD CENTERPORT State Meaning Green Lights up if the system is switched on Orange Lights up while hard disk is accessed PHOENIX CONTACT 105656_en_05...
Page 231: Startup
FL MGUARD CENTERPORT – Package slip – 2 x AC mains connecting cables – 19'' server rails/telescopic rails (2 x short, 2 x long) – Screw set – Installation instructions for 19'' frame/industrial cabinet (Quickrails installation instruc- tions) 105656_en_05 PHOENIX CONTACT...
Page 232: Installing And Booting The Fl Mguard Centerport
(booting) the device (see “Boot options - when monitor and keyboard are connected” on page 234). – in order to perform a rescue procedure or recovery procedure. See “Restart, recov- ery procedure, and flashing the firmware” on page 240. PHOENIX CONTACT 105656_en_05...
Page 233 To connect a serial terminal or a modem, use a serial cable with D- SUB connector. The maximum cable length of the serial cable is 30 m. The serial interface (serial port) can be used as follows: 105656_en_05 PHOENIX CONTACT...
Page 234 Boot options - when monitor and keyboard are connected If a monitor and a keyboard are connected to the device, the following options are available: – Following switch-on – Following a restart the boot messages from the BIOS are initially displayed on the monitor. PHOENIX CONTACT 105656_en_05...
Page 235 Check the file system(s) of firmware on rootfs2 Not supported by the current firmware version. Start rescue procedure via DHCP/BootP+TFTP Start rescue procedure from CD / DVD, USB stick or SD Card “Restart, recovery procedure, and flashing the firmware” on page 240 105656_en_05 PHOENIX CONTACT...
Page 236: Preparing The Configuration
IP address: 192.168.1.2 Subnet mask: 255.255.255.0 Default gateway: 192.168.1.1 Depending on the configuration of the device, it may then be necessary to adapt the net- work interface of the locally connected computer or network accordingly. PHOENIX CONTACT 105656_en_05...
Page 237: Establishing A Local Configuration Connection
If other LAN connections are active on the computer, deactivate them until the configu- ration has been completed. Under the Windows menu “Start, Settings, Control Panel, Network Connections” or “Network and Dial-up Connections”, right-click on the corresponding icon and select “Disable” in the context menu. 105656_en_05 PHOENIX CONTACT...
Page 238 The device can then be configured via the web interface. For additional information, please refer to software reference manual. For security reasons, we recommend you change the default root and administrator pass- words during initial configuration. PHOENIX CONTACT 105656_en_05...
Page 239: Remote Configuration
Via the serial interface (RS232), a user can access the command line of the device. The fol- lowing parameters must be configured device-specific: – Baud rate: 57600 – Data bits / parity bit / stop bit: 8-N-1 – Hardware handshake RTS/CTS: Off (default) 105656_en_05 PHOENIX CONTACT...
Page 240: Restart, Recovery Procedure, And Flashing The Firmware
The current IP address of the device is not known. Up-to-date information on the recovery and flashing procedure can be found in the appli- cation note for your mGuard firmware version. (Application notes are available in the download area at www.innominate.comphoenixcontact.net/products.) PHOENIX CONTACT 105656_en_05...
Page 241 Choose the configuration profile, generated during the recovery procedure: „Recovery- DATE“ (e.g. “Recovery-2016.12.01-18:02:50). • Click on the Icon „Edit profile“ to analyze the configuration profile and to restore it with or without changes. • Click on the Icon „Save“ to apply the changes. 105656_en_05 PHOENIX CONTACT...
Page 242 Therefore, they do not have to be installed again. NOTE: Do not interrupt the power supply to the device during any stage of the flashing procedure. Otherwise, the device could be damaged and may have to be reactivated by the manufacturer. PHOENIX CONTACT 105656_en_05...
Page 243 Effect: The mGuard device downloads all necessary files from the inserted CD/DVD. With this in mind, while the boot menu is displayed and before applying this selection, insert the CD/DVD with the mGuard firmware into the CD/DVD drive. 105656_en_05 PHOENIX CONTACT...
Page 244 Effect: The mGuard device downloads all necessary files from the connected USB storage medium. (For security reasons, the FL MGUARD CENTERPORT does not boot from the USB storage medium). – Once the rescue procedure is complete, a corresponding message appears on the monitor. Follow any further on-screen instructions. PHOENIX CONTACT 105656_en_05...
