2. Computers & electronics
  3. Software
  4. Hirschmann
  5. EAGLE20/30

Hirschmann EAGLE20/30 Reference guide

  • Hello! I am an AI chatbot trained to assist you with the Hirschmann EAGLE20/30 Reference guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Hirschmann Automation and Control GmbH
Reference Manuals
Graphical User Interface
Command Line Interface
User Manuals
Basic Configuration
Routing Configuration
EAGLE HiSecOS Rel. 03200
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
Technical support
https://hirschmann-support.belden.eu.com
Reference Manual
Graphical User Interface
HiSecOS EAGLE20/30 (Industrial ETHERNET Firewall)
The naming of copyrighted trademarks in this manual, even when not specially indicated, should
not be taken to mean that these names may be considered as free in the sense of the trademark
and tradename protection law and hence that they may be freely used by anyone.
© 2019 Hirschmann Automation and Control GmbH
Manuals and software are protected by copyright. All rights reserved. The copying, reproduction,
translation, conversion into any electronic medium or machine scannable form is not permitted,
either in whole or in part. An exception is the preparation of a backup copy of the software for
your own use.
The performance features described here are binding only if they have been expressly agreed
when the contract was made. This document was produced by Hirschmann Automation and
Control GmbH according to the best of the company's knowledge. Hirschmann reserves the right
to change the contents of this document without prior notice. Hirschmann can give no guarantee
in respect of the correctness or accuracy of the information in this document.
Hirschmann can accept no responsibility for damages, resulting from the use of the network
components or the associated operating software. In addition, we refer to the conditions of use
specified in the license contract.
You can get the latest version of this manual on the Internet at the Hirschmann product site
(www.hirschmann.com).
Hirschmann Automation and Control GmbH
Stuttgarter Str. 45-51
72654 Neckartenzlingen
Germany
Rel. 3.2 - 01/2019 – 14.01.2019
Contents
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
3
Contents
Safety instructions
11
About this Manual
13
Key
15
Graphical User Interface
17
1 Basic Settings
27
1.1 System 28
1.2 Network 34
1.3 Software 37
1.4 Load/Save 40
1.5 External Memory 52
1.6 Port 55
Configuration 56
Statistics 60
1.7 Restart 62
2Time
65
2.1 Basic Settings 66
2.2 NTP 68
2.2.1 Global 69
2.2.2 Server 72
3 Device Security
75
3.1 User Management 76
3.2 Authentication List 81
3.3 LDAP 84
3.3.1 LDAP Configuration 85
Contents
4
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
3.3.2 LDAP Role Mapping 90
3.4 Management Access 93
3.4.1 Server 94
Information 95
SNMP 97
HTTP 99
HTTPS 101
SSH 105
3.4.2 IP Access Restriction 110
3.4.3 Web 113
3.4.4 Command Line Interface 114
Global 115
Login Banner 117
3.4.5 SNMPv1/v2 Community 119
3.5 Pre-login Banner 121
4 Network Security
123
4.1 Network Security Overview 125
4.2 Packet Filter 127
4.2.1 Packet Filter Global 129
4.2.2 Firewall Learning Mode 131
Configuration 132
Rules 134
4.2.3 Packet Filter Rule 139
4.2.4 Packet Filter Assignment 146
4.2.5 Packet Filter Overview 149
4.3 Deep Packet Inspection 154
4.3.1 Deep Packet Inspection Modbus Enforcer 155
Function Code Configurator 160
Function Code Configurator – Basic Configuration 160
Contents
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
5
Function Code Configurator – Advanced
Configuration 162
Meaning of the Function Code values 163
4.3.2 Deep Packet Inspection OPC Enforcer 164
4.4 RADIUS 167
4.4.1 RADIUS Global 168
4.4.2 RADIUS Authentication Server 170
4.4.3 RADIUS Authentication Statistics 172
