User Manual For The Hardware And Software Of FL MGUARD .
User manual for the hardware andsoftware of FL MGUARD securityappliancesUser manualUM EN FL MGUARD2
User manualUser manual for the hardware and software of FL MGUARD security appliances2013-07-17Designation:UM EN FL MGUARD2Revision:02Order No.:—This user manual is valid for:DesignationRevisionOrder No.FL MGUARD RS2000 TX/TX VPN2700642FL MGUARD RS4000 TX/TX2700634FL MGUARD RS4000 TX/TX VPN2200515FL MGUARD SMART22700640FL MGUARD SMART2 VPN2700639FL MGUARD PCI40002701274FL MGUARD PCI4000 VPN2701275FL MGUARD DELTA TX/TX2700967PHOENIX CONTACT8334 en 02
Please observe the following notesUser group of this manualThe use of products described in this manual is oriented exclusively to qualified applicationprogrammers and software engineers, who are familiar with the safety concepts of automation technology and applicable standards.Explanation of symbols used and signal wordsThis is the safety alert symbol. It is used to alert you to potential personal injuryhazards. Obey all safety measures that follow this symbol to avoid possible injury or death.There are three different categories of personal injury that are indicated with asignal word.DANGERThis indicates a hazardous situation which, if not avoided, will result in death or serious injury.WARNINGThis indicates a hazardous situation which, if not avoided, couldresult in death or serious injury.CAUTIONThis indicates a hazardous situation which, if not avoided, couldresult in minor or moderate injury.This symbol together with the signal word NOTE and the accompanying textalert the reader to a situation which may cause damage or malfunction to thedevice, hardware/software, or surrounding property.This symbol and the accompanying text provide the reader with additional information or refer to detailed sources of information.How to contact usInternetUp-to-date information on Phoenix Contact products and our Terms and Conditions can befound on the Internet at:www.phoenixcontact.comMake sure you always use the latest documentation. It can be downloaded at:www.phoenixcontact.net/catalogSubsidiariesIf there are any problems that cannot be solved using the documentation, please contactyour Phoenix Contact subsidiary.Subsidiary contact information is available at www.phoenixcontact.com.Published byPHOENIX CONTACT GmbH & Co. KG Flachsmarktstraße 8 32825 Blomberg GERMANYShould you have any suggestions or recommendations for improvement of the contents andlayout of our manuals, please send your comments to:tecdoc@phoenixcontact.comPHOENIX CONTACT
Please observe the following notesGeneral terms and conditions of use for technical documentationPhoenix Contact reserves the right to alter, correct, and/or improve the technical documentation and the products described in the technical documentation at its own discretion andwithout giving prior notice, insofar as this is reasonable for the user. The same applies to anytechnical changes that serve the purpose of technical progress.The receipt of technical documentation (in particular user documentation) does not constitute any further duty on the part of Phoenix Contact to furnish information on modificationsto products and/or technical documentation. You are responsible to verify the suitability andintended use of the products in your specific application, in particular with regard to observing the applicable standards and regulations. All information made available in the technicaldata is supplied without any accompanying guarantee, whether expressly mentioned, implied or tacitly assumed.In general, the provisions of the current standard Terms and Conditions of Phoenix Contactapply exclusively, in particular as