W&T Microwall Gigabit 55210 Manual
  1. Manuals
  2. Brands
  3. W&T Manuals
  4. Wireless Router
  5. Microwall Gigabit 55210
  6. Manual

W&T Microwall Gigabit 55210 Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
W&T
w w w . W u T . d e
Manual
Startup and application
Microwall Gigabit
Valid for the following models:
#55210: Microwall Gigabit
(as of firmware version 1.52)
Release 1.02 11/2020

Advertisement

Table of Contents
loading

Summary of Contents for W&T Microwall Gigabit 55210

  • Page 1 W&T w w w . W u T . d e Manual Startup and application Microwall Gigabit Valid for the following models: #55210: Microwall Gigabit (as of firmware version 1.52) Release 1.02 11/2020...
  • Page 2 W&T © 11/2020 by Wiesemann und Theis GmbH Microsoft and Windows are registered trademarks of Microsoft Corporation. WireGuard and the WireGuard logo are registered trademarks of Jason A.Donenfeld Irrtum und Änderung vorbehalten: Since we can make mistakes, none of our statements may be used unchecked.
  • Page 3 W&T Introduction The Microwall is an industrial-grade IPv4 router with two 1000BaseT network connections and integrated whitelist- based firewall. It connects a network island, e.g. with auto- mation components, to a higher-level local network. Suitable filter rules at TCP/IP level protect all networks from unauthori- zed, undesired and harmful communication.

  • Page 4: Table Of Contents

    W&T Content 1 Legal information and safety ����������������������������������� 7 1.1 Legal notices ..............8 Warning concept ..............8 Qualified personnel..............8 Disposal ................9 Symbols on the product ............9 1.2 Safety notices ..............10 General notices ..............10 Intended use ................10 Electrical safety ..............10 EMV ..................11 2 Hardware, interfaces and displays ������������������������...
  • Page 5 W&T 6 Security & Maintenance ������������������������������������������ 49 6.1 Security notes ..............50 6.1.1 Function ..............50 6.1.2 Installation location ............50 6.1.3 Start-up ..............50 6.1.4 Operation and configuratiuon ........51 6.1.5 Service and maintenance ..........53 6.2 Up-/Download of configuration backups ......54 6.3 Firmware updates ............56 8.3.1 Where is the latest firmware available? ......56 6.3.2 Firmware update with WuTility ........56 6.2.3 Firmware Update via Web-Based Management .....58...
  • Page 6 W&T...

  • Page 7: Legal Information And Safety

    W&T Legal information and safety Subject to error and alteration...

  • Page 8: Legal Notices

    W&T 1�1 Legal notices Warning concept This manual contains notices that must be observed for your personal safety as well as to prevent damage to equipment. The notices are emphasized using a warning sign. Depending on the hazard level the warning notices are shown in decreasing severity as follows.

  • Page 9: Disposal

    W&T The documentation associated with the respective task must be followed, especially the safety and warning notices contained therein. Qualified personnel are defined as those who are qualified by their training and experience to recognize risks when handling the described products and to avoid possible hazards.

  • Page 10: Safety Notices

    W&T 1�2 Safety notices General notices This manual is intended for the installer of the Microwall described in the manual and must be read and understood before starting work. The devices are to be installed and put in operation only by qualified personnel. Intended use 1DANGER The Microwall is an industrial-grade IPv4 router with two...

  • Page 11: Emv

    W&T tance of 10-15 cm between the Microwall and nearby heat sources must be maintained. Input voltage and output currents must not exceed the rated values in the specification. When installing be sure that no stray wires stick out through the ventilation slit of the Microwall into the housing.
  • Page 12 W&T...

  • Page 13: Hardware, Interfaces And Displays

    W&T Hardware, interfaces and displays Hardware installation Power supply Network interfaces Service button Subject to error and alteration...

  • Page 14: Hardware Installation

    W&T Hardware, interfaces and displays 2�1 Hardware installation The Microwall is mechanically designed for mounting on a standard DIN rail. In this case, as well as with alternative mounting methods, the outlined air circulation must be gua- ranteed. The installation site must be adapted to the security requi- rements of the respective system environment.

