IF1000 series - ads-tec
Contents
1. Change to s Now press ENTER to confirm all the changes to the first line in the input mode gt The overall Contact Name is highlighted The text message Please wait will come up on display whilst the data is being stored If the input mode is exited by pressing ESC the changes are overruled abandoned Press the ESC key to exit this menu All the changes entered have been duly stored IF1000 series 19 5 2 LC Display The device is fitted with an LCD which allows direct access to configuration settings Any modifications to the firewall and web interface settings made via the LCD menu will take effect immediately Furthermore the display shows event messages and status information for quick on site system analysis The LCD menu option Lock can be used to lock the display and all front panel keys When these are locked the device PIN is required to access and or modify any device information Hence the Lock function protects the device against unauthorised on site modifications The LCD menu can be accessed by pressing the ESC or ENTER key The LCD menu contains the following main menu items Settings Allows configuration of basic Firewall settings which includes locking the display and all front panel keys Also allows setting the local IP address as well as the display language and various system information Status Shows all current event log entries and device information Also allows initiating a self test of2. 5 7 Interface Overview 5 7 1 Power Supply 24 VDC BackUp 5 7 2 CUT amp ALARM 5 7 3 Power Supply LAN in RJ45 PoE IEEE 802 AF 5 7 4 LWL Fibre Optic 5 7 5 Serial Interface COM RS232 5 7 6 SMARTCARD READER NACH ISO 7816 6 Commissioning 6 1 Inititial Commissioning 6 2 Manual Network adapter configuration 6 3 Settings for use with Internet Explorer 8 6 4 Calling up the Device Web Interface 7 Technical Details 8 Service amp Support 8 1 ads tec Support 8 2 Company adress 9 Declaration of CE Conformity ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen 43 43 43 44 IF1000 series 3 1 Remarks 1 1 Relevant Documentation for this device The following documents are essential for setting up and operating this device User Manual This Documentation Contains information for installation commissioning and operating the device along with technical data of the device hardware Qucik Start Guide Quick Install Guide for fast commissioning 1 2 Used Symbol Explanation TI Warning The Warning symbol refers to activities which might cause personal injury or damage to the hardware or software Note The Note symbol familiarises you with conditions to be observed in order to ensure flawless operation Additionally hints and advice are given for a more efficient use of the device and for software optimisation 1 3 Data Figures Modifications All texts data and figures are
3. admin from source web interface Mar 1 00 00 43 IF1100 AX 12345678 system IF1xxx 2 1 0 SVN R3761 B 56250 system ready Quicklinks Startseup wizard SequreNow Abb 13 ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen ET tec IF1000 series 42 7 Technical Details Device Data Operating System Configuration protocol Power Supply Interfaces External Device Dimensions Weight Protection Class Max Power consumption Environmental temperature Note IF1000 series Embedded LinuX http https 24V DC 20 redundant power Supply 1 x CUT amp ALARM 1 x LAN RJ45 Connection10 100 1000MBit s Autocrossover AxLAN RJ45 Connection10 100 1000MBit s Autocrossover 1x SUB D RS232 203 mm x 156mm x 35mm ca 1 kg IP20 max 12 Watt typ bei 24V DC during operation 0 C 60 C during storage 0 C 50 C UL gt Detailed information for the device see our website http www ads tec de ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 43 8 Service amp Support The ads tec company and their partner companies offer a comprehensive service and support to your customers providing a quick and professional support in case of any question with respect to ads tec products and components Since the devices from ads tec company are also used by partner companies these devices might be configured according to specific customer
4. define which websites are induded in ka the local intranet zone Automatically detect intranet network Indude all local intranet sites not listed in other zones Indude all sites that bypass the proxy server Indude all network paths UNCs What are intranet settings Abb 10 In the Add this website to the zone address line enter the device IP address and confirm this step with Add Default IP address http 192 168 0 254 ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 39 The entered IP address should now appear in the list under Websites 2 Local intranet sq You can add and remove websites from this zone All websites in this zone will use the zone s security settings this website to the zone http 192 168 0 254 htto 192 163 0 254 Remove Abb 11 ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen ET tec IF1000 series 40 6 4 Calling up the Device Web Interface To access and open the device web interface start up your web browser In the browser s address bar enter the following IP address then confirm with Enter http 192 168 0 254 Login Once the IP address has been entered with success the login prompt appears In the login prompt entry of the default settings is required The default configuration in just delivered conditions is UserName admin Password admin Confirm your entries by clicking on OK Verbindung zu 192 16
5. non binding We reserve the right of modification in accordance with technological progress At that point in time when the products leave our premises they comply with all currently applicable legal requirements and regulations The operator operating company is independently responsible for compliance with and observance of any subsequently introduced technical innovations and new legal requirements as well as for all usual obligations of the operator operating company 1 4 Trademarks lt is hereby notified that any software and or hardware trademarks further to any company brand names as mentioned in this User s Guide are all strictly subject to the various trademark brand name and patent protection rights Windows Windows CE are registered trademarks of Microsoft Corp Intel Pentium Atom Core 2 are registered trademarks of Intel Corp IBM PS 2 and VGA are registered trademarks of IBM Corp CompactFlash and CF are registered trademarks of SanDisk Corp RITTAL is a registered trademark of the Rittal Werk Rudolf Loh GmbH amp Co KG Any further additional trademarks and or brand names herein be they domestic or international are hereby duly acknowledged 1 5 Copyright This manual including all contained figures is protected by copyright law Any use for third parties non compliant with the copyright provisions is prohibited Any reproduction translation as well as electronic and photographic arc
