Moxa Technologies AIG-502 Series User Manual
  1. Manuals
  2. Brands
  3. Moxa Technologies Manuals
  4. Gateway
  5. AIG-502 Series
  6. User manual
Moxa Technologies AIG-502 Series User Manual

Moxa Technologies AIG-502 Series User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
AIG-502 Series User Manual
Version 1.0, April 2025
www.moxa.com/products
© 2025 Moxa Inc. All rights reserved.

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the AIG-502 Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Moxa Technologies AIG-502 Series

Summary of Contents for Moxa Technologies AIG-502 Series

  • Page 1 AIG-502 Series User Manual Version 1.0, April 2025 www.moxa.com/products © 2025 Moxa Inc. All rights reserved.

  • Page 2: Copyright Notice

    AIG-502 Series User Manual The software described in this manual is furnished under a license agreement and may be used only in accordance with the terms of that agreement. Copyright Notice © 2025 Moxa Inc. All rights reserved. Trademarks The MOXA logo is a registered trademark of Moxa Inc.

  • Page 3: Table Of Contents

    Table of Contents Introduction ............................5 Overview .............................. 5 Package Checklist ..........................5 Product Features ........................... 5 Hardware Specifications ......................... 5 Hardware Block Diagram ........................6 Hardware Introduction ......................... 7 Appearance ............................7 Dimensions ............................8 LED Indicators ............................8 Hardware Connection Description......................
  • Page 4 Cellular ............................41 Wi-Fi Client ..........................43 Cloud Connectivity ..........................44 Azure IoT Edge ..........................44 Fieldbus Protocol ..........................71 Modbus Master ..........................71 Security .............................. 84 Certificate Center ......................... 84 Firewall ............................84 HTTPS ............................87 Login Lockout ..........................87 Session Management ........................

  • Page 5: Introduction

    1. Introduction Overview The AIG-502 Series advanced IIoT gateways are built around a powerful 7th Gen Intel® Core™ i7 processor, featuring versatile connectivity options with 1 HDMI display port, 3 USB 3.0 ports, 2 gigabit LAN ports, and 2 3-in-1 RS-232/422/485 serial ports. Equipped with a 2.5” HDD/SSD slot and a built-in TPM 2.0 module, the AIG-502 is designed to deliver reliable performance in harsh environments, including extreme temperatures, humidity, vibration, and power surges.

  • Page 6: Hardware Block Diagram

    Hardware Block Diagram AIG-502 Series User Manual...

  • Page 7: Hardware Introduction

    2. Hardware Introduction The AIG-502 Series embedded computers are compact, well designed, and rugged enough for industrial applications. LED indicators help you monitor the performance and identify trouble spots. Multiple serial ports allow you to connect different devices for wireless operation and the reliable and stable hardware platform lets you devote your attention to developing your applications.

  • Page 8: Dimensions

    (Located on connectors) Yellow Blinking: Data is being transmitted 10 Mbps Ethernet link or LAN is not connected Green Blinking: Data is being transmitted Tx 1/2 No connection Yellow Blinking: Data is being transmitted Rx 1/2 No connection AIG-502 Series User Manual...

  • Page 9: Hardware Connection Description

    STEP 2: Insert the top of the DIN rail into the slot just below the upper hook of the DIN-rail mounting kit. STEP 3: Press the AIG-502 towards the DIN rail until it snaps into place. AIG-502 Series User Manual...

  • Page 10: Wall Or Cabinet Mounting (Dnv)

    STEP 1: Use three screws for each bracket and attach the brackets to the rear of the AIG-502. Refer to the figure on the right for the specifications of the screws used to attach the brackets. AIG-502 Series User Manual...

  • Page 11: Wiring Requirements

    Temperature Caution! Be careful when handling the unit. When the unit is plugged in, the internal components generate heat, and consequently the outer casing may feel hot to the touch. AIG-502 Series User Manual...

  • Page 12: Connecting The Power

    Two 10/100/1000 Mbps Ethernet ports with RJ45 connectors are located on the front panel of the embedded computer. Refer to the illustration in the right for the location of the Ethernet ports. AIG-502 Series User Manual...

  • Page 13: Connecting To A Serial Device

    The pin assignments of the serial ports are shown in the following table: DB9 Male Port RS-232/422/485 Pinouts RS-232 RS-422 RS-485 (4-wire) RS-485 (2-wire) TxDA(-) TxDA(-) – TxDB(+) TxDB(+) – RxDB(+) RxDB(+) DataB(+) RxDA(-) RxDA(-) DataA(-) – – – – – – – – – AIG-502 Series User Manual...

