Download Print this page

Digi IX15 User Manual

Hide thumbs Also See for IX15:

User manual (810 pages)

,

User manual (955 pages)

page of 1144

/ 1144
Bookmarks

Advertisement

Quick Links

Download this manual

Digi IX15

Gateway

User Guide

Firmware version 25.2

Advertisement

Need help?

Need help?

Do you have a question about the IX15 and is the answer not in the manual?

Questions and answers

Summary of Contents for Digi IX15

Page 1 Digi IX15 Gateway User Guide Firmware version 25.2...
Page 2 A new banner notice has been added to the web UI and CLI to indicate when the configuration of a device is being managed by a template in Digi Remote Manager. This is useful so that configuration changes to that device are not made locally. If there are issues with the device,...
Page 3 Certain modems - Sierra EM9191 (Asia PAC) and EM7690 (worldwide) - have a lot of carrier-specific firmware images. Due to size constraints of the file system on the IX15, not all of these images could be included. Now you can choose the firmware bundle for your specific cellular modem.
Page 4 There's no need to know and/or specify the carrier because every firmware upgrade package includes all of the carrier images supported by Digi routers. The The modem firmware update is done using the modem firmware bundle ota CLI commands.
Page 5 Coming soon, data streams in Digi Remote Manager will be replaced with a comprehensive view about the status of your devices. What you see in the local Web UI or CLI is what you will see in Digi Remote Manager.
Page 6 System time synchronization for more information. New Device managed public key setting for WireGuard VPN: For server mode, enable the IX15 to generate a public and private key pair for a peer. See Configure the WireGuard VPN. New metrics views for the Watchdog service: View metrics in the local web UI or use the new CLI command.
Page 7 - Display information about the serial ports on the Dashboard. For more information about this release, see the blog post called, " Announcing the Latest Digi Software Solutions for DAL OS 24.3 Firmware" digi.com. Release of Digi IX15 firmware version 23.12:...
Page 8 For more information about this release, see Announcing the Latest Digi Software Solutions for DAL OS 23.12 Firmware and Digi Remote Manager digi.com. Release of DigiIX15 firmware version 23.9: October 2023 Register a device to DRM: Added a link to the Dashboard of the local web UI to register and add the device to Digi Remote Manager.
Page 9 2022 Updated the Linux kernel to version 5.19. The intelliFlow feature now integrates with Digi Remote Manager to provide aggregated insights and analytics for all Digi devices in your environment. Added an MQTT broker service, including support for: Multiple MQTT clients with unique topics and authentication credentials.
Page 10 Information in this document is subject to change without notice and does not represent a commitment on the part of Digi International. Digi provides this document “ as is,” without warranty of any kind, expressed or implied, including, but not limited to, the implied warranties of fitness or merchantability for a particular purpose.
Page 11 Contact us at +1 952.912.3444 or visit us at www.digi.com/support. Feedback To provide feedback on this document, email your comments to techcomm@digi.com Include the document title and part number (Digi IX15 Gateway User Guide, 90002400 L) in the subject line of your email. Digi IX15 Gateway User Guide...
Page 12 Contents Revision history—90002400 Digi IX15 Gateway User Guide Overview IX15 compatibility with S2C XBee devices Zigbee DigiMesh 802.15.4 Related documents DAL OS Vulnerability Patch Policy Safety instructions Safety instructions XBee adapter, gateways, and routers Инструкции за безопасност Sigurnosne upute Bezpečnostní instrukce...
Page 13 Get started Step 1: Requirements Step 2: Setup the hardware Step 3: Program an XBee profile Step 4: Join nodes to the IX15 network Step 5: Review your XBee network Next steps Digi IX15 hardware reference Digi IX15 features and specifications...
Page 14 Log out of the web interface Review the dashboard Use the local REST API to configure the IX15 device Use the GET method to return device configuration information Use the POST method to modify device configuration parameters and list arrays...
Page 15 Configure and update an XBee network What is an XBee profile? Manage XBee profiles Upload the XBee profile Apply XBee profiles Configure a sleeping network to work with the IX15 Export your network Bluetooth Low Energy Configure Bluetooth Low Energy IX15 BLE configurator...
Page 16 Installation and configuration process Digi Navigator features Install the Digi Navigator Configure RealPort on a Digi device from the Digi Navigator Install and configure RealPort on your computer Digi Navigator application features Advanced RealPort configuration without using the Digi Navigator...
Page 17 Configure the WireGuard VPN Services Allow remote access for web administration and SSH Configure the web administration service Configure SSH access Use SSH with key authentication Generating SSH key pairs Configure telnet access Configure DNS Show DNS server Digi IX15 Gateway User Guide...
Page 18 Example: Set the LTE connection indicator to flashing purple Register the application Refresh the application Unregister the application Set up the IX15 to automatically run your applications Configure scripts to run automatically Show script information Stop a script that is currently running...
Page 19 Terminal Access Controller Access-Control System Plus (TACACS+) TACACS+ user configuration TACACS+ server failover and fallback to local authentication Configure your IX15 device to use a TACACS+ server Remote Authentication Dial-In User Service (RADIUS) RADIUS user configuration RADIUS server failover and fallback to local configuration...
Page 20 Configure web filtering with manual DNS servers Verify your web filtering configuration Show web filter service information Containers Use Digi Remote Manager to deploy and run containers Use an automation to start the container Upload a new LXC container Configure a container...
Page 21 Use intelliFlow to display top data usage information Use intelliFlow to display data usage by host over time Configure NetFlow Probe File system The IX15 local file system Display directory contents Create a directory Display file contents Copy a file or directory...
Page 22 1039 modem puk unlock 1040 modem reset 1040 modem scan 1040 modem sim-slot 1040 modem sms send 1041 modem sms send-binary 1041 monitoring metrics upload 1041 monitoring 1042 monitoring metrics upload 1042 Digi IX15 Gateway User Guide...
Page 23 1053 show serial 1053 show surelink interface 1053 show surelink ipsec 1053 show surelink openvpn 1054 show surelink state 1054 show system 1054 show version 1054 show vrrp 1054 show web-filter 1055 show xbee 1055 Digi IX15 Gateway User Guide...
Page 24 View Event Logs 1078 Configure syslog servers 1080 Configure options for the event and system logs 1082 Configure an email notification for a system event 1087 Configure an SNMP trap for a system event 1088 Digi IX15 Gateway User Guide...
Page 25 1122 Get the IX15 IP 1125 A remote XBee is not listed in the IX15 network 1125 PyCharm FAQ: My IX15 is not listed in Digi Device Selector 1125 Digi IX15 regulatory and safety statements RF exposure statement 1128 FCC (USA) exposure notice...
Page 26 Japan (TELEC) 1130 Safety statements 1131 Digi IX15 Gateway Hazardous Locations information 1132 Special conditions for safe use 1132 Class I Division 2, Groups A,B,C,D Temperature Code: T4 1132 Special safety notes for wireless routers 1133 Product disposal instructions 1133...
Page 27 Digi IX15 Gateway User Guide The Digi IX15 is a rugged, secure and reliable LTE industrial router powered by an enhanced operating system that supports any utility or industrial application. This online guide helps site administrators configure and manage Digi IX15 devices. This guide assumes administrators are familiar with network basics, such as network terminology, architecture, interfaces, and related concepts.
Page 28 Digi has updated and ported our XBee firmware from the XBee/XBee-PRO (S2C) hardware based on the SiLabs EM357 SoC, to the Digi XBee 3 hardware based on the SiLabs EFR32 SoC. The Digi IX15 Gateway includes an XBee 3 device that can be configured to work with Zigbee, DigiMesh, or 802.15.4 networks.
Page 29 If using encryption, the IX15 should enable 128-bit key for AES Encryption—C8— to be over-the-air compatible with S2C devices. c. Synchronous sleep mode is not supported in XBee S2C. d. XBee S2C OTA firmware update from an IX15 is possible when S2C devices are within range of another S2C device. 802.15.4 a.
Page 30 0x44 - Closed Join Window 6. OTA firmware update process The radio serving up the firmware image can be either a Digi XBee 3 Zigbee 3.0 or XBee/XBee- PRO ZB (S2C). However, since the XBee/XBee-PRO ZB (S2C) requires that another XBee/XBee- PRO ZB (S2C) be a nearest neighbor to act as the updater node, there is some limitation as to how nodes can be updated in a mixed network.
Page 31 This restriction is alleviated on the XBee 3 and all 16 channels are available for use regardless of the variant. The CH parameter on the IX15 should be within 0x0C and 0x17 to guarantee communication. 2. Synchronized cyclic sleep XBee S2C DigiMesh devices lacked the hardware necessary to keep the network in sync over long periods of time, so no support was included.
Page 32 128-bit link key. 4. OTA firmware update process The radio serving up the firmware image can be either a Digi XBee 3 DigiMesh or XBee/XBee- PRO DM(S2C). However, since the XBee/XBee-PRO DM (S2C) requires that another XBee/XBee- PRO DM(S2C) be a nearest neighbor to act as the updater node, there is some limitation as to how nodes can be updated in a mixed network.
Page 33 This restriction is alleviated on the XBee 3 and all 16 channels are available for use regardless of the variant. The CH parameter on the IX15 needs to be within 0x0C and 0x17 to communicate. 2. Indirect messaging limitation SP determines the asynchronous cyclic sleep period, the same as S2C 802.15.4.
Page 34 Digi XBee 3 802.15.4 Migration Guide. Related documents This guide contains the information you need to start working with an IX15. For more detailed information on protocols and related libraries, see: XBee 3 802.15.4 RF Module User Guide XBee 3 DigiMesh RF Module User Guide...
Page 35 DAL OSVulnerability Patch Policy DAL OS Vulnerability Patch Policy Digi has created a vulnerability patch policy to document the guidelines and procedures we plan to take to identify, assess, and remediate security vulnerabilities in our DAL OS firmware integrated into Enterprise (EX), Industrial (IX) and Transportation routers (TX), device and serial servers (Connect EZ), console servers and USB-connected devices.
Page 36 Sicherheitshinweise Οδηγίες ασφ αλείας Biztonsági utasítások Istruzioni di sicurezza Drošības instrukcijas Saugos instrukcijos Sikkerhetsinstruksjoner Instrukcje bezpieczeństwa Instruções de segurança Instructiuni de siguranta Bezpečnostné inštrukcie Varnostna navodila Adaptador XBee, puertas de enlace y enrutadores Säkerhets instruktioner Digi IX15 Gateway User Guide...
Page 37 гаранция и могат да доведат до работа на шлюза или рутера извън регулаторното съответствие за дадена държава, което води до възможна незаконна работа на продукта. Използвайте стандартна ESD защита, когато работите с XBee адаптер, шлюз или рутер. Digi IX15 Gateway User Guide...
Page 38 Produkty XBee Adapter, Gateway nebo Router nebyly schváleny pro použití v (tento seznam není vyčerpávající): Digi IX15 Gateway User Guide...
Page 39 Brug dette produkt med de antenner, der er specificeret i brugervejledningerne til XBee Adapter, Gateway eller Router. Slutbrugeren skal fortælles, hvordan man fjerner strømmen fra XBee Adapter-, Gateway- eller Router-produktet eller placerer antennerne 20 cm fra mennesker eller dyr. Digi IX15 Gateway User Guide...
Page 40 XBee adapteris, lüüsis või ruuteris ei ole kasutaja poolt hooldatavaid komponente. Ärge eemaldage toote katet ega muutke lüüsi ega ruuterit mingil viisil. Muudatused võivad toote garantiist välja jätta ja põhjustada lüüsi või ruuteri toimimise väljaspool antud riigi regulatiivset vastavust, mis võib viia toote ebaseadusliku kasutamiseni. Digi IX15 Gateway User Guide...
Page 41 être utilisé pour les verrouillages dans des dispositifs critiques pour la sécurité tels que des machines ou des applications automobiles. Les produits XBee Adapter, Gateway ou Router n'ont pas été approuvés pour une utilisation dans (cette liste n'est pas exhaustive) : Digi IX15 Gateway User Guide...
Page 42 Verwenden Sie bei der Handhabung des XBee Adapter-, Gateway- oder Router-Produkts ESD- Schutz nach Industriestandard. Seien Sie vorsichtig bei der Handhabung, um elektrische Schäden an der Leiterplatte und den Komponenten zu vermeiden. Setzen Sie die Produkte XBee Adapter, Gateway oder Router weder Wasser noch Feuchtigkeit aus. Digi IX15 Gateway User Guide...
Page 43 Az XBee Adapter, Gateway vagy Router termékek működése nem garantálható a rádiókapcsolat miatt, ezért nem használhatók biztonsági szempontból kritikus eszközök, például gépek vagy autóipari alkalmazások reteszelésére. Az XBee Adapter, Gateway vagy Router termékek nem engedélyezettek a következő országokban való használatra (ez a lista nem teljes): Digi IX15 Gateway User Guide...
Page 44 Utilizzare questo prodotto con le antenne specificate nelle guide per l'utente del prodotto XBee Adapter, Gateway o Router. L'utente finale deve essere informato su come rimuovere l'alimentazione dal prodotto XBee Adapter, Gateway o Router o come posizionare le antenne a 20 cm da esseri umani o animali. Digi IX15 Gateway User Guide...
Page 45 Jokiu būdu nenuimkite gaminio dangtelių ir nekeiskite šliuzo ar maršrutizatoriaus. Dėl modifikacijų gaminiui gali būti netaikoma jokia garantija, o šliuzas arba maršruto parinktuvas gali veikti nesilaikant tam tikros šalies teisės aktų reikalavimų, o tai gali sukelti neteisėtą gaminio veikimą. Digi IX15 Gateway User Guide...
Page 46 łącze radiowe, dlatego nie należy ich używać do blokad w urządzeniach o krytycznym znaczeniu dla bezpieczeństwa, takich jak maszyny lub aplikacje motoryzacyjne. Produkty XBee Adapter, Gateway lub Router nie zostały zatwierdzone do użytku w (lista ta nie jest wyczerpująca): Digi IX15 Gateway User Guide...
Page 47 Use este produto com as antenas especificadas nos guias do usuário do produto Adaptador, Gateway ou Roteador XBee. O usuário final deve ser informado sobre como remover a energia do produto Adaptador, Gateway ou Roteador XBee ou localizar as antenas a 20 cm de humanos ou animais. Digi IX15 Gateway User Guide...
Page 48 Neodstraňujte kryty produktu ani žiadnym spôsobom neupravujte bránu ani smerovač. Úpravy môžu vyňať produkt zo záruky a môžu spôsobiť, že brána alebo smerovač bude fungovať mimo zákonných predpisov pre danú krajinu, čo môže viesť k možnej nezákonnej prevádzke produktu. Digi IX15 Gateway User Guide...
Page 49 XBee debido al enlace de radio y, por lo tanto, no deben usarse para enclavamientos en dispositivos críticos para la seguridad, como máquinas o aplicaciones automotrices. Los productos XBee Adapter, Gateway o Router no han sido aprobados para su uso en (esta lista no es exhaustiva): Digi IX15 Gateway User Guide...
Page 50 Utsätt inte XBee Adapter, Gateway eller Router-produkter för vatten eller fukt. Använd den här produkten med de antenner som specificeras i användarhandböckerna för XBee Adapter, Gateway eller Router. Slutanvändaren måste informeras om hur man kopplar bort strömmen från XBee Adapter, Digi IX15 Gateway User Guide...
Page 51 Safety instructions Säkerhets instruktioner Gateway eller Router-produkten eller hur man placerar antennerna 20 cm från människor eller djur. Digi IX15 Gateway User Guide...
Page 52 When you open the IX15 package, look for the following: Digi IX15 device The IX15 has a product label on the bottom of the device. The label includes product identification information and the default password assigned to the device. The IX15 also includes a terminal connector for the power supply installed in the power input.
Page 53 Included in IX15 Accessory kit (76002107)—the kit may be ordered separately. Laptop or personal computer Use an Ethernet cable to connect your IX15 to a laptop or PC. SIM card(s) If you intend to configure cellular WWAN access at this time, acquire SIM cards as needed.
Page 54 For high-vibration environments, apply a thin layer of dielectric grease to the SIM contacts. Note If the IX15 device is used in an environment with high vibration levels, SIM card contact fretting may cause unexpected SIM card failures. To protect the SIM cards, Digi strongly recommends that you apply a thin layer of dielectric grease to the SIM contacts prior to installing the SIM cards.
Page 55 After SIM cards are installed, replace the SIM slot cover. 2. Attach antennas Connect IX15-compatible cellular antennas to the WWAN1-1 and WWAN1-2 antenna connectors on the back of the device. Connect the RF antenna to the XBee antenna connector.
Page 56 3. Use an Ethernet cable to connect the IX15 ETH port to your PC. 4. Connect DC power and power on the IX15 device. The IX15 is intended to be powered by a certified power supply with output rated at either 12 VDC/0.75 A or 24 VDC/0.375 A minimum.
Page 57 Verify that the signal strength indicator on the front of the IX15 shows two or more bars. CAUTION! If your laptop or PC is connected to the ETH port on the IX15 and the IX15 has a cellular internet connection established, the laptop or PC will likely automatically switch from its Wi-Fi internet connection to its Ethernet port.
Page 58 Digi IX15 Quick start Step 4: Configure Note If your SIM card has an APN that is not recognized by the IX15 device, skip this step and configure the APN following the procedure in Cellular modem APNs. Step 4: Configure This section describes how to configure the device by using the local Web UI.
Page 59 Get started This section guides you through your first steps with the Digi IX15 Gateway. You will connect your hardware, program the IX15 XBee with a profile, and create an XBee network. Step 1: Requirements Step 2: Setup the hardware...
Page 60 These devices will be discovered and configured later using XCTU. Step 3: Program an XBee profile The IX15 comes with a set of default configuration settings, firmware version, and XBee protocol based on a Zigbee router profile. To update these configuration, you have to program an XBee profile.
Page 61 6. Check the XBee device that appears in the list and click Add to apply the XBee profile. Note If more than one XBee device appears in the list, the first one corresponds to the IX15. Select that one. 7. The new task appears in the Current XBee Update Tasks panel.
Page 62 Step 4: Join nodes to the IX15 network Now that you have the IX15 configured, you can add new XBee devices to the network. To do so, you have to configure the XBee devices that you connected to your computer in Setup the hardware.
Page 63 Python application development: Create a Python application using the Digi XBee PyCharm Plugin, build, and learn how to launch it in your IX15. XBee network management: Discover your XBee network, get information from nodes, update their firmware, and configure their settings.
Page 64 User authentication Firewall Remote device management: Remotely monitor and analyze multiple devices, manage their configuration, or update the entire system via the integrated Remote Manager support. You can also use Amazon AWS IoT Microsoft Azure. Digi IX15 Gateway User Guide...
Page 65 Digi IX15 hardware reference This chapter contains the following topics: Digi IX15 features and specifications IX15 accessories IX15 front and side views IX15 LEDs IX15 power supply requirements Power consumption Digi IX15 serial connector pinout Antenna specifications for the cellular modem...
Page 66 B1, B2, B4, B5, B6, B8, B19 2GEDGE / GPRS 850 / 900 / 1800 / 1900 MHz IX15 accessories When accessories are purchased with the IX15 device, the following are provided: Cellular antennas. Power supply. Ethernet cable. XBee antenna.
Page 67 SIMs are designed for extreme environments and are constructed of heavier-gauge materials and extended-temperature electronic components. IX15 LEDs The IX15 LEDs are located on the top front panel. During bootup, the front-panel LEDs light up in sequence to indicate boot progress. Digi IX15 Gateway User Guide...
Page 68 Device is ON and either Ethernet or Cellular networks are connecting. Indicates that a SIM is in use: No SIM is present Solid green SIM1 is active. Solid blue SIM 2 is active Solid red SIM failure. Digi IX15 Gateway User Guide...
Page 69 XBee interface is enabled but the XBee orange) Updating local XBee. service is not running. WARNING! DO NOT POWER OFF DURING UPDATE. Solid green Flashing yellow (or orange) XBee interface is enabled and XBee Updating a remote XBee. service is running. Digi IX15 Gateway User Guide...
Page 70 Cellular signal quality refers to the strength and reliability of the signal from a cellular network to the IX15. The quality of the signal is visually represented using LED bars on the front of the router: Digi IX15 Gateway User Guide...
Page 71 -99 < SNR <= -3, if we're connected to the cellular network, snr_bars=1, if not snr_bars=0 Once the values are determined, the IX15 router uses the lesser of the two ranges, which is then visually represented by the signal bars.
Page 72 IX15 power supply requirements IX15 is intended to be powered by a certified power supply with output between 12VDC/0.75 Amp to 24 VDC/0.375 Amp at 9 Watts minimum. The voltage tolerance supports +/- 10% (9 VDC to 30 VDC).
Page 73 Actual values will depend entirely upon individual setup and system application. Power consumption use cases The power consumption of the IX15 was evaluated in the following use cases: Power off mode Long-term power off state. In this mode, the power-on key can be asserted to start the device.
Page 74 Disconnecting the serial port loopback connector, all measures are reduced by 3-4 mA. Digi IX15 serial connector pinout The IX15 is a DTE device. The pinout for the 10 pin RJ-45 serial connector is as follows: RS485 half- Pin number...
Page 75 TxD/RxD- 10-pin serial cabling options Digi offers several cabling options for connecting a 10 pin RJ-45/RJ-50 serial port to DB9 and DB25 serial connectors. Digi recommends the RJ45/Bare Wire 48 inch cable, part number 76000723, which provides a customizable connector to connect EIA 422/485 Devices to Digi MEI products that have 10 pin RJ45 connectors.
Page 76 A QR code is printed on the label attached to the device and on the loose label included in the box with the device components. The QR code contains information about the device. QRcode items Semicolon separated list of: ProductName;DeviceID;Password;SerialNumber;SKUPartNumber-SKUPartRevision Example IX15;00000000-00000000-112233FF-FF445566;PW1234567890;50001001-00 Digi IX15 Gateway User Guide...
Page 77 Digi IX15 hardware setup This chapter contains the following topics: Install SIM cards Connect data cables Mount the IX15 device Digi IX15 Gateway User Guide...
Page 78 2. For high-vibration environments, apply a thin layer of dielectric grease to the SIM contacts. Note If the Digi IX15 Gateway device is used in an environment with high vibration levels, SIM card contact fretting may cause unexpected SIM card failures. To protect the SIM cards, Digi strongly recommends that you apply a thin layer of dielectric grease to the SIM contacts prior to installing the SIM cards.
Page 79 SIM removal The IX15 has a PUSH-PUSH SIM connector. To insert, push each SIM in until it clicks, and repeat for removal. When you push to eject, the SIM ejects back out about 1/8 inch. Tips for improving cellular signal strength...
Page 80 Mount the IX15 device Ethernet (RJ-45): Use a Cat 5e or Cat 6 Ethernet cable. Serial (RJ-45): Use a serial cable with an RJ45 connector to connect to the IX15 device. See 10-pin serial cabling options for information about Digi's 10-pin RJ-50 cables.
Page 81 Attach the DIN rail clip to the back of the device with the screws provided. b. Set the IX15 device onto a DIN rail and gently press until the clip snaps into the rail. 2. Attach the DIN rail clip to the bottom of the device: a.
Page 82 Digi IX15 hardware setup Mount the IX15 device b. Set the IX15 device onto a DIN rail and gently press until the clip snaps into the rail. WARNING! If being installed above head height on a wall or ceiling, ensure the device is fitted securely to avoid the risk of personal injury.
Page 83 Change the default password for the admin user Configuration methods Using Digi Remote Manager Access Digi Remote Manager Using the local web interface Review the dashboard Use the local REST API to configure the IX15 device Using the command line Digi IX15 Gateway User Guide...
Page 84 Firmware configuration Review IX15 default settings Review IX15 default settings You can review the default settings for your IX15 device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the IX15 WebUI as a user with Admin access. See Using the local web interface details.
Page 85 Flow control: None Primary Responder mode You can use the Primary Responder mode configuration setting to manually enable the IX15 device to be in an AT&T FirstNet-compliant mode (Primary Responder mode). When a device is in Primary Responder mode, certain firmware features are disabled. See...
Page 86 To enable Primary Responder mode: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. On the Dashboard, verify the current firmware version installed on the device. In the Device section, look at the Firmware Version field and verify that the version is 23.9.x or above.
Page 87 6. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 88 To change the default password for the admin user: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 89 5. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 90 Shows how to perform a task by using the command line interface. Using Digi Remote Manager By default, your IX15 device is configured to use Digi Remote Manager as its central management server. Devices must be registered with Remote Manager using one of the following options: As part of the getting started process.
Page 91 Using the local web interface To connect to the IX15 local Web UI: 1. Use an Ethernet cable to connect the IX15's ETH port to a laptop or PC. 2. Open a browser and go to 192.168.2.1. 3. Log into the device using a configured user name and password.