6. order ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen Ye Eiter IF1000 series 14 5 Systemfeatures 5 1 Frontpanel Operation Keys The device is provided with operation keys for navigation and unit configuration via the LCD menus Said LCD menus are easily accessed via simple operation of the ESC or the ENTER keys You will find a description of the single menu items in the following LC display section The front panel operation keys are provided with the following functions Symbol Navigation function Configuration function Press to exit the current menu If the input mode is activated level the variation can be ESC overruled abandoned by pressing ESC Press to access a menu level To enter or to change data or to confirm a change entry the input mode must first be ENTER activated by pressing ENTER This will have only one digit flashing To adopt the change entries the input mode must first be deactivated by pressing ENTER This will highlight the whole line For selection amongst a number of options selection is activated via this key selection of either German or English from the available language options Menu navigation direction For selection amongst a arrow number of options the UP UP key will access and highlight the selection item in ascending up order e g selection of either German or English from the available language options Upon entry or change of various data the h
7. test Press Enter to start the display test Perform this test to check the display for correct functioning You can visually check whether all characters are displayed properly on the display Four different test screens will appear each of which will need to be confirmed by pressing any front panel key When the test is finished you will automatically be taken back to the menu view Starts the key test Press Enter to start the key test Perform this test to check the keys for correct functioning You will be prompted to press specific keys whereupon you should press the respective key In case one key is defective you may exit the test using the other keys When the test is finished you will automatically be taken back to the menu view Sets the alarm output Sets the alarm output and turns on the alarm LED The letters AL will appear in the upper right corner of the display indicating that an alarm was triggered AL will continue to flash until the alarm is either switched off or acknowledged automatically Perform this test to check the alarm output for correct functioning IF1000 series Gelftest Internal Cut Display Put ALARM Activate interna Ping Test Events Connections Device info IF address 927 168 H Lon ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen 28 Sets the internal CUT Sets the CUT and turns on the CUT LED The letters INT will appear i
8. 0 ms DIN EN 60068 2 29 Note For Use In Pollution Degree 2 Environment Only Type 1 indoor use only ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 10 4 Mounting 4 1 External Device Dimensions 150mm 200mm 41mm Abb 1 ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen ET tec IF1000 series 4 2 Mounting Dimensions 11 Abb 2 ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen IF1000 series 12 4 3 Mounting options The device unit is designed for both top hat rail mounting as well as for wall mounting 4 3 1 Top Hat Rail Mounting 1 The Firewall must be placed obliquely up against the top of the top hat rail 2 Fix it on by pressing the underside lightly up against the rail 3 The Firewall must firmly snap into place on the top hat rail Abb 3 Note Check to make sure that the Firewall will not detach itself from the top hat rail by lightly tugging the underside forward ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 13 4 3 2 Wall mounting 1 Provide for screws on the relative device mounting wall so that they are set horizontally level with a distance between screws amounting to 170mm 2 Attach on the Firewall by way of the appropriate cavities as illustrated Pot a 0 65cm WERE Abb 4 To release the unit from the DIN rail proceed in reverse
9. 1 45894994 70771 Leinfelden Echterdingen Germany EU Council Directive of 3 May 1989 on the approximation of the laws of the Member States relating to Electromagnetic Compatibility EMC_Directive EU Directive 89 336 EWG from 5 3 1989 ABI EU L No 139 19 91 263 EWG from 4 29 1991 ABIEU L No 128 1 92 31 EWG from 4 28 1992 ABI EU L No 126 11 93 68 EWG from 7 22 1993 ABI EU L No 220 1 Adopted in Germany by EMVG from 9 18 1998 BGBI 1998 2882 COUNCIL DIRECTIVE of 19 February 1973 on the harmonization of the laws of Member States relating to electrical equipment designed for use within certain voltage limits LVD Directive EU Directive LVD 2006 95 EC from 12 27 2006 OJEU L 374 page 10 19 93 68 EWG from 7 22 1993 ABI EG L Nr 220 1 Adopted in Germany by 1 GPSGV from 7 11 1978 BGBI 1979 629 HARMONISED STANDARDS FOR TESTING EMC Directive a Electromagnetic emissions EN 61000 6 4 2001 b Electromagnetic Immunity EN 61000 6 2 2005 LVD Directive Safety of information technology equipment EN 60950 1 2001 STATEMENT The manufacturer hereby declares product conformity with the fundamental requirements given by the above described directives of the European Union The tests applicable according to the harmonized standards mentioned above have been fulfilled The CE labeling was assigned on July 2007 Leinfeiden Echterdingen 09 14 2007 Ads tec GmbH Jr Ma Dipl ind Thomas M gerle Technical Dir
