dongleserver ProMAX
en
dongleserver Control Center
Online help
Version 1.2
| NETWORK – IPv4 | |
|---|---|
| Element | Description |
| DHCP | Enables/disables the DHCP protocol. The dongleserver receives its IPv4 configuration automatically via the protocol. |
| ARP/PING | Enables/disables the IP address assignment via ARP/PING. You can use the commands ARP and PING to change an IP address which was assigned via Zeroconf during the initial setup. |
| IP address | IP address of the dongleserver |
| Prefix length | The IP address and the prefix length defines the network mask of the dongleserver. |
| Router | Router address of the dongleserver |
| NETWORK – IPv6 | |
|---|---|
| Element | Description |
| IPv6 | Enables/disables the IPv6 feature. |
| Automatic configuration | Enables/disables the automatic assignment of the IPv6 address for the dongleserver. |
| IPv6 address | Defines a dongleserver IPv6 unicast address assigned manually in the format n:n:n:n:n:n:n:n. Every 'n' represents the hexadecimal value of one of the eight 16 bit elements of the address. |
| Router | Defines the IPv6 unicast address of the router. The dongleserver sends its 'Router Solicitations' (RS) to this router. |
| Prefix length | Defines the length of the subnet prefix for the IPv6 address. The value 64 is preset. Address ranges are specified by prefixes. The prefix length (number of bits used) is added to the IPv6 address and specified as a decimal number. The decimal number is separated by '/'. |
| NETWORK – IP-VLAN | |
|---|---|
| Element | Description |
| IP management VLAN &ndash | Enables/disables the forwarding of IP management VLAN data. If this option is enabled, SNMP is only available in the IP management VLAN. |
Management VLAN selection menu | Sets the management VLAN vin the network. |
| IP management VLAN – TCP access via LAN (untagged) | Enables/disables the web access (dongleserver Control Center) to the dongleserver via IP packets without tag. If this option is disabled, the dongleserver can only be administrated via VLANs.< br>Note:The SNMP works exclusively via LAN and the VLAN specified in the selection menu. |
| NETWORK – DNS | |
|---|---|
| Element | Description |
| DNS | Enables/disables the name resolution via a DNS server. DNS allows for the mutual assignment of names and addresses. |
| Primary DNS server | Defines the IP address of the primary DNS server. |
| Secondary DNS server | Defines the IP address of the secondary DNS server. The secondary DNS server is used if the primary DNS server is not available. |
| Domain name (suffix) | Defines the domain name of an existing DNS server. |
| Preferred address type | Specifies which address type is used after the IP address is returned from the DNS server. (This option is only relevant if IPv4 and IPv6 is enabled.) |
| NETWORK – Email | |
|---|---|
| Element | Description |
| POP3 | Enables/disables the POP3 feature. |
| POP3 – Server address | Defines the POP3 server via its IP address or host name. (A host name can only be used if a DNS server was configured beforehand.) |
| POP3 – Server port | Defines the port used by the dongleserver for receiving emails. The port number 110 is preset. When using SSL/TLS, enter 995 as port number. |
| POP3 – Security | Defines the authentication method to be used (APOP/SSL/TLS). When using SSL/TLS, the cipher strength is defined via the encryption level. |
| POP3 – Check mail every | Defines the time interval (in minutes) for retrieving emails from the POP3 server. |
| POP3 – Ignore mail exceeding | Defines the maximum email size (in Kbyte) to be accepted by the dongleserver. (0 = unlimited) |
| POP3 – User name | Defines the user name used by the dongleserver to log on to the POP3 server. |
| POP3 – Password | Defines the password used by the dongleserver to log on to the POP3 server. |
| SMTP – Server address | Defines the SMTP server via its IP address or host name. (A host name can only be used if a DNS server was configured beforehand.) |
| SMTP – Server port | Defines the port number used by the dongleserver to send emails to the SMTP server. The port number 25 is preset. |
| SMTP – SSL/TLS | Enables/disables the SSL/TLS encryption for the communication between dongleserver and SMTP server. The encryption strength is defined via the encryption protocol and level. |
| SMTP – Sender name | Defines the email address used by the dongleserver to send emails. (Very often the name of the sender and the user name are identical.) |
| SMTP – Login | Enables/disables the SMTP authentication for the login. |
| SMTP – User name | Defines the user name used by the dongleserver to log on to the SMTP server. |