Page 92 Provides information about the signal strength and technology of the cellular modem(s). Digi Remote Displays the device connection status for Digi Remote Manager, the amount of time Manager the connection has been up, and the Digi Remote Manager device ID.
Page 93 Use the local REST API to configure the IX15 device Your IX15 device includes a REST API that can be used to return information about the device's configuration and to make modifications to the configuration. You can view the REST API specification from your web browser by opening the URL: https://ip-address/cgi-bin/config.cgi...
Page 94 Firmware configuration Use the local REST API to configure the IX15 device 2. At the command line, type config to enter configuration mode: > config (config)> 3. At the config prompt, type ?(question mark): (config)> ? auth Authentication cloud Central management...
Page 95 Firmware configuration Use the local REST API to configure the IX15 device "collapsed": { "acl.zone.0": "internal" "acl.zone.1": "edge" "acl.zone.2": "ipsec" "acl.zone.3": "setup" "enable": "true" "key": "" "mdns.enable": "true" "mdns.name": "" "mdns.type": "_ssh._tcp." "port": "22" "protocol.0": "tcp" You can also use the GET method to return the configuration parameters associated with an item: curl -k -u admin https://192.168.210.1/cgi-bin/config.cgi/keys/service/ssh -X GET...
Page 96 Firmware configuration Use the local REST API to configure the IX15 device Use the POST method to add itemsto a list array To add items to a list array, use the POST method with the path and append parameters. For example, to add the external firewall zone to the ssh service: $ curl -k -u admin "https://192.168.210.1/cgi-...
Page 97 Firmware configuration Use the local REST API to configure the IX15 device 2. Use the DELETE method to remove the external zone (list item 4). $ curl -k -u admin https://192.168.210.1/cgi-bin/config.cgi/value?path=service.ssh.acl.zone.4 -X DELETE Enter host password for user 'admin': { "ok": true }...
Page 98 Log in to the command line interface Command line 1. Connect to the IX15 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.
Page 99 Admin CLI s: Shell q: Quit Select access or quit [admin] : Type a or admin to access the IX15 command line. You will now be connected to the Admin CLI: Connecting now... Press Tab to autocomplete commands Press '?' for a list of commands and details...
Page 100 Log in to Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Remote Manager Configure multiple IX15 devices by using Digi Remote Manager configurations View Digi Remote Manager connection status Amazon AWS IoT...
Page 101 Prior to release 22.2.9.x, the default URL was my.devicecloud.com. If your Digi device is configured to use a non-default URL to connect to Remote Manager, updating the firmware will not change your configuration. However, if you erase the device's configuration, the Remote Manager URL will change to the default of edp12.devicecloud.com.
Page 102 HTTP proxy server support. To configure your device's Digi Remote Manager support: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 103 8. (Optional) For Speedtest server, type the name or IP address of the server to use to test the speed of the device's internet connection(s). 9. (Optional) For Retry interval, type the amount of time that the IX15 device should wait before reattempting to connect to remote cloud services after being disconnected. The default is 30 seconds.
Page 104 Within the US: 12029823370 International: 447537431797 d. (Optional) Type the Service identifier. 17. (Optional) Configure the IX15 device to communicate with remote cloud services via one of two methods: Pinhole or Proxy server. If using the Pinhole method, refer to the following If using the Proxy server method: a.
Page 105 18. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 106 (config)> cloud drm keep_alive 600s (config)> 7. (Optional) Set the amount of time that the IX15 device should wait between sending keep- alive messages to the Digi Remote Manager when using a cellular interface. Allowed values are from 30 seconds to two hours. The default is 290 seconds.
Page 107 Within the US: 12029823370 International: 447537431797 c. (Optional) Set the service identifier: (config)> cloud drm sms sercice_id id (config)> 15. (Optional) Configure the IX15 device to communicate with remote cloud services by using an HTTP proxy server: Digi IX15 Gateway User Guide...
Page 108 To disable the collection of device health data or enable it if it has been disabled, or to change the health sample interval: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 109 8. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 110 1, 5, 15, 30, or 60, and represents the number of minutes between uploads of health sample data. 5. By default, the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded. This is useful to reduce the bandwidth used to report health metrics.
Page 111 To change how often the event logs are uploaded to Digi Remote Manager: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 112 5. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 113 The device is capable of connecting through an HTTP proxy, such as Squid, but it is up to the network administrator to decide which HTTP proxy type to use. To enable a proxy server and enter the server and port in Digi Remote Manager, see step 17 in Configure your device for Digi Remote Manager support.
Page 114 If you opened a new browser tab/window to log in, you will see the default fleet Dashboard page. If you cannot remember your password, go to remotemanager.digi.com, type your username and then click Forgot username?. You will be asked to provide your email address associated with your user account.
Page 115 Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. From the menu, click Devices to display a list of your devices.
Page 116 4. For Digi Remote Manager Username, type your Remote Manager username. 5. For Digi Remote Manager Password, type your Remote Manager password. 6. For Digi Remote Manager Group (optional), type the group to which the device will be added, if needed.
Page 117 Remote Manager configurations. Typically, if you want to provision multiple IX15 routers: 1. Using the IX15 local WebUI, configure one IX15 router to use as the model configuration for all subsequent IX15s you need to manage.
Page 118 View Digi Remote Manager connection status To view the current Digi Remote Manager connection status from the local device: É 1. Log into the IX15 WebUI as a user with full Admin access rights. The dashboard includes a Digi Remote Manager status pane: Command line...
Page 119 Central management Amazon AWSIoT 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 120 PyCharm or manually, depending on the development framework used. To run the demos: 1. Use PyCharm and Digi’s XBee plugin and run the application as usual. The environment will detect the missing libraries and will automatically install the required libraries.
Page 121 64-bit address, node identifier, role, and so on. The IX15 network caches a list of known nodes that reflects the real XBee network. It adds new nodes to its network cache in these scenarios: When any kind of communication occurs between any remote node in the network and the IX15.
Page 122 XBee nodes from the CLI. Discover the XBee network Nodes that appear in the Network Manager list are known to the IX15. The list accumulates known network nodes over time. To find new nodes, you can perform: Periodic active network discovery—configured.
Page 123 Manage an XBee network Discover the XBee network Log into the IX15 WebUI as a user with full Admin access rights. 1. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window displays. Digi IX15 Gateway User Guide...
Page 124 Allowed values are any number of minutes, or seconds, and take the format number{m|s}. For example, to set Time between requests to five minutes, enter 5m or 300s. The minimum value is 20 seconds and the maximum is 10 minutes. The default is 2 minutes. Digi IX15 Gateway User Guide...
Page 125 7. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 126 (config)> config xbee active_discovery time_between_scans 120m (config)> 6. Set the amount of time the IX15 should wait between node requests to ask for neighbors. Allowed values are from 20 seconds to 10 minutes. The default is 2 minutes. (config)> config xbee active_discovery time_between_requests <time>...
Page 127 XCTU User Guide. Manage XBee profiles The Profile Manager page allows you to manage the XBee profiles stored in the IX15. You can upload, download, and delete profiles. For each profile, it also shows whether it contains settings, firmware, and filesystem updates.
Page 128 XBee. The Profile Manager shows whether those contents are included or not for each available profile. Upload the XBee profile Once you create the desired XBee profile, follow these steps to upload it to the IX15: 1. Open the IX15 WebUI and login. 2. On the top menu, click XBee.
Page 129 IX15, can send messages to the end device. Short sleep: nodes that sleep less than 30 seconds They can receive data transmissions at any time since their parents buffer data long enough for the end devices to wake and poll to receive the data.
Page 130 From MicroPython, transmit any data to the IX15 when it wakes up. Any other intelligence that sends anything when the node wakes up. 2. Must stay awake to provide other nodes, including the IX15, with enough time to send messages to the end device.
Page 131 Manage an XBee network Export your network 2. Must stay awake to provide other nodes, including the IX15, with enough time to send messages to the end device. For cyclic sleep end devices (SM = 4, SM = 5) a. Configure SO to wake for the full ST time.
Page 132 XBee protocol + Bluetooth Low Energy (BLE). For example, you can use your cellphone to connect to the XBee device of the IX15, and then from your phone, interact with the IX15 using the XBee Python API.
Page 133 Bluetooth Low Energy Configure Bluetooth Low Energy Log into the IX15 WebUI as a user with full Admin access rights. 1. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window displays. Digi IX15 Gateway User Guide...
Page 134 8. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 135 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX15 BLE configurator The IX15 can be configured via Bluetooth. To do so: 1. Enable Bluetooth and CLI over Bluetooth options. See Configure Bluetooth Low Energy.
Page 136 Verify BLEconnectivity Verify BLE connectivity You can use the Digi XBee Mobile application to verify that BLE is enabled and working on your IX15. 1. Download and install the Digi XBee Mobile application in your phone. 2. Open the Digi XBee Mobile application. The Find XBee devices screen appears and the app automatically begins scanning for devices.
Page 137 Power management Most of the time the IX15 will be powered by a plug in the wall so power consumption might not be a problem. However, if you plan to power your device with batteries you must consider power saving.
Page 138 You can also disable the IX15's LEDs to save power and reduce light pollution. To change the active power profile: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 139 6. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 140 Suspend mode is a special state where the CPU, most of the RAM, and most of the digital peripherals are powered off to save as much power as possible. The IX15 is able to enter suspend mode on demand to reduce power consumption to the minimum when no operation is required during a certain time.
Page 141 Power management Suspend mode Log into the IX15 WebUI as a user with full Admin access rights. 1. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window displays. Digi IX15 Gateway User Guide...
Page 142 5. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 143 Enter suspend mode You can command the IX15 to enter suspend mode at any time using the CLI interface. To do so: 1. Connect to the IX15 CLI by using a serial connection, SSH, or the Terminal in the WebUI.
Page 144 Power management Suspend mode Log into the IX15 WebUI as a user with full Admin access rights. 1. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window displays. Digi IX15 Gateway User Guide...
Page 145 4. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 146 Power management Suspend mode modem: Turn on this setting to disable the modem interface when the IX15 enters suspend mode. By default none is disabled on suspend. 4. Save the configuration and apply the change: (config)> save Configuration saved. >...
Page 147 Interfaces Digi IX15 Gateway devices have several physical communications interfaces. These interfaces can be bridged in a Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Wireless Wide Area Networks (WWANs)
Page 148 Problems can occur beyond the immediate modem connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the IX15 device to detect that the modem has failed, because the connection continues to work while the core problem exists somewhere else in the network.
Page 149 Reboot Device with other SureLink recovery actions, it should be the last action in the recovery action list. Otherwise, the device will reboot and all recovery actions listed after the Reboot Device action will be ignored. To configure the IX15 device to regularly probe connections through the WWAN: É Digi IX15 Gateway User Guide...
Page 150 Interfaces Wireless Wide Area Networks (WWANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 151 DNS server: The IP address of the DNS server. HTTP test: Uses HTTP(s) GET requests to determine connectivity to the configured web server. If HTTP test is selected, complete the following: Web server: The URL of the web server. Digi IX15 Gateway User Guide...
Page 152 Up: The test will pass only if the referenced interface is up and passing its own SureLink tests (if applicable). Down: The test will pass only if the referenced interface is down or failing its own SureLink tests (if applicable). e. Repeat for each additional test. Digi IX15 Gateway User Guide...
Page 153 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Digi IX15 Gateway User Guide...
Page 154 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Delayed start to ten minutes, enter 10m or 600s. The default is 300 seconds. Digi IX15 Gateway User Guide...
Page 155 13. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 156 (config network interface my_wwan ipsec tunnel ipsec_example surelink tests 1)> ping_size int (config network interface my_wwan surelink tests 1)> dns: Performs a DNS query to the named DNS server. If dns is set, set the IPv4 or IPv6 address of the DNS server: Digi IX15 Gateway User Guide...
Page 157 For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config network interface my_wwan surelink tests 1)> interface_timeout 600s (config)> custom_test: Tests the interface with custom commands. If custom_test is set, set the commands to run to perform the test: Digi IX15 Gateway User Guide...
Page 158 The test will pass only if the referenced interface is up and passing its own SureLink tests (if applicable). down: The test will pass only if the referenced interface is down or failing its own SureLink tests (if applicable). Digi IX15 Gateway User Guide...
Page 159 (config network interface my_wwan surelink actions 0)> The default is 100. Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. Digi IX15 Gateway User Guide...
Page 160 Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. (config network interface my_wwan surelink actions 0)> override_interval int (config network interface my_wwan surelink actions 0)> modem_power_cycle. Digi IX15 Gateway User Guide...
Page 161 Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. (config network interface my_wwan surelink actions 0)> override_interval int (config network interface my_wwan surelink actions 0)> Digi IX15 Gateway User Guide...
Page 162 (config)> network interface my_wan surelink timeout 600s (config)> The default is 15s. f. Set the amount of time to wait while the device is starting before SureLink testing begins. This setting is bypassed when the interface is determined to be up. Digi IX15 Gateway User Guide...
Page 163 Type quit to disconnect from the device. Configure the device to reboot when a failure is detected Using SureLink, you can configure the IX15 device to reboot when it has determined that an interface has failed. Digi IX15 Gateway User Guide...
Page 164 To configure the IX15 device to reboot when an interface has failed: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 165 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. 10. Click to expand Tests. Digi IX15 Gateway User Guide...
Page 166 Down time: The amount of time that the interface is down before the test can be considered to have failed. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. Digi IX15 Gateway User Guide...
Page 167 Click to expand Recovery actions. By default, there are two preconfigured recovery actions: Update routing: Uses the Change default gateway action, which increases the interface's metric by 100 to change the default gateway. Restart interface. b. Click g . Digi IX15 Gateway User Guide...
Page 168 If set to the default value of 0s, the Test interval is used. Reboot device. If Reboot device is selected, complete the following: SureLink test failures: The number of failures for this recovery action to perform, before moving to the next recovery action. Digi IX15 Gateway User Guide...
Page 169 13. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 170 (config network interface my_wwan surelink tests 1)> ipv6 true (config network interface my_wwan surelink tests 1)> e. Set the test type: (config network interface my_wwan surelink tests 1)> test value (config network interface my_wwan surelink tests 1)> where value is one of: Digi IX15 Gateway User Guide...
Page 171 Failing this test infers that all other tests fail. If interface_up is set, complete the following: Set the amount of time that the interface is down before the test can be considered to have failed. Digi IX15 Gateway User Guide...
Page 172 Set the TCP port to create a TCP connection to. (config network interface my_wwan surelink tests 1)> tcp_port port (config network interface my_wwan surelink tests 1)> other: Tests the status of another interface. If other is selected, complete the following: Digi IX15 Gateway User Guide...
Page 173 (config network interface my_wwan surelink actions 0)> enable false (config network interface my_wwan surelink actions 0)> d. Create a label for the action: (config network interface my_wwan surelink actions 0)> label string (config network interface my_wwan surelink actions 0)> Digi IX15 Gateway User Guide...
Page 174 Set the number of times that the test must pass after failure, before the interface is determined to be working and is reinstated. (config)> network interface my_wwan surelink pass_threshold int (config)> The default is 1. Digi IX15 Gateway User Guide...
Page 175 The default is 8.8.8.8, and should only be changed if this IP address is not accessible due to networking issues. To set to an alternate host: (config)> network interface my_wwan surelink advanced interface_gateway hostname/IP_ address (config)> Digi IX15 Gateway User Guide...
Page 176 SureLink to disable the DNS test and use one or more other tests. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 177 7. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 178 Interfaces Wireless Wide Area Networks (WWANs) É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 179 Down time: The amount of time that the interface is down before the test can be considered to have failed. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Down time to ten minutes, enter 10m or 600s. Digi IX15 Gateway User Guide...
Page 180 13. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 181 If set, an initial traceroute is sent to the hostname or IP address configured in the SureLink advanced settings, and then the first hop in that route is used for the ping test. interface_address. interface_dns: The interface's DNS server. Digi IX15 Gateway User Guide...
Page 182 (config network interface my_wan surelink tests 1)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interface_timeout to ten minutes, enter either 10m or 600s: Digi IX15 Gateway User Guide...
Page 183 The IPv6 connection must be up. The status required for the test to past. (config network interface my_wan surelink tests 1)> other_status value (config network interface my_wan surelink tests 1)> where value is one of: Digi IX15 Gateway User Guide...
Page 184 Typically, you configure SIM1 of the cellular modem as the primary cellular interface, and SIM2 as the backup cellular interface. In this way, if the IX15 device cannot connect to the network using SIM1, it automatically fails over to SIM2. IX15 devices automatically use the correct cellular module firmware for each carrier when switching SIMs.
Page 185 Interfaces Wireless Wide Area Networks (WWANs) To configure the modem: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 186 All technologies to configure the modem to use the best available technology. The default is All technologies. 13. For Antennas, select whether the modem should use the main antenna, the auxiliary antenna, or both the main and auxiliary antennas. Digi IX15 Gateway User Guide...
Page 187 15. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 188 SIM, the modem will attempt to reconnect to the SIM in the preferred SIM slot. The default is none. 7. To set the preferred SIM slot check schedule: (config)> network modem modem sim_slot_preference_ value Digi IX15 Gateway User Guide...
Page 189 11. Set the type of cellular technology that this modem should use to access the cellular network: (config)> network modem modem access_tech value (config)> Available options for value vary depending on the modem type. To determine available options: Digi IX15 Gateway User Guide...
Page 190 IX15. The order of the APNs for a specific carrier in these text files corresponds to the order in which the IX15 will try those APNS until it makes a successful connection. After the device has successfully connected, it will remember the correct APN.
Page 191 Wireless Wide Area Networks (WWANs) Configure cellular modem A PNs To configure the APN: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 192 5. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 193 (config)> network interface modem modem apn 0 username name (config)> network interface modem modem apn 0 password pwd (config)> The default is none. 8. Disable Lightweight M2M support if you are using an AT&T SIM that does not support AT&T lightweight M2M: Digi IX15 Gateway User Guide...
Page 194 The modem status window is displayed Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 195 IPv6 MTU : 1500 TX bytes : 127941 RX bytes : 61026 Uptime : 10 hrs, 56 mins (39360s) SIM Slot SIM Status : ready IMSI : 61582122197895 ICCID : 26587628655003992180 SIM Provider : AT&T Digi IX15 Gateway User Guide...
Page 196 Command line To unlock a SIM card: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 197 To run AT commands from the IX15 command line: Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 198 APNs, and then use routing roles to forward traffic to the appropriate WWAN interface. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. Digi IX15 Gateway User Guide...
Page 199 Wireless Wide Area Networks (WWANs) 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
Page 200 Configure the source address: i. Click to expand Source address. ii. For Type, select IPv4 address. iii. For Address, type 192.168.2.101. f. Configure the destination address: i. Click to expand Destination address. ii. For Type, select Interface. Digi IX15 Gateway User Guide...
Page 201 6. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 202 (config)> add network route policy end (config network route policy 0)> b. Set the label that will be used to identify this route policy: (config network route policy 0)> label "Route through private apn" (config network route policy 0)> Digi IX15 Gateway User Guide...
Page 203 The interface type: Modem. The firewall zone: External. The cellular modem that is used by the WWAN. Additional configuration items SIM selection for this WWAN. The SIM PIN. The SIM phone number for SMS connections. Digi IX15 Gateway User Guide...
Page 204 Configure SureLink active recovery to detect modem failures for further information. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 205 If Carrier is selected, for Match SIM carrier, select which cellular carrier must be in active for this WWAN to be used. If PLMN identifier is selected, for Match PLMN identifier, type the PLMN id that must be in active for this WWAN to be used. Digi IX15 Gateway User Guide...
Page 206 Reset modem: The device will reset the modem if automatic SIM switching is unavailable. Reboot device: The device will reboot if automatic SIM switching is unavailable. 13. For APN Selection, select whether you want to configure the IX15 to use the preconfigured APNs, custom APNs, or both. See Cellular modem APNs for information and instructions for setting an APN.
Page 207 IPv4 support is Enabled by default. Click to disable. c. Set the Type. Static IP address - Digi device obtains the static IP address from the cellular network. DHCP address - Digi device obtains IP address through a DHCP server on the cellular network.
Page 208 Interfaces Wireless Wide Area Networks (WWANs) 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 209 (config network interface my_wwan)> modem imsi IMSI (config network interface my_wwan)> plmn_id Set the PLMN id that must be in active for this WWAN to be used: (config network interface my_wwan)> modem plmn_id PLMN_ID (config network interface my_wwan)> Digi IX15 Gateway User Guide...
Page 210 (config network interface my_wwan)> modem operator_technology value (config network interface my_wwan)> where value is one of: all: The best available technology will be used. 2G: Only 2Gtechnology will be used. 3G: Only 3Gtechnology will be used. Digi IX15 Gateway User Guide...
Page 211 The device will reboot if automatic SIM switching is unavailable. 12. (Optional) To configure the device to use either the preconfigured APNs, custom APNs, or both: (config)> network interface modem modem apn_selection value (config)> Where value is one of the following: apn_list_only both_lists built-in-list-only Digi IX15 Gateway User Guide...