10. 1 we Immer Standar LAN Einstellungen Abbrechen Die LAN Einstellunderrterte SRETECERTCETT Wahlverbindungen Bearbeiten Sie die Einstellungen oben um Wabhlverbindungen einzurichten Abbrechen bernehmen address in question Finally the device web interface will come up on screen System data System status System name IF1100 AX12345678 Date amp time Sunday 01 Mar 2009 00 21 Europe Berlin Device type Uptime 00 21 54 up 22 min load average 0 08 0 03 0 04 Serial No AX12345678 OpenVPN sessions Masters active 0 listening 0 Clients 0 Firmware version 2 1 0 Build 56250 IPsec tunnels 0 MAC Address LAN in 00 50 C2 48 00 00 MAC Address LAN out 00 50 C2 48 00 01 System usage Device mode Transparent bridge Genie 5 Memory 2 CPU Network statistic Interface status hiere LANGn 8 J Interface State IP Netmask IP Assignment DHCP Server LAN in Receive geen LAN In enabled 192 168 0 254 255 255 255 0 static disabled sional LAN LAN out enabled 192 168 0 254 255 255 255 0 static disabled 10 kb s LAN in Transmit 100 mb ys 1 Mb s 10 kb s Latest five messages Eventiog Mar 1 00 03 08 IF1100 AX 12345678 config db Save Settings 1235862180 Mar 1 00 03 08 IF1100 AX 12345678 config db Settings change by admin from source web interface Mar 1 00 02 54 IF1100 AX 12345678 config db Language ert Mar 1 00 02 54 IF 1100 AX 12345678 config db Settings change by
11. 126 11 93 68 EWG from 7 22 1993 ABI EU L No 220 1 Adopted in Germany by EMVG from 9 18 1998 BGBI 1998 2882 COUNCIL DIRECTIVE of 19 February 1973 on the harmonization of the laws of Member States relating to electrical equipment designed for use within certain voltage limits LVD Directive EU Directive LVD 2006 95 EC from 12 27 2006 OJEU L 374 page 10 19 93 68 EWG from 7 22 1993 ABILEG L Nr 220 1 Adopted in Germany by 1 GPSGV from 7 11 1979 BGBI 1979 629 HARMONISED STANDARDS FOR TESTING EMC Directive a Electromagnetic emissions EN 61000 6 4 2001 b Electromagnetic Immunity EN 61000 6 2 2005 LVD Directive Safety of information technology equipment EN 60950 1 2001 e STATEMENT The manufacturer hereby declares product conformity with the fundamental requirements given by the above described directives of the European Union The tests applicable according to the harmonized standards mentioned above have been fulfilled The CE labeling was assigned on July 2007 Leinfelden Echterdingen 09 14 2007 Ads tec GmbH Mole e Lei Dipl Ing Phomas M gerle Technical Director ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen acis tec IF1000 series 45 IF1110 Declaration of Conformity Manufacturer Statement PRODUCT NAME Industrial Firewall DESCRIPTION Firewall MODEL DVG IF1110 001 BU MANUFACTURER _ads tec GmbH Tel 49 711 458940 Raiffeisenstr 14 Fax 49 71
12. 2622 N rtingen 21 Action The network mask allows setting the operational mode Additional options are available for each mode In Transparent Bridge mode the Firewall acts as a Layer 2 Bridge and is invisible to all participants Transbridge LAN Settings The Firewall treats the networks at the LAN In and LAN Out interfaces as two separate networks and filters these separately Hence this mode requires that two independent IP addresses be configured for LAN In and LAN Out IP Router LAN In LAN Out Settings Depending on the selected operational mode IP address assignment can be configured under LAN Settings Available options are Static IP address DHCP DHCP fallback and PPPoE DHCP IF1000 series Selection Systeminfo Display SusStem UU System name STEM name System location US te ocat on ontac name _ ontact location Infnrmat nn ahn enter nformat o Sustem Contact name System name Sustem location ontact name OI at OCAT ON Hame 0 contac Contact location System name _ Sustem location ontact name ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen 22 Action This name serves as a unique identifier of the device at its installation site The Firewall system name displayed can be specified changed here You may freely choose a Firewall system name The name entered here will be shown in the LCD menu and in the web interface This item se
13. 53 the value 100 was selected in the example Once the IP address is entered you have to input the Subnet mask address If you click into the Subnet mask box the correct address is automatically entered Subnet Mask 255 255 255 0 You can now close the dialogue boxes by pushing the OK button ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen Ye Eiter IF1000 series 38 6 3 Settings for use with Internet Explorer 8 Warning If Internet Explorer 8 is used issues with the web interface might occur If you experience any problems the IP address of the device must be entered in the Local Intranet list in order to display the web interface correctly Open Internet Explorer and navigate to the Security tab with the following directory path Tools Internet options gt Security Switch to the Local Intranet tab and click there on Sites KI Internet Properties Local intranet This zone is for all websites that are found on your intranet Security level for this zone Allowed levels for this zone All Medium low Appropriate for websites on your local network intranet GC Most content will be run without prompting you Unsigned ActiveX controls will not be downloaded Same as Medium level without prompts E Enable Protected Mode requires restarting Internet Explorer Reset all zones to default level Then click on Advanced Ki Local intranet _ e lt a Use the settings below to
14. 8 0 100 herstellen X EAA A A Benutzername admin Kennwort _ Kennwort speichern Abb 12 Note If the login prompt does not appear check to ensure that the device has been connected via a RJ45 LWL optic fibre connection cable Otherwise connect the device up to a PC Device LAN in LAN out connection lt gt PC LAN connection If there still is no connection to the firewall login prompt it is necessary to check the proxy and local firewall settings It often occurs that also local subnet addresses e g 192 168 x x are diverted to a proxy server In this case it is possible to select the Bypass proxy server for local addresses option to enter the ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 41 Eigenschaften von Internet Allgemein Sicherheit Datenschutz Inhalte Verbindungen Programme Erweitert Klicken Sie AN Einstellungen Internetve Automatische Konfiguration Die automatische Konfiguration kann die manuellen Einstellungen Einstellungen f r VE Gberlagern Deaktivieren Sie sie um die Verwendung der manuellen Einstellungen zu garantieren C Automatische Suche der Einstellungen C Automatisches Konfigurationsskript verwenden Proxyserver Klicken Sie auf Eins p i Proxyserver f r die Proxyserver f r LAN verwenden diese Einstellungen gelten nicht f r YPN oder W hlverbindungen Keine Yerbindur Nut wahler
