EtherWAN AiR GUARD User Manual
  1. Manuals
  2. Brands
  3. EtherWAN Manuals
  4. Gateway
  5. AiR GUARD
  6. User manual

EtherWAN AiR GUARD User Manual

Industrial iot cellular smart security gateway
Hide thumbs Also See for AiR GUARD:
Table of Contents

Advertisement

Quick Links

Download this manual
AiR GUARD
Industrial IoT Cellular Smart Security
Gateway
Building Trust in IIoT Devices

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the AiR GUARD and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for EtherWAN AiR GUARD

Summary of Contents for EtherWAN AiR GUARD

  • Page 1 AiR GUARD Industrial IoT Cellular Smart Security Gateway Building Trust in IIoT Devices...

  • Page 2: Preface

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Preface Audience This guide is designed for the person who installs, configures, deploys, and maintains the Ethernet network. This document assumes the reader has moderate hardware, computer, and Internet skills. Document Revision Level This section provides a history of the revision changes to this document.

  • Page 3: Table Of Contents

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Contents Preface ..................................2 Audience ................................2 Document Revision Level ..........................2 Contents ................................3 Chapter 1 Introduction .............................. 5 1.1 Introduction ..............................5 1.2 Contents List ..............................6 Package Contents ............................6 Chapter 2 Hardware Guide ............................
  • Page 4 AiR GUARD Industrial IoT Cellular Smart Security Gateway System ............................... 25 Administration ............................28 Backup / Flash Firmware ........................30 Reboot ............................... 33 3.4 VPN ................................34 OpenVPN ..............................34 3.5 Network ..............................37 Interfaces ..............................38 Hostnames ..............................54 Static Routes ............................

  • Page 5: Chapter 1 Introduction

    IoT devices. With security being so essential, EtherWAN has developed the AiR GUARD, an advanced IIoT cellular gateway specifically optimized for secure IoT data solutions. Running with Microsoft’s Azure Sphere, it not only provides secure connectivity, but also provides industrial protocols as well as easy to use data pre-processing and conversion for cost-efficient Edge to Cloud connection.

  • Page 6: Contents List

    AiR GUARD Industrial IoT Cellular Smart Security Gateway 1.2 Contents List Package Contents Items Description Contents Quantity AiR GUARD Security Gateway 1 pc Cellular Antenna 2 pcs 3 pin Terminal Block 1 pc 4 pin Terminal Block 1 pc 6 pin Terminal Block...

  • Page 7: Chapter 2 Hardware Guide

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Chapter 2 Hardware Guide 2.1 Product Overview RESET key LED group COM Port RJ-45 10/100 BASE-TX 2 x RS485 Azure Sphere managed LAN Device port RJ-45 10/100/1000 BASE-TX WAN port D/I D/O...

  • Page 8: Dc Power

    AiR GUARD Industrial IoT Cellular Smart Security Gateway 2.1 DC Power AiR GUARD can be powered by connecting a DC power source to the terminal block. It supports 12 to 24VDC power input. VIN connects to DC 12V and GND connects to DC 0V from your Power Supply, EGND is for Earth ground.

  • Page 9: Leds

    AiR GUARD Industrial IoT Cellular Smart Security Gateway 2.3 LEDs Position Position Position COM2 COM 1 Serial 2 Link Status: Serial 1 Link Status: Azure Sphere Status: Green – Tx data sending Green - TX data sending Steady Green – All com...

  • Page 10: Reset Key

    AiR GUARD Industrial IoT Cellular Smart Security Gateway 2.4 RESET key You can reboot device via a pin to RESET hole, or you can long press RESET hole by a pin for 30 seconds.

  • Page 11: Hardware Installation

    This chapter describes how to install and configure the hardware Mount the Unit The AiR GUARD can be mounted on a wall, horizontal plane, or DIN Rail in a cabinet with the mounting accessories. The mounting accessories are not screwed on the product when shipped from factory. Screw the...

  • Page 12: Insert The Nano Sim Card

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Insert the Nano SIM Card Follow the figures sequence below to insert SIM card Fig 1 Fig 2 Fig 3 Fig 4 Fig 5 Fig 6 Fig 7...

  • Page 13: Connecting Di/Do Devices

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Connecting DI/DO Devices There is one DI (digital input, Isolated, "Logic 0": 0-2V, "Logic 1": 5-30V) and one DO (digital output, Isolated, Non-Relayed Output, 24V/300mA for each port) port.