| SMTP – Password | Defines the password used by the dongleserver to log on to the SMTP server. |
| SMTP – Security (S/MIME) | Enables/disables the signing of emails with S/MIME. A signature created by the sender allows the recipient to verify the identity of the sender and to make sure that the email was not modified. An S/MIME certificate is required for all security features. |
| SMTP – Attach public key | Sends the public key together with the email. Many email clients require the public key to be attached in order to view the emails. |
| SMTP – Encryption | Defines the encryption of emails. Only the recipient can open and read the encrypted email. |
| NETWORK – Bonjour | |
|---|---|
| Element | Description |
| Bonjour | Enables/disables the Bonjour feature. Bonjour is a technology which automatically finds computers, devices and different network services in IP networks. |
| Bonjour name | Defines the Bonjour name of the dongleserver. The dongleserver uses this name for its Bonjour services. If no Bonjour name is entered, the default name will be used (device name@ICxxxxxx). |
| NETWORK – Servers | |
|---|---|
| Element | Description |
| WebDAV | Enables/disables the WebDaV feature. The dongleserver can send data to a WebDAV server, e.g. for monitoring purposes. |
| WebDAV – Server address | Defines a WebDAV server via its IP address or host name. (A host name can only be used if a DNS server was configured beforehand.) |
| WebDAV – User name | Defines the user name used by the dongleserver to log on to the WebDAV server. |
| WebDAV – Password | Defines the password used by the dongleserver to log on to the WebDaV server. |
| WebDAV – SSL/TLS | Enables/disables the SSL/TLS encryption for the communication between the dongleserver and WebDAV server. The encryption strength is defined via the encryption protocol and level. |
| Syslog-ng | Enables/disables the Syslog-ng feature. The dongleserver can send data to a Syslog-ng server, e.g. for monitoring purposes. |
| Syslog-ng – Server address | Defines a Syslog-ng server via its IP address or the host name. (A host name can only be used if a DNS server was configured beforehand.) |
| Syslog-ng – Server port | Defines the port number used by the dongleserver to communicate with the Syslog-ng server. The port number 514 is preset. |
| Syslog-ng – SSL/TLS | Enables/disables the SSL/TLS encryption for the communication between the dongleserver and Syslog-ng server. The encryption strength is defined via the encryption protocol and level. |
| DEVICE – Description | |
|---|---|
| Element | Description |
| Host name | Defines the host name of the dongleserver. |
| Description | Freely definable description |
| Contact person | Freely definable description |
| Identifier (display panel) | Defines the identifier shown in the display panel on the front side of the Dongleserver. (1–2 characters; A–Z, 0–9) |
| DEVICE – Date/Time | |
|---|---|
| Element | Description |
| Time zone | Adapts the device time (which is either set via the device clock or received via a time server) to your local standard time including country-specific particularities such as summer time. |
| Device clock | Manually defines date and time for the hardware clock of the dongleserver. If the device is powered off, the device clock will continue to run for a certain period. A correct time setting is required for some network mechanisms such as authentication. Therefore, we recommend to use a time server in regular operation and the use of the device clock only for special cases like the initial setup. |
| Time server | Enables/disables the use of a time server (SNTP). A time server synchronizes the time of devices within a network, so that all devices have a correct time setting and can use time-dependent network mechanisms such as authentication. |
| Server address | Defines a time server via its IP address or host name. (A host name can only be used if a DNS server was configured beforehand.) |
| DEVICE – UTN Port | |
|---|---|
| Element | Description |
| UTN port | Defines the number of the UTN port for unencrypted connections. Client and dongleserver communicate via the UTN port. The port number 9200 is preset. Note: The UTN port must not be blocked by security software (firewall). |
| Encrypted UTN port | Defines the number of the UTN port for encrypted connections. The encrypted UTN port is used for SSL/TLS encrypted connections between the client and dongleserver. The port number 9443 is preset. Note: The encrypted UTN port must not be blocked by security software (firewall). |
| DEVICE – NOTIFICATION | |
|---|---|
| Element | Description |
| Note: You must configure POP3 und SMTP to use the notification service. | |