  • Page 15: Power Supply

    W&T Hardware, interfaces and displays 2�2 Power supply The power supply of the Microwall is alternatively via PoE or an external power supply. Simultaneous connection of both power supplies is not permitted. The current consumption can be taken from the technical data. 2�2�1 PoE- supply The Microwall can be supplied via the interface Network 1 (ye- llow) via PoE according to IEEE802.3af.

  • Page 16: Network Interfaces

    W&T 2�3 Network Interfaces The Microwall has two network interfaces: Network 1 (yellow) and Network 2 (green). Network 1 (yellow) is used for connection to the higher-level network in which the island network is to be integrated at the Network 2 (green) connection. Commissioning with the factory settings and a possible sup- ply via PoE is only possible via Network 1 (yellow).
  • Page 17 W&T Hardware, interfaces and displays Galvanic isolation There is an electrical isolation of at least 500Vrms from the supply voltage Auto-Negotiation The transmission speed and duplex method are automatical- ly negotiated with the connected device. To avoid problems such as duplex mismatch, we recommend that the connected devices are also operated in auto-negotiation mode.

  • Page 18: System- And Error Led

    W&T Hardware, interfaces and displays 2�4 System- and Error LED System LED Service LED 2�4�1 System LED (green) ON: Signals normal operational readiness. Flashing: The Microwall performs a reboot or receives a new firmware. 2�4�2 Service LED (red) The service LED is used to signal the emergency access and factory default reset functions that can be controlled via the service button.

  • Page 19: Service Button

    W&T Hardware, interfaces and displays 2�5 Service button Service button The service button is accessible recessed on the front side of the Microwall to avoid operating errors. It is operated with a suitable, pointed object (e.g. paper clip). The following actions are triggered via the service button: Reset/Restart Pressing the button briefly between 0.2 and 3.5s triggers a restart of the Microwall.
  • Page 20 W&T Hardware, interfaces and displays aborted. The Microwall continues with the standard operation of the current configuration. A reset to the factory setting causes all settings (filter ru- les, IP parameters, log files, etc.) to be lost. Recommissio- ning must be carried out as described in the chapter Start-up.

  • Page 21: Start-Up

    W&T Start-up The commissioning of the can only be done via the interface Network 1 (yellow). In the first step, the IP address required for initial access is assi- gned. Subsequent browser access leads to the initial web page for configu- ration of the basic parameters required for operation, including the system password.

  • Page 22: Ip Assignment Via Dhcp

    W&T Start-up 3�1 IP assignment via DHCP In network environments with DHCP support and a dynamic address pool, the Microwall automatically receives the follo- wing basic IP parameters via the Network 1 port. • IP address • Subnet mask • Gateway address •...

  • Page 23: Initial Assignment Of Ip Parameters With Wutility

    W&T Start-up 3�2 Initial assignment of IP parameters with WuTility From version 4.52, the Windows tool WuTility supports the inventory and management of the basic network parameters of the Microwall • IP address • Subnet mask • Gateway address • DNS server WuTility versions >= 4.52 must be used.
  • Page 24 W&T Start-up inventory list. This search process can be repeated as often as required by pressing the Scan button: Within the inventory list, the desired Microwall can be identified via its MAC address. The default IP address is 190.107.233.110. Select the desired Microwall and then press the IP address button: Enter the desired values for IP address, subnet mask, gateway and DNS server.
  • Page 25 W&T Start-up using standard web-based management. The additional parameters required for initial commissioning are set via an initial web page using a browser. For more in- formation, refer to the chapter Initial Web Page. Subject to error and alteration...

  • Page 26: Start-Up Via The Default Ip Address

    W&T Start-up 3�3 Start-up via the default IP address In the delivery state and after a reset to the factory set- tings, the default IP address of the interface Network 1 is 190.107.233.110. When the interface Network 1 is connected to the network, the initial web page for assigning the system password can be reached via the default IP or the IP address assigned by WuTility.