Page 212 Where value is one of: static: Digi device obtains the static IP address from the cellular network. dhcp: Digi device obtains IP address via a DHCP server on the cellular network. c. Set the MTU: (config network interface my_wwan)> ipv4 mtu num (config network interface my_wwan)>...
Page 213 Where value is one of: static: Digi device obtains the static IP address from the cellular network. dhcp: Digi device obtains IP address via a DHCP server on the cellular network. c. Set the MTU: (config network interface my_wwan)> ipv4 mtu num (config network interface my_wwan)>...
Page 214 2. Under Networking, click Interfaces. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 215 IPv6 DNS Server(s) : fd00:244::1, fe80::234:f3f4:fe0e:4320 > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 216 Follow this procedure to delete any WANs and WWANs that have been added to the system. You cannot delete the preconfigured WAN, ETH1, or the preconfigured WWAN, Modem. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 217 Additional IPv4 configuration: The type being the way to control how the modem in the Digi device obtains an IP address from the cellular network. The metric for IPv4 routes associated with the WAN. The relative weight for IPv4 routes associated with the WAN.
Page 218 MAC address denylist and allowlist. To create a new WAN or edit an existing WAN: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 219 7. For Device, select an Ethernet device. 8. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The IX15 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication.
Page 220 Never: Never use DNS servers for this interface. h. Enable DHCP Hostname to instruct the IX15 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
Page 221 13. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 222 Never use DNS servers for this interface. iii. Enable DHCP Hostname to instruct the IX15 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
Page 223 Modify any of the remaining default settings as appropriate. e. (Optional) To assign a static address to a network interface: >config (config)> network interfacemy_wan ipv6 static ? Static address: IPv6 static address. Parameters Current value ---------------------------------------------------------------------- address Address enable false Enable Digi IX15 Gateway User Guide...
Page 224 (config)> 8. (Optional) To configure 802.1x port based network access control: Note The IX15 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the IX15 device: (config network interface my_wan)> 802_1x authentication enable true (config network interface my_wan)>...
Page 225 (config network interface my_wan)> save Configuration saved. > 13. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 226 Interfaces Local Area Networks (LANs) Local Area Networks (LANs) The IX15 device is preconfigured with the following Local Area Networks (LANs): Interface type Preconfigured interfaces Devices Default configuration Local Area Ethernet: Firewall zone: Network Internal (LAN) IP Address: 192.168.2.1/24 DHCP server...
Page 227 You can modify configuration settings for ETH, and you can create new LANs. This section contains the following topics: About Local Area Networks (LANs) Configure a LAN Change the default LAN subnet Change the LAN address type Show LAN status and statistics Delete a LAN DHCP servers Digi IX15 Gateway User Guide...
Page 228 Setup IP address and subnet of LAN1. A dditional configuration items Additional IPv4 configuration: The type being the way to control how the modem in the Digi device obtains an IP address from the cellular network. The metric for IPv4 routes associated with the LAN.
Page 229 MAC address denylist and allowlist. To create a new LAN or edit an existing LAN: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 230 7. For Device, select an Ethernet device. 8. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The IX15 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication.
Page 231 14. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 232 Set the IPv4 address and subnet of the LAN interface. Use the format IPv4_ address/netmask, for example, 192.168.2.1/24. (config network interface my_lan)> ipv4 address ip_address/netmask (config network interface my_lan)> b. Optional IPv4 configuration items: Digi IX15 Gateway User Guide...
Page 233 Prefix length type prefix_delegation Type weight Weight Additional Configuration ------------------------------------------------------------------------------- connection_monitor Active recovery dhcpv6_server DHCPv6 server (config network interface my_lan)> View default settings for the IPv6 DHCP server: (config network interface my_lan)> ipv6 dhcpv6_server ? Digi IX15 Gateway User Guide...
Page 234 (config)> 8. (Optional) To configure 802.1x port based network access control: Note The IX15 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the IX15 device: (config network interface my_lan)> 802_1x authentication enable true (config network interface my_lan)>...
Page 235 DHCP server range will also change to the range of the LAN subnet. To change the LAN subnet: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 236 By default, the LAN interface uses a static IP address. To configure it to use a DHCP address instead: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights.
Page 237 5. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 238 2. Under Networking, click Interfaces. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 239 Follow this procedure to delete any LANs that have been added to the system. You cannot delete the preconfigured LAN, LAN1. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 240 3. Click Network > Interfaces. 4. Click the menu icon (...) next to the name of the LAN to be deleted and select Delete. 5. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...
Page 241 Local Area Networks (LANs) Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 242 Map static IP addresses to hosts for information about static leases. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 243 For Gateway, select either: None: No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. Automatic: Broadcasts the IX15 device's gateway. Custom: Allows you to identify the IP address of a Custom gateway to be broadcast.
Page 244 12. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 245 No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. auto: Broadcasts the IX15 device's gateway. custom: Allows you to identify the IP address of a custom gateway to be broadcast: (config)>...
Page 246 (config)> where value is one of: none: No server is broadcast. auto: Broadcasts the IX15 device's server. custom: Allows you to identify the IP address of the server. For example: (config)> network interface my_lan ipv4 dhcp_server advanced primary_dns_custom ip_ address (config)>...
Page 247 A label for this instance of the static lease. To map static IP addresses: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 248 11. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 249 2. Under Networking, click DHCP Leases. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 250 Delete static IP mapping entries To delete a static IP entry: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 251 7. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 252 Required configuration items DHCP option number. Value for the DHCP option. A dditional configuration items The data type of the value. Force the option to be sent to the DHCP clients. A label for the custom option. Digi IX15 Gateway User Guide...
Page 253 Interfaces Local Area Networks (LANs) É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 254 If the incorrect data type is selected, the device will send the value as a string. (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> datatype value (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> where value is one of: 1byte 2byte 4byte ipv4 Digi IX15 Gateway User Guide...
Page 255 A dditional configuration items IP address of additional DHCP relay servers. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 256 10. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 257 2. Under Networking, click DHCP Leases. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 258 VLAN, which isolates networks from one another, even though they run over the same physical network. Your IX15 device supports two VLANs modes: Trunking: Supports multiple VLANs per Ethernet port, which enables you to extend your VLAN across multiple switches through your entire network.
Page 259 The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. To create a VLAN: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 260 Required configuration items Device to be assigned to the VLAN. The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. To create a VLAN using switchport mode: Digi IX15 Gateway User Guide...
Page 261 Interfaces Virtual LANs (VLANs) É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 262 Virtual LANs (VLANs) Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 263 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 264 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 265 Interfaces Show SureLink status and statistics 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 266 Interfaces Show SureLink status and statistics 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 267 Serial port IX15 devices have a single serial port that provides access to different features, depending on the serial port mode selection. Default serial port configuration You can review the default serial port configuration for your device. Serial mode options You can choose a serial mode option for each serial port, depending on the feature that you want to use.
Page 268 To change the configuration to match the serial configuration of the device to which you want to connect: É 1. Log into the IX15 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed.
Page 269 8. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 270 (config)> serial port1 flow value (config)> where value is one of: none rts/cts xon/xoff 11. Configure serial port logging: a. Enable serial port logging: (config)>serial port1 logging enable true (config)> b. Set the file name: Digi IX15 Gateway User Guide...
Page 271 Remote Access mode allows for remote access to another device that is connected to the serial port. To change the configuration to match the serial configuration of the device to which you want to connect: É Digi IX15 Gateway User Guide...
Page 272 Serial port Configure Remote Access mode for a serial port 1. Log into the IX15 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed.
Page 273 Click to expand Access Control List. For example, to set the Access Control List for the SSH connection for serial port 1, click to expand Serial > Port 1 > SSH connection > Access Control List: Digi IX15 Gateway User Guide...
Page 274 To limit access to hosts connected through a specified interface on the device: i. Click Interfaces. ii. For Add Interface, click g . iii. For Interface, select the appropriate interface from the dropdown. iv. Click gagain to allow access through additional interfaces. Digi IX15 Gateway User Guide...
Page 275 For History size, type or select the number of bytes of output from the serial port that are written to buffer. These bytes are redisplayed when a user connects to the serial port. The default is 4000 bytes. Digi IX15 Gateway User Guide...
Page 276 13. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 277 (config)>serial port1 escape string (config) If no characters are defined, the escape sequence is disabled. The default is ~b. b. Limit access to the serial port to a single active session: (config)>serial port1 exclusive true (config) Digi IX15 Gateway User Guide...
Page 278 Enable autoconnect: (config)>serial port1 autoconnect enable true (config)> b. Set the option that will trigger the connection: (config)>serial port1 autoconnect trigger value (config)> where value is one of: always data destination match If match is selected: Digi IX15 Gateway User Guide...
Page 279 (config)>serial port1 autoconnect port int (config)> where int is any integer between 1 and 65535. f. To enable TCP keepalive: (config)>serial port1 autoconnect keepalive true (config)> g. To enable TCP nodelay: (config)>serial port1 autoconnect nodely true (config)> Digi IX15 Gateway User Guide...
Page 280 (config)>serial port1 service ssh port int (config)> where int is any integer between 1 and 65535. The default is 3001. iii. Enable TCP keep-alive messages: (config)>serial port1 service ssh keepalive true (config)> iv. Enable TCP nodelay messages: Digi IX15 Gateway User Guide...
Page 281 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX15 device: (config)> add serial port1 service ssh acl interface end value (config)>...
Page 282 Set the port to be used for ssh communications: (config)>serial port1 service tcp port int (config)> where int is any integer between 1 and 65535. The default is 4001. iii. Enable TCP keep-alive messages: Digi IX15 Gateway User Guide...
Page 283 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX15 device: (config)> add serial port1 service tcp acl interface end value (config)>...
Page 284 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration ------------------------------------------------------------------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. vii. (Optional) Enable Multicast DNS (mDNS): Digi IX15 Gateway User Guide...
Page 285 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX15 device: Digi IX15 Gateway User Guide...
Page 286 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration ------------------------------------------------------------------------------- dynamic_routes edge external internal ipsec loopback setup Digi IX15 Gateway User Guide...
Page 287 Log the time at which date was received or transmitted: (config)>serial port1 logging hex true (config)> f. Log data as hexadecimal values: (config)>serial port1 logging timestamp true (config)> 17. Save the configuration and apply the change. (config)> save Configuration saved. > Digi IX15 Gateway User Guide...
Page 288 To change the configuration to match the serial configuration of the device to which you want to connect: É 1. Log into the IX15 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed.
Page 289 To change the configuration to match the serial configuration of the device to which you want to connect: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 290 This feature is disabled by default. 14. For Zone, select the firewall zone for this interface. This can be used by packet filtering rules and access control lists to restrict network traffic on this interface. Digi IX15 Gateway User Guide...
Page 291 # Read input from the serial port, one line at a time. while read -r line; do case "$line" in ATDT123) echo "CONNECT" # instruct the peer to start PPP exit 0 # start up the local PPP session Digi IX15 Gateway User Guide...
Page 292 18. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 293 13. Set the priority of routes associated with this interface. If there are multiple active routes that match a destination, then the route with the lowest metric will be used. (config)> serial port1 ppp_dialin metric int (config)> The default is 10. Digi IX15 Gateway User Guide...
Page 294 (config)> serial port1 ppp_dialin custom config_file data (config)> where data are one or more pppd command line options. Because the options are passed directly to the pppd command line, they should all be entered on a single line. For example: Digi IX15 Gateway User Guide...
Page 295 17. Save the configuration and apply the change. (config)> save Configuration saved. > 18. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 296 To change the configuration to match the serial configuration of the device to which you want to connect: É 1. Log into the IX15 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed.
Page 297 Click Strip End Pattern if you want to remove the end pattern from the packet before it is sent. 8. Expand UDP Serial Settings. a. For Local port, enter the UDP port. The default is 4001 or serial port 1, 4002 for serial port 2, etc. Digi IX15 Gateway User Guide...
Page 298 For Destinations, you can configure the remote sites to which you want to send data. If you do not specify any destinations, the IX15 sends new data from the last IP address and port from which data was received. To add a destination: i.
Page 299 To limit access to specified IPv6 addresses and networks: i. Click IPv6 Addresses. ii. For Add Address, click g . iii. For Address, enter the IPv6 address or network that can access the device's service-type. Allowed values are: Digi IX15 Gateway User Guide...
Page 300 10. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 301 9. Set the stop bits used by the device to which you want to connect: (config)>serial port1 label stopbits bits (config)> 10. Set the type of flow control used by the device to which you want to connect: (config)>serial port1 label flow type (config) Digi IX15 Gateway User Guide...
Page 302 (config)> 14. Configure the remote sites to which you want to send data. If you do not specify any destinations, the IX15 send new data to the last hostname and port from which data was received. To add a destination:...
Page 303 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX15 device: Digi IX15 Gateway User Guide...
Page 304 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration ------------------------------------------------------------------------------- dynamic_routes edge external internal ipsec loopback setup Digi IX15 Gateway User Guide...
Page 305 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX15 device: (config)> add serial port1 udp acl interface end value (config)>...
Page 306 (config)>serial port1 logging size value (config)> where value is the size of the log file in bytes. The default is 65536. d. Specify the data type: (config)>serial port1 logging type value (config)> where value is one of: Digi IX15 Gateway User Guide...
Page 307 To change the configuration to match the serial configuration of the device to which you want to connect: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 308 Verbose: Result codes are displayed in English, for example: OK, ERROR, CONNECT. This is the default. 17. (Optional) Click to expand Phonebook and create dial strings that can be used to connect to remote servers. Digi IX15 Gateway User Guide...
Page 309 Click Zones. By default, there are three firewall zones already configured: Internal, Edge, and IPsec. ii. For Add Zone, click g . iii. For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. Digi IX15 Gateway User Guide...
Page 310 To change the configuration to match the serial configuration of the device to which you want to connect: É 1. Log into the IX15 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed.
Page 311 7. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 312 10. Set the type of flow control used by the device to which you want to connect: (config)> serial port1 flow value (config)> where value is one of: none rts/cts xon/xoff 11. Save the configuration and apply the change. (config)> save Configuration saved. > Digi IX15 Gateway User Guide...
Page 313 Digi Navigator installation The Digi Navigator can only be installed on a computer with a Windows OS. If you are using Linux, you can manually install and configure RealPort without Digi Navigator. For the Linux installation process, refer to the Get started: Install RealPort for LINUX in the RealPort Installation User's Guide.
Page 314 The Digi Navigator application can also be downloaded from your device's product support page. 2. Scroll down to the Product Resources tab, and in the Drivers & Patches section, click Digi Navigator. 3. From the list box, select the appropriate Microsoft Windows option from the list of driver options.
Page 315 You can leave the installation location as the default, or click Browse to select a different location. 8. Click Next. The Select Additional Tasks page displays. If you want to create a shortcut for the Digi Navigator, select the Create a desktop shortcut option. 9. Click Next. The Ready to Install page displays.
Page 316 Configure RealPort on a Digi device from the Digi Navigator You can configure the IX15 to communicate with your computer using RealPort. In this step, you can select which serial ports on the device should be set to RealPort mode, and the RealPort service is enabled for the device.
Page 317 You can also manually install and configure RealPort on your computer. See Advanced RealPort configuration without using the Digi Navigator. 1. Make sure the IX15 is powered and connected your local network or computer with an Ethernet cable. 2. Launch the Digi Navigator. 3. A list of the devices you have manually added displays.
Page 318 13. (Optional) After RealPort configuration on your laptop is complete, you can open the Windows Properties dialog for your computer. a. Launch the Digi Navigator if it is not currently open. A list of devices that have RealPort enabled and configured displays in the Installed RealPort Devices section at the bottom of the screen.
Page 319 Description Configure Known If a Digi device is not on the same network as your computer or the Devices device is undiscoverable, you can manually add the device using that device's IP address. Specify the IP address to discover a Digi device...
Page 320 Item Description Add to Known If a Digi device is not on the same network as your computer or the device is Devices undiscoverable, you can manually add the device using that device's IP address. Specify the IP address to discover a Digi device...
Page 321 You can use the Configure Device for RealPort menu option to configure RealPort Device for on the device. RealPort Configure RealPort on a Digi device from the Digi Navigator Reconfigure RealPort on a device Configure this Use the Configure this PC for RealPort menu option to configure RealPort on your PC for computer so that it can communicate with the device.
Page 322 PC for RealPort so that it can communicate with the device. Install and configure RealPort on your computer RealPort device list pane The RealPort device list displays all of the devices in Digi Navigator that are configured for RealPort. Item Description Open...
Page 323 You can filter the device list that displays in the Device page by service. This also determines which service buttons display in the Configuration pane. The Digi Navigator uses the HTTPS service by default to discover the IP addresses for the Digi devices connected to your network. Other services can be used, if needed.
Page 324 Note This feature can be used with only discovered devices. It is not enabled for known devices. 1. Make sure the IX15 is powered and connected your local network or computer with an Ethernet cable. 2. Launch the Digi Navigator.
Page 325 After you have enabled and configured RealPort on at least one Digi device, a list of configured devices displays at the bottom of the Digi Navigator. You can refresh the list and easily access the COM port configuration on your computer.
Page 326 IX15 is powered and connected to your local network or to your computer with an Ethernet cable. 2. Launch the Digi Navigator. 3. In the RealPort list section of the Digi Navigator, double-click on a name in the Device column. Digi IX15 Gateway User Guide...
Page 327 Ethernet cable. 2. Launch the Digi Navigator. 3. In the RealPort list section of the Digi Navigator, find the device that you want to uninstall. 4. Right-click on an IP address in the list to display the shortcut menu.
Page 328 A ccessa device'sweb UI from the Digi Navigator You can access the device's web UI and log in from the Configuration pane in the Digi Navigator, or from the shortcut menu for the device's IP address. The service options are available in the Configuration pane or the shortcut menu if these conditions are met: The service button must be included in the Services filter.
Page 329 5. Click OK to close the dialog. Uninstall Digi Navigator 1.0 If you have Digi Navigator 1.0 installed, Digi recommends that you uninstall it, as both versions of the Digi Navigator are not needed. 1. If Digi Navigator 1.0 is open, close it before you begin.
Page 330 8. Click Next. The uninstall process begins. Note If Digi Navigator 1.0 is open, a confirmation dialog with the message " Digi Navigator is running. Click OK to close it." displays. Click OK to continue with the uninstall process. 9. When complete, the Completing Digi Navigator Uninstall page displays.
Page 331 1. Navigate to the downloaded Realport .zip file. 2. Open the .zip file. 3. Click on setup.exe to launch the RealPort wizard. The Welcome to the Digi RealPort Setup Wizard screen displays. 4. If this is not the first time you have run the wizard, select the Add a New Device option. If this is the first time running the wizard, no options are available on the screen.
Page 332 Serial port Advanced RealPort configuration without using the Digi Navigator 7. Select the Encrypt Network Traffic check box to enable encrypted network traffic. When you select this option, the TCP Port for Encrypted Traffic field becomes available. 8. The TCP Port for Encrypted Traffic field has a default value of 1027. The entry must match the device's TCP port setting.
Page 333 Serial port Advanced RealPort configuration without using the Digi Navigator Log into the IX15 WebUI as a user with full Admin access rights. 1. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed.
Page 334 8. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 335 Serial port Advanced RealPort configuration without using the Digi Navigator peer: Any user that tries to open the port can change the port settings. All users that try to open the port receive all of the data read to the port.
Page 336 Configure the RealPort service After you have configured RealPort mode on the IX15, you must enable and configure the RealPort service. When this step is complete, all of the serial ports on the IX15 are configured to use the RealPort service.
Page 337 14. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 338 Remote Access, Dial-in, or Modem Emulator. É 1. Log into the IX15 WebUI as a user with full Admin access rights. 2. On the menu, click Status > Connections> Serial. The Serial Status page displays. Digi IX15 Gateway User Guide...