  • Page 14: Connecting To A Usb Device

    You can also use these USB ports to connect to a keyboard or a mouse. Connecting to an HDMI Device The AIG-502 Series offers an HDMI connector located on the front panel, allowing users to connect to an audio or video device. Make sure you use an HDM-certified cable for a reliable audio or video connection.

  • Page 15: Installing Communications Modules

    Installing Communications Modules The AIG-502 Series comes with three sockets for installing various communications modules. Unfasten the screws on the right side of the computer and remove the cover to find the locations of the sockets as indicated in the following images:...

  • Page 16: Installing The Wi-Fi Module

    Installing the Wi-Fi Module The AIG-502 comes with two sockets for users to install a Wi-Fi module for wireless communication. Wi-Fi Module Package The contents of the Wi-Fi module package are shown in the following image: AIG-502 Series User Manual...
  • Page 17 Also, remove the blue cover on the heat sink. Place the heat sink with the thermal pad at the center of the wireless module socket. AIG-502 Series User Manual...
  • Page 18 Remove the protection cover on the mounting hole before you do so. Insert the locking washer through the threaded connection ring and hold it against the front panel. Secure the antenna connector in place by tightening a nut onto the threaded protection ring. AIG-502 Series User Manual...

  • Page 19: Installing Sim Cards

    (w1). Installing SIM Cards Follow these steps to install SIM cards for a cellular module. Remove the screws on the bottom panel of the computer and remove the cover. You will see four SIM card slots. AIG-502 Series User Manual...
  • Page 20 Status Switch 1 Switch 2 Wi-Fi Wi-Fi OFF (default) Cellular Cellular For example, if you have installed a Wi-Fi module in the first socket, you need to turn the DIP switch 1 to the ON status. AIG-502 Series User Manual...

  • Page 21: Rtc Battery Replacement

    There is a risk of explosion if the battery is replaced by an incorrect type of battery. NOTE The AIG-502 embedded computer can be customized to support an easy RTC battery replacement function. Please contact your Moxa sales representative for details. AIG-502 Series User Manual...

  • Page 22: Bios Setup

    First, you need to enable BIOS option through the AIG-502 Web Console. You may refer the user manual to configure it by following this path: Maintenance > Service > BIOS Menu. To enter the BIOS setup utility, press the F2 key while the system is booting up. AIG-502 Series User Manual...

  • Page 23: Main Page

    To enter the BIOS, use the default password, which is the product's serial number. You can find the serial number on the product label on the device's cover. General Help Select Item ↑↓. F5/F6 Change Values Select Menu ←→ Setup Defaults Exit Save and Exit Select or go to Submenu. ENTER AIG-502 Series User Manual...

  • Page 24: Security Settings

    This item allows users to remove all TPM context associated with a specific owner. Set Supervisor Password This item allows you to set the supervisor password. Select the Set Supervisor Password option and enter the password and confirm the password again. AIG-502 Series User Manual...

  • Page 25: Boot Settings

    The section allows users to configure boot settings. USB Boot Set booting to USB boot devices capability. Options: Enabled, Disabled (Default) This item allows users to select the boot order. Use F5 (move down) or F6 (move up) to change the value. AIG-502 Series User Manual...

  • Page 26: Exit Settings

    This item allows you to exit without saving any changes that might have been made to the BIOS. Options: Yes (default), No Load Optimal Defaults This item allows you to revert to the factory default BIOS values. Options: Yes (default), No AIG-502 Series User Manual...

  • Page 27: Discard Changes

    Discard Changes This item allows you to discard all settings you have just configured. Options: Yes (default), No AIG-502 Series User Manual...

  • Page 28: Getting Started

    Connect one end of the Ethernet cable to the AIG’s 10/100/1000M Ethernet port and the other end of the cable to the Ethernet network. The AIG will show a valid connection to the Ethernet by LAN1/LAN2 maintaining solid green/yellow color. For details on the behavior of the LEDs, refer to the AIG-502 Series Quick Installation Guide.

  • Page 29: Access To The Web Console

    You will see the following homepage after logging in successfully. NOTE After the first login, we force a password change to comply with general security policies and practices and to increase the security of your device. AIG-502 Series User Manual...