  • Page 14: Connecting Serial Devices

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Connecting Serial Devices The AiR GUARD has a 6-pin Terminal Block serial port for connecting to your serial devices. Connect the serial device to the terminal block with the right pin assignments of RS-485 (shown below).

  • Page 15: Chapter 3 Web Console Configuration

    SAVE is just to save into configuration, RESET is to forget the settings just done. 3.1 Introduction To configure AiR GUARD for the first time, use an Ethernet cable to connect to the LANPSE port. To connect to the AiR GUARD web console, open a web browser and enter the AiR GUARD IP address.
  • Page 16 AiR GUARD Industrial IoT Cellular Smart Security Gateway At the first time login, the system will request a renew password page to change password. Be careful to save this information. Otherwise, the only way to re-access is to long press RESET key to reset...

  • Page 17: Status

    AiR GUARD Industrial IoT Cellular Smart Security Gateway 3.2 Status There are six status screens for monitoring the device and connections. They are: Overview, Firewall, Routes, System Log, Kernel Log, and Realtime Graphs Overview The Overview status screen is divided into System, Memory, Network, Active DHCP Leases, and Wireless sections.
  • Page 18 AiR GUARD Industrial IoT Cellular Smart Security Gateway Memory – Displays total available, used, buffered, and cached memory. Network – Displays protocol, IP address, gateway, and time connected for IPv4 upstream.
  • Page 19 AiR GUARD Industrial IoT Cellular Smart Security Gateway Active DHCP Leases – This section displays the hostname, IPV4 address, MAC address, and leasetime remaining for IPV4 DHCP.

  • Page 20: Firewall

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Firewall The Firewall Status screen displays IPv4 firewall information, selected by tabs at the top. Sections include chain input, chain forward, chain output, and existing chain forwarding rules. Three buttons at the top right are Hide...

  • Page 21: Routes

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Routes The Routes screen displays IP and MAC addresses obtained by ARP, and active IPv4 routes.

  • Page 22: System Log

    AiR GUARD Industrial IoT Cellular Smart Security Gateway System Log The System Log screen displays events related to the operating system (OS) and system processes.

  • Page 23: Kernel Log

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Kernel Log The Kernel Log displays information about hardware drivers, kernel information, and boot status.

  • Page 24: Realtime Graphs

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Realtime Graphs The Realtime Graphs screen displays information graphically for load, traffic, wireless, and connections, selected by links at the top of the page.

  • Page 25: System

    AiR GUARD Industrial IoT Cellular Smart Security Gateway 3.3 System There are four System screens for managing the device. They are: System, Administration, Backup / Flash Firmware, and Reboot System This screen is comprised of three sub-pages, which can be accessed through the corresponding text links: General Settings, Logging and Time Synchronization.
  • Page 26 AiR GUARD Industrial IoT Cellular Smart Security Gateway The Logging page allows for the configuration of system logging parameters. Fields are System log buffer size, IP address, port and protocol (UDP or TCP) of External system log server, filename to write the system log, Log output level (Debug, Info, Notice, Warning, Error, critical Alert, Emergency), and the Cron Log Level (Debug, Normal, Warning).
  • Page 27 AiR GUARD Industrial IoT Cellular Smart Security Gateway Use the Time Synchronization page to enable/disable NTP client, enable provide NTP server to set the device to act as an NTP forwarder. If you select “Use DHCP advertised servers”, enter the NTP server candidates in the fields below.

  • Page 28: Administration

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Administration This screen is comprised of two sub-pages, which can be accessed through the corresponding text links: Router Password and SSH Access The Router Password page allows for the changing of the administrator password.
  • Page 29 AiR GUARD Industrial IoT Cellular Smart Security Gateway The SSH Access page allows for the creation and editing of SSH connections. Select the interface (LTE, LAN, WAN, Wi-Fi), and set the port. Check the box next to Password Authentication to allow SSH password authentication, and check the box next to Allow Root Logins with Password to allow the root user to log in with password.

  • Page 30: Backup / Flash Firmware

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Backup / Flash Firmware This screen is comprised of two sub-pages, which can be accessed through the corresponding text links: Actions and Configuration. The Actions page contains multiple buttons for managing device configuration and firmware: Click Generate Archive to download a .tar archive of the current configuration files.
  • Page 31 AiR GUARD Industrial IoT Cellular Smart Security Gateway . Reset to Default Click Firmware Upgrade Click Select the firmware .bin file, then...
  • Page 32 AiR GUARD Industrial IoT Cellular Smart Security Gateway Check to keep current configuration setting or uncheck to reset to default. 3-4 mins later, a buzzer will indicate new firmware is booting up. 4 minutes later, SYS LED will change from off to on, then LEDs will indicate status.