4.5 DoS 174
4.5.1 DoS Global 175
4.6 ACL 179
4.6.1 ACL IPv4 Rule 182
4.6.2 ACL MAC Rule 189
4.6.3 ACL Assignment 196
5 Virtual Private Network
199
5.1 VPN Overview 201
Overview 202
Diagnostics 204
Connection Errors 208
5.2 Virtual Private Network Certificates 209
5.3 Connections 212
Wizard 226
6 Switching
243
6.1 Switching Global 244
6.2 Rate Limiter 246
6.3 Filter for MAC Addresses 249
6.4 QoS/Priority 252
6.4.1 Global 253
6.4.2 Port Configuration 255
Contents
6
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
6.4.3 802.1D/p Mapping 256
6.5 VLAN 258
6.5.1 VLAN Global 259
6.5.2 VLAN Configuration 260
6.5.3 VLAN Port 262
7WAN
265
7.1 SHDSL/EFM 266
7.1.1 SHDSL/EFM Configuration 267
7.1.2 SHDSL/EFM Statistics 270
Port 270
PME 272
8 Routing
275
8.1 Routing Global 276
8.2 Interfaces 279
8.2.1 Configuration 280
Wizard 283
8.2.2 Secondary Interface addresses 286
8.3 ARP 287
8.3.1 ARP Global 288
8.3.2 ARP Current 290
8.3.3 ARP Static 292
Wizard 294
8.4 Open Shortest Path First 296
8.4.1 OSPF Global 298
General 298
Configuration 302
Redistribution 306
8.4.2 OSPF Areas 309
8.4.3 OSPF Stub Areas 311
Contents
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
7
8.4.4 OSPF Not So Stubby Areas 313
8.4.5 OSPF Interfaces 316
8.4.6 OSPF Virtual Links 321
8.4.7 OSPF Ranges 325
8.4.8 OSPF Diagnostics 327
Statistics 328
Link State Database 331
Neighbors 334
Virtual Neighbors 337
External Links State Database 341
Route 342
8.5 Routing Table 344
8.6 Tracking 348
8.6.1 Tracking Configuration 349
8.6.2 Applications 355
8.7 L3 Relay 356
8.8 Loopback Interface 361
8.9 L3-Redundancy 363
8.9.1 VRRP 364
8.9.1.1 VRRP Configuration 365
Wizard 370
8.9.1.2 VRRP Statistics 375
8.9.1.3 Tracking 377
8.10 NAT 380
8.10.1 NAT Global 381
8.10.2 1:1 NAT 383
8.10.2.1 Rule 385
8.10.3 Destination NAT 388
8.10.3.1 Destination NAT Rule 391
8.10.3.2 Destination NAT Mapping 396
Contents
8
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
8.10.3.3 Destination NAT Overview 398
8.10.4 Masquerading NAT 400
8.10.4.1 Masquerading NAT Rule 402
8.10.4.2 Masquerading NAT Mapping 406
8.10.4.3 Masquerading NAT Overview 408
8.10.5 Double NAT 410
8.10.5.1 Double NAT Rule 413
8.10.5.2 Double NAT Mapping 416
8.10.5.3 Double NAT Overview 418
9 Diagnostics
421
9.1 Status Configuration 422
9.1.1 Device Status 423
Global 424
Port 427
Status 428
9.1.2 Security Status 429
Global 430
Port 436
Status 437
9.1.3 Signal Contact 438
9.1.3.1 Signal Contact 1 / Signal Contact 2 439
Global 440
Port 444
Status 445
9.1.4 Alarms (Traps) 446
9.2 System 448
9.2.1 System Information 449
9.2.2 Configuration Check 450
9.2.3 ARP Table 452
9.2.4 Selftest 453
Contents
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
9
9.3 Syslog 455
9.4 Ports 457
9.4.1 SFP 458
9.5 LLDP 459
9.5.1 Configuration 460
9.5.2 Topology Discovery 464
9.6 Report 466
9.6.1 Global 467
9.6.2 Persistent Logging 473
9.6.3 System Log 476
9.6.4 Audit Trail 477
10 Advanced
479
10.1 DNS 480
10.1.1 DNS Client 481
10.1.1.1 DNS Client Global 482
10.1.1.2 DNS Client Current 483
10.1.1.3 DNS Client Static 484
10.1.1.4 Static Hosts 486
10.1.2 DNS Cache 488
10.1.2.1 DNS Cache Global 489
10.2 Command Line Interface 491
A Appendix
493
A.1 Technical Data 494
A.2 List of RFCs 496
A.3 Underlying IEEE Standards 498
A.4 Underlying ANSI Norms 499
A.5 Maintenance 500
Contents
10
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
A.6 Literature references 501
A.7 Copyright of Integrated Software 502
B Readers’ Comments
537
C Index
539
D Further support
543
Safety instructions
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
11
Safety instructions
WARNING
UNCONTROLLED MACHINE ACTIONS
To avoid uncontrolled machine actions caused by data loss, configure all
the data transmission devices individually.