  • Page 30: Web Console

    No., firmware version, system usage, storage usage, and audit log are displayed. Network Dashboard This dashboard displays information on the WAN and LAN interfaces and the network traffic passing through the interfaces. Network Status shows whether the gateway can connect to the Internet. AIG-502 Series User Manual...
  • Page 31 The information is refreshed every 10 seconds. Information on the LAN interfaces is organized under the LAN tab and includes information on the usage of the interfaces and the traffic passing through them. AIG-502 Series User Manual...

  • Page 32: Tag Dashboard

    In this page, you can create and monitor the real-time tag value for troubleshooting purposes. To see the tag’s real-time value, do the following steps: Click + Edit Tags. (Optional) use Search to find the tags quickly. Select the tags to monitor in the list. Click Save. AIG-502 Series User Manual...
  • Page 33 (Optional) press the icon to deactivate the monitoring tags. (Optional) press the icon to write value for test purposes. AIG-502 Series User Manual...

  • Page 34: Security Dashboard

    To grant permissions to IoT Edge modules, go to Cloud Connectivity > Azure IoT Edge > IoT Edge modules should not be Module Permission, create a service account, and granted direct privileges. grant the required permissions to the IoT Edge module. AIG-502 Series User Manual...

  • Page 35: System Settings

    Server/Host Name You can enter a name to identify the unit, such as the function, etc. string Description - Alphanumeric You can enter a description to help identify the unit location such as optional string “Cabinet A001.” AIG-502 Series User Manual...
  • Page 36 (if required) during initialization. However, before modifying the time or time zone, you must export the system logs. Also note that, significant time adjustments may require a factory reset. Minor changes can be managed by sorting audit logs based on when the entries were created. AIG-502 Series User Manual...

  • Page 37: Serial

    Go to System Settings > Serial to view and configure serial parameters. To configure serial settings, do the following: Choose the COM port to configure. Set the baudrate, parity, data bits, and stop bits. NOTE Incorrect settings will cause communication failures. AIG-502 Series User Manual...

  • Page 38: External Storage

    Once you attach a storage, you will find it in the Device List. NOTE LIMITATION AIG does not allow the connection of multiple USB devices through a USB hub. • • The external USB formats supported for AIG are FAT32 and ext4. AIG-502 Series User Manual...

  • Page 39: Network Settings

    The IP address of the router that provides Gateway—optional 0.0.0.0 (or other 32-bit number) network access outside the server’s LAN. Preferred DNS Server The IP address of the primary domain name 0.0.0.0 (or other 32-bit number) —optional server. AIG-502 Series User Manual...
  • Page 40 To configure DHCP server settings, do the following: Check Enable DHCP Server. Input IP Address Range parameters. Specify Lease Time. Click Save. NOTE Limitation: When AIG acts as the DHCP server, it will not allocate the DNS IP to the DHCP client. AIG-502 Series User Manual...

  • Page 41: Cellular

    SIM card into the AIG and restart, the PIN Retry count is reset to 3. NOTE LIMITATION AIG does not support hot-plugging of the SIM card; device restart is required after inserting or removing the SIM card. AIG-502 Series User Manual...
  • Page 42 The Check-alive function will help you maintain the connection between your device and the carrier service by pinging a specific host on the Internet at periodic intervals. Go to Network Dashboard > WAN if you want to check the cellular network's connection status afterwards. AIG-502 Series User Manual...

  • Page 43: Wi-Fi Client

    To configure Wi-Fi settings, check Enable Wi-Fi and do the following: Click +create to manually Create by SSID or be Created by Scan Results. Select DHCP or Static mode. Check Check-alive function which can be used to ensure Internet connectivity. Click Save. AIG-502 Series User Manual...