Page 339 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 340 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 341 Emulator, you can disconnect one or more users from the serial port using the Disconnect feature. See Disconnect a user from a serial port. TX/RX Bytes Displays the total number of bytes that have been transmitted and received. Digi IX15 Gateway User Guide...
Page 342 Click Restart to clear and restart the serial port log. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 343 > system serial clear port-number > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 344 Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) Digi IX15 Gateway User Guide...
Page 345 IP routing IP routing The IX15 device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.
Page 346 The Maximum Transmission Units (MTU) of network packets using this route. To configure a static route: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 347 7. For Interface, select the interface on the IX15 device that will be used with this static route. 8. (Optional) For Gateway, type the IPv4 address of the gateway used to reach the destination.
Page 348 The any keyword can also be used to route packets to any destination with this static route. 6. Set the interface on the IX15 device that will be used with this static route: a. Use the ?to determine available interfaces: b.
Page 349 Type quit to disconnect from the device. Delete a static route É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 350 However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the IX15 device so that high- priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.
Page 351 To configure a routing policy: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 352 5. (Optional) For Label, type a label that will be used to identify this route policy. 6. For Interface, select the interface on the IX15 device that will be used with this route policy. 7. (Optional) Enable Exclusive to configure the policy to drop packets that match the policy when the gateway interface is disconnected, rather than forwarded through other interfaces.
Page 353 13. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 354 (config network route policy 0)> label "New route policy" (config network route policy 0)> 5. Set the interface on the IX15 device that will be used with this route policy: a. Use the ?to determine available interfaces: b. Set the interface. For example: (config network route policy 0)>...
Page 355 (config network route policy 0)> src zone ? Zone: Match the IP address to the specified firewall zone. Format: dynamic_routes edge external internal ipsec loopback setup Default value: any Current value: any (config network route policy 0)> src zone Digi IX15 Gateway User Guide...
Page 356 Matches the destination IP address to the selected firewall zone. Set the zone: a. Use the ?to determine available zones: (config network route policy 0)> dst zone ? Zone: Match the IP address to the specified firewall zone. Format: Digi IX15 Gateway User Guide...
Page 357 IPv6_address[/prefix_length], or any to match any IPv6 address. mac: Matches the destination MAC address to the specified MAC address. Set the MAC address to be matched: (config network route policy 0)> dst mac MAC_address (config network route policy 0)> Digi IX15 Gateway User Guide...
Page 358 11. Save the configuration and apply the change. (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 359 This example routes traffic to a specific IP address to go through the cellular WWAN interface, while all other traffic uses the Ethernet WAN interface. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 360 9. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 361 4. Save the configuration and apply the change. (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 362 This example routes traffic destined for a specific domain to the WAN Ethernet port, and never through the cellular modem. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 363 9. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 364 4. Save the configuration and apply the change. (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 365 MAC address, while all other client devices are routed through the Ethernet WAN. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 366 Click to expand Source address. ii. For Type, select MAC address. iii. For MAC address, type 26:88:0E:23:50:C2. f. Configure the destination zone: i. Click to expand Destination address. ii. For Type, select Zone. iii. For Zone, select CellularWAN. Digi IX15 Gateway User Guide...
Page 367 7. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 368 5. Configure the policy-based route for traffic from the client device that will be sent over the cellular WAN: a. Add a new routing policy: (config)> add network route policy end (config network route policy 0)> Digi IX15 Gateway User Guide...
Page 369 (config)> add firewall filter end (config firewall filter 2)> b. Set the lable to Reject LAN traffic to cellular WAN: (config firewall filter 2)> label "Reject LAN traffic to cellular WAN" (config firewall filter 2)> Digi IX15 Gateway User Guide...
Page 370 Type quit to disconnect from the device. Show the routing table To display the routing table: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 371 5. Click IPv6 Load Balance to view IPv6 load balancing. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 372 The amount of time to wait to force an update of the interface's IP address. The amount of time to wait for an IP address update to succeed before retrying the update. The number of times to retry a failed IP address update. Digi IX15 Gateway User Guide...
Page 373 Routing Dynamic DNS É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 374 14. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 375 8. Set the username to authenticate with the Dynamic DNS provider: (config network ddns new_ddns_instance)> username name (config network ddns new_ddns_instance)> 9. Set the password to authenticate with the Dynamic DNS provider: (config network ddns new_ddns_instance)> password pwd (config network ddns new_ddns_instance)> Digi IX15 Gateway User Guide...
Page 376 13. (Optional) Set the number of times to retry a failed IP address update: (config network ddns new_ddns_instance)> retry_count value (config network ddns new_ddns_instance)> where value is any interger. The default is 5. 14. Save the configuration and apply the change. Digi IX15 Gateway User Guide...
Page 377 Multiple IX15 devices can be configured as VRRP devices and assigned a priority. The router with the highest priority will be used as the master router. If the master router fails, then the IP address of the virtual router is mapped to the backup device with the next highest priority.
Page 378 VRRP-enabled devices and dynamically change the VRRP priorty of devices based on the status of their network connectivity. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 379 12. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 380 VRRP+ is an extension to the VRRP standard that uses SureLink network probing to monitor connections through VRRP-enabled devices and adjust devices' VRRP priority based on the status of the SureLink tests. This section describes how to configure VRRP+ on a IX15 device. Digi IX15 Gateway User Guide...
Page 381 For backup VRRP devices, enable the ability to monitor the VRRP master, so that a backup device can increase its priority when the master device fails SureLink tests. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 382 SureLink fails on the master, it will lower its priority to below 80, and the backup device will assume the master role. 10. Configure the VRRP interface. The VRRP interface is defined in the Interface parameter of the VRRP configuration, and generally should be a LAN interface: Digi IX15 Gateway User Guide...
Page 383 LAN interface; VRRP+ will then monitor the LAN using SureLink to determine if the interface has network connectivity and promote a backup to master if SureLink fails. i. Click to expand IPv4 > SureLink. ii. Click Enable. Digi IX15 Gateway User Guide...
Page 384 11. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 385 (config)> network interface eth ipv4 dhcp_server advanced gateway_custom 192.168.3.3 (config)> b. For backup devices, set the default gateway to the IP address of the VRRP interface on the master device. For example: (config)> network interface eth ipv4 gateway 192.168.3.1 (config)> Digi IX15 Gateway User Guide...
Page 386 (config network interface eth ipv4 surelink target 0)> (Optional) Set the size, in bytes, of the ping packet: (config network interface eth ipv4 surelink target 0)> ping_size [ num ] (config network interface eth ipv4 surelink target 0)> Digi IX15 Gateway User Guide...
Page 387 For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config network interface eth ipv4 surelink target 0)> interface_timeout 600s (config network interface eth ipv4 surelink target 0)> Digi IX15 Gateway User Guide...
Page 388 Configure device one (master device) É Task 1: Configure VRRP on device one 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 389 10. Click gto add a virtual IP address. 11. For Virtual IP, type 192.168.3.3. Task 2: Configure VRRP+ on device one 1. Click to expand VRRP+. 2. Click Enable. 3. Click to expand Monitor interfaces. Digi IX15 Gateway User Guide...
Page 390 Command line Task 1: Configure VRRP on device one 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 391 Task 3: Configure the IP addressfor the VRRP interface, ETH, on device one 1. Type ... to return to the root of the config prompt: (config network vrrp VRRP_test )> ... (config)> 2. Set the IP address for ETH: (config)> network interface eth ipv4 address 192.168.3.1/24 (config)> Digi IX15 Gateway User Guide...
Page 392 Configure device two (backup device) É Task 1: Configure VRRP on device two 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 393 10. Click gto add a virtual IP address. 11. For Virtual IP, type 192.168.3.3. Task 2: Configure VRRP+ on device two 1. Click to expand VRRP+. 2. Click Enable. 3. Click to expand Monitor interfaces. Digi IX15 Gateway User Guide...
Page 394 4. Click to expand Test targets > Test target. 5. For Test Type, select Ping test. 6. For Ping host, type https://remotemanager.digi.com. Task 5: Configure the DHCP server for ETH on device two 1. Click to expand Network > Interfaces > ETH > IPv4 > DHCP Server 2.
Page 395 Command line Task 1: Configure VRRP on device two 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 396 1. Enable SureLink on the ETH interface: (config)> network interface eth ipv4 surelink enable true (config)> 2. Create a SureLink test target: (config)> add network interface eth ipv4 surelink target end (config network interface eth ipv4 surelink target 0)> Digi IX15 Gateway User Guide...
Page 397 Type quit to disconnect from the device. Show VRRP status and statistics This section describes how to display VRRP status and statistics for a Digi IX15 Gateway device. VRRP status is available from the Web UI only. Digi IX15 Gateway User Guide...
Page 398 Routing Virtual Router Redundancy Protocol (VRRP) É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 399 Current State : Master Current Priority : 100 Last Transition : Tue Jan 1 00:00:39 2019 Became Master Released Master Adverts Sent : 71 Adverts Received Priority Zero Sent Priority zero Received : 0 > Digi IX15 Gateway User Guide...
Page 400 This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) Dynamic Multipoint VPN (DMVPN) L2TP L2TPv3 Ethernet MACsec NEMO WireGuard VPN Digi IX15 Gateway User Guide...
Page 401 Anti-Replay Authentication of data to ensure an unauthorized device has not injected it into the IPsec tunnel. IPsec mode The IX15 supports IPsec mode. You can set this mode to run using either the Tunnel or Transport options. Tunnel The entire IP packet is encrypted and/or authenticated and then encapsulated as the payload in a new IP packet.
Page 402 XAUTH client. RSASignatures With RSA signatures authentication, the IX15 device uses a private RSA key to authenticate with a remote peer that is using a corresponding public key.
Page 403 Enable Mode-configuration (MODECFG) to receive configuration information, such as the private IP address, from the remote peer. Disable the padding of IKE packets. This should normally not be done except for compatibility purposes. Destination networks that require source NAT. Digi IX15 Gateway User Guide...
Page 404 Configure a static route for information about configuring a static route. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 405 The metric can also be used in tandem with SureLink to configure IPsec failover behavior. See Configure IPsec failover for more information. 11. For Mode, select Tunnel mode. Transport mode is not currently supported. Digi IX15 Gateway User Guide...
Page 406 SCEP certificates: Uses Simple Certificate Enrollment Protocol (SCEP) to download a private key, certificates, and an optional Certificate Revocation List (CRL) to the IX15 device from a SCEP server. You must create the SCEP client prior to configuring the IPsec tunnel. See Configure a Simple Certificate Enrollment Protocol client for instructions.
Page 407 IPv6: The ID will be interpreted as an IP address and sent as an ID_IPV6_ADDR IKE identity. For IPv6 ID value, type an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. Digi IX15 Gateway User Guide...
Page 408 For IPv6 ID value, type an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. RFC822/Email: The ID will be interpreted as an RFC822 (email address). For RFC822 ID value, type the ID in internet email address format. Digi IX15 Gateway User Guide...
Page 409 Dynamic: Uses the address of the local endpoint. d. For Protocol, select one of the following: Any: Matches any protocol. TCP: Matches TCP protocol only. UDP: Matches UDP protocol only. ICMP: Matches ICMP requests only. Digi IX15 Gateway User Guide...
Page 410 For Mode, select either Main mode or Aggressive mode. d. For IKE fragmentation, select one of the following: If supported by the peer: Send oversized IKE messages in fragments, if the peer supports receiving them. Digi IX15 Gateway User Guide...
Page 411 23. (Optional) Click to expand Dead peer detection. Dead peer detection is enabled by default. Dead peer detection uses periodic IKE transmissions to the remote endpoint to detect whether tunnel communications have failed, allowing the tunnel to be automatically Digi IX15 Gateway User Guide...
Page 412 Configure SureLink active recovery for IPsec for information about IPsec Active recovery. 26. (Optional) Click Advanced to set various IPsec-related time out, keep alive, and related values. 27. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...
Page 413 IPsec Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 414 Only the payload of the IP packet is encrypted and/or authenticated. The IP header is unencrypted. The default is tunnel. 8. Set the protocol: (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: Digi IX15 Gateway User Guide...
Page 415 Set the private key passphrase that is used to decrypt the private key. Leave blank if the private key is not encrypted. (config vpn ipsec tunnel ipsec_example)> auth private_key_passphrase passphrase (config vpn ipsec tunnel ipsec_example)> c. For the peer_public_key parameter, paste the peer's public RSA key in PEM format: Digi IX15 Gateway User Guide...
Page 416 Enable XAUTH client functionality: (config vpn ipsec tunnel ipsec_example)> xauth_client enable true (config vpn ipsec tunnel ipsec_example)> b. Set the XAUTH client username: (config vpn ipsec tunnel ipsec_example)> xauth_client username name (config vpn ipsec tunnel ipsec_example)> Digi IX15 Gateway User Guide...
Page 417 (config vpn ipsec tunnel ipsec_example)> ipv6: The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ADDR IKE identity. Set an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. Digi IX15 Gateway User Guide...
Page 418 Randomly selects an IPsec peer to connect to from the hostname list. priority: Selects the first hostname in the list that is resolvable. c. Set the ID type: (config vpn ipsec tunnel ipsec_example)> remote id type value (config vpn ipsec tunnel ipsec_example)> Digi IX15 Gateway User Guide...
Page 419 The device's MAC address will be used for the Key ID and sent as an ID_KEY_ID IKE identity. serial_number: The ID device's serial number will be used for the Key ID and sent as an ID_KEY_ID IKE identity. Digi IX15 Gateway User Guide...
Page 420 (config vpn ipsec tunnel ipsec_example)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set phase1_lifetime to ten minutes, enter either 10m or 600s: Digi IX15 Gateway User Guide...
Page 421 Set the type of encryption to use during phase 1: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> where value is one of: 3des aes128 aes128gcm128 aes128gcm64 aes128gcm96 aes192 Digi IX15 Gateway User Guide...
Page 422 (Optional) Add additional phase 1 proposals: i. Move back one level in the schema: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> .. (config vpn ipsec tunnel ipsec_example ike phase1_proposal)> ii. Add an additional proposal: Digi IX15 Gateway User Guide...
Page 423 Set the type of hash to use during phase 2 to verify communication integrity: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> hash value (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> where value is one of: sha1 Digi IX15 Gateway User Guide...
Page 424 Change to the root of the configuration schema: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> ... (config)> b. To disable dead peer detection: (config)> vpn ipsec tunnel ipsec_example dpd enable false (config)> Digi IX15 Gateway User Guide...
Page 425 The address of a local network interface. Set the address: i. Use the ?to determine available interfaces: ii. Set the interface. For example: (config vpn ipsec tunnel ipsec_example policy 0)> local address eth1 (config vpn ipsec tunnel ipsec_example policy 0)> Digi IX15 Gateway User Guide...
Page 426 Allowed values are an integer between 1 and 255. f. Set the IP address and optional netmask of the remote traffic selector: (config vpn ipsec tunnel ipsec_example policy 0)> remote network value (config vpn ipsec tunnel ipsec_example policy 0)> Digi IX15 Gateway User Guide...
Page 427 ------------------------------------------------------------------------------ debug none Debug level ike_fragment_size 1280 Maximum IKE fragment size ike_retransmit_tries IKE retransmit tries keep_alive NAT keep alive time Additional Configuration ------------------------------------------------------------------------------- connection_retry_timeout Connection retry timeout connection_try_interval Connection try interval ike_timeout IKE timeout (config)> Digi IX15 Gateway User Guide...
Page 428 20. Save the configuration and apply the change. (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 429 IPsec Configure IPsec failover You can configure the IX15 device to fail over from a primary IPsec tunnel to a backup tunnel: SureLink active recovery—You can use SureLink along with the IPsec tunnel's metric to configure two or more tunnels so that when the primary tunnel is determined to be inactive by SureLink, a secondary tunnel can begin serving traffic that the primary tunnel was serving.
Page 430 (for example, 20). Command line 1. Configure the primary IPsec tunnel. See Configure an IPsec tunnel for instructions. During configuration of the IPsec tunnel, set the metric to a low value (for example, 10): Digi IX15 Gateway User Guide...
Page 431 (config vpn ipsec tunnel backup_ipsec_tunnel)> ipsec_failover ? Preferred tunnel: This tunnel will not start until the preferred tunnel has failed. It will continue to operate until the preferred tunnel returns to full operation status. Format: primary_ipsec_tunnel backup_ipsec_tunnel Optional: yes Current value: Digi IX15 Gateway User Guide...
Page 432 To configure the IX15 device to regularly probe the IPsec connection: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 433 10. (Optional) For Response timeout, type the amount of time that the device should wait for a response to a test failure before considering it to have failed. Digi IX15 Gateway User Guide...
Page 434 DHCP, or statically configured for this interface. Test the interface status: Tests the current status of the interface. The test fails if the interface is down. Failing this test infers that all other tests fail. Digi IX15 Gateway User Guide...
Page 435 Click to expand Recovery actions. By default, there are two preconfigured recovery actions: Update routing: Uses the Change default gateway action, which increases the interface's metric by 100 to change the default gateway. Restart interface. Digi IX15 Gateway User Guide...
Page 436 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Digi IX15 Gateway User Guide...
Page 437 Test interface gateway by pinging is used by the Interface gateway Ping test as the endpoint for traceroute to use to determine the interface gateway. The default is 8.8.8.8, and should only be changed if this IP address is not accessible due to networking issues. Digi IX15 Gateway User Guide...
Page 438 14. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 439 DHCP, or statically configured for this interface. interface_up: Tests the current status of the interface. The test fails if the interface is down. Failing this test infers that all other tests fail. If interface_up is set, complete the following: Digi IX15 Gateway User Guide...
Page 440 (config vpn ipsec tunnel ipsec_example surelink tests 1)> Set the TCP port to create a TCP connection to. (config vpn ipsec tunnel ipsec_example surelink tests 1)> tcp_port port (config vpn ipsec tunnel ipsec_example surelink tests 1)> Digi IX15 Gateway User Guide...
Page 441 (config vpn ipsec tunnel ipsec_example surelink actions 0)> c. New actions are enabled by default. To disable: (config vpn ipsec tunnel ipsec_example surelink actions 0)> enable false (config vpn ipsec tunnel ipsec_example surelink actions 0)> Digi IX15 Gateway User Guide...
Page 442 Set the number of failures for this recovery action to perform, before moving to the next recovery action: (config vpn ipsec tunnel ipsec_example surelink actions 0)> test_failures int (config vpn ipsec tunnel ipsec_example surelink actions 0)> The default is 3. Digi IX15 Gateway User Guide...
Page 443 (config vpn ipsec tunnel ipsec_example surelink actions 0)> override_interval int (config vpn ipsec tunnel ipsec_example surelink actions 0)> switch_sim: Switches to an alternate SIM. This recovery action is available for WWAN interfaces only. If switch_sim is selected, complete the following: Digi IX15 Gateway User Guide...
Page 444 (config vpn ipsec tunnel ipsec_example surelink actions 0)> custom_action: Execute custom recovery commands. If custom_action is selected, complete the following: Set the number of failures for this recovery action to perform, before moving to the next recovery action: Digi IX15 Gateway User Guide...
Page 445 Set the number of times that the test must pass after failure, before the interface is determined to be working and is reinstated. (config)> vpn ipsec tunnel ipsec_example surelink pass_threshold int (config)> The default is 1. Digi IX15 Gateway User Guide...
Page 446 The default is 8.8.8.8, and should only be changed if this IP address is not accessible due to networking issues. To set to an alternate host: (config)> vpn ipsec tunnel ipsec_example surelink advanced interface_gateway hostname/IP_ address (config)> Digi IX15 Gateway User Guide...
Page 447 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 448 É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 449 IPsec Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 450 The number of days that the certificate enrollment can be renewed, prior to the request expiring. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 451 9. For Renewable Time, type the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the IX15 device to determine when to start attempting to auto-renew an existing certificate. The default is 7.
Page 452 Click Use New Private Key to enable the creation of a new private key for renewal requests. c. Use Client Certificate is enabled by default. Click to disable the use of a client certificate for renewal requrests. 22. Click Apply to save the configuration and apply the change. Command line Digi IX15 Gateway User Guide...
Page 453 Virtual Private Networks (VPN) IPsec 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 454 The default is url. c. If type is set to url, set the URL that should be used: (config network scep_client scep_client_name)> crl url value (config network scep_client scep_client_name)> 11. Configure certificate renewal: Digi IX15 Gateway User Guide...
Page 455 15. Set the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the IX15 device to determine when to start attempting to auto-renew an existing certificate. The default is 7.
Page 456 Type quit to disconnect from the device. Example: SCEP client configuration with Fortinet SCEP server In this example configuration, we will configure the IX15 device as a SCEP client that will connect to a Fortinet SCEP server. Fortinet configuration On the Fortinet server: 1.
Page 457 Click OK. IX15 configuration On the IX15 device: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 458 8. Click to expand SCEP server. 9. For FQDN, type the fully qualified domain name or IP address of the Fortinet server. 10. For Password, type the challenge password. This corresponds to the Default enrollment password on the Fortinet server. Digi IX15 Gateway User Guide...
Page 459 12. Type the value for each appropriate Distinguished Name attribute. The values entered here must correspond to the DN attributes in the Enrollment Request on the Fortinet server. 13. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...
Page 460 IPsec Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 461 This procedure is only available from the Admin CLI. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 462 : C=US,CN=TA-SCEP-1-MSCEP-RA Issuer : CN=TA-SCEP-1-CA Serial : 1100000003268AFB5E98BFCA73000000000003 Expiry : Apr 25 13:42:48 2023 GMT Certificate Authority Certificate {3} ------------------------------------- Subject : CN=TA-SCEP-1-CA Issuer : CN=TA-SCEP-1-CA Serial : 681670E9EFB7FCB74E79C33DD9D54847 Expiry : Apr 25 13:36:42 2027 GMT Digi IX15 Gateway User Guide...