Before you start any machine which is controlled via data transmission, be
sure to complete the configuration of all data transmission devices.
Failure to follow these instructions can result in death, serious injury,
or equipment damage.
Safety instructions
12
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
About this Manual
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
13
About this Manual
The “Graphical User Interface” reference manual contains detailed
information on using the graphical user interface to operate the individual
functions of the device.
The “Command Line Interface” reference manual contains detailed
information on using the Command Line Interface to operate the individual
functions of the device.
The “Installation” user manual contains a device description, safety
instructions, a description of the display, and the other information that you
need to install the device.
The “Basic Configuration” user manual contains the information you need to
start operating the device. It takes you step by step from the first startup
operation through to the basic settings for operation in your environment.
The “Routing Configuration User Manual” document contains the information
you need to start operating the routing function. The manual enables you to
configure your router by following the examples.
The document “HiView User Manual” contains information about the GUI
application HiView. This application offers you the possibility to use the
graphical user interface without other applications such as a Web browser or
an installed Java Runtime Environment (JRE).
About this Manual
14
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
The Industrial HiVision Network Management software provides you with
additional options for smooth configuration and monitoring:
ActiveX control for SCADA integration
Auto-topology discovery
Browser interface
Client/server structure
Event handling
Event log
Simultaneous configuration of multiple devices
Graphical user interface with network layout
SNMP/OPC gateway
Key
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
15
Key
The designations used in this manual have the following meanings:
List
Work step
Subheading
Link Cross-reference with link
Note: A note emphasizes an important fact or draws your attention to a dependency.
Courier ASCII representation in the graphical user interface
Key
16
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
Graphical User Interface
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
17
Graphical User Interface
System requirements
Use HiView to open the graphical user interface. This application offers you
the possibility to use the graphical user interface without other applications
such as a Web browser or an installed Java Runtime Environment (JRE).
Alternatively you have the option to open the graphical user interface in a
Web browser, e.g. in Mozilla Firefox version 3.5 or higher or Microsoft
Internet Explorer version 7 or higher. You need to install the Java Runtime
Environment (JRE) in the most recently released version. You can find
installation packages for your operating system at http://java.com.
Starting the graphical user interface
The prerequisite for starting the graphical user interface is that the IP
parameters are configured in the device. The “Basic Configuration” user
manual contains detailed information that you need to specify the IP
parameters.
Starting the graphical user interface in HiView:
Start HiView.
In the URL field of the start window, enter the IP address of your device.
Press the Enter key.
HiView sets up the connection to the device and displays the Login window.
Graphical User Interface
18
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
Start the graphical user interface in the Web browser:
This requires that Java is enabled in the security settings of your Web
browser.
Start your Web browser.
Write the IP address of the device in the address field of the Web browser.
Use the following form:
https://xxx.xxx.xxx.xxx
The Web browser sets up the connection to the device and displays the Login
window.
Figure 1: Login window
Select the user name and enter the password.
Select the language in which you want to use the graphical user interface.
Click the “Ok“ button.
The Web browser displays the graphical user interface.
Graphical User Interface
RM GUI HiSecOS EAGLE20/30
Release
3.2
01/2019
19
Layout of the graphical user interface
The graphical user interface of the device is divided as follows:
Tab area (at the upper edge)
Menu section (left)
Status line
Dialog section (right).
Figure 2: Graphical user interface of the device
/