  • Page 44: Cloud Connectivity

    To manually create an Azure IoT Edge connection for your device, do the following: Enable the Azure IoT Edge service and click on Select Manual. Enter the Device Connection String. Copy and paste the string from the Azure IoT Hub. Click Save. AIG-502 Series User Manual...
  • Page 45 For the Azure IoT Hub device provisioning service and Symmetric encryption. Enter the Registration ID, and Symmetric Key. For X.509, upload the X.509 Certificate and Private Key. Click Save. Detailed information about the Azure DPS configuration in the Azure IoT Hub is available at Set up a DPS. AIG-502 Series User Manual...
  • Page 46 Click the Module Permission tab and click Create. Specify a module name and grant permissions to the module. (NOTE: the module name must be the same as the one created in Azure IoT Hub). Click Save. AIG-502 Series User Manual...
  • Page 47 ThingsPro Agent is a module that runs on the Azure IoT Edge to enable the Azure Cloud services including Telemetry Message, Module Twin and Direct Method. The role of the ThingsPro Agent is shown in the diagram here. AIG-502 Series User Manual...
  • Page 48 ThingsPro Agent allows the following sections to be updated via Desired Properties. Reported Properties: Properties Sample "httpserver": { "httpPort": 80, "httpsEnable": true, "httpsPort": 8443, httpserver "ipv6Enable": true, "keyFileName": "client_nopassphrase.key", "certFileName": "client.pem", "httpEnable": true "discovery": { "enable": true, "schedule": { discovery "enable": true, "disableAfterSec": 900 AIG-502 Series User Manual...
  • Page 49 "dataBits": 8, "device": "/dev/ttyM0", "displayName": "PORT 1", "flowControl": "none", serials "id": 1, "mode": "rs232", "parity": "none", "stopBits": 1 "arraySize": 1 "time": { "lastUpdateTime": "2023-05-24T23:22:05+00:00", "ntp": { "enable": false, "interval": 7200, time "server": "time.cloudflare.com", "source": "timeserver" "timezone": "Asia/Taipei" AIG-502 Series User Manual...
  • Page 50 "hostName": "moxa-tbbce1070929", "lastBootTime": "2023-05-24T23:06:57+00:00", "memorySize": 16635346944, "modelName": "AIG-502-T-AP-AZU-LX" "gps":{ "mode": "manual", "interface": "", "location": { "lat": 24.984129, "lng": 121.551753 "softwareUpgrade": { "allowOverCellular": true, "allowUpdate": true, SoftwareUpgrade "autoScan": false, "autoScanExpression": "0 0 * * 0", "snapshotBeforeUpdate": true AIG-502 Series User Manual...
  • Page 51 "mac": "", "gateway": "", "id": 1, "name": "wwan0", "profileTimeout": 120, "cellId": "", "displayName": "Cellular1", "dns": { "arraySize": 0 "enable": false, "status": "sim_pin_locked", "signalStrength": 0, "capabilities": { "sim": 2 "iccId": "89886972203703305466", "ip": "", "mode": "unknown", "imei": "357575100284579", AIG-502 Series User Manual...
  • Page 52 "currentAp":"", "ipSetting":{ "dns":{ "arraySize":0 "enableDhcp":true, "gateway":"", "mac":"" "networks":{ "0":{ "band":"band24", "bssid":"18:62:E4:0F:5E:DB", "security":{ "mode":"wpa2-personal", "password":"12345678", "support":true wifi "signal":0, "signalStrength":0, "ssid":"TESTAP", "uuid":"Z3djNkHNR" "1":{ "band":"band24", "bssid":"", "security":{ "mode":"wpa2-personal", "password":"admin@123", "support":true "signal":0, "signalStrength":0, "ssid":"moxa", "uuid":"WqOjNzNHRz" "arraySize":2 "priority":{ "0":"Z3djNkHNR", "1":"WqOjNzNHRz", "arraySize":2 AIG-502 Series User Manual...
  • Page 53 "desired": { "discovery": { "enable": true, "schedule": { discovery "enable": true, "disableAfterSec": 900 "desired": { "serials": { "0": { "mode": "rs232", "stopBits": 1, "baudRate": 9600, "dataBits": 8, serials "parity": "none", "flowControl": "none", "id": 1 "arraySize": 1 AIG-502 Series User Manual...
  • Page 54 "desired": { "general": { "description": "MyDevice" Update GPS latitude and longitude by manual mode: "desired": { "gps":{ "mode": "manual", "location": { "lat": 11, "lng": 12 Update GPS by auto mode: "desired": { "gps":{ "mode": "auto", "interface": "GPS1" AIG-502 Series User Manual...