concerns any warranty liability.This manual, including all illustrations contained herein, is copyright protected. Anychanges to the contents or the publication of extracts of this document is prohibited.Phoenix Contact reserves the right to register its own intellectual property rights for theproduct identifications of Phoenix Contact products that are used here. Registration of suchintellectual property rights by third parties is prohibited.Other product identifications may be afforded legal protection, even where they may not beindicated as such.PHOENIX CONTACT
Table of contentsTable of contents1Introduction .91.12345Device versions . 11Operating elements and LEDs .132.1FL MGUARD RS2000/4000 . 132.2FL MGUARD SMART2. 142.3FL MGUARD PCI4000. 152.4FL MGUARD DELTA TX/TX. 16Startup .173.1Safety notes . 173.2Checking the scope of supply. 193.3Installing the FL MGUARD RS4000/RS2000. 203.3.1Assembly/removal . 203.3.2Connecting to the network . 203.3.3Service contacts . 213.3.4Connecting the supply voltage . 233.4Connecting the FL MGUARD SMART2 . 243.5Installing the FL MGUARD PCI4000 . 253.5.1Installing the hardware . 253.5.2Power-over-PCI mode . 263.6Connecting the FL MGUARD DELTA TX/TX . 283.6.1Connecting to the network . 283.6.2Connecting the supply voltage . 28Preparing the configuration .294.1Connection requirements . 294.2Local configuration on startup (EIS). 304.2.1Configuring the FL MGUARD on startup with stealth mode by default . 314.2.2Configuring the FL MGUARD on startup with router mode by default . 364.2.3Configuring the FL MGUARD PCI4000 on startup . 374.2.4Configuring the FL MGUARD PCI4000 on startup . 414.3Establishing a local configuration connection . 434.4Remote configuration . 45Configuration .478334 en 025.1Operation. 475.2Management menu . 505.2.1Management System Settings . 50PHOENIX CONTACT5
FL MGUARD25.2.25.2.35.2.45.2.55.2.65.2.75.2.86PHOENIX CONTACTManagement Web Settings . 68Management Licensing . 79Management Update . 82Management Configuration Profiles . 85Management SNMP . 89Management Central Management . 100Management Restart . 1045.3Network menu . 1045.3.1Network Interfaces . 1045.3.2Network NAT . 1425.3.3Network DNS . 1475.3.4Network DHCP . 1515.3.5Network Proxy Settings . 1555.4Authentication menu. 1565.4.1Authentication Administrative Users . 1565.4.2Authentication Firewall Users . 1595.4.3Authentication RADIUS Servers . 1615.4.4Authentication Certificates . 1635.5Network Security menu . 1795.5.1Network Security Packet Filter . 1795.5.2Network Security DoS Protection . 1945.5.3Network Security User Firewall . 1965.6CIFS Integrity Monitoring menu . 1995.6.1CIFS Integrity Monitoring Importable Shares . 2005.6.2CIFS Integrity Monitoring CIFS Integrity Checking . 2015.6.3CIFS Integrity Monitoring CIFS Integrity Status . 2075.6.4CIFS Integrity Monitoring CIFS AV Scan Connector . 2105.7IPsec VPN menu . 2145.7.1IPsec VPN Global . 2145.7.2IPsec VPN Connections . 2225.7.3IPsec VPN L2TP over IPsec . 2515.7.4IPsec VPN IPsec Status . 2525.8SEC-Stick menu . 2535.8.1Global . 2535.8.2Connections . 2565.9QoS menu . 2585.9.1Ingress Filters . 2585.9.2Egress Queues . 2615.9.3Egress Queues (VPN) . 2635.9.4Egress Rules . 2665.10Redundancy . 2705.10.1 Redundancy Firewall Redundancy . 2705.10.2 Redundancy FW Redundancy Status . 2805.10.3 Ring/Network Coupling . 2858334 en 02