  • Page 27: Initial Web Page

    W&T Start-up 3�4 Initial web page After the IP assignment, only the initial web page is availa- ble during the initial commissioning. Here, the password of the Microwall required for all further configuration accesses must be assigned. At the same time, the IP basic parameters of both network interfaces and the operating mode can be determined.
  • Page 28 W&T Start-up...
  • Page 29 W&T Start-up Login password (mandatory) Assign the password for all configuration/control accesses of the Microwall. We recommend passwords with a minimum length of 15 characters, consisting of upper and lower case letters, numbers and special characters. The maximum length of the password is 51 characters. Operation without a pass- word is not possible.
  • Page 30 W&T Start-up After correct entry of all parameters, the Save button is ac- tivated and the entries can be saved. You are automatically redirected to the start page of the Microwall. Management Services Configure whether and from which networks the Microwall can be accessed via the WuTility management tool and whether firmware updates can be carried out via this tool.

  • Page 31: Web Based Management

    W&T Web based management The configuration of the Microwall is only possible encrypted via HTTPS. The WBM (Web based management) works session-oriented. Changes made on the respective pages are immediately saved and validated by pressing the Save button. Navigation within WBM Subject to error and alteration...

  • Page 32: Start And Navigation Concept Of The Wbm

    W&T Web based management 4�1 Start and navigation concept of the WBM To access the WBM of the Microwall, you need an up-to-date Internet browser. Session-Cookies, Javascript and Websockets must be supported or activated. The configuration is only possible encrypted via HTTPS. The standard port 443 is preconfigured ex works.

  • Page 33: Login/Logout

    W&T Web based management 4�2 Login/Logout The start page of the Microwall only offers the possibility to enter the password for login and to switch the interface lan- guage via the flag symbol. 4�2�1 Login Enter the password and press the Log in button. After suc- cessful login the extended navigation tree with all configurati- on options is available.

  • Page 34: Help And Description Texts

    W&T Web based management 4�3 Help and description texts If the individual configuration items are not self-explanatory, the assigned info symbols contain the necessary descriptions, explanations and notes. For detailed information on the operating modes, release ru- les and VPN setup, refer to the chapter Operating Modes and Rule Configuration in this manual.

  • Page 35: Operating Modes And Rule Configuration

    W&T Operating modes and rule configuration Mode NAT router Mode Standard router Rule configuration and labels IP inventories Subject to error and alteration...

  • Page 36: Mode Nat Router

    W&T Operation modes and rule configuration 5�1 Mode NAT router In NAT router mode, the Microwall connects the island net- work to the Network 2 port (green) via a fixed IP address of the higher-level network to the Network 1 port (yellow). The operating mode is comparable to many standard DSL routers, which connect the home network to the Internet using only one public IP address.

  • Page 37: Mode Standard Router

    W&T Operation modes and rule configuration 5�2 Mode Standard router In standard router mode, the Microwall disconnects the island network at the Network 2 port (green) from the corporate intranet at the Network 1 port (yellow). The island network becomes an official subnet of the intranet-side infrastructure. On the intranet side, the path to the island network must be made known to the participating hosts, usually as a static route.
  • Page 38 W&T Operation modes and rule configuration 5�3 IP inventories In the menu branch Firewall Settings -> IP Address Inventory, the Microwall provides a separate address inventory for each network. The configuration of the destination/source addres- s(es) when creating firewall rules is always done from these address inventories.

  • Page 39: Scan Of Network 2

    W&T Operation modes and rule configuration 5�3�1 Scan of Network 2 Using the magnifying glass in the area of Network 2, it is possible to search the island network for participants. Newly found stations found during a scan can then be automatically added to the inventory list of Network 2.