  • Page 55 "keepalive": { "enable": false, "intervalSec": 120, "targetHost": "8.8.8.8" "profileTimeout": 140, "profiles": { "0": { "name": "SIM1", "pdpContext": { "apn": "internet", cellulars "auth": { "password": "", "username": "" "type": "ipv4" "pinCode": "0000", "simSlot": 1 "arraySize": 1 "arraySize": 1 AIG-502 Series User Manual...
  • Page 56 Performs over-the-air (OTA) software upgrades with product thingspro-software-upgrade package message-policy-get Retrieves the D2C message policy applied to your gateway message-policy-put Updates the D2C message policy applied to your gateway upload-system-logs Upload system logs to Azure blob storage AIG-502 Series User Manual...
  • Page 57 "status": 200, "payload": { "data": { "httpEnable": true, "httpsEnable": true, "ipv6Enable": true, "httpPort": 80, "httpsPort": 8443, "certFileName": "ThingsPro Web", "keyFileName": "ThingsPro Web" NOTE We recommend changing the timeout parameters to 30 seconds to prevent system exceptions. AIG-502 Series User Manual...
  • Page 58 Method Name: system--reboot Request Payload: Response "status": 200, "payload": { "data": "rebooting" AIG-502 Series User Manual...
  • Page 59 "status": 200, "payload": { "checktime": "2023-04-27T08:08:38Z", "count": 0, "data": [] NOTE AIG-502 allows only one active software upgrade job at a time. We recommend changing the response timeout parameters to 1 minute to prevent system exceptions. AIG-502 Series User Manual...
  • Page 60 "status": 200, "payload": { "data": [ "moxa-aig-502-tpe" "message": "Successfully trigger" NOTE AIG-502 allows only one active software upgrade job at a time. We recommend changing the response timeout parameters to 1 minute to prevent system exceptions. AIG-502 Series User Manual...
  • Page 61 "format": "{ (.tagName): .dataValue, ts: .ts}" "properties": [ { "key": "messageType", "value": "deviceMonitor" }], "tags": {"system": {"status": ["memoryUsage"]}}, "sendOutThreshold": { "mode": "immediately", "size": 4096, "time": 0, "sizeIdleTimer": { "enable": true, "time": 60 "minPublishInterval": 1, "samplingMode": "allValues", "customSamplingRate": false, "pollingInterval": 0, AIG-502 Series User Manual...
  • Page 62 Description: Enable will use the pollingInterval that user input. Type: integer Description: The interval at which to poll tag data. For example, pollingInterval value 10: Every 10 second value 0: when the data is pushed into the tag (almost real time) AIG-502 Series User Manual...
  • Page 63 For additional details, refer to the jq website (jq Manual <development version>). The AIG Web GUI offers an easy way to apply the jq filter and test the transformed result as shown in the following examples. AIG-502 Series User Manual...
  • Page 64 Select the tags that you want using the tag selector. The default result for the selected tags will show on the page. Custom payload after transforming the default payload. Enable custom payload and input the jq Filter to display the custom payload for your selection. AIG-502 Series User Manual...
  • Page 65 "groups": [ "enable": true, "outputTopic": "sample", "format": "", "properties": [ { "key": "messageType", "value": "deviceMonitor" } "tags": { "system": { "status": ["cpuUsage", "memoryUsage"] "pollingInterval": 2, "sendOutThreshold": { "size": 4096, "time": 5 }, "format": "{device:(.srcName),timestamp:(now|todateiso8601),TagName:(.tagName), Value:.dataValue}" AIG-502 Series User Manual...
  • Page 66 We recommend changing the timeout parameters to 1 minute to prevent system exceptions. In addition, take the upload speed and log size into consideration when adjusting timeouts. upload-system-logs Method Name: upload-system-logs Request Payload (Set HTTP/HTTPS configuration as an example): "connectionString": "DefaultEndpointsProtocol=https;AccountName=thingsproedge;AccountKey=hgnYe/08sWqlcGKd7VR8XN RvjydebzzSeVZxFvRCmepUqA69LTtNY13UZ5fejgZgcys+jC5B+qf3+AStsEkNzg==;EndpointSuffix=core.w indows.net", "containerName": "aig302" AIG-502 Series User Manual...