Table of contents675.11Logging menu. 2865.11.1 Logging Settings . 2865.11.2 Logging Browse local logs . 2875.12Support menu. 2915.12.1 Support Tools . 2915.12.2 Support Advanced . 2935.13CIDR (Classless Inter-Domain Routing) . 2945.14Network example diagram. 295Redundancy .2976.1Firewall redundancy . 2976.1.1Components in firewall redundancy . 2986.1.2Interaction of the firewall redundancy components . 3006.1.3Firewall redundancy settings from previous versions . 3006.1.4Requirements for firewall redundancy . 3006.1.5Fail-over switching time . 3016.1.6Error compensation through firewall redundancy . 3036.1.7Handling firewall redundancy in extreme situations . 3046.1.8Interaction with other devices . 3066.1.9Transmission capacity with firewall redundancy . 3096.1.10 Limits of firewall redundancy . 3106.2VPN redundancy . 3116.2.1Components in VPN redundancy . 3116.2.2Interaction of the VPN redundancy components . 3126.2.3Error compensation through VPN redundancy . 3126.2.4Setting the variables for VPN redundancy . 3136.2.5Requirements for VPN redundancy . 3146.2.6Handling VPN redundancy in extreme situations . 3146.2.7Interaction with other devices . 3166.2.8Transmission capacity with VPN redundancy . 3186.2.9Limits of VPN redundancy . 319NOTE: Restart, recovery procedure, and flashing the firmware .3238334 en 027.1Performing a restart . 3237.2Performing a recovery procedure . 3247.3Flashing the firmware/rescue procedure . 3257.3.1Requirements for flashing . 3257.3.2Flashing procedure for FL MGUARD RS4000/RS2000, FL MGUARDSMART2, FL MGUARD DELTA TX/TX . 3267.3.3Flashing procedure for the FL MGUARD PCI4000 . 3287.3.4Installing the DHCP and TFTP server . 329PHOENIX CONTACT7
FL MGUARD288Technical data .331PHOENIX CONTACT8.1FL MGUARD RS4000/RS2000 . 3318.2FL MGUARD PCI4000. 3328.3FL MGUARD DELTA TX/TX. 3348.4FL MGUARD SMART2 .3358.5Ordering data . 3368.5.1Products . 3368.5.2Accessories . 3368334 en 02
Introduction1IntroductionThe FL MGUARD protects IP data connections by combining the following functions:– Network card (FL MGUARD PCI4000)– VPN router (VPN - Virtual Private Network) for secure data transmission via publicnetworks (hardware-based DES, 3DES, and AES encryption, IPsec protocol).– Configurable firewall for protection against unauthorized access. The dynamic packetfilter inspects data packets using the source and destination address and blocksundesired data traffic.The device can be configured easily using a web browser.Further information can be found on the Phoenix Contact website at:phoenixcontact.net/productsNetwork features––––––––––Stealth (auto, static, multi), router (static, DHCP client), PPPoE (for DSL), PPTP (forDSL), and modemVLANDHCP server/relay on the internal and external network interfacesDNS cache on the internal network interfaceAdministration via HTTPS and SSHOptional conversion of DSCP/TOS values (Quality of Service)Quality of Service (QoS)LLDPMAU managementSNMPFirewall features–––––––––Stateful packet inspectionAnti-spoofingIP filterL2 filter (only in stealth mode)NAT with FTP, IRC, and PPTP support (only in router modes)1:1 NAT (only in router network mode)Port forwarding (not in stealth network mode)Individual firewall rules for different users (user firewall)Individual rule sets as action (target) of firewall rules (apart from user firewall or VPNfirewall)Anti-virus features–CIFS integrity check of network drives for changes to specific file types (e.g.,executable files)Anti-virus scan connector which supports central monitoring of network drives withvirus scanners–8334 en 02PHOENIX CONTACT9
