Digi X8, X4, X2 manual Security features

Page 42

F e a t u r e s

Security features

Security-related features in Digi devices include:

Secure access and authentication:

One password, one permission level.

Can issue passwords to device users.

Can selectively enable and disable network services such as ADDP, RealPort, Encrypted RealPort, HTTP/HTTPS, LPD, Remote Login, Remote Shell, SNMP, and Telnet.

Can control access to inbound ports.

Secure sites for configuration: HTML pages for configuration have appropriate security.

Encryption:

Strong Secure Sockets Layer (SSL) V3.0/ Transport Layer Security (TLS) V1.0-based encryption: DES (64-bit), 3DES (192-bit), AES (128-/192-/256- bit), IPsec ESP: DES, 3DES, AES.

Encrypted RealPort offers encryption for the Ethernet connection between the COM/TTY port and the Digi device.

SNMP security:

Authorization: Changing public and private community names is recommended to prevent unauthorized access to the device.

SNMP “set” commands can be disabled to make use of SNMP read-only.

4 2

Page 41 Page 43
Image 42
Page 41 Page 43
Contents ConnectPort X Family User’s Guide E r ’ s G u i d e Contents N t e n t s Configure Digi devices N t e n t s N t e n t s N t e n t s N t e n t s Monitor and manage Digi devices 175 Administration tasks Specifications and certifications Glossary IndexN t e n t s Purpose AudienceScope Where to find more information General release documentationDigi contact information To Contact Digi International UseG i c o n t a c t i n f o r m a t i o n Introduction ConnectPort X Family products Features User interfacesQuick reference for configuring features Feature/task Path to feature in the web interface SeeConfiguration Serial Ports port Profile Settings Configuration Network Advanced Network Settings Set mesh SSH Configuration Security Configuration System Device Identity Settings Hardware features Network interface featuresConfigurable network services IP protocol support Serial data communication over TCP and UDP Simple Network Management Protocol Snmp Dynamic Host Configuration Protocol DhcpAuto-IP Supported RFCs and MIBsSecure Sockets Layer SSL/Transport Layer Security TLS Remote Login rloginSupported Snmp traps TelnetNetwork Address Translation NAT/Port Forwarding Internet Control Message Protocol IcmpPoint-to-Point Protocol PPP Advanced Digi Discovery Protocol AddpMobile/Cellular features and protocol support Provisioning wizardDigi SureLink Code-Division Multiple Access Cdma Mobile/Cellular protocolsGlobal System for Mobile communication GSM General Packet Radio Service Gprs Universal Mobile Telecommunications Service UmtsEnhanced Data Rates for GSM Evolution Edge Evolution-Data Optimized EV-DO, EVDO, or 1xEV-DO IP address assignment alternatives RealPort software Encrypted RealPortAlarms Modem emulationSecurity features Configuration management Customization capabilitiesNetwork services Network services associated with specific serial portsSupported connections and data paths in Digi devices Network services associated with serial ports in general Network services associated with the command-line interfaceAutoconnect behavior client connections Command-line interface CLI-based client connectionsNetwork/serial clients Modem emulation pseudo-modem client connectionsConfiguration capabilities and interfaces Configuration capabilitiesConfiguration interfaces Digi Device Setup wizard Page Digi Device Discovery utility Advantages of the Digi Device Discovery utility are Web interface Page Command-line interface Connectware Manager interface Connectware Manager Getting Started Guide Simple Network Management Protocol Snmp Standard MIBs supported Digi enterprise MIBs supportedAdditional Snmp resources Monitoring capabilities and interfaces Monitoring interfacesConnectware Manager SnmpAdministration tasks Configure Digi devices My Computer CD ROM Drive setup.exe Default IP addressConfigure an IP address using the Digi Device Setup Wizard Alternate methods for assigning an IP addressConfigure an IP address using Dhcp Configure an IP address using Auto-IPConfigure an IP address from the command-line interface IP addresses and Connectware ManagerTest the IP address configuration Configuration through the web interface Select Device Discovery Utility and click Install By using the Digi Device Discovery utilityInstall Digi Device Discovery utility Open the web interfaceDiscover devices Organization of the web interface Configuration pages HomeApplication pages Cancel changesRestore the Digi device to factory defaults Apply and save changesChange the IP address from the web interface, as needed Configure network communications Alternatives for configuring network communications IP settingsScope Dhcp server settingsDhcp terminology Exclusion rangeReservation LeaseGrace period OptionsAddresses in the Dhcp server settings Dhcp server configuration settingsPage Manage the Dhcp server Network services settings # ssh -l fred digi16 -p 2501 # telnet digi16 Service Services provided Default Network Port Number AddpSnmp Network services and IP pass-through Dynamic DNS update settings SettingsPage Status and history information IP filtering settings IP forwarding settings Example Socket tunnel settings IP pass-through settings How IP pass-through worksN f i g u r e D i g i d e v i c e s How IP pass-through affects network access to Digi devices Using pinholes to manage the Digi deviceSteps to configure IP pass-through Remote device management and IP pass-throughIP Pass-through Screen shot shows IP Pass-through configuration settings Virtual Private Network VPN settings Uses for VPN-enabled Digi devicesExample VPN configuration How VPN tunnels workGSM GPRS/EDGE APN type needed HQ router / VPN appliance configurationIP address requirements for VPN tunnels Cdma carrier requirementsUsing a console port Configure VPN settingsSetting Remote Site Digi Connect VPN VPN Concentrator N f i g u r e D i g i d e v i c e s Click VPN Internet Key Exchange IKE Settings Use the following as the identity Page Default Security Policies Page N f i g u r e D i g i d e v i c e s Page N f i g u r e D i g i d e v i c e s Manual-keyed IPSEc/ESP VPN tunnel security settings Tunnel Network Traffic to the following Remote NetworkEnable Encryption Encryption algorithm Algorithm SizeEnable Authentication Authentication algorithm Algorithm Size Key LengthIsakmp VPN tunnel security settings Size Key Length VPN tunnel proposal configuration for Isakmp tunnels Advanced network settings CDMA-based mobile service providers Configure mobile cellular settingsInformation required from mobile service provider GSM-based mobile service providersSet mobile configuration settings to factory defaults Mobile service provider settingsProvision a mobile device Launch the Mobile Device Provisioning WizardSelect a mobile service provider from the list Automatic versus manual provisioningExample provision ConnectPort WAN VPN for Sprint PCS Select automatic