  • Page 67: Device Management

    A telemetry message is the simplest message type for sending IoT device data to your IIoT applications. To create a telemetry message, do the following: Click + Create to create a new message group. Specify a name for the Message Group. AIG-502 Series User Manual...
  • Page 68 Select a Publish Mode. For details, see Publish Mode. Input corresponding parameters such as publish interval, sampling mode, and publish. Click Next. Select tags (e.g., Modbus Master). AIG-502 Series User Manual...
  • Page 69 To prevent your device from connecting to potentially malicious gateways (Azure IoT Edge inside), you can upload X.509 certificate, Private Key, or Trusted CA Certificate. You can generate the certificates and the private key using ThingsPro Edge. For additional information, see Downstream Certificate. AIG-502 Series User Manual...
  • Page 70 Monitoring the Log of the Defender Service s udo journa lctl -u de fe nde r-iot-micro-a ge nt -f Testing the Defender Service by Triggering a Baseline Violation touch /tmp/De fe nde rForIoTOS Ba s e line Trigge r.txt AIG-502 Series User Manual...

  • Page 71: Fieldbus Protocol

    You can configure a Modbus master to wait a certain amount of time for a Response 10 to 1000 slave’s response. If no response is received within the configured time, Timeout (ms) 120000 the AIG will disregard the request and continue operation. AIG-502 Series User Manual...

  • Page 72: Step 1. Basic Settings

    The IP address of a remote slave device. Slave Port 1 to 65535 The TCP port number of a remote slave device. Slave ID 1 to 255 – The slave ID of a remote slave device. AIG-502 Series User Manual...
  • Page 73 Registers: 1 to Read Specifying how much data to read quantity Read Holding Registers: 1 to Read/Write Multiple Registers: 1 to 125 Write start 0 to 65535 Modbus registers the address for the written data address AIG-502 Series User Manual...
  • Page 74 Tag Type – uint32 tag type and stored in tag hub. uint64 float double string If you already have a Modbus command file, select Import Configuration. Importing a configuration file will help you reduce configuration time. AIG-502 Series User Manual...
  • Page 75 Then, you will see the setting results. The product provides an easier way for installation and maintenance. You can Export all the Modbus commands into a file for backup purposes, or you can Import a file (golden sample) to reduce configuration time. AIG-502 Series User Manual...
  • Page 76 Use this to configure how many times AIG will retry to Maximum Retry 0 to 5 communicate with the Modbus slave when the Modbus command times out. AIG-502 Series User Manual...
  • Page 77 Modbus Device Settings After basic settings, you must configure related parameters to retrieve data from the Modbus device. In the beginning, press Add Device and go to the wizard that guides step-by-step through the configuration process. AIG-502 Series User Manual...
  • Page 78 If you are configuring the device for the first time, select the Manual and press ADD COMMAND. The command settings will pop up. Parameter Value Default Description Alphanumeric Command string and – Name the command Name characters ( ~ . _ - ) are allowed AIG-502 Series User Manual...
  • Page 79 Byte: 0x0A, 0x0B, 0x0C, 0x0D becomes 0x0B, 0x0A, 0x0D, None 0x0C Byte Word: 0x0A, 0x0B, 0x0C, 0x0D becomes 0x0C, 0x0D, 0x0A, Endian swap None Word 0x0B. Byte and Word Byte and Word: 0x0A, 0x0B, 0x0C, 0x0D becomes 0x0D, 0x0C, 0x0B, 0x0A. AIG-502 Series User Manual...
  • Page 80 If you already have a Modbus command file on hand, select the Import Configuration mode. Importing a configuration file will help you reduce configuration time. AIG-502 Series User Manual...
  • Page 81 Moreover, the product provides an easier way for installation and maintenance. You can Export all the Modbus commands into a file for backup purposes; or you can Import a file (golden sample) to reduce configuration time. AIG-502 Series User Manual...
  • Page 82 After finishing all the settings, press Go to apply settings and click Apply for the settings to take effect. Manage The AIG provides advanced features that help save installation time and maintenance efforts. AIG-502 Series User Manual...

  • Page 83: Edit General Settings

    Modbus response times out, the value of the status tag in command Check uncheck the tag hub will change to 1. event Uncheck: Disable the function. Import/Export Configuration You can Import/Export the Modbus Master settings, which will be stored in XML format. AIG-502 Series User Manual...

  • Page 84: Security

    AIG provides a firewall that allows you to create rules for inbound Internet network traffic to protect your IIoT gateway. Inbound System Default AIG reserves ports for certain services and purposes as indicated in the following table: Service/purpose Port HTTP service HTTPS service 8443 SSH server Discovery service 5353 AIG-502 Series User Manual...
  • Page 85 To create firewall rules, do the following: Click + Create Rule. Specify the protocol, gateway port, and rule name. Specify a source IP or a subnet. Specify a source port or a range of ports. Click Save. AIG-502 Series User Manual...

  • Page 86: Port Forward

    Click + Create Rule. Specify the protocol, gateway port, and rule name. Specify a source IP. Specify the destination IP and port. Click Save. NAT Service Enable the NAT service to allow child devices to connect to external networks. AIG-502 Series User Manual...