FL MGUARDVPN Additional features–––––Protocol: IPsec (tunnel and transport mode)IPsec encryption in hardware with DES (56 bits), 3DES (168 bits), and AES (128, 192,256 bits)Packet authentication: MD5, SHA-1Internet Key Exchange (IKE) with main and quick modeAuthentication via:– Pre-shared key (PSK)– X.509v3 certificates with public key infrastructure (PKI) with certification authority(CA), optional certificate revocation list (CRL), and the option of filtering by subjector– Partner certificate, e.g., self-signed certificatesDetection of changing partner IP addresses via DynDNSNAT traversal (NAT-T)Dead Peer Detection (DPD): detection of IPsec connection abortsIPsec/L2TP server: connection of IPsec/L2TP clientsIPsec firewall and 1:1 NATDefault route over VPNData forwarding between VPNs (hub and spoke)Depending on the license: up to 250 VPN channelsHardware acceleration for encryption in the VPNRemote loggingRouter/firewall redundancy (can be installed later for each license, not for firmwareversion 7.0))Administration using SNMP v1-v3 and FL MGUARD device manager (FL MGUARDDM)PKI support for HTTPS/SSH remote accessCan act as an NTP and DNS server via the LAN interfaceSupportAdditional information on the device as well as on release NOTE: notes and software updates can be found on the Internet at: phoenixcontact.net/products.10PHOENIX CONTACT8334 en 02
Introduction1.1Device versionsThe FL MGUARD is available in the following device versions, which largely have identicalfunctions. All devices can be used regardless of the processor technology and operatingsystem used by the connected computers.FL MGUARD RS4000/ FL MGUARD RS2000The FL MGUARD RS4000 is a security router with intelligent firewall and optional IPsecVPN (10 to 250 tunnels). It has been designed for use in industry to accommodate strictdistributed security and high availability requirements.The FL MGUARD RS2000 is a version with basic firewall and integrated IPsec VPN(maximum of two tunnels). Its scope of functions is reduced to the essentials. It is suitablefor secure remote maintenance applications in industry and enables the quick startup ofrobust field devices for industrial use, thereby facilitating error-free, independent operation.Both versions support a replaceable configuration memory in the form of an SD card. (TheSD cards are not supplied as standard.) The fanless metal housing is mounted on a DIN rail.The following connectivity options are availableFL MGUARD RS4000: (LAN/WAN)FL MGUARD RS2000: (LAN/WAN)TX/TXEthernet/EthernetTX/TX VPNTX/TX VPNEthernet/Ethernet VPNFigure 1-18334 en 02Ethernet/Ethernet VPNFL MGUARD RS4000/FL MGUARD RS2000PHOENIX CONTACT11
FL MGUARDFL MGUARD SMART2The FL MGUARD SMART2 is the smallest device version. For example, it can be easilyinserted between the computer or local network (at the LAN port of the FL MGUARD) andan available router (at the WAN port of the FL MGUARD), without having to makeconfiguration changes or perform driver installations on the existing system. It is designedfor instant use in the office or when traveling.The FL MGUARD SMART2 is a further development of the FL MGUARD SMART.Figure 1-2FL MGUARD PCI4000FL MGUARD SMART2The FL MGUARD PCI4000 has the design of a PCI-compatible plug-in board.The FL MGUARD PCI4000 is suitable for distributed protection of industrial and panel PCs,individual machines, or industrial robots. It has a configuration memory in the form of areplaceable SD card, which can be easily accessed on the front.Figure 1-3FL MGUARD DELTA TX/TXFL MGUARD PCI4000The FL MGUARD DELTA TX/TX is ideal for use in desktop applications, in distributioncompartments, and other environments close to production process with low requirementsfor industrial hardening.Individual devices or network segments can be safely networked and comprehensivelyprotected. The FL MGUARD DELTA TX/TX can be used as a firewall between office andproduction networks as well as a security router for small and medium-sized workgroups.Figure 1-412PHOENIX CONTACTFL MGUARD DELTA TX/TX8334 en 02