  • Page 33: Reboot

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Reboot Click “PERFORM REBOOT” to reboot system.

  • Page 34: Vpn

    AiR GUARD Industrial IoT Cellular Smart Security Gateway 3.4 VPN OpenVPN Use the OpenVPN page to Edit and Delete OpenVPN instances and their current state. Use the Start button to start an existing instance. To add a template-based configuration, enter an instance name, and select a template from the drop-down menu.
  • Page 35 AiR GUARD Industrial IoT Cellular Smart Security Gateway Once Edit is selected, enter parameters into fields for OpenVPN.
  • Page 36 AiR GUARD Industrial IoT Cellular Smart Security Gateway There are 6 templates to select. After selection, you can adjust minor parameters as needed and save. They are 3 pairs of configuration scenario for OpenVPN Client and OpenVPN Server Ethernet Bridge VPN...

  • Page 37: Network

    AiR GUARD Industrial IoT Cellular Smart Security Gateway 3.5 Network There are five Network screens for managing the device. They are: Interfaces, Hostnames, Static Routes, Diagnostics, and Firewall.

  • Page 38: Interfaces

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Interfaces All Interface configure LAN/WAN/LTE are here, for Basic setting and Professional setting like IT person. Below will high light what Basic setting will be: The Interface page displays information for all known interfaces, including protocol, uptime, and MAC address, etc.
  • Page 39 PPP – It followed PPP protocol to get IP. PPPoE – PPP over ethernet, Internet Service Provider( ISP ) offer config data QMI Cellular – Qualcomm MSM Interface, LTE interface must select this one for AiR GUARD model to communicate with cellular module.
  • Page 40 Important items: Bring up on boot – Check this item, it will bring it up every time AiR GUARD boots up. Physical Settings – Must select a physical interface Firewall Settings – Indicates the working zone. A suitable one must be selected.
  • Page 41 AiR GUARD Industrial IoT Cellular Smart Security Gateway #LAN_ADDRESS This shows current LAN status, you can EDIT the content or RESTART this service, STOP service and even DELETE. Clicking the Edit button next to any interface opens the edit page, which has four sub-pages: General Settings, Advanced Settings, Physical Settings, Firewall Settings, and DHCP Server.
  • Page 42 AiR GUARD Industrial IoT Cellular Smart Security Gateway The Advanced Settings page allows for the enabling of force link, as well as fields for entering override MAC address, override MTU, and gateway metric. Click the Save button after modifying settings.
  • Page 43 AiR GUARD Industrial IoT Cellular Smart Security Gateway DHCP Server The General Setup page is used for setting the lowest leased address as offset from the network address (Start), the maximum number of leased addresses (Limit) and the Lease Time (minimum of 2 minutes).
  • Page 44 AiR GUARD Industrial IoT Cellular Smart Security Gateway Shows WAN link status and information. Click EDIT General Settings page, Protocol: depends on WAN connection from ISP, the suitable protocol should be DHCP client, PPP, Static address. Then, click SWITCH PROTOCOL for next level parameters to input.
  • Page 45 AiR GUARD Industrial IoT Cellular Smart Security Gateway SWITCH PROTOCOL: For DHCP client, the WAN IP address are from DHCP server For PPPoE, enter PPPoE User Name and Password given from ISP.
  • Page 46 AiR GUARD Industrial IoT Cellular Smart Security Gateway For PPP, enter Modem device and PPPoE User Name and Password. For Static address, enter specified IP address, netmask, gateway and DNS.
  • Page 47 AiR GUARD Industrial IoT Cellular Smart Security Gateway Advanced Settings page Keep these settings. Physical Settings page Interface selection eth0.2 is suitable for WAN.
  • Page 48 AiR GUARD Industrial IoT Cellular Smart Security Gateway Firewall Settings page Assign firewall-zone:...
  • Page 49 AiR GUARD Industrial IoT Cellular Smart Security Gateway Once LTE is working, there are two sets of information on Interface page, showing Protocol, Uptime and IP address got from Cellular Network. Click EDIT General Settings page, Protocol: QMI Cellular is dedicated for Cellular link control interface. Keep this as is.
  • Page 50 AiR GUARD Industrial IoT Cellular Smart Security Gateway Advanced Settings page, keep this at defaults Firewall Settings page, select WAN. Firewall Settings, Make sure the is selected...
  • Page 51 AiR GUARD Industrial IoT Cellular Smart Security Gateway WiFi Do not change default settings for Wi-Fi, in order to prevent Azure Sphere from losing communication inside AiR GUARD. Below figures are for reference in case it is needed to change settings back to original. Entire system can also...
  • Page 52 AiR GUARD Industrial IoT Cellular Smart Security Gateway...
  • Page 53 AiR GUARD Industrial IoT Cellular Smart Security Gateway...