  • Page 87: Https

    The interval for resetting the login failure counter. (min) When the number of login failures exceeds the Max Failure Retry, Lockout Time (min) 5 to 1440 the AIG will lock out the account for this period. AIG-502 Series User Manual...

  • Page 88: Session Management

    Session Management You can review session statuses for all accounts and manage sessions for individual accounts. In the event of detecting unusual connections, you can enhance the security of your device by deleting the respective session. AIG-502 Series User Manual...

  • Page 89: System Use Notification

    Click on + Create to create a new user account. In the dialogue box that is displayed, fill up the fields and click SAVE. NOTE To comply with security policy and best practices, specify a strong password that is at least eight characters long, consisting of at least one number and at least one special character. AIG-502 Series User Manual...
  • Page 90 You cannot Deactivate or Delete the last remaining account with an Administrator role. This is to prevent an unauthorized account from fully managing this system. When the system detects only one active account when the Administrator role is selected, all items in the pop-up menu will be grayed out. AIG-502 Series User Manual...

  • Page 91: Roles

    You can edit the settings or delete an existing role by clicking on the pop-up menu icon next to the role. When the Role is set up, it will be available for selection under the Account. AIG-502 Series User Manual...

  • Page 92: Password Policy

    Description Min. Password Length 8 to 256 The minimum password length. Password Strength Policy To define how the AIG checks the password’s strength. Password Change Reminders 10 to 360 days Notify user to change the password. AIG-502 Series User Manual...

  • Page 93: Service

    The watchdog service uses the command to periodically check the availability of the web console. Reboot If you want to reboot the device, go to Maintenance > Reboot and click Reboot Now. AIG-502 Series User Manual...

  • Page 94: Config. Import/Export

    The backup function backs up the data on AIG device to a file (only one back up file can be created at a time). Backup files are encrypted and stored in a designated location on the device. You can restore the data from the backups when needed. AIG-502 Series User Manual...

  • Page 95: Software Upgrade

    A pack that integrates all patches between two versions (e.g., from version 1.0 to version 1.1.) This scenario is applicable when the AIG cannot access the Internet. The upgrade pack can also be downloaded from the Moxa SRS at https://moxa-srs.thingsprocloud.com/home AIG-502 Series User Manual...

  • Page 96: Upgrade Settings

    Checked checking this option to mitigate unexpected system failures. Check for upgrades automatically Specify a regular time to check for upgrades Unchecked (repeat every 1 week) every week. Upgrade History The installed patches are listed here. AIG-502 Series User Manual...

  • Page 97: Reset To Default

    The AIG-502 comes with encrypted mSATA system storage for the highest level of data protection. Even if the storage is physically removed or stolen, your sensitive data remains completely unreadable, safeguarding your information until the device’s retirement and beyond. AIG-502 Series User Manual...

  • Page 98: Diagnostics

    When you face issues, you can go to Diagnostic > Audit Log check historical events that help you to narrow down the problems. If there are plenty of event logs, you can export the log to read easily. The audit logs can be exported and downloaded onto your computer. AIG-502 Series User Manual...

  • Page 99: Protocol Status

    When you access the page, you can see an overview of the status for Fieldbus Protocol. For Modbus troubleshooting, do the following: Click CHECK. Choose TCP or COMx. View the diagnostic information. AIG-502 Series User Manual...
  • Page 100 Click the Traffic Monitoring tab to capture the traffic logs. (Optional) Export the traffic logs to send to experienced engineers for further analysis. AIG-502 Series User Manual...

  • Page 101: Security Capability

     Device Configuration – system configurations such as protocol settings, network settings etc.  Device Maintenance – software upgrade, backup & restore, etc.  Data Management – tag service and monitoring  Add-on Applications – Azure IoT Edge, Modbus Master AIG-502 Series User Manual...

  • Page 102: Login Policy

    Moxa Security Advisory, including instructions to revoke the compromised public key burned in the CPU via a utility downloadable from Moxa APT repository. Then update the BIOS and system image signed by a new private key. AIG-502 Series User Manual...
  • Page 103 AIG-502 Series User Manual...

  • Page 104: Managing Resources

    A dedicated system partition is allocated for audit logs, ensuring read-only access. • Capable of configuring the desired storage and retention policy. You may refer to the Chapter 6 Web • Console > Diagnostics > Audit Log. AIG-502 Series User Manual...