15. UP CUT amp ALARM LANIN SERVICE PWR _ EXT EE POE aN a L GND L GND L GND CUT ALI LINK ACT Abb 5 POWER Signal Action L L The device is not supplied with a power L Fal The device is provided with voltage via POWER and is ready for operation BACKUP Signal Action The device is not supplied with a backup power The device is provided with E voltage via POWER and is ready for operation ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series CUT amp ALARM Signal L L E INT a EXT RW AL E LAN IN Signal PoE PoE fl LINK ACT ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen 30 Action CUT amp ALARM interface is not supplied with a voltage The CUT amp Alarm functionality is not available CUT amp ALARM interface is supplied with a voltage The CUT amp Alarm functionality is given An internal Cut is triggered An external Cut is triggered An Alarm is triggered Action The device is not supplied with a power The device is provided with voltage via PoE and is ready for operation The interface is connected to a remote station and is ready for operation Displays the traffic between the firewall and remote IF1000 series 31 5 5 2 LAN OUT LAN OUT mi JEO EPa o ESCO Ee 1 WW LINK ACTILINK ACTILINK ACTILINK ACT Abb 6 LAN OUT Signal Action LINK The interface is connected to a remote stati
16. Version 3 0 User Manual Industrial IT IF1000 series Index 1 Remarks Relevant Documentation for this device Used Symbol Explanation Data Figures Modifications Trademarks Copyright Standards mek ehhh sch Oooh GO Mi 2 Notes on Operation amp Safety 2 1 Safety Instructions 2 2 Operation Location 2 3 Damage Caused By Improper Use 2 4 Warranty Repair 3 Introduction 3 1 Cut amp Stop 3 2 Alarming 3 3 Eventlog 3 4 Display Keypad 3 5 Managed Switch 3 6 Service 3 7 Equipment Versions 3 8 Scope of Delivery 3 9 Environmental Conditions 4 Mounting 4 1 External Device Dimensions 4 2 Mounting Dimensions 4 3 Mounting options 4 3 1 Top Hat Rail Mounting 4 3 2 Wall mounting ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen Oa OH 0 O1 da CO GO GA GO GO LA O 0 ONNNNN 10 Ef Eitec IF1000 series 5 Systemfeatures 5 1 Frontpanel Operation Keys 5 1 1 Example configuration IP Adresss and Contactname 5 2 LC Display 5 3 Menu Overview Settings 5 3 1 Description of individual Menu items 5 4 Menu Overview Status 5 4 1 Description of individual menu items 5 5 Operational LED Status Display 5 5 1 Power Supply Cut amp Alarm LAN IN 5 5 2 LAN OUT 5 6 Operational LED Status Displays 5 6 1 Status Display Activities when Booting 5 6 2 Status display activities when resetting to default settings 5 6 3 Status display activities with Firmware Updates
17. active on the first digit Press the RIGHT direction arrow key six times gt The input focus will be active on the 2 IF1000 series Genk A i SpanTree Prot O Subnetmask k a DH P Sbal back L ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen 17 Press the DOWN direction arrow key twice gt Change on the space Press the RIGHT direction arrow key twice gt The input focus will be active on the 5 Press the DOWN direction arrow key three times gt Change to 2 Now press ENTER to confirm all the changes to the first line in the input mode gt The overall IP is highlighted The text message Please wait will come up on display whilst the data is being stored If the input mode is exited by pressing ESC the changes are overruled abandoned Press the ESC key to exit this menu All the changes entered have been duly stored IF1000 series Contact name 18 Contact name Mr Miller must be changed to Ms Miller The Contact Name is highlighted and the input window is deactivated To change the Contact Name following steps are required Menu Action ame 0 contac Hame 0 contac ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen Press ENTER to activate the iput mode gt The input focus will be active on the first digit Press the RIGHT direction arrow key once gt The input focus will be active on the r Press the UP direction arrow key once gt
18. cked mode is entering the required PIN for unlocking the display and keys The lock will only become active once the user exits the LCD menu by pressing ESC The PIN needs to be entered correctly in order for all LCD menu functions to become accessible again When the Firewall is turned off and on again the lock will still be active and the PIN needs to be re entered This option allows locking the keys separately from the display With locked keys the LCD menu can no longer be used to modify the device configuration The LC display will however still show current network load and other system information The only operation possible in locked mode is entering the required PIN for unlocking the display and keys The lock will only become active once the user exits the LCD menu by pressing ESC The PIN needs to be entered correctly in order for all LCD menu functions to become accessible again When the Firewall is turned off and on again the lock will still be active and the PIN needs to be re entered By default neither keys nor display are locked IF1000 series New PIN oo old FIM Reboot Selection Display Settings He twork Sustem info Men te bont tebon device ReboOot A OT Ir With ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen 24 In order to change the PIN the old PIN needs to be entered The PIN may be changed independently from the web interface passwo
19. e and to transfer your settings to a limited selection and or to all ads tec devices of same design and version without having to make these configurations time consuming at each individual device You also have the possibility of assigning sequential IP addresses for your ads tec devices With IDA light you can comfortably provide own groups of parameters according to your specific requirements and modify them at any time 3 1 Cut amp Stop During critical start up or production phases the Ethernet uplink can be physically disconnected i e via hardware through a 24 V input This will safely rule out both intentional and unintentional external manipulation The uplink is reconnected through the same input This function makes integration into an automation concept very simple 3 2 Alarming In the event that a rule is violated the alarm signal is reported to the control centre through an output Necessary measures can be automated directly For example acoustic indicator lights can signal the alarm condition E mails can be sent out automatically to signal a rules violation event 3 3 Eventlog A zero voltage event logbook with retentive memory stores all events whenever the firewall is disconnected from the power supply NV RAM option The event logbook can be read out either locally or via a central Syslog server 3 4 Display Keypad The built in display can be used to configure the essential unit functions It is th