| Email – Email address | Defines the email address of the recipient to which the emails will be sent. |
| Status email – Recipient | Enables/disables the periodical sending of a status email to recipient 1 or 2. |
| Status email – Interval | Specifies the interval at which a status email is sent. |
| Email subject | Defines the email subject line text for notification and status emails. |
| SNMP traps | Note: SNMP traps can only be used if SNMP was configured beforehand. |
| SNMP traps – Address | Defines the SNMP trap address of the recipient. |
| SNMP traps – Community | Defines the SNMP trap community of the recipient. |
| SNMP traps – SNMP version | Defines the SNMP protocol for the sending of SNMP traps. |
| Display panel – Only one power supply works | Enables/disables the display of error messages in the display panel if the dongleserver only is supplied by one power supply. |
| Display panel – SD card error | Enables/disables the display of error messages in the display panel if no SD card is inserted into the dongleserver or if the SD card cannot be used. |
| Display panel – Only one network connection is established | Enables/disables the display of error messages in the display panel if only one of the two network connections of the dongleserver is established. |
| Acoustic signal – Only one power supply works | Enables/disables the acoustic signal that sounds if the dongleserver only is supplied by one power supply. |
| Acoustic signal – SD card error | Enables/disables the acoustic signal that sounds if no SD card is inserted into the dongleserver or if the SD card cannot be used. |
| Acoustic signal – Only one network connection is established | Enables/disables the acoustic signal that sounds if only one of the two network connections of the dongleserver is established. |
| DEVICE – Monitoring | |
|---|---|
| Element | Description |
| Monitoring | Enables/disables the monitoring of systems values, events, and errors. |
| View log | Shows the current monitoring log. |
| Export | Saves the current monitoring log to the client. |
| Delete | Deletes the current monitoring log. |
| Values | Defines the systems values, events, and errors which are to be monitored. |
| WebDAV – Directory | Defines the directory on the WebDAV server in which the monitoring logs are saved. |
| WebDAV – Create directories for individual days | Enables/disables the creation of subdirectories in which the monitoring logs of one day are saved. Note: After one year, the FIFO method (first, in, first-out) is applied. For example, January 01 of last year will be replaced by January 01 of the current year. |
| WebDAV – Continuous backup | Enables/disables the regular backup of monitoring logs on the WebDAV server. Notes: - Can only be used if a WebDAV server was configured beforehand. - The monitoring logs are split into 2 MB sized files on the dongleserver. As soon as this size is reached, the file will be saved to the WebDAV server. |
| WebDAV – Daily backup at | Saves the monitoring logs to the WebDAV server daily at a time defined. Note:This backup is created in addition to the continuous backup. |
| WebDAV – Export manually now | Saves the monitoring logs to the WebDAV server immediately. Note:This backup is created in addition to the continuous backup. |
| Email – Email address | Defines the email address of the recipient for the monitoring logs. |
| Email – Email subject | Defines the email subject line text for monitoring emails. |
| Email – Continuous backup | Enables/disables the regular sending of monitoring logs via email. Notes: - Can only be used if POP3 and SMTP were configured beforehand. - The monitoring logs are split into 2 MB sized files on the dongleserver. As soon as this size is reached, the file will be sent as email attachment. |
| Email – Daily backup at | Emails the monitoring logs daily at a time defined. Note:This backup is created in addition to the continuous backup. |
| Email – Export manually now | Emails the monitoring logs immediately. Note:This backup is created in addition to the continuous backup. |
| Syslog-ng export | Enables/disables the sending of monitoring logs to a Syslog-ng server. Note: Can only be used if a Syslog-ng server was configured beforehand. |
| Syslog-ng export – Format | Defines the format for monitoring information that the dongleserver sends to the Syslog-ng server: IETF (RFC 5424) or Legacy (RFC 3164/BSD). |
| Device – Relay | |
|---|---|
| Element | Description |
| Clear all Events/Reset Relay | Clears all events and resets the relay |
| Relay activation - user-defined | Manually switches the relay to the desired position (open or closed). The relay remains in the selected position. |