  • Page 40: Creating Firewall Rules

    W&T Operation modes and rule configuration 5�4 Creating firewall rules Creating firewall rules for the current mode is done on the page Firewall settings -> Firewall rules. The overview contains information about the existing rules with the possibility to activate and deactivate them using the respective slide switch. The Plus button at the upper right edge of the table opens the dialog for creating new rules.
  • Page 41 W&T Operation modes and rule configuration Name Freely assignable name of the rule. Description Optional additional description of the rule. Label For a more clearly arranged display or display filtering in the rule overview, one or more labels can be assigned to the rule.
  • Page 42 W&T Operation modes and rule configuration and lists can be configured. Details can be found in the respective help texts that can be called up via the Info button. The destination IP address(es) | source IP addresses can either be selected from the inventory lists via the select box or specified directly numerically.
  • Page 43 W&T Operation modes and rule configuration Different input forms cannot be combined. This means, for example, „8000, 10-1000“ is an invalid inpu Protocol Specifies whether the rule applies to TCP or UDP. The TCP option FTP must be activated when the rule for FTP connections is formulated.

  • Page 44: Examples Firewall Rules

    W&T Operation modes and rule configuration 5�5 Examples Firewall rules 5�5�1 Mode Standard router, Network 2 to Network 1 Island host 10.110.0.10/16 at the Network 2 port is to ac- cess the Intranet Web Server 10.20.0.4/16, TCP/80 at the Network 1 port via browser. The respective local IP addresses of the Microwall are 10.110.0.1 and 10.20.0.55.
  • Page 45 W&T Operation modes and rule configuration The rule dialog to be filled out for this example: Subject to error and alteration...
  • Page 46 W&T Operation modes and rule configuration Mode NAT-Router, Network 1 to Network 2 Intranet host 10.20.0.4/16 should access the island web server 10.110.0.10/16, TCP/80 via browser. The Microwall itself is integrated into the networks with the IPs 10.110.0.1 and 10.20.0.55. The intranet IP of the Microwall is used as the destination address in the browser, where it is usually replaced by the island IP 10.110.0.10.
  • Page 47 W&T Operation modes and rule configuration The rule dialog to be filled out for this example: Further control examples for many standard applications can be found on our website at https://www.wut.de/rule- examples. Subject to error and alteration...
  • Page 48 W&T Operation modes and rule configuration...

  • Page 49: Security & Maintenance

    W&T Security & Maintenance Security and operating notes Firmware updates Individual certificates Emergency access via service button Reset to factory defaults Subject to error and alteration...

  • Page 50: Security Notes

    W&T Security & Maintenanceh 6�1 Security notes The following sections contain relevant notes and recommen- dations from an IT security perspective for commissioning, configuration, operation and maintenance of the Microwall. 6�1�1 Function The Microwall is a small firewall designed as a router with two Ethernet ports and an integrated WireGuard VPN server.

  • Page 51: Operation And Configuratiuon

    W&T Security & Maintenance access to the management interface of the Microwall protec- ted by the password. IP allocation and password assignment During initial start-up, make sure that no unauthorized access to the Microwall occurs until the password is assigned on the initial web page.
  • Page 52 W&T Security & Maintenanceh Port/Socke Application System- Configu- number pass- rable/ word? deactivata- ble? 443 (TCP) HTTPS management yes yes/yes 8513 (UDP) Inventory e.g. with no/yes WuTility 5555 (TCP) Firmware update no/yes with WuTility 446 (TCP) HTTPS emergency no/yes access (only after manual activation via the service button)

  • Page 53: Service And Maintenance

    W&T Security & Maintenance Confidentiality of private keys Asymmetric encryption with the corresponding public/private key pairs are used in the Microwall for the TLS protocol for web accesses as well as for authentication within the WireGu- ard VPN protocol. Both private keys of the Microwall cannot be read out.

  • Page 54: Up-/Download Of Configuration Backups

    W&T Security & Maintenanceh 6�2 Up-/Download of configuration backups On the Maintenance page, it is possible to save the current configuration of the Microwall or to write back a previously downloaded backup file. Configuration or backup files contain not only the operative parameters (firewall/VPN rules, VPN keys, inventory lists, etc.) but also the data relevant for administrative access to the Microwall (IP parameters, system password, certificate,...
  • Page 55 W&T Security & Maintenance Backup files also contain the new IP address of the Micro- wall. To avoid an IP conflict, make sure that the original or a previously programmed Microwall is no longer connected to the network before uploading. Subject to error and alteration...