20. ector ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen acis
21. er configuration Note The notes below have been created by using Windows XP Should you use a different operating system the directory paths and properties described here might vary Open the Properties tab of the network adapter you are using The directory path is Start gt Settings gt Network connections gt LAN connections gt Properties Select the following option in the pop up dialogue Internet protocol TCP IP then click on Properties Eigenschaften von LAN Verbindung Allgemein Authentifizierung Erweitert Verbindung herstellen uber E9 Intel R PRO 1000 CT Network Conn Diese Verbindung verwendet folgende Elemente ei Client f r Microsoft Netzwerke A Datei und Druckerfreigabe fur Microsoft Netzwerke Internetprotokoll TCP IP Installieren Eigenschaften Beschreibung TCP IP das Standardprotokoll f r W N Netzwerke das den Datenaustausch ber verschiedene miteinander verbundene Netzwerke erm glicht Symbol bei Yerbindung im Infobereich anzeigen Benachrichtigen wenn diese Verbindung eingeschr nkte oder keine Konnektivit t besitzt Abb 8 Here select the following item Use following IP address Access to the device will only be enabled once the following parameters have been entered as the fixed IP address or if the computer is located in the same subnet area IP Address 192 168 0 100 Note The last section of digits must represent a number between 1 and 2
22. heat sources 2 3 Damage Caused By Improper Use This device must immediately be shut down and protected from any accidental commissioning if the operating system shows any obvious damage caused by for example improper operating or storage conditions or by improper use or handling 2 4 Warranty Repair During the warranty period any repair must only be carried out by the manufacturer or by a person authorised by the manufacturer ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 7 3 Introduction The Industrial Firewall constitutes a link between the IT world and automation thereby meeting the requirements of IT security as well as those by the production line maintenance personnel It enables monitoring and control of the plant setup network and of the relative access points Its essential security protection mechanism is constituted by the event dependent and physical network separation This Firewall furthermore offers amongst others a secure access in the event of service operations it enables traffic shaping and is capable of implementing the available virus scanners Note For the efficient online configuration of your ads tec devices it is possible to download the current version of the free tool IDA light on the company s homepage hitp www ads tec de The tool offers you for example the possibility of defining individual parameters or whole groups of parameters at a Server devic
23. hiving and modification shall only be permitted after explicit written authorisation by ads tec GmbH Any party in violation of this provision shall be obliged to damage compensation ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 4 1 6 Standards This device complies with the requirements and protective aims of the following EC regulations Standards e This device meets the test requirements for granting the CE sign according to the European test standards EN 61000 6 4 and EN 61000 6 2 e This device complies with the test requirements in accordance with EN 60950 VDE0805 IEC950 Safety of Information Technology Equipment e The device meets the EN 60068 2 6 test requirements sinus excitation e This device meets the EN 60068 2 27 test requirements shock resistance test Note A respective conformity declaration for the authority in charge is available at the manufacturer and may be viewed on request All connected components as well as cable connections must also meet these requirements for compliance with the EMC legislation For this reason screened bus and LAN cables including screened connectors must be used and installed according to the instructions in this user manual ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 2 Notes on Operation amp Safety The unit operates under electrical tension and implements supersensitive component par
24. ighlighted digit can be accessed and changed in ascending up direction The succession of the characters is provided in the ASCII code However a space character is assigned for simplification of first time operation of the DOWN navigation direction option If the key is pressed a second time the system proceeds with ASCII character strings ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 15 Menu navigation direction If the input mode is activated arrow each digit is marked and can LEFT be changed via access with the UP and DOWN arrow Keys Menu navigation direction For selection amongst a arrow number of options the DOWN DOWN key will access and highlight the selection item in ascending up order e g selection of either German or English from the available language options Upon entry or change of various data the highlighted digit can be accessed and changed in ascending up direction The succession of the characters is provided in the ASCII code However a space character is assigned for simplification of first time operation of the DOWN navigation direction option If the key is pressed a second time the system proceeds with ASCII character strings Menu navigation direction If the input mode is activated arrow each digit is marked and can RIGHT be changed via access with the UP and DOWN arrow keys Note To carry out changes in the LCD menus the foll