| Relay activation - event-related | The relay switches from the open to the closed position as soon as one of the selected events occurs. After that, the relay does not switch back automatically. To do this, the event must first be manually deleted and the relay has to be reset. |
| Relay activation - status-related | By default, the relay is in open position. As soon as one chosen device status occurs, the relay switches to closed position. As soon as the status changes back, the relay automatically returns to open position. |
| Fixed position - open | Manually switches the relay to the closed position and the relay activation to user-defined. |
| Fixed position - closed | Manually switches the relay to the closed position and the relay activation to user-defined. |
| Security – SSL/TLS | |
|---|---|
| Element | Description |
| Encryption protocol | Defines the encryption protocol to be used for SSL/TLS connections. Which protocols can be chosen depends on the product and its software version. With 'any', the protocol is automatically negotiated by both communicating parties. |
| Encryption level | Defines the encryption level to be used for all SSL/TLS connections. - Any (The encryption is automatically negotiated by both communicating parties. The strongest encryption supported by both parties will always be chosen.) - Low (weak encryption) - Medium - High (strong encryption) |
| Detailed information (connection status, cipher suites, etc.) can be found on the Details page. | |
| SECURITY – Control Center | |
|---|---|
| Element | Description |
| Connection | Defines the permitted type of connection to the dongleserver Control Center: - HTTP and HTTPS (unencrypted or encrypted connection) - HTTPS only (always encrypted connections) The encryption strength is defined via the encryption protocol and level. |
| User Accounts | Defines the three user accounts (name and password) for the restricted access to the dongleserver Control Center and the SNMP access.
- Administrator: Complete access to the dongleserver Control Center. The user can see all pages and administrate. - USB Manager: Restricted access to the dongleserver Control Center. The user can only manage the USB ports (Security - USB subpage) and terminate activated port connections from the dongleserver Control Center home page. - Read-only user: Very restricted access to the dongleserver Control Center. The user can only see the 'START' page. |
| Restrict Control Center access | Enables/disables the dongleserver Center access restriction. If access is restricted, a login screen is displayed when opening the dongleserver Control Center. Note: If access is restricted, user accounts must be defined. |
| Restrict Control Center access – Login screen displays | Defines the type of login screen. It is either displayed: - a list of users (user names are shown. Only the password must be entered.) - the name and password dialog (A neutral login mask in which user name and password must be entered.) |
| Restrict Control Center access – Session timeout | Enables/disables the session timeout. If there is no activity during the timeout defined, the connection to the dongleserver Control Center is terminated for security reasons. In the box, enter the time in seconds after which the timeout is to be effective. |
| SECURITY – SNMP | |
|---|---|
| Element | Description |
| SNMPv1 | Enables/disables SNMPv1. |
| SNMPv1 – Read-only | Enables/disables the write protection for the community. |
| SNMPv1 – Community | SNMP community name The SNMP community is a basic form of access protection in which several participants with the same access rights are grouped together. |
| SNMPv3 | Enables/disables SNMPv3. Note: For SNMPv3 the user accounts 'Administrator' and 'Read-only user’ must be set up. |
| SNMPv3 – Hash | Defines the hash algorithm. |
| SNMPv3 – Access rights | Defines the access rights of the SNMP user. |
| SNMPv3 – Encryption | Defines the encryption method. In addition, the password must be entered. |
| SECURITY – TCP port access | |
|---|---|
| Element | Description |
| Port access control | Enables/disables the blocking of selected ports and thus connections to the dongleserver. You define the port types to be blocked in the 'Security level' area. Caution: The dongleserver may not receive information (e.g. via DNS and SNTP) anymore and that you won’t be able to access the dongleserver Control Center. In the 'Exceptions' area, define the network elements which are excluded from port blocking. Test your settings for the port access control via the 'Test mode’ in order to make sure you can access the dongleserver. |