Operating elements and LEDs2Operating elements and LEDs2.1FL MGUARD RS2000/4000COMBICON plug-in connector, forassignment see Page 21Connections at bottom: 9-pos. serial interface(console)LEDs, see Table 2-1Configuration(SD card)Figure 2-1Table 2-1Operating elements and LEDs on the FL MGUARD RS2000/4000LEDs on the FL MGUARD RS2000/4000LEDStateP1GreenONMeaningPower supply 1 is activeP2GreenONPower supply 2 is active (FL MGUARD RS2000: not used)STATGreenFlashingHeartbeat. The device is correctly connected and operating.ERRRedFlashingSystem error. Restart the device.– Press the Rescue button (for 1.5 seconds).– Alternatively, briefly disconnect the device power supply and then connect itagain.If the error is still present, start the recovery procedure (see Page 324) or contact yourdealer.STAT ERRFlashingalternately: greenand redSIG–FAULTRedBoot process. When the device has just been connected to the power supply. Aftera few seconds, this LED changes to the heartbeat state.(Not used)ONThe alarm output is open due to an error (see “Installing the FLMGUARD RS4000/RS2000” on page 20).(The alarm output is interrupted during a restart.)MODGreenONConnection via modem establishedINFOGreenONThe configured VPN connection has been established.FlashingThe configured VPN connection is being established or aborted.LANGreenONThe LAN/WAN LEDs are located in the LAN/WAN sockets (10/100 and duplex LED)WANGreenONEthernet status. Indicates the status of the LAN or WAN port. As soon as the deviceis connected to the relevant network, a continuous light indicates that there is aconnection to the network partner in the LAN or WAN. When data packets aretransmitted, the LED goes out briefly.8334 en 02PHOENIX CONTACT13
Product designation2.2FL MGUARD SMART2Rescue button(Located in the opening.Can be pressed with astraightened paper clip,for example.)Figure 2-2Table 2-2LED 2LED 3Operating elements and LEDs on the FL MGUARD SMART2LEDs on the FL MGUARD SMART2LEDState1Green2LED 1MeaningONLAN: connection to the network partner is presentFlashingLAN: data transmission is activeRed/greenFlashingBoot process. When the device has just been connected to the power supply. After afew seconds, this LED changes to the heartbeat state.GreenFlashingHeartbeat. The device is correctly connected and operating.RedFlashingSystem error. Restart the device. Press the Rescue button (for 1.5 seconds). Alternatively, briefly disconnect the device power supply and then connect it again.If the error is still present, start the recovery procedure (see “Performing a recovery procedure” on page 324) or contact your dealer.3Green1, 2, 314ONWAN: connection to the network partner is presentFlashingWAN: data transmission is activeVarious LED lightcodesPHOENIX CONTACTRecovery mode. After pressing the Rescue button.See “NOTE: Restart, recovery procedure, and flashing the firmware” on page 3238334 en 02
Operating elements and LEDs2.3FL MGUARD PCI4000SD card slot (configurationmemory)Battery (can be replaced)Reset buttonSTAT LEDRJ45 socket (LAN 1) forconnecting the internalnetworkLAN 1 LEDLAN 2 LEDWAN 1 LEDWAN 1 LEDRJ45 socket (WAN 1) forconnecting the externalnetwork/InternetFigure 2-3Table 2-3LEDsOperating elements and LEDs on the FL MGUARD PCI4000LEDs on the FL MGUARD PCI4000 SDStateMeaningWAN 1 GreenONFull duplexLAN 1OFFHalf duplexWAN 2 YellowON10 MbpsLAN 2Flashing 10 Mbps, data transmission activeGreenON100 MbpsFlashing 100 Mbps, data transmission activeLAN 1 Various LED lightLAN 2 codesWAN 1STATRecovery procedure/flashingSee “NOTE: Restart, recovery procedure, and flashing the firmware” on page 323Red/ greenFlashing Boot process. When the device has just been connected to the power supply. After a fewseconds, this LED changes to the heartbeat state.GreenFlashing Heartbeat. The FL MGUARD is connected correctly and ready to operate.RedFlashing System error. Restart the device. Press the Reset button (for 1.5 seconds). Alternatively, briefly disconnect the device power supply and then connect it again.If the error is still present, start the recovery procedure (see “Performing a recoveryprocedure” on page 324) or contact your dealer.8334 en 02PHOENIX CONTACT15