  • Page 54: Hostnames

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Hostnames The Hostnames screen displays the existing hostname entries. Click the Add button to add a new hostname. Enter the new hostname and select an IP address from the dropdown list. Then click Save. Existing hostnames can be edited by clicking the Edit button on the right.
  • Page 55 AiR GUARD Industrial IoT Cellular Smart Security Gateway...

  • Page 56: Static Routes

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Static Routes Add, view, and edit static routes on the Static Routes screen. Defined routes specify over which interface and gateway a certain host or network can be reached. To add a new static route, click the Add button. Select the interface for the route, then enter the target IP address, the netmask, and the gateway.
  • Page 57 AiR GUARD Industrial IoT Cellular Smart Security Gateway Advanced Settings page, with specific fields.

  • Page 58: Diagnostics

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Diagnostics Offers PING, TraceRoute and NSLookUp for network diagnostics. Below examples, what will see. PING Trace Route...
  • Page 59 AiR GUARD Industrial IoT Cellular Smart Security Gateway NSLookUp...

  • Page 60: Firewall

    The Firewall screen has three sub-pages: Port Forwards, Traffic Rules and NAT Rules Port Forwards page Port forwarding to redirect traffic from external to internal private host behind AiR GUARD Click ADD to set rule Name – naming for the rule you set Protocol –...
  • Page 61 AiR GUARD Industrial IoT Cellular Smart Security Gateway Once settings are complete, they will be displayed. Remember to check Enable and SAVE & APPLY to take effect. This is an example to port forward from WAN port 50000 to internal IP 192.168.123.103 with TCP port 50000...
  • Page 62 AiR GUARD Industrial IoT Cellular Smart Security Gateway Traffic Rules Traffic rules define policies for packets traveling between different zones. User can edit specified IP or MAC to accept/reject to reach MAC/IP address filtering traffic. Default is Accept all traffic as below:...
  • Page 63 AiR GUARD Industrial IoT Cellular Smart Security Gateway...
  • Page 64 AiR GUARD Industrial IoT Cellular Smart Security Gateway NAT Rules NAT rules allow fine grained control over the source IP to use for outbound or forwarded traffic...
  • Page 65 AiR GUARD Industrial IoT Cellular Smart Security Gateway ADD rule This is for advanced configuration. The contents for every item are listed below: Name: Naming for this rule. Protocol: Any/ TCP/UDP/ICMP. Outbound Zone: Any/LAN/WAN. Source Address: Specified match forward traffic from this IP or range.

  • Page 66: Data Tag Engine With Azure Sphere

    3.6 Data Tag Engine with Azure Sphere In IIoT applications, edge data is transmitted to the backend for data analysis in daily operation. AiR GUARD provides a more efficient way to move data from edge to cloud. The steps are easy to understand: A.P.P.
  • Page 67 AiR GUARD Industrial IoT Cellular Smart Security Gateway rtu_1 – the data coms from Modbus/RTU slave of COM1. rtu_2 – the data coms from Modbus/RTU slave of COM2.
  • Page 68 AiR GUARD Industrial IoT Cellular Smart Security Gateway [Take Example] Below 3 figures shows sequency of data flow and rules files. Modbus Raw Data ➔ TagRule-MB_16.vsv ➔ json_MB_rtu.txt ➔ MQTT publish messages outlook Tag name called MB_watt is from tcp (LANAZS), and data type is UINT16 for data conversion. Device IP is 192.168.100.100, slave ID is 1, Func code 3, Holding register address is from 0 and 1 data length...

  • Page 69: Azsphere Port Setting

    AiR GUARD Industrial IoT Cellular Smart Security Gateway AZsphere Port Setting Set all related Azure Port parameters. After that, remember to Save & Apply for settings to take effect in AiR GUARD. Azure Sphere Info It shows current Sphere application firmware version.
  • Page 70 AiR GUARD Industrial IoT Cellular Smart Security Gateway Baud Rate support:...
  • Page 71 AiR GUARD Industrial IoT Cellular Smart Security Gateway AZS LAN Setting Set IP address to AZS LAN port of AiR GUARD. To fit communication with LAN port device under Sphere rule, the IP must be under 192.168.100.0/24 subnet.
  • Page 72 AiR GUARD Industrial IoT Cellular Smart Security Gateway Connected Edge LAN Device This refers to LAN device connected to AZS LAN port, regular devices are Modbus/TCP slave devices. The Edge device IP address is limited to 4 IP address: 192.168.100.100 ~ 192.168.100.103...