or manual provisioning Device provisioning in progress Provisioning complete Mobile connection settings Digi SureLink settingsHardware reset thresholds Link integrity monitoring settingsN f i g u r e D i g i d e v i c e s Page Status and statistical information for mobile connections Configure Mesh/ZigBee network settings Mesh network terms ZigBee protocol Node ZigBee node typesCoordinator ZigBee protocol terms RouterEnd device ZigBee stackMaximum child routers JoiningNetwork maximum depth Maximum child end devicesMesh Network configuration settings Page Basic radio settings Advanced radio settings Power Level Conducted Power DBmAbout port profiles Configure serial portsSelect and configure a port profile Click Change ProfileRealPort profile Console Management profileTCP Sockets profile Automatic TCP connections autoconnectionRFC 2217 support TCP and UDP network port numbering conventions UDP Sockets profileFor this connection type Use this Port Local Configuration profile Serial Bridge profileModem Emulation profile Basic serial settings Custom ProfileAdvanced serial settings Serial SettingsTCP settings Character Key SequenceHexadecimal \xhh Values Tab Line feed Backslash UDP settings Configure camera settings Camera settingsCamera operation Configure alarms Alarm notification settingsAlarm conditions Alarm listAlarm conditions Alarm destinations Enable and Disable AlarmsConfigure system settings Snmp configuration settingsDevice description information Configure remote management Connectware Manager settings Steps for setting up remote managementConnection settings About client-initiated and server-initiated connectionsLast Known Address LKA Client initiated management connection settings Retry if the LKA update failsAdvanced remote management settings Mobile SettingsUsername Configure Security settings Alarms and the Connectware Manager serverFor more information on Connectware Manager From the command line Password authenticationEnable password authentication About user models and user permissionsDisable password authentication Change the password for administrative userDisable unused and non-secure network services Upload an SSH public keyUse IP filtering Python program management Configure applicationsPython configuration pages Recommended distribution of Python interpreterAuto-start settings Python filesManually execute uploaded Python programs Configuration through the command line Access the command lineVerify device support of commands To configure Use this command Set snmp N f i g u r e D i g i d e v i c e s Configuration through Connectware Manager ZigBee Networks View Node View N f i g u r e D i g i d e v i c e s Batch capabilities for configuring multiple devices What’s next?Monitor and manage Digi devices Monitoring capabilities in the web interface Display system informationGeneral system information Total/Used/Free Memory Serial port diagnosticsUp Time Serial port informationConfiguration SignalsFraming Errors Overrun ErrorsOverflow Errors Parity ErrorsNetwork statistics Forwarding Default Time-To-LiveIP Statistics Datagrams Received Datagrams Forwarded No RoutesUDP statistics Icmp statisticsMobile Connection Statistics Registration Status Signal Strength RssiMobile information and statistics Cell IDMobile Statistics Idle ResetsInactivity Timer IP AddressModem Manufacturer Mobile InformationPhone Number Modem Serial NumberSession failures SureLink statisticsSession successes Session consecutive failuresTotal link down requests DiagnosticsTotal failures Total bypassesManage connections Manage connections and servicesManage serial ports Manage VPN connectionsManage Dhcp server operation Manage network servicesEvent logging Start, stop, and restart the Dhcp serverView and manage current Dhcp leases Assigned expired Lease status typesAssigned active Reserved activeReleased Unavailable AddressManage Mesh networks Manage Mesh networks from the web interface Python Application ZigBee Socket Counters Gateway device detailsNetwork view of the Mesh devices Frames SentNot Joined Errors Python Application ZigBee Socket Error CountsTransmit I/O Errors Self Addressed ErrorsMesh device state pages Monitoring capabilities from the command line Commands for displaying device information and statisticsDisplay Info Set snmp Set alarmSet buffer and display buffers ShowCommands for managing connections and sessions Commands for managing Mesh networks and nodes Configure Mesh network settings command syntaxSet mesh Display Mesh network configuration settings command syntax Display mesh PAN IDInfo zigbeesockets Monitoring capabilities from Connectware Manager Monitor/manage Mesh networks from Connectware Manager Monitoring Capabilities from Snmp Administration tasks Administration from the web interface Uploading Files Custom files are not deleted by device resetFile management Delete filesCertificate/Key Management Backup/restore device configurations Update Firmware from a Tftp Server Update firmware and Boot/POST CodeUpdate firmware from a file on a PC PrerequisitesRestore a device configuration to factory defaults Settings cleared and retained during factory resetUsing the web interface Using the Reset button WANReboot the Digi device Enable/disable access to network servicesAdministration from the command-line interface Administrative task CommandSpecifications and certifications Hardware specifications ConnectPort X8 specificationsSpecification Value FCC Part 15 Class B Safety standardsRegulatory information and certifications Radio Frequency Interface RFI FCCModifications FCC Industry CanadaDeclaration of Conformity International EMC Standards Standards ConnectPortImportant Safety Information Alarms Access control listAddress Resolution Protocol ARP 802.11Configuration management COM port redirectionDigi Device Setup Wizard Dynamic Host Configuration Protocol DhcpDevice server Enhanced Data Rates for Global Evolution Edge Encapsulating Security Payload ESPEncryption ESP PassthroughHigh Speed Downlink Packet Access Hsdpa Factory defaultsGeneral Packet Radio Service Gprs File Transfer Protocol FTPHyperText Transfer Protocol Http HyperText Transfer Protocol over Secure Socket Layer HttpsInternet Control Message Protocol Icmp Internet Group Management Protocol Igmp IP filteringIPsec Internet Protocol Security Management Information Base MIB Mobile Device Provisioning WizardPower-On Self Test Post Modem emulationPort forwarding Provisioning Remote login rloginRlogin RealPortSerial bridge Setup WizardSecure Sockets Layer SSL Serial tunnelingStatic IP address assignment TelnetTrivial File Transfer Protocol Tftp Transmission Control Protocol TCPTransport Layer Security TLS TTY port redirectionUniversal Mobile Telecommunications Service Umts User Datagram Protocol UDPZigBee To 255 devices in a single Wpan Index DCD 145 Dhcp Gprs NAT Local Configuration Modem Emulation PPP D e 151 TCP D e D e
Related manuals
Manual 254 pages 23.55 Kb Manual 1 pages 201 b