Page 463 Last Update : May 23 13:27:21 2022 GMT > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 464 OpenVPN clients. OpenVPN clients use Network Address Translation (NAT) to route traffic from devices connected on its LAN interfaces to the OpenVPN server. The manner in which the IP subnets are defined depends on the OpenVPN topology in use. The IX15 device supports two types of OpenVPN topology:...
Page 465 Virtual Private Networks (VPN) OpenVPN OpenVPN managed—The IX15 device creates the interface and then uses its standard configuration to set up the connection (for example, its standard DHCP server configuration). Device only—IP addressing is controlled by the system, not by OpenVPN.
Page 466 Access control list configuration to restrict access to the OpenVPN server through the firewall. Additional OpenVPN parameters. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 467 You must create an OpenVPN authentication group and user. See Configure an OpenVPN Authentication Group and User for instructions. Certificate and username/password: Uses both certificates and a username and password for client authentication. Each client requires a public and private key, Digi IX15 Gateway User Guide...
Page 468 11. (Optional) Click to expand Advanced Options to manually set additional OpenVPN parameters. a. Click Enable to enable the use of additional OpenVPN parameters. b. Click Override if the additional OpenVPN parameters should override default options. Digi IX15 Gateway User Guide...
Page 469 12. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 470 1 and 255. The number entered here will represent the last client IP address. For example, if address is set to 192.168.1.1/24 and server_ last_ip is set to 99, the last client IP address will be 192.168.1.80. Digi IX15 Gateway User Guide...
Page 471 Paste the contents of the public key (for example, server.crt) into the value of the server_cert parameter: (config vpn openvpn server name )> server_cert value (config vpn openvpn server name )> iv. Paste the contents of the private key (for example, server.key) into the value of the server_key parameter: Digi IX15 Gateway User Guide...
Page 472 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX15 device: (config vpn openvpn server name)> add acl interface end value (config vpn openvpn server name)>...
Page 473 (config vpn openvpn server name )> advanced_options override true (config vpn openvpn server name )> c. Set the additional OpenVPN parameters: (config vpn openvpn server name )> extra parameters (config vpn openvpn server name )> Digi IX15 Gateway User Guide...
Page 474 IX15 user authentication for more information about creating authentication groups and users. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 475 Click to expand the OpenVPN node. e. Click gto add a tunnel. f. For Tunnel, select an OpenVPN tunnel to which users of this group will have access. g. Repeat to add additional OpenVPN tunnels. Digi IX15 Gateway User Guide...
Page 476 Click to expand the Groups node. e. Click gto add a group to the user. f. Select a Group with OpenVPN access enabled. 5. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...
Page 477 OpenVPN Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 478 Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 479 11. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 480 8. Save the configuration and apply the change. (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 481 Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 482 Private key (for example, client.key) into their respective fields. The contents will be hidden when the configuration is saved. 14. (Optional) Click to expand Advanced Options to manually set additional OpenVPN parameters. Digi IX15 Gateway User Guide...
Page 483 15. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 484 12. Paste the contents of the public key (for example, client.crt) into the value of the public_cert parameter: (config vpn openvpn client name )> public_cert value (config vpn openvpn client name )> 13. Paste the contents of the private key (for example, client.key) into the value of the private_ key parameter: Digi IX15 Gateway User Guide...
Page 485 Type quit to disconnect from the device. Configure SureLink active recovery for OpenVPN You can configure the IX15 device to regularly probe OpenVPN client connections to determine if the connection has failed and take remedial action. Required configuration items A valid OpenVPN client configuration.
Page 486 OpenVPN To configure the IX15 device to regularly probe the OpenVPN connection: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 487 The Interface gateway. If Interface gateway is selected, an initial traceroute is sent to the hostname or IP address configured in the SureLink advanced settings, and then the first hop in that route is used for the ping test. Digi IX15 Gateway User Guide...
Page 488 TCP connection to. TCP connect port: The TCP port to create a TCP connection to. Test another interface's status: Tests the status of another interface. If Test another interface's status is selected, complete the following: Digi IX15 Gateway User Guide...
Page 489 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Restart interface. If Restart interface is selected, complete the following: Digi IX15 Gateway User Guide...
Page 490 Powercycle the modem. This recovery action is available for WWAN interfaces only. If Powercycle the modem is selected, complete the following: SureLink test failures: The number of failures for this recovery action to perform, before moving to the next recovery action. Digi IX15 Gateway User Guide...
Page 491 14. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 492 The hostname or IP address of an external server. Set ping_host to the hostname or IP address of the server: (config vpn openvpn client openvpn_client1 surelink tests 1)> ping_host hostname/IP_address (config vpn openvpn client openvpn_client1 surelink tests 1)> Digi IX15 Gateway User Guide...
Page 493 (config vpn openvpn client openvpn_client1 surelink tests 1)> interface_down_time 600s (config)> Set the amount of time to wait for the interface to connect for the first time before the test is considered to have failed. Digi IX15 Gateway User Guide...
Page 494 (config vpn openvpn client openvpn_client1 surelink tests 1)> other_interface /network/interface/eth1 (config vpn openvpn client openvpn_client1 surelink tests 1)> Set the type of IP connection: (config vpn openvpn client openvpn_client1 surelink tests 1)> other_ip_version value (config vpn openvpn client openvpn_client1 surelink tests 1)> Digi IX15 Gateway User Guide...
Page 495 Set the number of failures for this recovery action to perform, before moving to the next recovery action: (config vpn openvpn client openvpn_client1 surelink actions 0)> test_failures int (config vpn openvpn client openvpn_client1 surelink actions 0)> The default is 3. Digi IX15 Gateway User Guide...
Page 496 Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. (config vpn openvpn client openvpn_client1 surelink actions 0)> override_interval int (config vpn openvpn client openvpn_client1 surelink actions 0)> restart_interface. If restart_interface is selected, complete the following: Digi IX15 Gateway User Guide...
Page 497 This recovery action is available for WWAN interfaces only. If modem_power_cycle is selected, complete the following: Set the number of failures for this recovery action to perform, before moving to the next recovery action: Digi IX15 Gateway User Guide...
Page 498 (config vpn openvpn client openvpn_client1 surelink actions 0)> override_interval int (config vpn openvpn client openvpn_client1 surelink actions 0)> g. Repeat for each additional recovery action. 7. Optional SureLink configuration parameters: Digi IX15 Gateway User Guide...
Page 499 (config)> vpn openvpn client openvpn_client1 surelink timeout 600s (config)> The default is 15s. f. Set the amount of time to wait while the device is starting before SureLink testing begins. This setting is bypassed when the interface is determined to be up. Digi IX15 Gateway User Guide...
Page 500 Show SureLink status and statistics for information about showing Surelink status for OpenVPN clients. Show OpenVPN server status and statistics You can view status and statistics for OpenVPN servers from either the web interface or the command line: É Digi IX15 Gateway User Guide...
Page 501 OpenVPN server's status pane. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 502 OpenVPN client's status pane. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 503 Enable the device to respond to keepalive packets. Task One: Create a GREloopback endpoint interface É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 504 11. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 505 Type quit to disconnect from the device. Task Two: Configure the GRE tunnel É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 506 13. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 507 (config vpn iptunnel gre_example)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 508 Show GRE tunnels To view information about currently configured GRE tunnels: É Log into the IX15 WebUI as a user with full Admin access rights. 1. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 2. To view configuration details about a GRE tunnel, click the (configuration) icon in the upper right of the tunnel's status pane.
Page 509 Generic Routing Encapsulation (GRE) Example: GRE tunnel over an IPSec tunnel The IX15 device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
Page 510 Configuration procedures Configure the IX15-1 device Task one: Create an IPsec tunnel É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 511 15. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 512 4. Set the pre-shared key to testkey: (config vpn ipsec tunnel ipsec_gre1)> auth secret testkey (config vpn ipsec tunnel ipsec_gre1)> 5. Set the remote endpoint to public IP address of the IX15-2 device: (config vpn ipsec tunnel ipsec_gre1)> remote hostname 192.168.101.1 (config vpn ipsec tunnel ipsec_gre1)>...
Page 513 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32. 7. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...
Page 514 Task three: Create a GRE tunnel É 1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel1 and click g . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint1). Digi IX15 Gateway User Guide...
Page 515 (/network/interface/ipsec_endpoint1): (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on IX15-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change.
Page 516 Task three (IP tunnel: gre_tunnel1). 5. Click to expand IPv4. 6. For Address, type 172.31.0.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...
Page 517 Type quit to disconnect from the device. Configure the IX15-2 device Task one: Create an IPsec tunnel É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 518 3. Click VPN > IPsec > Tunnels. 4. For Add IPsec Tunnel, type ipsec_gre2 and click g . 5. Click to expand Authentication. 6. For Pre-shared key, type the same pre-shared key that was configured for the IX15-1 (testkey). 7. Click to expand Remote endpoint.
Page 519 Generic Routing Encapsulation (GRE) Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 520 7. Click Apply to save the configuration and apply the change. Command line 1. At the command line, type config to enter configuration mode: > config (config)> 2. Add an interface named ipsec_endpoint2: (config)> add network interface ipsec_endpoint2 (config network interface ipsec_endpoint2)> Digi IX15 Gateway User Guide...
Page 521 Task two (Interface: ipsec_ endpoint2). 4. For Remote endpoint, type the IP address of the GRE tunnel on IX15-1, 172.30.0.1. 5. Click Apply to save the configuration and apply the change. Command line 1. At the command line, type config to enter configuration mode: >...
Page 522 (/network/interface/ipsec_endpoint2): (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on IX15-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> 5. Save the configuration and apply the change.
Page 523 (config network interface gre_interface2)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 524 GRE tunnel directly to the other spoke. The network address of the target spoke is resolved with the use of Next Hop Resolution Protocol (NHRP). This section contains the following topics: Configure a DMVPN spoke Digi IX15 Gateway User Guide...
Page 525 Dynamic Multipoint VPN (DMVPN) Configure a DMVPN spoke To configure a DMVPN spoke: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 526 For Address, type the IP address and netmask of the tunnel. The netmask must be set to /32. 5. Configure NHRP: a. Click Network > Routing Services. b. Enable routing services. c. Click to expand NHRP. d. Enable NHRP. e. Click to expand Network. Digi IX15 Gateway User Guide...
Page 527 Click Network > Routing services > BGP. b. Enable BGP. c. For AS number, type the autonomous system number for this device. d. For Best path criteria, select Multipath. e. Click to expand Neighbours. f. Click gto add a neighbour. Digi IX15 Gateway User Guide...
Page 528 9. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 529 IP address to 10.20.1.4/32: (config network interface dmvpn_tunnel_interface)> ipv4 address 10.20.1.4/32 (config network interface dmvpn_tunnel_interface)> 5. Configure NHRP: a. Type ... to return to the top level of the configuration schema: (config network interface dmvpn_tunnel_interface)> ... (config)> Digi IX15 Gateway User Guide...
Page 530 (config network interface dmvpn_tunnel_interface)> ... (config)> b. Enable BGP: (config)> network route service bgp enable true (config)> c. Set the autonomous system number for this device. For example, to set the autonomous system number to 66007: Digi IX15 Gateway User Guide...
Page 531 Your IX15 device supports PPP-over-L2TP (Layer 2 Tunneling Protocol). Configure a PPP-over-L2TP tunnel Your IX15 device supports PPP-over-L2TP (Layer 2 Tunneling Protocol). The tunnel endpoints are known as L2TP Access Concentrators (LAC) and L2TP Network Servers (LNS). Each endpoint terminates the PPP session.
Page 532 Whether to override the default configuration and only use the custom options. Optional configuration data in the format of a pppd options file. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 533 For Add L2TP access concentrator, type a name for the LAC and click g . c. LACs are enabled by default. To disable, toggle off Enable. d. For L2TP network server, type the hostname or IP address of the L2TP network server. Digi IX15 Gateway User Guide...
Page 534 None: No authentication is required. Automatic: The device will attempt to connect using CHAP first, and then PAP. CHAP: Uses the Challenge Handshake Authentication Profile (CHAP) to authenticate. PAP: Uses the Password Authentication Profile (PAP) to authenticate. Digi IX15 Gateway User Guide...
Page 535 8. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 536 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX15 device: (config)> add vpn l2tp acl interface end value (config)>...
Page 537 (config vpn l2tp lac lac_tunnel)> username username (config vpn l2tp lac lac_tunnel)> e. (Optional) Set the password to use to log into the server: (config vpn l2tp lac lac_tunnel)> password password (config vpn l2tp lac lac_tunnel)> Digi IX15 Gateway User Guide...
Page 538 (config vpn l2tp lac lac_tunnel)> custom override true (config vpn l2tp lac lac_tunnel)> iii. Paste or type the configuration data in the format of a pppd options file: (config vpn l2tp lac lac_tunnel)> custom config_file data (config vpn l2tp lac lac_tunnel)> Digi IX15 Gateway User Guide...
Page 539 The device will attempt to connect using CHAP first, and then PAP. chap: Uses the Challenge Handshake Authentication Profile (CHAP) to authenticate. pap: Uses the Password Authentication Profile (PAP) to authenticate. mschapv2: Uses the Microsoft version of the Challenge Handshake Authentication Profile (CHAP) to authenticate. Digi IX15 Gateway User Guide...
Page 540 Enable custom PPP configuration: (config vpn l2tp lac lns lns_server)> custom enable true (config vpn l2tp lns lns_server)> ii. Enable overriding, if the custom configuration should override the default configuration and only use the custom options: Digi IX15 Gateway User Guide...
Page 541 This means that you cannot restrict traffic on the IPsec tunnel to L2TP traffic (typically UDP port 1701). While multiple L2TP clients are supported on the IX15 by configuring a separate LNS for each client, multiple clients behind a Network Address Translation (NAT) device are not supported, because they will all appear to have the same IP address.
Page 542 Command line Show the statusof L2TP accessconnectorsfrom the A dmin CLI 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 543 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. L2TPv3 Ethernet Your IX15 device supports Layer 2 Tunneling Protocol Version 3 (L2TPv3) static unmanaged Ethernet tunnels. Configure an L2TPv3 tunnel Your IX15 device supports Layer 2 Tunneling Protocol Version 3 (L2TPv3) static unmanaged Ethernet tunnels.
Page 544 The peer session cookie. The Layer2SpecificHeader type. The Sequence numbering control. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 545 11. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 546 1 and 4294967295. 11. Set the session ID of the remote peer: (config vpn l2tpeth L2TPv3_example session_example)> peer_session_id value (config vpn l2tpeth L2TPv3_example session_example)> where value is any integer between 1 and 4294967295. Digi IX15 Gateway User Guide...
Page 547 Type quit to disconnect from the device. Show L2TPV3 tunnel status É Log into the IX15 WebUI as a user with full Admin access rights. 1. On the menu, select Status. Under VPN, select L2TPv3 Ethernet. The L2TPv3 Ethernet page appears.
Page 548 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 549 The local network device to connect to the peer device. When using Manual mode, the connectivity association key and key name. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 550 9. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 551 Local Area Networks (LANs) on your device. NEMO creates a tunnel between the home agent on the mobile private network and the IX15 device, isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management.
Page 552 If the local network is set to Interface, identify the local interface to be used. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 553 10. For MTU discovery, leave enabled to determine the maximum transmission unit (MTU) size. If disabled, for MTU, type the MTU size. The default MTU size for LANs on the IX15 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
Page 554 14. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 555 (config vpn nemo nemo_example)> mtu_discovery false (config vpn nemo nemo_example)> If disabled, set the MTU size. The default MTU size for LANs on the IX15 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
Page 556 Type quit to disconnect from the device. Show NEMO status É Log into the IX15 WebUI as a user with full Admin access rights. 1. On the menu, select Status > NEMO. The NEMO page appears. 2. To view configuration details about an NEMO tunnel, click the (configuration) icon in the upper right of the tunnel's status pane.
Page 557 WireGuard VPN Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 558 Client mode: Configure the IX15 device to act as a client, so it establishes an outbound WireGuard VPN tunnel to a remote server. Server mode: Configure the IX15 device to act as a server, so one or more remote devices can establish an inbound WireGuard VPN tunnel to the device.
Page 559 Virtual Private Networks (VPN) WireGuard VPN É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 560 [Client] Pre-shared key (optional) [Local and Remote] Allowed addresses Device managed private key Enable to allow the IX15 to generate its own public and private keys. If this setting is enabled, it triggers the IX15 to automatically generate a private key and corresponding public key.
Page 561 11. Click Apply to save the new configuration settings. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 562 To disable: (config)> vpn wireguard name enable false (config)> To enable: (config)> vpn wireguard name enable true (config)> peer a. Determine if the IX15 will act as a client or server. Digi IX15 Gateway User Guide...
Page 563 Virtual Private Networks (VPN) WireGuard VPN If this IX15 is the WireGuard client, then only add one peer. The peer is the remote Wireguard server to which it connects. If this IX15 is the WireGuard server, add one or more peers. The peer(s) are the remote WireGuard clients that will connect to this device.
Page 564 (config)> [Local and Remote] Allowed addresses autogenerate Enable to allow the IX15 to generate its own public and private keys. If this setting is enabled, it triggers the IX15 to automatically generate a private key and corresponding public key. To enable: >...
Page 565 Add the IP address of the DNS server. (config network interface [name] ipv4) > dns (config network interface [name] ipv4 dns) > ipv4_[address]. Address is the IP address of the DNS server. For example, ipv4_10.200.200.1. Digi IX15 Gateway User Guide...
Page 566 Simple Network Management Protocol (SNMP) Location information Modbus gateway System time synchronization Network Time Protocol Configure a multicast route Enable service discovery (mDNS) Use the MQTT broker service Use the iPerf service Configure the ping responder service Digi IX15 Gateway User Guide...
Page 567 To allow web administration or SSH for the External firewall zone: Add the External firewall zone to the web administration service É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 568 6. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 569 Services Allow remote access for web administration and SSH É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 570 Configure the web administration service Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 571 The web administration service is enabled by default. To disable the service, or enable it if it has been disabled: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 572 Type quit to disconnect from the device. Configure the service É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 573 If SSL certificate is blank, the device will use an automatically-generated, self- signed certificate. The SSL certificate and private key must be in PEM format. The private key can use one of the following algorithms: ECDSA ECDH Note Password-protected certificate keys are not supported. Digi IX15 Gateway User Guide...
Page 574 11. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 575 No limit to IPv6 addresses that can access the web administratrion service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service web_admin acl interface end value (config)>...
Page 576 # openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem b. Paste the contents of certificate.pem and key.pem into the service web_admin cert command. Enclose the contents of certificate.pem and key.pem in quotes. For example: (config)> service web_admin cert "-----BEGIN CERTIFICATE----- MIID8TCCAtmgAwIBAgIULOwezcmbnQmIC9pT9txwCfUbkWQwDQYJKoZIhvcNAQEL Digi IX15 Gateway User Guide...
Page 577 ThyZTBlRQ59wIzwRWRYRxUmkVcR8eBcjwdBTWjSBLnFlD2WFOEEEnVz2Dzcixmj4 /Fw7GQNcYIKj+aIGJzbcKgox10mZB3VKYRmPpnpzHCkvFi4o81+bC8HJQfK9U80e vDV0/vA5OB2j/DrjvlOrapCTkuyA0TVyGvgTASx2ATu9U45KZofm4odThQs/9FRQ +cwSTb5v47KYffeyY+g3dyJw1/KgMJGpBUYNJDIsFQC9RfzPjKE2kz41hx4VksT/ q81WGstDXH++QTu2sj7vWkFJH5xPFt80HjtWKKpIfeOIlBPGeRHvdH2PQibx0OOt Sa+P5O8= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgZ9fQF9NSzvaZ WLX0WatGxE8DcEgmBnhCDhie4B7f64oS1QSUtcKGL7tTqtaIWMSGsAWNYiDwQ9hr c8hCV8wWXUEYcIv3UckYuL6+xJIxg69FW/zVU9C+cFM3DHk/u9Q2LymJuhqXFsfi 6CqhU42zBQSM3uaWwX67vkonCHeo6AhyLmKvBIX5cerMurODA28k1ABDdmIbAWjp Y3o+uCzc3LB3iEmwFom11ozkrCvjdTIr0KubsCGMP9X7Jw/Cg0uN1oOe/n2q/X0N jCB7D56ABs/sOjyCiUefeMvzH6kH3wxTQodpSWOPRYTqhLQOQfU8l0SsKGt4/5SA v7eXKSAXAgMBAAECggEBAMDKdi7hSTyrclDsVeZH4044+WkK3fFNPaQCWESmZ+AY i9cCC513SlfeSiHnc8hP+wd70klVNNc2coheQH4+z6enFnXYu2cPbKVAkx9x4eeI Ktx72wurpnr2JYf1v3Vx+S9T9WvN52pGuBPJQla3YdWbSf18wr5iHm9NXIeMTsFc esdjEW07JRnxQEMZ1GPWT+YtH1+FzQ3+W9rFsFFzt0vcp5Lh1RGg0huzL2NQ5EcF 3brzIZjNAavMsdBFzdc2hcbYnbv7o1uGLujbtZ7WurNy7+Tc54gu2Ds25J0/0mgf OxmqFevIqVkqp2wOmeLtI4o77y6uCbhfA6I+GWTZEYECgYEA/uDzlbPMRcWuUig0 CymOKlhEpx9qxid2Ike0G57ykFaEsKxVMKHkv/yvAEHwazIEzlc2kcQrbLWnDQYx oKmXf87Y1T5AXs+ml1PlepXgveKpKrWwORsdDBd+OS34lyNJ0KCqqIzwAaf8lcSW tyShAZzvuH9GW9WlCc8g3ifp9WUCgYEA4WSSfqFkQLA09sI76VLvUqMbb31bNgOk ZuPg7uxuDk3yNY58LGQCoV8tUZuHtBJdrBDCtcJa5sasJZQrWUlZ8y/5zgCZmqQn MzTD062xaqTenL0jKgKQrWig4DpUUhfc4BFJmHyeitosDPG98oCxuh6HfuMOeM1v Xag6Z391VcsCgYBgBnpfFU1JoC+L7m+lIPPZykWbPT/qBeYBBki5+0lhzebR9Stn VicrmROjojQk/sRGxR7fDixaGZolUwcRg7N7SH/y3zA7SDp4WvhjFeKFR8b6O1d4 PFnWO2envUUiE/50ZoPFWsv1o8eK2XT67Qbn56t9NB5a7QPvzSSR7jG77QKBgD/w BrqTT9wl4DBrsxEiLK+1g0/iMKCm8dkaJbHBMgsuw1m7/K+fAzwBwtpWk21alGX+ Ly3eX2j9zNGwMYfXjgO1hViRxQEgNdqJyk9fA2gsMtYltTbymVYHyzMweMD88fRC Ey2FlHfxIfPeE7MaHNCeXnN5N56/MCtSUJcRihh3AoGAey0BGi4xLqSJESqZZ58p e71JHg4M46rLlrxi+4FXaop64LCxM8kPpROfasJJu5nlPpYHye959BBQnYcAheZZ Digi IX15 Gateway User Guide...
Page 578 To disable legacy port redirection: (config)> service web_admin legacy enable false (config)> 9. Save the configuration and apply the change. (config)> save Configuration saved. > Digi IX15 Gateway User Guide...
Page 579 Services Configure the web administration service 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 580 The SSH service is enabled by default. To disable the service, or enable it if it has been disabled: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights.
Page 581 Type quit to disconnect from the device. Configure the service É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 582 Click Zones. By default, there are three firewall zones already configured: Internal, Edge, and IPsec. b. For Add Zone, click g . c. For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. Digi IX15 Gateway User Guide...
Page 583 9. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 584 No limit to IPv6 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service ssh acl interface end value (config)>...
Page 585 7. To create custom SSH configuration settings: a. Enable custom configurations: (config)> service ssh custom enable true (config)> b. To override the standard SSH configuration and only use the config_file parameter: (config)> service ssh custom override true (config)> Digi IX15 Gateway User Guide...