  • Page 56: Firmware Updates

    W&T Security & Maintenanceh 6�3 Firmware updates The firmware can be updated either using the WuTility ma- nagement tool or via the web-based management of the Mi- crowall. 8�3�1 Where is the latest firmware available? The latest firmware including the available update tools and a revision list is published on our website at the following address https://www.wut.de...
  • Page 57 W&T Security & Maintenance A prerequisite for firmware updates with WuTility is the acti- vated update service to TCP/5555 in the Microwall. With the factory settings, the update with WuTility is only possible via the interface Network 1. The network communication during the transmission of the system password and also the actual upload is encryp- ted and therefore confidential.

  • Page 58: Firmware Update Via Web-Based Management

    W&T Security & Maintenanceh 6�2�3 Firmware Update via Web-Based Management In network environments that do not permit the use of WuTi- lity or in which the update service in the Microwall has been deactivated for security reasons, the firmware update can be performed from the Web-based management.

  • Page 59: Individual Certificates

    W&T Security & Maintenance 6�4 Individual certificates For security reasons, access to the web-based management of the Microwall is only possible in encrypted form using the HTTPS protocol. The Microwall‘s self-signed certificate, which is pre-installed ex works, generates corresponding security warnings for cur- rent browsers.
  • Page 60 W&T Security & Maintenanceh Installing a self-signed certificate By clicking on Install under Self-Signed Certificate, the pre- viously generated signing request can be provided with a self-signature. Browsers will display a corresponding security warning when the web pages are accessed. Externally signed certificate The generated signing request can be downloaded from the Microwall using the Download button for external signature.

  • Page 61: Emergencies Access To The Microwall

    W&T Security & Maintenance 6�5 Emergencies access to the Microwall In case of a forgotten password or if web-based management has been deactivated for security reasons, emergency access can be activated via the recessed mounted service button on the front panel. Service button Start emergency access Press the button with a suitable pointed object (e.g.
  • Page 62 W&T Security & Maintenanceh racters, consisting of upper and lower case letters, numbers and special characters. The maximum length of the password is 51 characters. Activating standard Web-Based Management Under Management, define on which connection and under which port the web management of the Microwall should sub- sequently be accessible.

  • Page 63: Reset To Default Settings

    W&T Security & Maintenance 6�6 Reset to default settings A reset to the factory settings of the Microwall can be perfor- med using the recessed mounted service button on the front panel. Service button Press the service button with a suitable pointed object (e.g. paper clip) and keep it pressed for at least 20s.
  • Page 64 W&T Security & Maintenanceh...

  • Page 65: Appendix

    W&T Appendix Technical data and form factor Licenses Subject to error and alteration...

  • Page 66: Technical Data And Form Factor

    W&T Appendix 7�1 Technical data and form factor Power supply ��� Power-over-Ethernet: 37-57V DC from PSE External power supply, screw terminal DC 24-48V (+/-10%) Current consumption ��� Power-over-Ethernet: PoE Class 2 (3,84 W - 6,49W) Ext. supply typ. 150mA@24V DC max.
  • Page 67 W&T Appendix 7�2 Licenses GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it.
  • Page 68 W&T Appendix (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software.
  • Page 69 W&T Appendix conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.
  • Page 70 W&T Appendix entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.
  • Page 71 W&T Appendix operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.
  • Page 72 W&T Appendix may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.
  • Page 73 W&T Appendix either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.

  • Page 74: Index

    W&T Index Index Reset 19 a 74 Security 49 service button 61 Standard router 37 certificates 59 System- and Error LED 18 Configuration backup 29 Technical data 66 default IP address 26 Web-Based-Management 31 Emergencies access 61 WuTility 23 firewall rules 40 form factor 66 Hardware installation 14 IP inventories 38...
  • Page 75 W&T Index...

Table of Contents