| Test mode | Enables/disables the test mode. With the test mode your can check your setting for the port access control. If the test mode is activated, the access protection remains active until the dongleserver is rebooted. Caution: After a successful test, you must deactivate the test mode so that access protection remains permanently active. |
| Security level | Blocks the selected port types. - Block UTN access (UTN ports) - Block TCP access (TCP ports: HTTP/HTTPS, UTN) - Block all (all IP ports) Notes: - The parameter 'Port access control' must be enabled for the blocking to be effective. - In the 'Exceptions' area, define the network elements which are excluded from port blocking. Test your settings for the port access control via the 'Test mode’ in order to make sure you can access the dongleserver. |
| Exceptions | Defines elements that are excluded from port blocking using their IP or hardware address. You can define up to 16 exceptions. Using wildcards (*), you can define subnetworks. Note: Hardware addresses (MAC) are not delivered through routers! |
| SECURITY – Certificates | |
|---|---|
| Element | Description |
| Certificates status | You can view installed certificates, save them locally or delete them. To do so, click the respective icon. |
| Self-signed certificate | Displays a page to create a self-signed certificate. The self-signed certificate is created and immediately installed on the dongleserver. |
| Certificate request | Starts a page for the creation of a certificate request. In order to use a certificate that has been issued especially for the dongleserver, a certificate request may be created. You send it to the certification authority which creates an certificate on the basis of this request. After you have received the requested certificate, you have to install it in the dongleserver. |
| PKCS#12 certificate | Displays a page for the installation of a PKCS#12 certificate. PKCS#12 certificates are used to save private keys and their corresponding certificates in one file. In addition, the file is protected with a password. Note: The PKCS#12 certificate must be in 'base64' format. |
| Requested certificate | Displays a page for the installation of a certificate, that has been created by a certification authority (CA) for the dongleserver on the basis of a certificate request. Note: The certificate must be in 'base64' format. |
| S/MIME certificate | Displays a page for the installation of an S/MIME certificate. S/MIME certificates (*.pem file) are used to sign and encrypt emails which are sent by the dongleserver. Note: The S/MIME certificate must be in 'base64' format. |
| CA certificate | Displays a page for the installation of a certification authority's (CA) certificate. CA certificates are used for verifying certificates that have been issued by the respective certification authority. Note: The CA certificate must be in 'base64' format. Up to 32 CA certificates can be installed. |
| SECURITY – Authentication | |
|---|---|
| Element | Description |
| Authentication method | Defines an authentication mechanism (according to IEEE 802.1X). If you are using an authentication mechanism in your network, the dongleserver can participate. |
| User name | Defines the user name that is set up for the dongleserver on the RADIUS server for the EAP authentication methods MD5, TTLS, PEAP, and FAST. |
| Password | Defines the password that is set up for the dongleserver on the RADIUS server for the EAP authentication methods MD5, TTLS, PEAP, and FAST. |
| PEAP/EAP-FAST options | Defines the kind of external authentication for the EAP authentication methods TTLS, PEAP, and FAST. |
| Inner authentication | Defines the kind of inner authentication for the EAP authentication methods TTLS, PEAP, and FAST. |
| EAP root certificate | Defines the root certificate for the authentication procedure. Choose the root CA certificate of the certification authority that has issued the certificate of the authentication server (RADIUS). Note: The CA certificate must already be installed on the device. |
| Anonymous name | Defines the anonymous name for the unencrypted part of the EAP authentication methods TTLS, PEAP, and FAST. |
| WPA add-on | Defines an optional WPA expansion for the EAP authentication methods TTLS, PEAP, and FAST. |
| SECURITY – USB | |
|---|---|
| Element | Description |
| Encrypt USB communication (SSL/TLS) | Enables/disables the SSL/TLS encryption of the entire USB and UTN communication. The encryption strength is defined via the encryption protocol and level. |
| Disable input devices (HID class) | Enables/disables the blocking of input devices (HID – human interface devices).