Page 586 8. Save the configuration and apply the change. (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 587 SSH service to allow SSH access for the External firewall zone. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 588 These instructions assume an existing user named temp_user. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 589 Services Use SSH with key authentication 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 590 Enable the telnet service The telnet service is disabled by default. To enable the service: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 591 Type quit to disconnect from the device. Configure the service É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 592 For Add Zone, click g . c. For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. d. Click gagain to allow access through additional firewall zones. Digi IX15 Gateway User Guide...
Page 593 7. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 594 DNS server. mDNS is disabled by default. To enable: (config)> service telnet mdns enable true (config> 5. (Optional) Set the port number for this service. Digi IX15 Gateway User Guide...
Page 595 The device is configured by default with the hostname digi.device, which corresponds to the 192.168.210.1 IP address. To configure the DNS server: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 596 Click Zones. By default, there are three firewall zones already configured: Internal, Edge, and IPsec. b. For Add Zone, click g . c. For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. Digi IX15 Gateway User Guide...
Page 597 12. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 598 No limit to IPv6 addresses that can access the DNS service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service dns acl interface end value (config)>...
Page 599 7. (Optional) Allow localhost rebinding By default, localhost rebinding is enabled by default if rebind protection is enabled. This is useful for Real-time Black List (RBL) servers. To disable: (config)> service dns rebind_localhost_ok false (config)> Digi IX15 Gateway User Guide...
Page 600 (config service dns host 0)> c. Set the host name: (config service dns host 0)> name host-name (config service dns host 0)> 11. Save the configuration and apply the change. (config)> save Configuration saved. > Digi IX15 Gateway User Guide...
Page 601 Command line Show DNSinformation 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 602 By default, the IX15 device automatically blocks SNMP packets from being received over WAN and LAN interfaces. As a result, if you want a IX15 device to receive SNMP packets, you must configure the SNMP access control list to allow the device to receive the packets. See...
Page 603 Services Simple Network Management Protocol (SNMP) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 604 15. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 605 No limit to IPv6 addresses that can access the SNMP service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service snmp acl interface end value (config)>...
Page 606 6. Set the password for the user that will be used to connect to the SNMP agent: (config)> service snmp password pwd (config)> 7. (Optional) Set the port number for the SNMP agent. The default is 161. (config)> service snmp port port (config)> 8. (Optional) Configure Multicast DNS (mDNS) Digi IX15 Gateway User Guide...
Page 607 15. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Download MIBs This procedure is available from the WebUI only. Digi IX15 Gateway User Guide...
Page 608 Enable SNMP. To download a .zip archive of the SNMP MIBs supported by this device: É 1. Log into the IX15 WebUI as a user with full Admin access rights. 2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the IX15 device.
Page 609 Location messages forwarded to the device from other location-enabled devices. You can also configure your IX15 device to forward location messages, either from the IX15 device or from external sources, to a remote host. Additionally, the device can be configured to use a geofence, to allow you to determine actions that will be taken based on the physical location of the device.
Page 610 Configure the device to use a user-defined static location You can configured your IX15 device to use a user-defined static location. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 611 (config service location source 0 coordinates altitude alt (config service location source 0)> Where alt is an integer followed by m or km, for example, 100m or 1km. 9. Save the configuration and apply the change. (config)> save Configuration saved. > Digi IX15 Gateway User Guide...
Page 612 Access control list configuration to provide access to the port through the firewall. To configure the device to accept location messages from external sources: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 613 9. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 614 No limit to IPv6 addresses that can access the location server UDP port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service location source 1 acl interface end value (config)>...
Page 615 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration ------------------------------------------------------------------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. Digi IX15 Gateway User Guide...
Page 616 Configure the Digi IX15 Gateway device to forward location information: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 617 11. For TAIP filters, select the filters that represent the types of messages that will be forwarded. By default, all message types are forwarded. To remove a filter: a. Click the down arrow (× ) next to the appropriate message type. b. Click Delete. Digi IX15 Gateway User Guide...
Page 618 15. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 619 (config service location forward 0)> talker_id ? Talker ID: Setting a talker ID will override the talker ID from all remote sources, and all forwarded sentences from remote sources will use the configured Format: Default Digi IX15 Gateway User Guide...
Page 620 9. (Optional) Set the text to prepend to the forwarded message. Two variables can be included in the prepended text: %s: Includes the Digi IX15 Gateway device's serial number in the prepended text. %v: Includes the vehicle ID in the prepended text.
Page 621 Position/velocity: reports the latitude, longitude, and heading. To remove a message type: a. Use the show command to determine the index number of the message type to be deleted: Digi IX15 Gateway User Guide...
Page 622 13. Save the configuration and apply the change. (config)> save Configuration saved. > 14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 623 Update interval, which determines the amount of time that the geofence should wait between polling for updated location data. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. Digi IX15 Gateway User Guide...
Page 624 Services Location information 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
Page 625 Click gagain to add an additional point, and continue adding points to create the desired polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: This defines a square-shaped polygon equivalent to the following: 7.
Page 626 If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. To define actions that will be taken when the device exits the geofence, or is outside the geofence when it boots: Digi IX15 Gateway User Guide...
Page 627 Sandbox is enabled by default. This prevents the script from adversely affecting the system. If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. 8. Click Apply to save the configuration and apply the change. Command line Digi IX15 Gateway User Guide...
Page 628 Services Location information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 629 For longitude, any integer between -180 and 180, with up to six decimal places. Repeat for each vortex of the polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: (config service location geofence test_geofence)> add coordinates end (config service location geofence test_geofence coordinates 0)>...
Page 630 For example, if the update interval is 1m (one minute) and the num_intervals is set to 3, the actions will not be performed until the device has been inside the geofence for three minutes. c. Add an action: Digi IX15 Gateway User Guide...
Page 631 (config service location geofence test_geofence on_entry action 0)> where value is any integer followed by one of the following: b|bytes|KB|k|MB|M|GB|G|TB|T. For example. the allocate one megabyte of memory to the script and its spawned processes: Digi IX15 Gateway User Guide...
Page 632 (config service location geofence test_geofence on_exit action 0)> where value is either: factory_erase— Erases the device configuration when the action is triggered. script— Executes a custom script when the action is triggered. factory_erase or script. If type is set to script: Digi IX15 Gateway User Guide...
Page 633 (config service location geofence test_geofence on_exit action 0)> If you disable the sandbox, the script may render the system unusable. vi. Repeat for any additional actions. 7. Save the configuration and apply the change. (config)> save Configuration saved. > Digi IX15 Gateway User Guide...
Page 634 Command line Show location information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 635 Modbus gateway Show geofence information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 636 If the connection type is set to serial: Whether to use half duplex (two wire) mode. Client configuration: The packet mode. The maximum time between bytes in a packets. Whether to send broadcast messages. Response timeout Digi IX15 Gateway User Guide...
Page 637 Whether packets should have their Modbus address adjusted downward before to delivery. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 638 For Port, enter or select an appropriate port. The default is port 502. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the IX15 device. If XBee is selected for the Connection type: a.
Page 639 For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. d. Click gagain to allow access through additional firewall zones. 10. Repeat these steps to configure additional servers. Digi IX15 Gateway User Guide...
Page 640 Modbus server is running. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the IX15 device. If XBee is selected for the Connection type: a. For XBee MAC, select the appropriate XBee MAC address.
Page 641 For Add Zone, click g . c. For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. d. Click gagain to allow access through additional firewall zones. Digi IX15 Gateway User Guide...
Page 642 Modbus address filter set to 20. Adjust Modbus server address set to 10. This will configure the gateway to deliver all messages that have the Modbus server address address of 20 to the device with address 10. Digi IX15 Gateway User Guide...
Page 643 17. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 644 If connection_type is set to serial: i. Set the serial port: i. Use the ?to determine available serial ports: (config service modbus_gateway server test_modbus_server)> ... serial port ? Serial Additional Configuration ------------------------------------------------------------------------------- port1 Port 1 Digi IX15 Gateway User Guide...
Page 645 The default is rtu. iii. Set the maximum allowable time between bytes in a packet: (config service modbus_gateway server test_modbus_server)> xbee idle_gap value (config service modbus_gateway server test_modbus_server)> Digi IX15 Gateway User Guide...
Page 646 Set the port: (config service modbus_gateway client test_modbus_client)> socket port (config service modbus_gateway client test_modbus_client)> where port is an integer between 1 and 65535. The default is 502. Digi IX15 Gateway User Guide...
Page 647 If connection_type is set to serial: i. Set the serial port: i. Use the ?to determine available serial ports: (config service modbus_gateway client test_modbus_client)> ... serial port ? Serial Additional Configuration ------------------------------------------------------------------------------- port1 Port 1 Digi IX15 Gateway User Guide...
Page 648 (config service modbus_gateway client test_modbus_client)> xbee idle_gap value (config service modbus_gateway client test_modbus_client)> where value is any number between 10 milliseconds and one second, and takes the format number{ms|s}. For example, to set idle_gap to one second, enter 1000ms or 1s. Digi IX15 Gateway User Guide...
Page 649 To add additional filters, increment the index number. For example, to add an additional filter for addresses in the range of 50-100: (config service modbus_gateway client test_modbus_client)> filter 1 50-100 (config service modbus_gateway client test_modbus_client)> Digi IX15 Gateway User Guide...
Page 650 This includes configuring the Modbus systems to minimize vulnerabilities, applying access controls, using encryption, segmenting networks, upgrading firmware on the devices, as well as monitoring Digi IX15 Gateway User Guide...
Page 651 Encryption Further lock down access to the Modbus gateway service on the IX15 by configuring it to establish a VPN tunnel, then update the access control list as mentioned above to only allow access to the Modbus service through the VPN connection.
Page 652 Configure remote XBee nodes Required configuration items Remote nodes used in the Modbus gateway must be part of the IX15 XBee network and also be able to talk through their serial port with the Modbus network. XBee and serial parameters...
Page 653 RO to 20, then to 50 if the problem continues. DigiMesh Parameter Description Value The same value as the IX15 XBee PAN ID. You can XBee Network PAN get the IX15 XBee PAN ID from: network parameters Web UI: The XBee Network pane of the IX15 Dashboard.
Page 654 XBee Network Manager. Command line: The show xbee command. The lower 32 bits of the IX15 XBee MAC address. You Destination can get IX15 XBee MAC address from either: address low Web UI: The Local Device pane of the IX15 XBee Network Manager.
Page 655 Command line: The show xbee verbose command. Channel The operating channel number. It must be the same as the IX15 XBee channel. You can get the IX15 XBee channel: Web UI: The XBee Network pane of the IX15 Dashboard. Command line: Theshow xbee verbose command.
Page 656 Limitationsof Modbusserial over wirelessand mesh Cannot set 7 data bits. Digi's XBee modules only support 8 data bits, Even/Odd/None/Mark parity and 1/2 stop bits. Length of Modbus frames: The maximum length of data sent wirelessly between XBee nodes depends on the module configuration, for example on the protocol (Zigbee, DigiMesh, or 802.15.4), or whether...
Page 657 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 658 ------- modbus_socket ------------- Client Lookup Errors Incoming Connections Packet Errors RX Broadcasts RX Requests : 12 TX Exceptions TX Responses : 12 Clients ------- modbus_socket_41 ---------------- Address Translation Errors Connection Errors Packet Errors RX Responses Digi IX15 Gateway User Guide...
Page 659 RX Timeouts TX Broadcasts TX Requests > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 660 Configure the system time synchronization To configure or change the system time synchronization: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 661 5. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 662 NTP socket is in use, exiting. System time setting UI Configuration Timezone (Optional) Set the timezone for the location of your IX15 device. The default is UTC. (config)> system time timezone value (config)> Where value is the timezone using the format specified with the following command: (config)>...
Page 663 (config system time source 1)> type modem (config time source 1) > modem modem To see the modem and its settings: (config system time source 1)> show enable true no label modem modem offset local type modem Digi IX15 Gateway User Guide...
Page 664 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 665 This procedure is available at the Admin CLI only. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 666 The time zone setting, if the default setting of UTC is not appropriate. To configure the IX15 device's NTP service: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 667 By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the IX15 device can use the NTP service. 6. Enable Fall back to local clock to allow the device's local system clock to be used as backup time source.
Page 668 9. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 669 5. Allow the device's local system clock to be used as backup time source: (config)> service ntp local true (config)> 6. (Optional) Configure the access control list to limit downstream access to the IX15 device's NTP service. To limit access to specified IPv4 addresses and networks: (config)>...
Page 670 By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the IX15 device can use the NTP service. 7. (Optional) Set the timezone for the location of your IX15 device. The default is UTC. (config)> system time timezone value (config)>...
Page 671 Command line Show NTP information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 672 To configure a multicast route: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 673 9. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 674 Services Configure a multicast route 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 675 Multicast DNS mDNS is a protocol that resolves host names in small networks that do not have a DNS server. You can enable the IX15 device to use mDNS. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 676 6. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 677 No limit to IPv6 addresses that can access the mDNS service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service mdns acl interface end value (config)>...
Page 678 MQTT is a lightweight publish/subscribe messaging protocol for the Internet of Things (IoT) applications, designed to connect devices using a small footprint and minimum network bandwidth. Your IX15 device includes an MQTT broker service that serves as an intermediary between MQTT clients. The broker receives and distributes client messages.
Page 679 Services Use the MQTT broker service 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 680 Click gto add a topic. iii. For Topic, type the topic. The signal level wildcard, +, and multi-level wildcard, #, are supported. iv. For Access, select the level of access that the client will have: Read Write Digi IX15 Gateway User Guide...
Page 681 ID or username. If a variable is used, it can be the only text for that level of the hierarchy.. d. For Access, select the level of access that the client will have: Read Write Digi IX15 Gateway User Guide...
Page 682 15. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 683 Services Use the MQTT broker service To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service mqtt acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...
Page 684 (config service mqtt client 0)> add topic_acl end (config service mqtt client 0 topic_acl 0)> ii. Set the topic: (config service mqtt client 0 topic_acl 0)> topic value (config service mqtt client 0 topic_acl 0)> where value is one of: Digi IX15 Gateway User Guide...
Page 685 (Optional) Set a string that identifies the listener and is sent to the clients: (config)> service mqtt encryption identifier string (config)> b. Enable the PSK identity sent by the client to be used as its username: (config)> service mqtt encryption use_identity_as_username true (config)> Digi IX15 Gateway User Guide...
Page 686 (config service mqtt topic_acl anonymous 0)> c. Set the topic: (config service mqtt topic_acl anonymous 0)> topic value (config service mqtt topic_acl anonymous 0)> where value is one of: The topic. The signal level wildcard, +. The multi-level wildcard, #. Digi IX15 Gateway User Guide...
Page 687 If a variable is used, it can be the only text for that level of the hierarchy. d. Set the access type to apply to the topic: (config service mqtt topic_acl pattern 0)> access value (config service mqtt topic_acl pattern 0)> where value is one of: deny read readwrite write Digi IX15 Gateway User Guide...
Page 688 Command line Show MQTT broker information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 689 Type quit to disconnect from the device. Use the iPerf service Your IX15 device includes an iPerf3 server that you can use to test the performance of your network. iPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
Page 690 To enable the iPerf3 server: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 691 7. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 692 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service iperf acl interface end value (config)>...
Page 693 6. Save the configuration and apply the change. (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 694 IP address, interfaces, and/or zones. To enable the iPerf3 server: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 695 For Add Zone, click g . c. For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. d. Click gagain to allow access through additional firewall zones. Digi IX15 Gateway User Guide...
Page 696 5. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 697 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration ------------------------------------------------------------------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. 6. Save the configuration and apply the change. Digi IX15 Gateway User Guide...
Page 698 Example performance test using iPerf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the IX15 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 [ 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
Page 699 Applications The IX15 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. You can also specify Python applications and other scripts to be run each time the device system restarts, at specific intervals, or at a specified time.
Page 700 It also provides examples to use as the base for programming your IX15. See Create and test a Python application. In addition to the standard Python library, the IX15 includes a set of extensions to access its configuration and interfaces. See Python modules.
Page 701 Set up the IX15 for Python development 1. Access the IX15 local web interface a. Use an Ethernet cable to connect the IX15 to your local laptop or PC. The factory Setup IP address is 192.168.2.1 b. Log into the IX15 WebUI as a user with full admin access rights.
Page 702 IX15. Develop an application in PyCharm The Digi IoT PyCharm Plugin allows you to write, build and run Python applications for Digi devices in a quick and easy way. See the Digi XBee PyCharm IDE Plugin User Guide for details.
Page 703 Create a custom firewall rule É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: Digi IX15 Gateway User Guide...
Page 704 6. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 705 Type quit to disconnect from the device. End-to-end demos The Digi XBee PyCharm Plugin includes a set of sample applications ready to build and execute in your IX15. You can use these sample applications as a reference to create your own Python...
Page 706 3. Open the app and scan for devices. Your IX15 device will appear in the list. TIP: You can use filter by name if your list is big and you have problems identifying your IX15. Digi IX15 Gateway User Guide...
Page 707 Applications Develop Python applications 4. Click the IX15 device and enter the device Bluetooth Low Energy password. Digi IX15 Gateway User Guide...
Page 708 Applications Develop Python applications 5. After passing the password validation, you can see your device information and change some basic configuration settings. Digi IX15 Gateway User Guide...
Page 709 Develop Python applications Python modules The IX15 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. It also offers extensions to manage your IX15: The digidevice module provides platform-specific extensions that allow you to interact with the device’s configuration and interfaces.
Page 710 Digidevice module The Python digidevice module provides platform-specific extensions that allow you to interact with the device’s configuration and interfaces. The following submodules are included with the digidevice module: This section contains the following topics: Digi IX15 Gateway User Guide...
Page 711 = xbee.get_device() Once the local XBee of the IX15 is retrieved, you can work with it using the XBee Python Library API that is integrated into the gateway firmware: Retrieve and discover the XBee nodes in your network.
Page 712 To stop listening to new data messages from the Bluetooth interface, use the del_bluetooth_data_ received_callback method to unsubscribe the already-registered listener. Deregister Bluetooth data reception [...] device = [...] Digi IX15 Gateway User Guide...
Page 713 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access.
Page 714 Uptime : 6 days, 6 hours, 21 minutes, 57 seconds (541317s) Temperature : 40C Location Contact >>> 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Digi IX15 Gateway User Guide...
Page 715 Get help executing a CLI command from Python by accessing help for cli.execute: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access.
Page 716 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access.
Page 717 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access.
Page 718 Read the device configuration 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access.
Page 719 Use the set() and commit() methods to modify the device configuration: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access.
Page 720 Remote Manager's Server Command Interface (SCI), a web service that allows users to access information and perform commands that relate to their devices. Use Remote Manager's SCI interface to create SCI requests that are sent to your IX15 device, and use the device_request module to send responses to those requests to Remote Manager.
Page 721 Task one: Use the device_request module on your IX15 device to create a response 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access.
Page 722 1. Create a Python application, called showsystem.py, that uses the digidevice.cli module to create a response containing information about device and the device_request module to respond with this information to a request from Remote Manager: from digidevice import device_request from digidevice import cli Digi IX15 Gateway User Guide...