25. n the upper right corner of the display indicating that an internal CUT was triggered INT will continue to flash until the internal CUT is either switched off or acknowledged automatically Perform this test to check the internal CUT for correct functioning With the aid of the PING Test the accessibility of an affiliated remote station is tested The PING Test sends an echo request packet to the destination address of the remote station to be tested and then proceeds with test information assessment Enter the destination address that needs to be tested in IP address form in the appropriate entry field It is furthermore necessary to enter the packet quantity required to be sent Said quantity is limited to a maximum of 10 packets IF1000 series 29 5 5 Operational LED Status Display The boot up process starts as soon as the firewall is supplied with a voltage source With the aid of the Lan in LEDs it is possible to check whether the Firewall is booting up as well The table herunder provides boot up process LED blink frequency via which it is possible to check that the device is booting up correctly In the example no LAN in cable PoE is connected up The minute the traffic display comes up on the LCD the boot up process has been successfully concluded State of theLED representation aus gr n L gr n blinkend E rot E orange L orange blinkend il 5 5 1 Power Supply Cut amp Alarm LAN IN POWER BACK
26. on and is ready for operation ACT il Displays the traffic between the firewall and remote ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 32 5 6 Operational LED Status Displays 5 6 1 Status Display Activities when Booting Te boot up process starts as soon as the firewall is supplied with a voltage source With the aid of the Lan in LEDs it is possible to check whether the Firewall is booting up as well 5 6 2 Status display activities when resetting to default settings Via the Factory Default keys on the rear side of the Firewall it is possible to reset the Firewall back to its default factory settings at any time independently of its configuration To set the Firewall back to its default settings the factory default keys must be pressed during current operations In the example no LAN in cable PoE is connected up The factory default keys must be pressed once briefly in order to start the set back to default settings process 5 6 3 Status display activities with Firmware Updates A firmware update can be made by using the web interface The actual process of updating might take a few minutes ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 33 5 7 Interface Overview LAN IN SERVICE LAN OUT POWER BACKUP ti WW ws VE ia a E Abb 7 The device has the following interfaces front Power 24V DC voltage supply 2 pole COMBICON plug Backu
27. owing character set is available tT HSE 1234567 fu uses ABCT LRSTUU ahcedefy grg turH ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 16 5 1 1 Example configuration IP Adresss and Contactname IP Adress Default IP address 192 168 0 254 needs to be changed into 192 168 1 250 whilst the subnet mask must be changed from 255 255 255 0 into 255 255 52 0 The IP address is highlighted and the input window is deactivated To change the IP proceed as Action follows ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen Press ENTER to activate the iput mode gt The input focus will be active on the first digit Press the RIGHT direction arrow key eight times gt The input focus will be active on the 0 Press the UP direction arrow key once gt Change to 1 Press the RIGHT direction arrow key three times gt The input focus will be active on the 4 Press the DOWN direction arrow key four times gt Change to 0 Now press ENTER to confirm all the changes to the first line in the input mode gt The overall IP is highlighted The text message Please wait will come up on display whilst the data is being stored If the input mode is exited by pressing ESC the changes are overruled abandoned Press the DOWN direction arrow key once gt The subnet mask is highlighted Press ENTER to activate the iput mode gt The input focus will be
28. p 24V DC BACKUP voltage supply 2 pole COMBICON plug CUT amp ALARM plug 4 pole COMBICON plug LAN in with RJ45 PoE or LWL fibre optic connection 9 pole SUB D connector RS232 LAN out with 4x RJ45 connection oo SS NY SE Note All input voltages can be hooked up redundantly Power Backup and PoE via LAN in 5 7 1 Power Supply 24 VDC BackUp The supply voltage implements a lead through terminal with screw connection the illustration shows the jack provided in the device Pin Number Signal Name 1 24V DC 12 2 UV DC ERR PIN 1 L 24V DC Power Supply PIN 2 GND Ground ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen e tec IF1000 series 34 5 7 2 CUT amp ALARM Pin Number Signal Name 1 TX 1 2 3 4 oe I I 3 RX 4 NC PIN 1 L 24V DC feed in of the alarm output voltage PIN 2 GND Ground feed in of the alarm output voltage PIN 3 CUT 24V DC feed in of an external switching signal galvanically isolated PIN 4 AL 24V DC ALARM output galvanically isolated alarm out put for signalling to external users 5 7 3 Power Supply LAN in RJ45 PoE IEEE 802 AF Pin Number Signal Name 1 TX 2 TX 3 RX A PoE G 5 PoE G 6 RX 7 PoE 48V 8 PoE 48V 5 7 4 LWL Fibre Optic An MTRJ fibre optic plug is implemented for the LWL fibre optic connection 62 5 125um multimode cable from the MTRJ plug to the Duplex plug ads tec GmbH Heinrich Hertz St
29. quivalent to the MTRJ Standard Multimode with a 100Base FX 100 Mbits Ethernet transmission method via fibre optics NVRAM non volatile RAM non volatile Random Access Memory is an electronic memory storage technology whereby data is stored even without maintenance of power supply Note The LAN in interface can be equipped with an RJ45 or with an LWL fibre optic connection as the case may be 3 8 Scope of Delivery Please check supply package contents for integrity and completeness Scope of Delivery F 1000 series e 1 x Industrial Firewall e 2 x 2 pole Plug e 1 x 4 pole Plug e Ethernetcable 1m e Quick Guide Inbetriebnahme Quick Guide Montage e GNU General Public License e Service CD ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 9 3 9 Environmental Conditions The unit can be put into operation and used under the following conditions Failure to observe any one of the specified data will immediately terminate all warranty conditions ads tec cannot be held liable for any damages arising due to improper device or unit use and handling e Permissible ambient temperatue during operation D 60 C during operation UL 5 50 C during storage 20 50 C e Humidity during operation 10 85 without condensate during storage 10 85 without condensate e Vibration during operation 1G 10 500 Hz DIN EN 60068 2 6 e Shock During operation 5 G with half wave of 3