  • Page 73: Data Tag Protocol Setting

    Define data tag data protocol. Click Data Tag Protocol Setting to view an overview of current Protocol and Tags info. Configure protocol for how the AiR GUARD connects. Click the Edit button on Protocol page. There are 3 Protocol Modes supported Modbus to MQTT –...
  • Page 74 Default is 1883 Keep Alive Start to count 60 seconds after sending data. If no data transfer within 60 seconds, AiR GUARD will send a packet to the broker, if no response, the TCP connection will be closed SSL/TLS Encryption Enable or disable SSL/TLS Encryption and then you have to upload the CA certificate file.
  • Page 75 AiR GUARD Industrial IoT Cellular Smart Security Gateway Azure DPS, follows Azure IoT Hub DPS rule: Parameters Description Protocol Mode Select “Azure DPS” for Azure IoT Hub Device Provision Service Azure host name Copy from “Global device endpoint” of Azure IoT Hub DPS, default is: global.azure-devices-provisioning.net...
  • Page 76 AiR GUARD Industrial IoT Cellular Smart Security Gateway Azure Connection String Service, Follows Azure IoT Hub for Device rule: Parameters Description Protocol Mode Select “Azure Connection String Service” for Azure IoT Hub Azure host name Copy from “Hostname” of the Azure IoT Hub, overview such as: xxx.azure-devices.net...

  • Page 77: Data Tag Uplink Setting

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Data Tag Uplink Setting Define uplink JSON format off line, then upload the file. Decide what data stream to uplink to cloud in JSON format or add user-defined symbol. This text file can define constant names and any symbol. Just keep the reserved rule for Data Tag Engine, $tag_name$ and $TIME$.
  • Page 78 AiR GUARD Industrial IoT Cellular Smart Security Gateway An example for format file: Click UPLOAD...
  • Page 79 AiR GUARD Industrial IoT Cellular Smart Security Gateway Then click “SUBMIT”...

  • Page 80: Data Tag Rule Setting

    Data Tag Rule Setting Upload Modbus CSV file To get data from Modbus device, first upload Modbus device setting CSV file to AiR GUARD using Upload Modbus CSV. It will fetch Modbus data every 5 seconds. After clicking “UPLOAD”, tag information is shown...
  • Page 81 User can use $TagName$ in JSON format to retrieve correspond device value. TCP Timeout This field specifies how long the AiR GUARD will wait for a response before closing the TCP connection. SlaveID Modbus device ID Modbus IP Modbus device IP...

  • Page 82: Ca Certificate

    AiR GUARD Industrial IoT Cellular Smart Security Gateway CA Certificate This is for Data Tag Protocol if needed for Certificated files upload purpose.

  • Page 83: Modbus Log

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Modbus Log Shows the Modbus log sequency.

  • Page 84: Mqtt Log

    AiR GUARD Industrial IoT Cellular Smart Security Gateway MQTT Log Shows the MQTT operation sequence.

  • Page 85: Cloud Service

    EWFOTA Settings Azure Sphere (MT3620) will update firmware from Microsoft OTA (Over-the-Air) automatically. Use the following steps to enable EtherWAN firmware OTA mechanism “EWFOTA” automatically. Once EWFOTA function is enabled, it will follow the time configuration to update firmware automatically.

  • Page 86: Remote Service

    AiR GUARD Industrial IoT Cellular Smart Security Gateway 3.8 Remote Service Remote Service is for configuration for remote service, like MQTT Remote Service. RESTful Remote service does not need to be configured here. MQTT Remote Service Overview Click EDIT to configure MQTT released parameters.
  • Page 87 AiR GUARD Industrial IoT Cellular Smart Security Gateway Click UPLOAD for Certificated files upload. Certificate Status...

  • Page 88: Appendix

    AiR GUARD Industrial IoT Cellular Smart Security Gateway Appendix Specifications...
  • Page 89 AiR GUARD Industrial IoT Cellular Smart Security Gateway...

  • Page 90: Contact Information

    Tel: +886-2-6629-8986 E-mail: info@etherwan.com.tw EtherWAN has made a good faith effort to ensure the accuracy of the information in this document and disclaims the implied warranties of merchantability and fitness for a particular purpose, and makes no express warranties, except as may be stated in its written agreement with and for its customers.

Table of Contents