X4, X8, X2 specifications

Digi X2 and X1 are advanced cellular IoT (Internet of Things) gateways that provide an innovative solution for industrial applications, smart cities, and remote asset management. Both devices equip users with the means to connect, monitor, and control a wide variety of assets without the limitations traditionally imposed by wired connections.

Digi X2, designed for complex IoT demands, features dual SIM slots which ensures uninterrupted connectivity through automatic failover. This makes it particularly valuable for critical applications where connectivity is non-negotiable. Additionally, the X2 is equipped with LTE-M and NB-IoT support, enabling extensive coverage in areas where other networks may struggle.

On the software side, the Digi X2 supports Digi Remote Manager, a powerful tool that allows users to monitor, manage, and deploy devices remotely. This cloud-based management system simplifies the overall management of IoT devices by providing real-time insights, easy configuration changes, and over-the-air updates, saving both time and resources.

In contrast, the Digi X1 serves as an entry-level model that balances performance with cost-effectiveness. It supports LTE connectivity, providing a reliable connection suitable for a variety of applications. The X1 also offers seamless integration with existing networks, allowing users to leverage their current infrastructure while expanding their IoT capabilities.

Both Digi X2 and X1 are designed with ruggedness in mind, making them suitable for deployment in harsh environments. They are engineered to withstand extreme temperatures and vibrations, ensuring reliability even in demanding industrial settings.

Another notable characteristic of these devices is their extensive input/output (I/O) capabilities, which enable them to interact with sensors, machines, and other types of devices. This versatility allows for a broad spectrum of applications, from monitoring temperatures in remote locations to tracking assets across geographic boundaries.

In summary, the Digi X1 and X2 provide robust, reliable, and scalable solutions for modern IoT implementations. With their advanced cellular connectivity, cloud management capabilities, and durable design, they are poised to enhance connectivity across industries, driving efficiencies and enabling smarter operations. Whether for critical industrial applications or efficient asset management, Digi's offerings are tailored to meet the diverse needs of today's IoT landscape.
Top Page Image Contents