30. r 1 e D 72622 N rtingen ET tec IF1000 series 35 5 7 5 Serial Interface COM RS232 9 pole SUB D connector RS232 for connection of an analogue ISDN or GPRS standard modem unit Pin Number Signal Name 4 O O INI OD BR WwW PP DCD r of RxD TxD DTR GND DSR RTS CTS RI 5 7 6 SMARTCARD READER NACH ISO 7816 The SIM card reader serves for the storage of the configuration data Pin Number Signal Name 1 COIN OO Oo BI Wy PP ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen VCC 5 Volt AN RESET CLOCK Sy NC GND NC VO NC IF1000 series 36 6 Commissioning 6 1 Inititial Commissioning Achtung The initial installation of this device can only be performed by using the RJ45 interface labelled with HOST A RJ45 PATCH CABLE IS REQUIRED FOR INITIAL CONFIGURATION Connecting the 24 V DC power source The power for this device can be supplied by a 24V DC 2 pin connector power supply The corresponding COMBICON connector is included in the scope of delivery Connect the device with a suitable power supply unit RJ45 network cable connection For initial installation it is essential to establish a connection between this device and a PC by using a RJ45 network cable To connect the device with a PC Device HOST connector lt gt PC LAN connector ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 37 6 2 Manual Network adapt
31. rd The default PIN is empty any user defined PIN may be up to 14 digits long Action The reboot option allows re starting the Firewall via the LCD menu Confirm selection of this option by pressing the down key IF1000 series 5 4 Menu Overview Status ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen Events peentlod EI _ ct 15 29 56 Oc Device info AER en t freit ear signals int og And UBF Wd OO MEeSSaAd Status UU Sa PPVICeE info Selftest One C on into Pec ell zec connection Events Connections JeVICe into Events Connections Device info Egz left CUT internal Display Pus ALARM Activate interna Events Connections Device info IP address elfitest 2 168 H Lon 25 IF1000 series 26 5 4 1 Description of individual menu items Events Selection Action Anzeige Event log The event log allows retracing system messages and alarms Select individual log entries using the UP and DOWN keys The event log display is comparable to KE a transcript of messages oa es Use the Event log menu to view any logged events Events u mtio Pak S10naALisS ak ben OO mMesiag Melssage Ack Use the Message Acknowledgement option to override or end respectively any events logged in the event log Manually acknowledging event messages will end all active events In automatic setting events will be acknowledged a
32. re is allowed for any of the adjustments and features described in this User s Guide Deployment of any firmware software that has not been released by ads tec will terminate all warranty conditions 2 1 Safety Instructions Warning For the prevention of possible unit damages all cable lines power supply interface cables must be hooked up strictly with the unit in power OFF conditions Warning All unit assembly operations must be strictly conducted only under safe secure and zero potential conditions accurately observe all the relevant safety provisions DIN EN 61340 5 1 DIN EN 61340 5 2 ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen Note When handling parts and components susceptible to electrical discharge please IF1000 series 2 2 Operation Location This device is designed for use in industry You must ensure compliance with the specified environmental conditions Using the device in non specified environments e g on board ship or in areas containing explosive vapours gases or gas mixes as well as in extreme heights is prohibited ON only when it reaches ambient temperature This particularly applies when the unit is subject to extreme temperature fluctuations and or variations Avoid overheating during unit operations the unit must not be exposed to Warning For the prevention of water condensate accumulation the unit should be turned direct sunlight or any other direct light or
33. requirements Should any question or issue with respect to specific configurations and software installations arise it can only be resolved by the system manufacturer For devices not directly purchased from ads tec we cannot be responsible for the support In this case the support is provided by our partner company 8 1 ads tec Support Das Support Team von ads tec steht fur Direktkunden von Montag bis Freitag von 8 30 bis 17 00 unter der unten genannten Telefonnummer zur Verf gung Tel 49 7022 2522 202 Fax 49 7022 2522 2602 E Mail support ads tec de 8 2 Company adress ads tec GmbH Heinrich Hertz Str 1 D 72622 Nurtingen Germany Phone 49 0 7022 2522 0 Fax 49 0 7022 2522 400 E Mail mailbox ads tec de Home www ads tec de ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 44 9 Declaration of CE Conformity IF1100 Declaration of Conformity Manufacturer Statement PRODUCT NAME Industrial Firewall DESCRIPTION Firewall MODEL DVG IF1100 001 BU MANUFACTURER _ads tec GmbH Tel 49 711 1458940 Raiffeisenstr 14 Fax 49 711 145894994 70771 Leinfelden Echterdingen Germany EU Council Directive of 3 May 1939 on the approximation of the laws ofthe Member States relating to Electromagnetic Compatibility EMC_Directive EU Directive 89 336 EWG from 5 3 1989 ABI EU L No 139 79 91 263 EWG from 4 29 1991 ABI EU L No 128 1 92 31 EWG from 4 28 1992 ABI EU L No