Page 723 This can be done from either the WebUI or the command line: É i. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. ii. Access the device configuration: Remote Manager: i.
Page 724 Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 725 Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 726 Hardware Version : 50001959-01 A Firmware Version : 25.2 Bootloader Version Firmware Build Date : Fri, Jan 12, 2024 12:10:00 Schema Version : 461 Timezone : UTC Current Time : Thu, Jan 11, 2024 12:10:00 Digi IX15 Gateway User Guide...
Page 727 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access.
Page 728 Use the keys() and get() methods to read the device configuration: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access.
Page 729 Use the set() method to modify the runtime database: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a Digi IX15 Gateway User Guide...
Page 730 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 731 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager.
Page 732 Upload a custom name 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access.
Page 733 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access.
Page 734 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). The digidevice led submodule Use the led submodule to redefine the purpose of any front-panel LED on the Digi IX15 Gateway device. With this submodule, you can:...
Page 735 A vailable LED states State Attribute name Solid on State.ON State.OFF Flash State.FLASH Use Python to set the state of LEDs The following example uses an interactive Python session to set the state of all LEDs to flashing: Digi IX15 Gateway User Guide...
Page 736 LED state is not updated until Python releases control of the LED. When the LED is returned to system control, the state of the LED will reflect the correct, recorded state information. Digi IX15 Gateway User Guide...
Page 737 Use Python to control the color of multi-colored LEDs One or more LEDs in the IX15 are RGB (red, green, and blue) LEDs, capable of producing a wide range of colors. You can use the digidevice.led Python module to control the color as well as the state of these LEDs.
Page 738 FLASH The digidevice led submodule for a definition of the IX15's LEDs, including RGB leds, and the names of the attributes for each LED that will be used by the digidevice.led module. Example: Set the LTE connection indicator to flashing purple 1.
Page 739 SMS scripting. Enable the ability to schedule SMSscripting É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 740 5. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 741 # a CLI command. Send a reponse SMS to the sender before running the command import os import threading import sys from digidevice import cli from digidevice.sms import Callback, send COND = threading.Condition() allowed_incoming_phone_number = '2223334444' def sms_test_callback(sms, info): Digi IX15 Gateway User Guide...
Page 742 , and the daemon will take a specific action when a registered application does not refresh the daemon within the refresh timeout. The daemon can be configured to: Terminate the application. Restart the application by executing the provided command. Reboot the system. Digi IX15 Gateway User Guide...
Page 743 An AppMonitorHandler object to use to refresh or unregister the application from Returns the Application Monitor daemon. ValueError if timeout, or action is not valid. Raises AppMonitorError if there is an error registering the application. Usage example: Digi IX15 Gateway User Guide...
Page 744 Method Description Unregisters the application from the application monitor daemon. Parameters None. None. Returns AppMonitorError if there is an error unregistering the application. Raises Usage example: Digi IX15 Gateway User Guide...
Page 745 Use Python to control the color of multi-colored LEDs mon_handle.unregister() Use Python to accessserial ports You can use the Python serial module to access serial ports on your IX15 device that are configured to be in Application mode. See Configure Application mode for a serial port for information about configuring a serial port in Application mode.
Page 746 = cli.execute("system firmware update file " + fname, 60) except: print("Failed to run firmware update command") return HTTPStatus.INTERNAL_SERVER_ERROR if not "Firmware update completed" in ret: print("Failed to update firmware") return HTTPStatus.INTERNAL_SERVER_ERROR finally: os.remove(fname) Digi IX15 Gateway User Guide...
Page 747 Supported commands: - "fw-update" params: - "uri": "<firmware_file_URL>" - "reboot" params: """ try: m = json.loads(msg.payload) cid = m["cid"] cmd = m["cmd"] try: payload = m["params"] except: payload = None except: print("Invalid command format: {}".format(msg.payload)) Digi IX15 Gateway User Guide...
Page 748 + "/system", json.dumps(msg)) runt.start() serial = runt.get("system.serial") PREFIX = "router/" + serial PREFIX_EVENT = "event/" + PREFIX PREFIX_CMD = "cmd/" + PREFIX PREFIX_RSP = "rsp/" + PREFIX client = mqtt.Client() client.on_connect = on_connect client.on_message = on_message Digi IX15 Gateway User Guide...
Page 749 Applications Set up the IX15 to automatically run your applications try: client.connect("192.168.1.100", 1883, 60) client.loop_start() except: print("Failed to connect to MQTT server") sys.exit(1) while True: publish_dhcp_leases() publish_system() time.sleep(POLL_TIME) Set up the IX15 to automatically run your applications This section contains the following topics:...
Page 750 The uploaded file is uploaded to the /etc/config/scripts directory. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 751 This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 752 Applications Set up the IX15 to automatically run your applications 3. Click System > Scheduled tasks > Custom scripts. 4. For Add Script, click g . The script configuration window is displayed. Custom scripts are enabled by default. To disable, toggle off Enable to toggle off.
Page 753 12. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 754 Applications Set up the IX15 to automatically run your applications 4. (Optional) Provide a label for the script. (config system schedule script 0)> label value (config system schedule script 0)> where value is any string. if spaces are used, enclose value within double quotes.
Page 755 Applications Set up the IX15 to automatically run your applications 6. Set the commands that will execute the script: (config system schedule script 0)> commands filename (config system schedule script 0)> where filename is the path and filename of the script, and any related command line information.
Page 756 The Scripts page displays: Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 757 2. For scripts that are currently running, click Stop Script to stop the script. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 758 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access.
Page 759 1. Upload the Python application to the IX15 device: É Log into the IX15 WebUI as a user with full Admin access rights. a. On the menu, click System. Under Administration, click File System. The File System page appears.
Page 760 You can also create scripts by using the vi command when logged in with shell access. 2. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access.
Page 761 The uploaded file is uploaded to the /etc/config/scripts directory. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 762 This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 763 10. Sandbox is enabled by default, which restricts access to the file system and available commands that can be used by the script. This option protects the script from accidentally destroying the system it is running on. Digi IX15 Gateway User Guide...
Page 764 12. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 765 11. Save the configuration and apply the change. (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 766 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 767 The first main difference while working with the IX15 Gateway is the Python application development IDE. In previous generations, Digi ESP for Python was the IDE used to create and work with Python projects for Digi XBee gateways. The new generation of XBee gateways starting with the IX15 use Pycharm as the selected IDE to develop Python applications.
Page 768 Hardware access Interaction with Digi Remote Manager is key for the XBee gateways. For this reason, a set of APIs are still available to perform the most common Digi Remote Manager operations, although they are implemented in a different way:...
Page 769 In the new XBee gateways, there is not a specific API to access the device temperature: 1. It is possible to read it from the file system. New API TEMPERATURE_FILE = "/sys/class/thermal/thermal_zone0/temp" with open(TEMPERATURE_FILE, 'r') as file: sample = file.read() Digi IX15 Gateway User Guide...
Page 770 Digi Remote Manager Interaction with Digi Remote Manager is key for the XBee gateways. For this reason, a set of APIs are still available to perform the most common Digi Remote Manager operations, although they are implemented in a different way:...
Page 771 Subscribe device request Remove device request Upload datapoints In previous generations, the idigidata Python module was used to upload data points to Digi Remote Manager: 1. Create the full contents of the request in CSV format. 2. Pass it to the send_to_idigi(csv_string, url) function.
Page 772 "OK"# Register the callback function for the target name "myTarget". device_request.register("myTarget", handler) Remove device request In previous generations, the idigidata Python module was used to unregister callbacks from Digi Remote Manager: 1. Use the unregister_callback(handler) function passing the registration handler as argument. Previous API import idigidata def handler ...
Page 773 # Go to sleep, reset when a trigger occurs, this routine does not return digipowercontrol.system_power_set(0) The IX15 does not include a specific API for power management control. You can access the different power management options using the digidevice.config Python module:...
Page 774 Serial port: wake up the device when any data is received in the Serial Port. RTC alarm: configure an alarm and wake up the device when the alarm triggers. To configure the different wake up sources, use the digidevice.config Python module as follows: New API Digi IX15 Gateway User Guide...
Page 775 The sleep or suspend mode is a special state where the CPU, most of the RAM and most of the digital peripherals are powered off to save as much power as possible. The IX15 Gateway can be commanded to go to suspend mode at any time.
Page 776 MESSAGE = "Hello, World!" cur_time = time.strftime("%a, %d %b %Y %H:%M:%S", time.gmtime()) msg = "%s: Message %s" % (cur_time, MESSAGE) digisms.send(address, msg) In the new XBee gateways, the digidevice.sms Python module is used to send SMS messages: Digi IX15 Gateway User Guide...
Page 777 In previous generations, the zigbee Python module was used as the entry point to every XBee related operation in the gateway. In the new XBee gateways, all the XBee operations are based in the open source Digi Python Library that is already installed in the gateway. This library is protocol-agnostic and provides access to every XBee related operation using a object oriented philosophy.
Page 778 = xbee.get_device() try: device.open() xbee_network = device.get_network() xbee_network.set_discovery_timeout(15) # 15 seconds. # Callback for discovered devices. def callback_device_discovered(remote): print("Device discovered: %s" % remote) # Callback for discovery finished. def callback_discovery_finished(status, desc=None): if status == NetworkDiscoveryStatus.SUCCESS: Digi IX15 Gateway User Guide...
Page 779 = device.get_network() node_list = xbee_network.get_devices() # For each node, print its information for node in node_list: print("Node Identifier: %s" % node.get_node_id()) print("64-bit address: %s" % node.get_64bit_addr()) print("16-bit address: %s" % node.get_16bit_addr()) print("Role: %s" % node.get_role().description) Digi IX15 Gateway User Guide...
Page 780 2. You can execute this action in local and remote XBee devices. Note that value is returned as a byte array. Local device New API from digidevice import xbee device = xbee.get_device() try: device.open() value = device.get_parameter("NI") print("Read NI value: %s" % value.decode()) finally: if device.is_open(): device.close() Remote devices New API Digi IX15 Gateway User Guide...
Page 781 2. You can execute this action in local and remote XBee devices. Note that value must be provided as a byte array. Local device >from digi.xbee.util import utils from digidevice import xbee device = xbee.get_device() try: device.open() device.set_parameter("D1", bytearray([5])) finally: if device.is_open(): device.close() Digi IX15 Gateway User Guide...
Page 782 1. When you have the XBee instance, invoke the execute_command(command) method with the command ID to execute. 2. You can execute this action in local and remote XBee devices. Local device New API from digidevice import xbee device = xbee.get_device() try: device.open() device.execute_command("RE") finally: if device.is_open(): device.close() Digi IX15 Gateway User Guide...
Page 783 # Create the socket, datagram mode, proprietary transport: sd = socket(AF_XBEE, SOCK_DGRAM, XBS_PROT_TRANSPORT) # Bind to endpoint 0xe8 (232) for ZB/DigiMesh, but 0x00 for 802.15.4 sd.bind(("", 0xe8, 0, 0)) # Configure the socket for non-blocking operation: Digi IX15 Gateway User Guide...
Page 784 3. Every time the local XBee receives data, the registered handler is executed with the received XBee message as argument. It contains information about the sender and the data received. New API Digi IX15 Gateway User Guide...
Page 785 - Cluster ID: %s" % utils.hex_to_string(expl_ xb_msg.cluster_id.to_bytes(1, byteorder='big'))) print(" - Profile ID: %s" % utils.hex_to_string(expl_ xb_msg.profile_id.to_bytes(1, byteorder='big'))) device.add_expl_data_received_callback(explicit_data_callback) print("Waiting for explicit data...\n") # Keep the program executing until a key is pressed Digi IX15 Gateway User Guide...
Page 786 # Create the socket, datagram mode, proprietary transport: sd = socket(AF_XBEE, SOCK_DGRAM, XBS_PROT_TRANSPORT) # Bind to endpoint 0xe8 (232) for ZB/DigiMesh, but 0x00 for 802.15.4 s.bind(("", end_point, profile_id, cluster_id)) # Send "Hello, World!" to the destination node, endpoint, Digi IX15 Gateway User Guide...
Page 787 1. Get the destination node from the XBee network. 2. Invoke the send_data_async(remote_device, data) method specifying the destination node and the payload to send. 3. This method returns immediately. New API from digidevice import xbee Digi IX15 Gateway User Guide...
Page 788 # Obtain the remote XBee device from the XBee network. xbee_network = device.get_network() remote_device = xbee_network.get_device_by_node_id(REMOTE_NODE_ID) if remote_device: print("Sending explicit data to %s % remote_device) device.send_expl_data(remote_device, DATA_TO_SEND, SRC_ENDPOINT, DEST_ENDPOINT, CLUSTER_ID, PROFILE_ID) print("Success") else: print("Remote device not found") finally: if device.is_open() Digi IX15 Gateway User Guide...
Page 789 3. Only explicit data can be sent as you have to specify end point, cluster ID, and profile ID when building the destination address. Also, you must specify the broadcast address in the destination address. Previous API import xbee from socket import * # Broadcast address is "[00:00:00:00:00:00:FF:FF]!" DESTINATION=("[00:00:00:00:00:00:FF:FF]!", 0xe8, 0xc105, 0x11) Digi IX15 Gateway User Guide...
Page 790 ID, and the profile ID. New API from digidevice import xbee DATA_TO_SEND = "Hello, World!" SRC_ENDPOINT = 0xA0 DEST_ENDPOINT = 0xA1 CLUSTER_ID = 0x1554 PROFILE_ID = 0x1234 device = xbee.get_device() try: device.open() Digi IX15 Gateway User Guide...
Page 791 In previous generations, the zigbee Python module was used to unregister joining devices in an encrypted Zigbee network: 1. Invoke the unregister_joining_device(addr_extended) method specifying the 64-bit address of the XBee to unregister. Previous API import zigbee zigbee.unregister_joining_device("[00:0d:6f:00:00:06:89:29!]") Digi IX15 Gateway User Guide...
Page 792 When deploying an application in the gateway, all the source code, resources, and application required libraries must be transferred to the device. In previous XBee gateways, this process is handled by the Digi ESP for Python IDE. The IDE automatically builds and transfers the application to the gateway. If your application requires additional libraries, you are responsible of either copying them to the project or manually uploading them to the gateway.
Page 793 4. Click Apply. 5. Reboot the device. The IX15 Gateway also uses the web interface to configure the application automatic start. The main difference is that there are new configuration options including the full start command. You can read how Configure scripts to run automatically.
Page 794 User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Configure serial authentication Disable shell access Set the idle timeout for IX15 users Example user configuration Digi IX15 Gateway User Guide...
Page 795 User authentication IX15 user authentication IX15 user authentication User authentication on the IX15 has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes Determines how long a user session can be idle before the system automatically disconnects.
Page 796 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. Digi IX15 Gateway User Guide...
Page 797 The types of authentication method to be used: To add an authentication method: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 798 This procedure describes how to add methods to various places in the list. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 799 Type quit to disconnect from the device. Delete an authentication method É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 800 5. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 801 To reorder these so that RADIUS is first and Local users is second: 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 802 User authentication Authentication groups 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 803 Differences between standard firmware operation and Primary Responder mode. Serial access: Users with Serial access have the ability to log into the IX15 device by using the serial console. Preconfigured authentication groups The IX15 device has two preconfigured authentication groups: The admin group is configured by default to have full Admin access.
Page 804 By default, two authentication groups are predefined: admin and serial. To change the access rights of the predefined groups: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 805 6. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 806 Access rights to query the device for Nagios monitoring. To add an authentication group: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 807 Full access or Read-only access. where value is either: Full access full: provides users of this group with the ability to manage the IX15 device by using the WebUI or the Admin CLI. Read-only access read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
Page 808 11. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 809 (config)> where value is either: full: provides users of this group with the ability to manage the IX15 device by using the WebUI or the Admin CLI. read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
Page 810 To delete an authentication group that you have created: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 811 5. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 812 TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each IX15 device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.
Page 813 To change a user's password: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 814 You can also change the password for the active user by clicking the user name in the menu bar: The active user must have full Admin access rights to be able to change the password. 6. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...
Page 815 Local users Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 816 One-time use eight-digit emergency scratch codes. To configure a local user: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 817 The minimum value is 1 second, and the maximum is 15 minutes. The default is 15 minutes. 8. Add groups for the user. Groups define user access rights. See Authentication groups for information about configuring groups. Digi IX15 Gateway User Guide...
Page 818 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Code refresh interval to ten minutes, enter 10m or 600s. Digi IX15 Gateway User Guide...
Page 819 11. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 820 Every user must be configured with at least one group. b. (Optional) Add additional groups by repeating the add group command: (config auth user new_user> add group end serial (config auth user new_user)> To remove a group from a user: Digi IX15 Gateway User Guide...
Page 821 HMAC-based One-Time Password (HOTP) uses a counter to validate a one- time password. The default value is totp. (config auth user new_user 2fa)> type totp (config auth user new_user 2fa)> Digi IX15 Gateway User Guide...
Page 822 (config auth user new_user 2fa)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set login_limit_period to ten minutes, enter either 10m or 600s: Digi IX15 Gateway User Guide...
Page 823 Delete a local user To delete a user from your IX15: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 824 3. Click Authentication > Users. 4. Click the menu icon (...) next to the name of the user to be deleted and select Delete. 5. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...
Page 825 Local users Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 826 With TACACS+ support, the IX15 device acts as a TACACS+ client, which sends user credentials and connection parameters to a TACACS+ server over TCP. The TACACS+ server then authenticates the TACACS+ client requests and sends back a response message to the device.
Page 827 The groupname attribute is optional. If used, the value must correspond to authentication groups configured on your IX15. Alternatively, if the user is also configured as a local user on the IX15 device and the LDAP server authenticates the user but does not return any groups, the local configuration determines the list of groups.
Page 828 $ sudo /etc/init.d/tacacs_plus restart TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your IX15 device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
Page 829 The TACACS+ server port. It is configured to 49 by default. Add additional TACACS+ servers in case the first TACACS+ server is unavailable. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 830 11. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 831 (config)> auth tacacs+ authoritative true (config)> 4. (Optional) Configure the group_attribute. This is the name of the attribute used in the TACACS+ server's configuration to identify the IX15 authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_plus.conf file is groupname, which is also the default setting for the group_...
Page 832 10. Save the configuration and apply the change. (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 833 With RADIUS support, the IX15 device acts as a RADIUS client, which sends user credentials and connection parameters to a RADIUS server over UDP. The RADIUS server then authenticates the RADIUS client requests and sends back a response message to the device.
Page 834 IX15. Alternatively, if the user is also configured as a local user on the IX15 device and the RADIUS server authenticates the user but does not return any groups, the local configuration determines the list of groups. See...
Page 835 Add additional RADIUS servers in case the first RADIUS server is unavailable. The server NAS ID. If left blank, the default value is used: If you are access the IX15 device by using the WebUI, the default value is for NAS ID is httpd.
Page 836 NAS or any arbitrary string. If not set, the default value is used: If you are accessing the IX15 device by using the WebUI, the default value is for NAS ID is httpd.
Page 837 9. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 838 Your IX15 device supports LDAP (Lightweight Directory Access Protocol), a protocol used for directory information services over an IP network. LDAP can be used with your IX15 device for centralized authentication and authorization management for users who connect to the device. With LDAP support, the IX15 device acts as an LDAP client, which sends user credentials and connection parameters to an LDAP server.
Page 839 When you are using LDAP authentication, you can have both local users and LDAP users able to log in to the device. To use LDAP authentication, you must set up a LDAP server that is accessible by the IX15 device prior to configuration. The process of setting up a LDAP server varies by the server environment.
Page 840 (password verification) and authorization (assigning the access level of the user). Additional LDAP servers can be configured as backup servers for user authentication. This section outlines how to configure a LDAP server to be used for user authentication on your IX15 device.
Page 841 LDAP server failover and fallback to local configuration In addition to the primary LDAP server, you can also configure your IX15 device to use backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is unavailable.
Page 842 User authentication LDAP 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 843 If this attribute is not set, the user will be denied access. 12. (Optional) For Group attribute, type the name of the user attribute that contains the list of IX15 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
Page 844 User authentication LDAP 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 845 . If this attribute is not set, the user will be denied access. 10. (Optional) Set the name of the user attribute that contains the list of IX15 authentication groups that the authenticated user has access to. See...