'Enable/disable input devices (HID class) for all ports' enables or disables all ports at once. The feature protects the dongleserver from USB devices that present themselves as HID class devices but actually used for abuse (known as 'BadUSB'). |
| USB | Shows the USB port type (2.0 Hi-Speed or USB 3.0 SuperSpeed). |
| Flash | Enables/disables the power supply for the USB port (i.e. the USB device connected to the port). With this feature you can (de)activate a USB device connected to the USB port (e.g. in case of an error) or disable used USB ports (to increase security). |
| Name | Freely definable description of the USB port. If no port name is defined, the default name of the USB device connected will be used. Using the port name, the connected USB device can be displayed with the desired name. |
| Lock | Information on security mechanisms that are set up for the USB port: - Port key control - Device assignment - Port key control and device assignment combined |
| VLAN | Allocates a VLAN to the USB port. |
| USB device | Information on the connected USB device: Name (product ID – PID), serial number, manufacturer (vendor ID – VID). |
| Change | Opens a sub page for the respective USB port for configuring the security features port port key control and device assignment. |
| Details | Shows information on the USB port and the connected USB device. |
| SECURITY – USB port | |
|---|---|
| Element | Description |
| Description | Allows a description of the USB port. The written information is displayed on the properties page of the UTN manager for the corresponding USB port. (A line break can be created with <br>. The maximum string length is 128byte.) |
| Method | Defines a method to limit the access to USB devices which are connected to the dongleserver: - Port key control: A key is defined for the USB port. The USB port nor the connected USB device are shown in the SEH UTN Manager, however a connection cannot be established. To do so, the key must be entered in the SEH UTN Manager. - Device assignment: A certain USB device is assigned to a USB port. This is achieved by linking the USB port and USB device through the vendor ID (short VID) and product ID (short PID) of the USB device. The combination of VID and PID is specific to a certain USB device model which means that only USB devices of this specific model can be used on the USB port. This way you can assure, that (security) settings cannot be circumvented by connecting USB devices to other ports. - Port key control/device assignment: Combines the methods described above. |
| Key | Specifies the key for the port key control. You can have the key generated for you or enter one manually (max. 64 ASCII characters). You can assign up to 2 keys with different validity to one USB port. |
| Validity | Defines the validity of a port key. Using the validity, you can define when users can access a USB port and the connected USB device: - off (never valid; use 'off' when you want to keep the key but deactivate it for the time being) - forever (always valid) - expires on (valid until hour X on day Z) - weekly (valid on the weekdays X defined, from hour Y to Z) |
| USB device | Shows the VID (Vendor ID) and PID (Product ID) of the USB device that is assigned to the USB port via the device assignment. You can assign the USB device by clicking 'Allocate device'. |
| MAINTENANCE – Backup | |
|---|---|
| Element | Description |
| Parameter file – View | You can view the current parameter values of the dongleserver. |
| Parameter file – Export | You can save the current parameter values of the dongleserver locally to your client as text file. Note: You can edit the saved parameter file with a text editor and then load it onto a dongleserver. |
| Parameter file – Restore | Imports a previously selected parameters file onto the dongleserver. The dongleserver will adopt the parameter values in the file. |
| System backup – WebDAV | Note: You must configure a WebDAV-Server to use the WebDAV backup. |
| WebDAV – Server directory | Defines the directory on the WebDAV server in which the system backups are saved. |
| WebDAV – Create directories for individual days | Enables/disables the creation of subdirectories in which the daily system backups are saved. Note: After one year, the FIFO method (first, in, first-out) is applied. For example, January 01 of last year will be replaced by January 01 of the current year. |
| WebDAV – Changes backup | Enables/disables the system backup to a WebDAV server. The backup takes place if the device configuration is changed. Note: Can only be used if a WebDAV server was configured beforehand. |
| WebDAV – Daily backup | Saves daily system backups to the WebDAV server at a time defined. |
| WebDAV – Backup manually now | Saves the system backup to the WebDAV server immediately. |
| SD card – Changes backup | Enables/disables the system backup to the SD card. The backup takes place if the device configuration is changed. |
| MAINTENANCE – Default settings | |
|---|---|
| Element | Description |
| Default settings | Resets the parameters of the dongleserver to the default (factory settings). Note: Since the IP address of the dongleserver will be reset as well, the dongleserver Control Center cannot be started or displayed in the browser after the reset. Installed certificates will not be deleted. |
| MAINTENANCE – Update | |
|---|---|
| Element | Description |
| Update | Installs a previously selected update file (software) on the dongleserver. In an update, the old software is overwritten and replaced by the new version. The device configuration will not be changed. |
| MAINTENANCE – Restart | |
|---|---|
| Element | Description |
| Restart | Initiates a restart of the dongleserver. |