Product designation2.4FL MGUARD DELTA TX/TXSD card slot (configurationmemory)RJ45 socket (LAN 1)for connecting theinternal networkReset buttonLAN 1/WAN 1LEDsFigure 2-4Table 2-4LAN 2/WAN 2LEDsLEDsOperating elements and LEDs on theLEDs on the FL MGUARD DELTA TX/TXLEDsStateWAN 1GreenLAN 1WAN 2RJ45 socket (WAN 1)for connecting theexternal networkYellowMeaningONFull duplexOFFHalf duplexON10 MbpsFlashing 10 Mbps, data transmission activeLAN 2GreenON100 MbpsPWRGreenONSTATGreenFlashing The FL MGUARD is ready to operate.ERRRedONFAULTRedONFlashing 100 Mbps, data transmission activeINFO16Supply voltage OKSystem errorFL MGUARD in the booting or flashing stateNot usedPHOENIX CONTACT8334 en 02
Startup3Startup3.1Safety notesTo ensure correct operation and the safety of the environment and of personnel, the FLMGUARD must be installed, operated, and maintained correctly.WARNING: Intended useOnly use the FL MGUARD in an appropriate way and for its intended purpose.WARNING: Only connect LAN installations to RJ45 socketsOnly connect the FL MGUARD network ports to LAN installations. Some telecommunications connections also use RJ45 sockets; these must not be connected to the RJ45 sockets of the FL MGUARD.Please also note the additional safety notes for the device in the following sections.General notes regarding usageNOTE: Connection notes– A free PCI slot (3.3 V or 5 V) must be available on your PC when using theFL MGUARD PCI4000.– Do not bend the connecting cable. Only use the network connector for connection toa network.NOTE: Select suitable ambient conditions– Ambient temperature:0 C . 40 C (FL MGUARD SMART2, FL MGUARD DELTA TX/TX)0 C . 60 C (FL MGUARD PCI4000 with battery)0 C . 70 C (FL MGUARD PCI4000 without battery)-20 C . 60 C (FL MGUARD RS4000/FL MGUARD RS2000)– Maximum humidity, non-condensing20% . 90%(FL MGUARD SMART2)5% . 95%, (FL MGUARD RS4000/FL MGUARD RS2000, FL MGUARD PCI4000,FL MGUARD DELTA TX/TX)To avoid overheating, do not expose to direct sunlight or other heat sources.NOTE: CleaningClean the device housing with a soft cloth. Do not use abrasive solvents.8334 en 02PHOENIX CONTACT17
Product designationSteps for startupTo start up the device, carry out the following steps in the specified order:StepAimPage1Check the scope of supplyPage 19Read the release notes23Connect the deviceFL MGUARD RS4000/FL MGUARD RS2000Page 20FL MGUARD PCI4000Page 25FL MGUARD DELTA TX/TXPage 28Configure the device, if required.Page 30Work through the individual menu options offered by the FL MGUARD configuration interface.
– Network card (FL MGUARD PCI4000) – VPN router (VPN - Virtual Private Network) for secure data transmission via public networks (hardware-based DES, 3DES, and AES encryption, IPsec protocol). – Configurable firewall for pr
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
Bruksanvisning för bilstereo . Bruksanvisning for bilstereo . Instrukcja obsługi samochodowego odtwarzacza stereo . Operating Instructions for Car Stereo . 610-104 . SV . Bruksanvisning i original
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
- HARDWARE USER MANUAL - MANUEL DE L'UTILISATEUR HARDWARE . - HARDWAREHANDLEIDING - MANUALE D'USO HARDWARE - MANUAL DEL USUARIO DEL HARDWARE - MANUAL DO UTILIZADOR DO HARDWARE . - 取扱説明書 - 硬件用户手册. 1/18 Compatible: PC Hardware User Manual . 2/18 U.S. Air Force A -10C attack aircraft HOTAS (**) (Hands On Throttle And .