Page 245 Burn the content of this zip archive as a data CD/DVD. The following files must be located in the following folders/under the following path names on the CD/DVD: – /Firmware/install.x86_64.p7s – /Firmware/firmware.img.x86_64.p7s 105656_en_05 PHOENIX CONTACT...
Page 246: Technical Data
FL MGUARD CENTERPORT Firmware compatibility mGuard v8.1.2 or later; Phoenix Contact recommends using the latest patch releases; For the scope of functions, please refer to the relevant firmware data sheet. Data throughput (router | firewall) 2,000 Mbps bidirectional | 2,000 Mbps bidirectional When using the DMZ as independent network zone, the maximum possible data throughput is distributed to the three zones.
Page 247: 12 Fl Mguard Delta Tx/Tx
FL MGUARD DELTA TX/TX 12 FL MGUARD DELTA TX/TX Table 12-1 Currently available products Product designation Phoenix Contact order number FL MGUARD DELTA TX/TX 2700967 FL MGUARD DELTA TX/TX VPN 2700968 Product description The FL MGUARD DELTA TX/TX is ideal for use in desktop applications, in distribution compartments, and other environments close to production processes with low require- ments for industrial hardening.
Page 248: Operating Elements And Leds
LAN 2 Green 100 Mbps Flash- 100 Mbps, data transmission active Green Supply voltage OK STAT Green Flash- The mGuard is ready to operate. System error FAULT mGuard in the booting or flashing state INFO Not used PHOENIX CONTACT 105656_en_05...
Page 249: Startup
Checking the scope of supply Before startup, check the scope of supply to ensure nothing is missing. The scope of supply includes: – FL MGUARD DELTA TX/TX – Package slip – 12 V DC power supply including different country adapters 105656_en_05 PHOENIX CONTACT...
Page 250: Connecting The Fl Mguard Delta Tx/Tx
The device boots the firmware. Status LED STAT flashes green. The device is ready for operation as soon as the LAN/WAN LEDs of the Ethernet socket light up. Additionally, the status LED PWR lights up green and the status LED STAT flashes green at heartbeat. PHOENIX CONTACT 105656_en_05...
Page 251: Preparing The Configuration
IP address and default gateway if you want to use VPN connections (in the web interface under “Network >> Interfaces >> General”). Alternatively, you can select a dif- ferent stealth configuration or use another network mode. 105656_en_05 PHOENIX CONTACT...
Page 252: Configuration In Stealth Mode
After access via IP address 192.168.1.1 and successful login, IP address 192.168.1.1 is set as a fixed management IP address. – After access via IP address 1.1.1.1 or after IP address assignment via BootP, the FL MGUARD can no longer be accessed via IP address 192.168.1.1. PHOENIX CONTACT 105656_en_05...
Page 253 (see “Establishing a local configuration con- nection” on page 255). Continue from this point. After access via IP address 1.1.1.1, the FL MGUARD can no longer be accessed via IP address 192.168.1.1 105656_en_05 PHOENIX CONTACT...
Page 254 After receiving a BootP reply, the device no longer sends BootP requests, not even after it has been restarted. For the device to send BootP requests again, it must either be set to the default settings or one of the procedures (recovery or flash) must be performed. PHOENIX CONTACT 105656_en_05...
Page 255: Establishing A Local Configuration Connection
Under the Windows menu “Start, Settings, Control Panel, Network Connections” or “Network and Dial-up Connections”, right-click on the corresponding icon and select “Disable” in the context menu. After successful connection establishment Once a connection has been established successfully, a security alert may be displayed. 105656_en_05 PHOENIX CONTACT...
Page 256 The device can then be configured via the web interface. For additional information, please refer to the software reference manual. For security reasons, we recommend you change the default root and administrator pass- words during initial configuration. PHOENIX CONTACT 105656_en_05...
Page 257: Remote Configuration
Via the serial interface (RS232), a user can access the command line of the device. The fol- lowing parameters must be configured device-specific: – Baud rate: 57600 – Data bits / parity bit / stop bit: 8-N-1 – Hardware handshake RTS/CTS: Off (default) 105656_en_05 PHOENIX CONTACT...