34. rves as a unique identifier of the location at which the device is operated The Firewall system location can be specified changed here You may freely choose a Firewall system location Specifying the system location provides additional information on the device location The location entered here will be shown in the LCD menu and in the web interface This item serves as a unique identifier of the responsible contact person A contact name can be specified changed here You may specify a contact person that can be contacted in case problems occur or maintenance is required This item serves as a unique identifier of the responsible contact person and their location A contact location can be specified changed here In addition to the name of the contact person you may also specify their location IF1000 series LCD Menu Language AN og ULA g E Language Se ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen Selection Lob menu Deutsch Englisch Display amp Keys Keys only Unlocked 23 Action Two language options are available Changing the language setting here will also affect the language of the web interface The default setting is English The display and keys can be locked to prevent unauthorised access When locked the display will not show any information and the keys can no longer be used to modify the device configuration The only operation possible in lo
35. the following components display front panel keys CUT and ALARM function The connection control displays the state of the Service Open VPN and IPsec connections Note The default language setting is English In order to select a different language open the main menu and select the following menu items Settings LCD menu Language Confirm your selection by pressing ENTER Selection will be marked by an X Then leave the menu by pressing ESC ads tec GmbH Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 5 3 Menu Overview Settings Settings IEDs Stem into CD menu Re hoot Operatlona Mode Menu Reboot Hetwork Sustem info men ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen ranshridge IF router IF routerert LAMN in settings Sus teh ocation ontac name _ ontact location i a abou System _ ystem name _ System location ontact name ont at OCGattOn Hame 0 contac System name _ System location ontact name LD menu i j E Language ze Reboot 00 Ei ES Eege 20 Sustemloc actor Inter LArornmatia Cont loc Ka en DST IF1000 series 5 3 1 Description of individual Menu items Network Selection Anzeige Transbridge Rehoot IP Router rans bridge IP router IF routerert LAH in settings LAN Einstellungen A o A Enable WAT E IF address ads tec GmbH Heinrich Hertz Str 1 e D 7
36. ts Intervention by the User is required only for power supply line connection operations Should any further alterations be required it is necessary to consult either with the Manufacturer directly or with authorised service personnel accordingly During said connection operations the unit must be completely powered down Specific requirements need to be met concerning the prevention of electrostatic discharge on component construction parts during contact If the unit is opened up by a non authorised individual the User may be subject to potential hazards and warranty conditions are terminated General Instructions This User s Guide must be read and understood by all User s and must be available for consultation at all times Assembly operation start up and unit operation must only be conducted by appropriately qualified and trained personnel All individuals and operators using the unit must strictly observe all safety and use instructions as provided within the User s Guide All regulations and prescriptions on accident prevention and safety in force c o the unit installation site must be strictly observed at all times This User s Guide provides all the most important directions as required for safe and security oriented operation Safe and optimised unit operations are subject to appropriate storage proper transport and handling accurate unit setup start up and operation Note Only the ads tec original firmware softwa
37. us possible to obtain a quick system analysis e g of the network load directly from the display The display and keys can be password protected against unauthorized manipulation 3 5 Managed Switch Network segments can be set up without any additional hardware by using the managed switch integrated into the firewall It is possible to connect multiple systems or terminals up to one Firewall Each port can be switched off individually to prevent unauthorized data traffic monitoring ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series 8 3 6 Service Service access via a secure service port Connecting the Firewall to an analogue ISDN or GPRS modem for dial in access provides for affordable remote maintenance even without an Internet connection 3 Equipment Versions The device is available in 4 configuration versions Ausstattungsvariante IF1100 IF1110 IF1200 IF1210 LAN in RJ45 RJ45 LWL LWL LAN out RJ45 RJ45 RJ45 RJ45 NVRAM X X RJ45 Registered Jack 45 standardized jack provided per an Ethernet standard as frequently implemented in telecom applications The transmission method is equivalent to 10 100Mbits half and full DUPLEX 100 BASE TX LWL fibre optic connection are flexible optic media for controlled conduction of light Contrarily to the Ethernet standard the fibre optic connection technology is insensitive to voltage interference The plugs required for implementation are e
38. utomatically after a predefined period of time manually Oo Connections Selection Action Service Service Anhand des Service Menupunktes kann der Status einer Service Verbindung berpr ft bzw nachvollzogen werden Wenn die Schnittstelleerfolgreich verbunden ist wird der Status connected angezeigt Bei einer inaktiven Verbindung wird disconnected angezeigt OpenVPN Use the menu item OpenVPN to display all active VPN connections Settings can be changed directly via the LCD menu IPsec Use the menu item IPsec to display all SERVICE IPsec related information and settings Open WPM The display screen can be used to PS ec ae sec Connection monitor the IPsec status Settings can be changed directly via the LCD menu Disabled ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen ET Eiter IF1000 series Device info Selection Anzeige Events Connections Deyice nfdo Device Test Selction Anzeige 1s EI GEN ALARM CUT internal ho A charac Selftest Screen Keys Selitest Leet CUT internal Press Iert Alarm ads tec GmbH e Heinrich Hertz Str 1 e D 72622 N rtingen Su te AT 7 Device info 27 Action This option displays general device information The screen shows the name of the manufacturer the device variant whether aNVRAM card is installed the current firmware version and the current firmware build Action Starts the display
Download Pdf Manuals
Related Search