  • Page 105: Security Advisories

    Medium System Status latest upgrade pack information. upgrade. Check No system backup performed in Go to Maintenance > Backup & Restore and Medium over a year or never. click Manage to back up the system. AIG-502 Series User Manual...

  • Page 106: Security Hardening Guide

    Symmetric Key, X.509 TCP 443 Disabled WebSockets certificate Symmetric Key, X.509 HTTPS TCP 443 Disabled certificate TCP 502 Disabled Modbus Master RS232 Disabled openssh-server TCP 22 password Disabled (Debug mode used) mDNS mDNS UDP 5353 Enabled AIG-502 Series User Manual...

  • Page 107: Potential Threats And Corresponding Security Measures

    Utilize the IoT Edge device metrics monitor on • frequent log writing, could lead to system Azure IoT Hub for monitoring Azure IoT slowdowns or data loss, especially when modules. See https://learn.microsoft.com/en- storage space is low. us/azure/iot-edge/how-to-collect-and- transport-metrics?view=iotedge- 1.5&tabs=iothub. AIG-502 Series User Manual...

  • Page 108: Installation

    MUST have access and identity records of the personnel who accessed the BIOS to ensure non-repudiation in case of security breach incidents. d. Enabling debug mode activates the SSH server service for remote terminal access. Asset owners MUST disable debug mode in the production stage. AIG-502 Series User Manual...
  • Page 109 To avoid any sensitive information such as your account password or certificate from being disclosed, always use Device Retire to reset the AIG-502 to factory default and further wipe out all user data, including logs, in an unrecoverable manner before removing the AIG-502 from. AIG-502 Series User Manual...

  • Page 110: Publish Modes

    To avoid situations where the data takes a long time Idle Timer to reach the desired size, a threshold can be set to 1 to 86400 (sec) ensure that the data is sent out as soon as it reaches the specified timer setting. AIG-502 Series User Manual...

  • Page 111: Useful Links And Upgrade Information

    Method 2. Upgrade over the air (web console) The device can receive the most recent upgrade information and then choose which patches to install. For further details, see Software Upgrade. AIG-502 Series User Manual...

  • Page 112: Audit Log Index

    Login Fail System ALERT AA10 accountLock Account:$accountName be locked System ALERT AA11 accountUnlock Account:$accountName unlocked System NOTICE Configuration Update Name Content Source (Operator) Type $serviceName configuration user: $Account Name CU01 configurationChange NOTICE changed service: $APP Name AIG-502 Series User Manual...

  • Page 113: Connection & Interface

    $APP Name ALERT open port Command & Message Source Name Content Type (Operator) Service received CM01 commandReceive $APP Name NOTICE command:$commandName CM02 commandRequestError Service request failed $APP Name ALERT CM03 commandRequestRecover Service request recover $APP Name NOTICE AIG-502 Series User Manual...

  • Page 114: Maintenance

    $Account Name MA12 timeUpdate NOTICE success. NTP: System System Time update manual: $Account Name MA13 timeUpdateFailure ALERT failure. NTP/GPS: System MA14 systemBackupFailure System backup failure. $Account Name ALERT MA15 systemRestoreFailure System restore failure. $Account Name ALERT AIG-502 Series User Manual...

  • Page 115: Performance & Health

    $APP Name NOTICE added Secrets($secretsDisplayName) be PH16 secretsUpdate $APP Name NOTICE updated Secrets($secretsDisplayName) be PH17 secretsRemove $APP Name NOTICE removed Audit logs have exceeded the PH18 auditLogReachTTL configured live time, log rotate System ALERT triggered. AIG-502 Series User Manual...

  • Page 116: System Tag List

    $(name)NetworkTx unit64 system network $(name)Signal double system network $(name)SignalLevel int32 system storage systemDiskUsed uint64 system storage systemDiskFree uint64 system storage systemDiskPercent double system storage $(storage)Used uint64 system storage $(storage)Free uint64 system storage $(storage)Percent double AIG-502 Series User Manual...

  • Page 117: Regulatory Approval Statement

    être utilisé de manière à minimiser le potentiel de contact humain pendant le fonctionnement normal. Cet appareil a également été évalué et montré conforme aux limites d'exposition RF ISED dans des conditions d'exposition mobiles. (Les antennes sont à plus de 20 cm du corps d'une personne). AIG-502 Series User Manual...

Table of Contents