Page 258: Restart, Recovery Procedure, And Flashing The Firmware
Performing a restart Objective The device is restarted with the configured settings. Action • Press the Reset button for around 1.5 seconds until the ERR LED lights up. (Alternatively, disconnect the power supply and then connect it again.) PHOENIX CONTACT 105656_en_05...
Page 259 ( "Recovery-DATE"). After the recovery proce- dure has finished, the device starts with the Factory Default settings. The configuration profile named "Recovery DATE" subsequently appears in the list of con- figuration profiles and can be edited and restored with or without changes. 105656_en_05 PHOENIX CONTACT...
Page 260 Choose the configuration profile, generated during the recovery procedure: „Recovery- DATE“ (e.g. “Recovery-2016.12.01-18:02:50). • Click on the Icon „Edit profile“ to analyze the configuration profile and to restore it with or without changes. • Click on the Icon „Save“ to apply the changes. PHOENIX CONTACT 105656_en_05...
Page 261 – The relevant firmware files are available for download from the download page of phoe- nixcontact.net/products. The files must be located under the following path names or in the following folders on the SD card: Firmware/install-ubi.mpc83xx.p7s Firmware/ubifs.img.mpc83xx.p7s 105656_en_05 PHOENIX CONTACT...
Page 262 The “jffs2.img.p7s” firmware file is downloaded from the TFTP server or SD card and written to the Flash memory. This file contains the actual mGuard operating system and is signed electronically. Only files signed by Phoenix Contact are accepted. This process takes around 3 to 5 minutes. The STAT LED is lit continuously.
Page 263: 12.10 Technical Data
FL MGUARD DELTA TX/TX Firmware compatibility For mGuard v7.4.0 or later: Phoenix Contact recommends the use of the lat- est firmware version and patch releases in each case. For the scope of functions, please refer to the relevant firmware data sheet.
Page 264 FL MGUARD DELTA TX/TX PHOENIX CONTACT 105656_en_05...
Page 265: Assigning Ip Addresses And Setting Up Dhcp/Tftp Servers
IP address. Figure 13-1 “IP Address Request Listener” window In this example, the mGuard has MAC ID 00.A0.45.04.08.A3. • Select the device to which you would like to assign an IP address. • Click on “Next”. 105656_en_05 PHOENIX CONTACT...
Page 266 • Click on “Next”. Step 5: “Assign IP address” The program attempts to transmit the IP parameters set to the mGuard. Figure 13-3 “Assign IP address” window Following successful transmission, the next window opens. PHOENIX CONTACT 105656_en_05...
Page 267 To assign IP parameters for additional devices: • Click on “Back”. To exit IP address assignment: • Click on “Finish”. If required, the IP parameters set here can be changed on the mGuard web interface un- der “Network >> Interfaces”. 105656_en_05 PHOENIX CONTACT...
Page 268: Installing The Dhcp And Tftp Server
Installing a second DHCP server in a network could affect the configuration of the entire network. Third-party software Phoenix Contact assumes no guarantee or liability for the use of third-party products. Ref- erences to third-party software are not a recommendation. They represent examples of generally usable programs.
Page 269 Make sure that this is the correct license file for the device (under “Management >> Up- date” on the web interface). • Then restart the inetd process to apply the configuration changes. • When using a different mechanism, e.g., xinetd, please consult the relevant documen- tation. 105656_en_05 PHOENIX CONTACT...
Page 270 Assigning IP addresses and setting up DHCP/TFTP servers PHOENIX CONTACT 105656_en_05...

This manual is also suitable for:

Mguard series Fl mguard rs2000 Fl mguard rs4004 dtx/txFl mguard rs2000 tx/tx vpnFl mguard rs4004 tx/tx vpnFl mguard rs2005 tx vpn ... Show all

Phoenix Contact FL MGUARD RS4000 User Manual

1 Fl Mguard Rs4000/Rs2000

2 Fl Mguard Rs4004/Rs2005

3 Tc Mguard Rs4000/Rs2000 3G

4 Tc Mguard Rs4000/Rs2000 4G

5 Fl Mguard Rs2000 Tx/Tx-B

6 Fl Mguard Rs4000 Tx/Tx-P

7 Fl Mguard Rs4000 Tx/Tx Vpn-M

8 Fl Mguard Gt/Gt

9 Fl Mguard Pci(E)4000

10 Fl Mguard Smart2

11 Fl Mguard Centerport

12 Fl Mguard Delta Tx/Tx

13 Assigning IP Addresses and Setting up DHCP/TFTP Servers

Quick Links

Need help?

Questions and answers

Related Manuals for Phoenix Contact FL MGUARD RS4000

Summary of Contents for Phoenix Contact FL MGUARD RS4000

This manual is also suitable for:

Table of Contents