Page 846 Configure serial authentication This section describes how to configure authentication for serial access. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 847 10. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 848 If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 849 5. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 850 Idle timeout parameter. By default, the Idle timeout is set to 10 minutes. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 851 User authentication Set the idle timeout for IX15 users 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 852 Goal: To create a user with administrator rights who is authenticated locally on the device. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 853 7. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 854 Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the IX15 device, user authentication will occur in the following order: Digi IX15 Gateway User Guide...
Page 855 2. The user is authenticated by the TACACS+ server. If both the RADIUS and TACACS+ servers are unavailable, 3. The user is authenticated by the IX15 device using local authentication. This example uses a FreeRadius 3.0 server running on ubuntu, and a TACACS+ server running on ubuntu.
Page 856 The authentication group on the IX15 device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 4. Access the device configuration:...
Page 857 User authentication Example user configuration a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
Page 858 In this example: The user's username is admin1. The user's password is password1. The authentication group on the IX15 device, admin, is identified in the Unix-FTP- Group-Names parameter. c. Save and close the users file. 2. Configure a user on the TACACS+ server: a.
Page 859 Save and close the tac_plus.conf file. 3. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 860 (config auth user adminuser)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 861 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure Quality of Service options Web filtering Digi IX15 Gateway User Guide...
Page 862 To create a zone: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 863 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 864 This example procedure uses an existing network interface named ETH and changes the firewall zone from the default zone, Internal, to External. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 865 Delete a custom firewall zone You cannot delete preconfigured firewall zones. To delete a custom firewall zone: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration:...
Page 866 Firewall Firewall configuration a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
Page 867 Port forwarding rules Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 868 A white list of devices, based on either IP address or firewall zone, that are authorized to leverage this forwarding rule. To configure a port forwarding rule: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 869 13. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 870 (config firewall dnat 0)> to_address ip-address (config firewall dnat 0)> For IPv6 addresses: (config firewall dnat 0)> to_address6 ip-address (config firewall dnat 0)> 9. Set the public-facing port number(s) that network connections must use for their traffic to be forwarded. Digi IX15 Gateway User Guide...
Page 871 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration ------------------------------------------------------------------------------ dynamic_routes edge external internal ipsec loopback setup (config firewall dnat 0 acl)> Digi IX15 Gateway User Guide...
Page 872 Delete a port forwarding rule To delete a port forwarding rule: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 873 5. Save the configuration and apply the change. (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 874 ICMP ICMP6 To configure a packet filtering rule: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 875 Firewall configuration for more information about firewall zones. 10. Click Apply to save the configuration and apply the change. Command line Digi IX15 Gateway User Guide...
Page 876 Firewall Packet filtering 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 877 The default is any. 8. Set the protocol. (config firewall filter 1)> protocol value (config firewall filter 1)> where value is one of: icmp icmpv6 The default is any. Digi IX15 Gateway User Guide...
Page 878 Enable or disable a packet filtering rule To enable or disable a packet filtering rule: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 879 Firewall Packet filtering 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 880 Firewall Packet filtering É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 881 To configure custom firewall rules: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 882 7. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 883 These example bindings are disabled by default. Enable the preconfigured bindings É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 884 8. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 885 Firewall Configure Quality of Service options Create a new binding É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 886 If Default is disabled, you must configure at least one rule: i. Click to expand Rule. ii. For Add Rule, click g . The QoS binding policy rule configuration window is displayed. Digi IX15 Gateway User Guide...
Page 887 Use the format IPv6_address[/prefix_length], or use any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. 10. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...
Page 888 Configure Quality of Service options Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 889 (config firewall qos 2 policy 0)> rule (config firewall qos 2 policy 0 rule)> ii. Add a rule: (config firewall qos 2 policy 0 rule)> add end (config firewall qos 2 policy 0 rule 0)> Digi IX15 Gateway User Guide...
Page 890 Source traffic from any address will be matched. Firewall configuration for more information about firewall zones. interface: Only traffic from the selected interface will be matched. Set the interface: Digi IX15 Gateway User Guide...
Page 891 Only traffic destined for the IP address typed in IPv4 address will be matched. Set the address that will be matched: (config network qos 2 policy 0 rule 0)> src address value (config network qos 2 policy 0 rule 0)> Digi IX15 Gateway User Guide...
Page 892 Type quit to disconnect from the device. Web filtering Web filtering allows you to control access to services that can be accessed through the IX15 device by forwarding all Domain Name System (DNS) traffic to a web filtering service. This allows the network security administrator to configure a set of policies with the web filtering service that are applied to all routing devices with web filtering enabled.
Page 893 5. Click Create. 6. Copy the token. Task two: Configure web filtering É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 894 Type quit to disconnect from the device. Clear the Cisco Umbrella device ID If the Cisco Umbrella device ID being used by your IX15 is invalid, you can clear the device ID. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 895 To configure web filtering with manual DNS servers: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 896 10. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 897 Add the second DNS server: i. Move back one node in the configuration tree: (config firewall web-filter server 0)> .. (config firewall web-filter server)> ii. Add the server: (config firewall web-filter server)> add end (config firewall web-filter server 1)> Digi IX15 Gateway User Guide...
Page 898 Configure web filtering with manual DNS servers for information about configuring web filtering to use Cisco open DNS servers. 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 899 Cisco open DNS servers. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 900 To view information about the web filter service: Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 901 Containers The IX15 device includes support for LXC Linux containers. LXC containers are a lightweight, operating system level method of virtualization that allows you to run one or more isolated Linux instances on a the same host using the host's Linux kernal.
Page 902 Use Digi Remote Manager to deploy and run containers Use Digi Remote Manager to deploy and run containers Note Container support must be enabled in Digi Remote Manager. Contact your Digi sales representative for information. 1. In Remote Manager, create a Configuration template. See the Remote Manager User Guide instructions.
Page 903 Containers Use Digi Remote Manager to deploy and run containers i. Click Browse and select the container file. ii. Type the Name of the container. The Name entered here must be the same name as the container .tgz file. This is absolutely necessary, otherwise the container file will not be properly configured on the local devices.
Page 904 Containers Use Digi Remote Manager to deploy and run containers c. For the Automation step: i. Click to toggle on Enable Scanning. ii. Click to toggle on Remediate. Run a manual configuration scan to apply the container and configuration settings to all applicable devices.
Page 905 Containers Use Digi Remote Manager to deploy and run containers vi. Click the Stream ID to view container status. To verify by using the show containers command on the local device: a. From the Remote Manager main menu, click ® Management > Devices.
Page 906 Is one of the devices included on the Target page. Upload a new LXC container É Log into the IX15 WebUI as a user with full Admin access rights. 1. From the main menu, click Status. Under Services, click Containers. 2. Click Upload New Container.
Page 907 The network gateway. Serial ports on the device that the container will have access to. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 908 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Restart timeout to ten minutes, enter 10m or 600s. 8. (Optional) Type any Optional parameters for the container. Parameters are in the format accepted by the lxc utility. Digi IX15 Gateway User Guide...
Page 909 12. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 910 The default timeout of 0s means that if the container stops, it will not be restarted. 8. Type any optional parameters for the container: (config system container name )> args parameters (config system container name )> Digi IX15 Gateway User Guide...
Page 911 (config network wireless client new_client)> save Configuration saved. > 14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 912 To start the container in non-persistent mode: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access.
Page 913 Stopping the container 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access.
Page 914 Containers Schedule a script to run in the container 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 915 Containers Schedule a script to run in the container 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 916 10. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 917 4. Change directories to leave the container file structure: $ cd ../.. 5. Change user and group permissions on all files in the container file structure: $ sudo chown -R 165536 rootfs $ sudo chgrp -R 165536 rootfs Digi IX15 Gateway User Guide...
Page 918 Click Apply. 2. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX15 local command line as a user with shell access.
Page 919 Locate the device by using the Find Me feature Configure a power profile Enable FIPS mode Configuration files Schedule system maintenance tasks Disable device encryption Configure the speed of your Ethernet port Watchdog service Configure the Watchdog service View Watchdog metrics Digi IX15 Gateway User Guide...
Page 920 É To display system information: Log into the IX15 WebUI as a user with full Admin access rights. 1. On the main menu, click Status. A secondary menu appears, along with a status panel. 2. On the secondary menu, click to display the details panel for the status you want to view.
Page 921 : 215.739MB/458.328MB(50%) Disk /tmp Usage : 0.003MB/120.0MB(0%) Disk /var Usage : 0.816MB/32.0MB(3%) > Configure system information You can configure information related to your IX15 device, such as providing a name and location for the device. Digi IX15 Gateway User Guide...
Page 922 A banner that will be displayed when users access terminal services on the device. To enter system information: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 923 For example, IX15-25.2.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version.
Page 924 The system firmware files are signed to ensure that only Digi-approved firmware load onto the device. The IX15 device validates the system firmware image as part of the update process and only successfully updates if the system firmware image can be authenticated.
Page 925 System administration Update system firmware 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 926 1. Download the IX15 operating system firmware from the Digi Support FTP site to your local machine. 2. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 927 > reboot Rebooting system > 7. Once the device has rebooted, log into the IX15's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...
Page 928 > Dual boot behavior By default, the IX15 device stores two copies of firmware in two flash memory banks: The current firmware version that is used to boot the device. A copy of the firmware that was in use prior to your most recent firmware update.
Page 929 System administration Upgrade cellular modem firmware 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 930 OTA modem firmware update: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 931 Type quit to disconnect from the device. Update modem firmware by using a local firmware file You can update your modem firmware by uploading a modem firmware file to your IX15 device. Firmware should be uploaded to /opt/MODEM_MODEL/Custom_Firmware, for example, /opt/LM940/Custom_Firmware.
Page 932 System administration Upgrade cellular modem firmware 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 933 3. Click Reboot to confirm that you want to reboot the device. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 934 System administration Reboot your IX15 device Schedule reboots of your device É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 935 Erasing the device configuration performs the following actions: Clears all configuration settings. When the device restarts, it uses the factory default configuration. Deletes all user files including Python scripts. Clears event and system log files. Digi IX15 Gateway User Guide...
Page 936 3. After resetting the device: a. Connect to the IX15 by using the serial port or by using an Ethernet cable to connect the IX15 ETH port to your PC.
Page 937 3. In the Erase configuration section, click ERASE. 4. Click CONFIRM. 5. After resetting the device: a. Connect to the IX15 by using the serial port or by using an Ethernet cable to connect the IX15 ETH port to your PC. b. Log into the IX15: User name: Use the default user name: admin.
Page 938 3. Type yes to confirm that you want all configurations deleted, the factory configuration reset, and the device rebooted. 4. After resetting the device: a. Connect to the IX15 by using the serial port or by using an Ethernet cable to connect the IX15 ETH port to your PC. b. Log into the IX15: User name: Use the default user name: admin.
Page 939 Type quit to disconnect from the device. Custom factory default settings You can configure your IX15 device to use a custom factory default configuration file. This way, when you erase the device's configuration, the device will reset to your custom configuration rather than to the original factory defaults.
Page 940 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 941 To use this feature: É Log into the IX15 WebUI as a user with full Admin access rights. 1. On the menu, click System. Under Administration, click Find Me. A notification message appears, noting that the LED is flashing on the device. Click the x in the message to close it.
Page 942 You can also disable the IX15's LEDs to save power and reduce light pollution. To change the active power profile: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 943 6. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 944 6. Save the configuration and apply the change. (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 945 When the FIPS setting is changed, the device will reboot automatically. Disabling FIPS after it has been enabled will cause the current configuration to be erased. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 946 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 947 If you do not save configuration changes, the system discards the changes. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 948 Type quit to disconnect from the device. Save configuration to a file You can save your IX15 device's configuration to a file and use this file to restore the configuration, either to the same device or to similar devices.
Page 949 0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your IX15 device by using a backup from the device, or a backup from a similar device. This process does not apply any profile to the IX15's XBee, a custom profile must be applied...
Page 950 The configuration will be restored and the device will be rebooted. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 951 IX15 device. local-path is the location on the IX15 device where the copied file will be placed. For example: > scp host 192.168.4.1 user admin remote /home/admin/bin/backup-archive-0040FF800120-25.2- 19.23.42.bin local /opt to local...
Page 952 The frequency (daily, weekly, or monthly) that checks for firmware updates will run. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 953 If Immediately is selected, all scheduled tasks will begin at the exact time specified in Start time. d. For Frequency, select whether the maintenance window will be started every day, or once per week. Digi IX15 Gateway User Guide...
Page 954 11. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 955 Configure the duration length (the amount of time that the maintenance tasks will be run). If 0 is used, all scheduled tasks will begin at the start time, defined in the previous step. Digi IX15 Gateway User Guide...
Page 956 (config)> system schedule maintenance firmware_update_check modem false (config)> c. Set how often automated checking for device and modem firmware should take place: (config)> system schedule maintenance frequency value (config)> where value is either daily, weekly, or monthly. daily is the default. Digi IX15 Gateway User Guide...
Page 957 Type quit to disconnect from the device. Disable device encryption You can disable the cryptography on your IX15 device. This can be used to ship unused devices from overseas without needing export licenses from the country from which the device is being shipped.
Page 958 CLI. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 959 Click the Internet Protocol Version 4 (TCP/IPv4) parameter. c. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. d. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 Gateway: 192.168.210.1 Digi IX15 Gateway User Guide...
Page 960 Configure the speed of your Ethernet port 2. Connect the PC's Ethernet port to the Ethernet port on your IX15 device. 3. Open a telnet session and connect to the IX15 device at the IP address of 192.168.210.1. 4. Log into the device: Username: admin Password: The default unique password for your device is printed on the device label.
Page 961 System administration Configure the speed of your Ethernet port 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 962 Configure the Watchdog service To configure the Watchdog service on your IX15: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 963 8. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 964 (config)> system watchdog tests memory log_memory true (config)> e. To have the interface(s) checked and rebooted after the specified amount of time: (config)> system watchdog tests interfaces interfaces add [value] (config)> with value being the name of the interface. Digi IX15 Gateway User Guide...
Page 965 To view metrics for the Watchdog service and the tests performed: É In the local Web UI of your IX15: 1. Log in to the local Web UI of your device as a user with full Admin access rights. 2. To access the Watchdog Service page: From the Dashboard of the device: a.
Page 966 Command line To view the results of the Watchdog tests: 1. Access the Command Line Interface for your Digi IX15 Gateway, from either the local web UI as an administrator with full access rights or from Digi Remote Manager. 2. At the prompt, type show watchdog All tests that were performed, as well as their status are listed.
Page 967 System administration View Watchdog metrics Digi IX15 Gateway User Guide...
Page 968 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe Digi IX15 Gateway User Guide...
Page 969 Digi intelliFlow is a reporting and graphical presentation tool for visualizing your network’s data usage and network traffic information. intelliFlow can be enabled on Digi Remote Manager to provide a full analysis of all Digi devices on your network. Contact your Digi sales representative for information about enabling intelliFlow on Remote Manager.
Page 970 The firewall zone for internal clients being monitored by intelliFlow. To enable intelliFlow: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 971 Monitoring intelliFlow 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 972 For example, to define a service type called " MyService" using ports 9000 and 9001: É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 973 12. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 974 Digi. É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 975 11. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 976 7. Set the port number: (config monitoring intelliflow groups 2)> domain devicecloud.com (config monitoring intelliflow groups 2)> 8. Set the service type: (config monitoring intelliflow groups 2)> group Digi (config monitoring intelliflow groups 2)> 9. Save the configuration and apply the change. (config)> save Configuration saved.
Page 977 This procedure is only available from the WebUI. To display display average CPU and RAM usage: É Log into the IX15 WebUI as a user with full Admin access rights. 1. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
Page 978 Top data usage by server Top data usage by service To generate a top data usage chart: É Log into the IX15 WebUI as a user with full Admin access rights. 1. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
Page 979 4. Change the type of chart that is used to display the data: a. Click the menu icon (É). b. Select the type of chart. 5. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. Digi IX15 Gateway User Guide...
Page 980 Use intelliFlow to display data usage by host over time To generate a chart displaying a host's data usage over time: É Log into the IX15 WebUI as a user with full Admin access rights. 1. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
Page 981 To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the IX15 device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
Page 982 Monitoring Configure NetFlow Probe É 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 983 12. Click Apply to save the configuration and apply the change. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 984 Add a collector: (config)> add monitoring netflow collector end (config monitoring netflow collector 0)> b. Set the IP address of the collector: (config monitoring netflow collector 0)> address ip_address (config monitoring netflow collector 0)> Digi IX15 Gateway User Guide...
Page 985 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
Page 986 File system This chapter contains the following topics: The IX15 local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files...
Page 987 2. Highlight a directory and click d to open the directory and view the files in the directory. Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 988 For example: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 989 For example: Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 990 Command line To rename a file named test.py in /etc/config/scripts to final.py: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 991 Command line To delete a file named test.py in /etc/config/scripts: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 992 Type quit to disconnect from the device. To delete a directory named temp from /opt: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 993 Upload and download files by using the Secure Copy command Copy a file from a remote host to the IX15 device To copy a file from a remote host to the IX15 device, use the command as follows: > scp host hostname-or-ip user username remote remote-path local local-path to local...
Page 994 IX15 device. For example: To copy a support report from the IX15 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
Page 995 Transfer a file from the IX15 device to a remote host This example downloads a file named test.py from the Digi IX15 Gateway device at the IP address of 192.168.2.1 with a username of ahmed to the local directory on the remote host: $ sftp ahmed@192.168.2.1...
Page 996 Display status and statistics using the show command 1013 Device configuration using the command line interface 1014 Execute configuration commands at the root Admin CLI prompt 1014 Configuration mode 1016 Install Python packages 1028 Command line reference 1030 Digi IX15 Gateway User Guide...
Page 997 Log in to the command line interface Command line 1. Connect to the IX15 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.
Page 998 1. At the main menu, click Terminal. The device console appears. IX15 login: 2. Select the device in Remote Manager and click Actions > Open Console, or log into the IX15 local command line as a user with full Admin access rights.
Page 999 Command line interface Execute a command from the web interface Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. The Admin CLI prompt appears. > Digi IX15 Gateway User Guide...
Page 1000 Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the IX15 command line, and other keyboard shortcuts: > help Commands ------------------------------------------------------------------------------- Show commands help <Tab>...