Allegion Interflex IF-4041 User manual
IF-4041 Gateway
Controller
00-4041-02002x
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 2
1 General information.......................................................................................................................... 4
1.1 Short description ......................................................................................................................... 4
1.2 Scope of delivery ........................................................................................................................ 4
1.3 Intended use ............................................................................................................................... 4
1.4 Target group ............................................................................................................................... 4
1.5 Safety.......................................................................................................................................... 5
1.6 Abbreviations .............................................................................................................................. 5
2 System overview............................................................................................................................... 6
2.1 Range of functions ...................................................................................................................... 6
2.2 Electronic assembly units ........................................................................................................... 7
3 Mounting the Gateway...................................................................................................................... 7
4 Connecting the Gateway.................................................................................................................. 7
5 Initial operation ................................................................................................................................. 8
5.1 Connecting the controller to the network .................................................................................... 8
IF-ServiceApp ............................................................................................................................. 8
Service interface ......................................................................................................................... 9
5.2 Configuring the controller in IF-6040........................................................................................... 10
5.3 Registering the controller ............................................................................................................ 10
IF-ServiceApp ............................................................................................................................. 10
Service interface ......................................................................................................................... 11
5.4 Connecting devices..................................................................................................................... 11
6 Further information for initial operation......................................................................................... 12
6.1 Restarting the controller.............................................................................................................. 12
6.2 Users and passwords ................................................................................................................. 14
6.3 Log files of the CloudReady controller ........................................................................................ 14
Name conventions ...................................................................................................................... 14
script showlog ........................................................................................................................... 15
6.4 Checking and setting network parameters.................................................................................. 16
Restoring the default IP address ................................................................................................ 17
Static IP address......................................................................................................................... 17
Dynamic IP address.................................................................................................................... 18
6.5 Relevant configuration files......................................................................................................... 18
6.6 Tools ........................................................................................................................................... 18
IFCertificationTool.exe................................................................................................................ 19
IFTlsCertificationTool.exe ........................................................................................................... 20
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 3
Tool for checking the certificate chain ........................................................................................ 21
6.7 Configuring PKI and TLS ............................................................................................................ 22
Configuration .............................................................................................................................. 22
7 Technical specifications .................................................................................................................. 24
8 Open Source Program Packages .................................................................................................... 24
9 Disposal............................................................................................................................................. 25
10 Declarations of Conformity.............................................................................................................. 25
10.1 EU Declaration of Conformity ..................................................................................................... 25
10.2 UKCA Declaration of Conformity ................................................................................................ 25
1 General information
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 4
1 General information
1.1 Short description
The IF-4041 Gateway offers maximum security for the seamless
connection of Opendor wireless locking components to the IF-6040
access control system. With over-the-air technology, every door
becomes an online door. The Gateway is an ideal solution for cost-
effective, uncomplicated and wireless compliance with current security
standards for a wide range of applications.
The Gateway checks the recorded bookings and transmits the data to
the access control system in real time.
Optionally, data from IF-6040 can be transferred to the Gateway and
stored there. Thus, this data is always up-to-date even if the
connection to the access control system is interrupted.
The IF-4041 Gateway from Interflex with the latest BLE 5 technology is
the link between IF-6040 and Interflex Opendor air locking components,
and it offers all the advantages of state-of-the-art encryption.
1.2 Scope of delivery
The package contains:
nIF‑4041 Gateway
nAccessory bag with mounting material
n95-10459 product info
Check the completeness and condition of the goods upon receipt and report any damage caused
during transport immediately.
1.3 Intended use
IF-4041 Gateway is designed for the following tasks:
nWireless transmission of recorded bookings to the access control system
nInitial operation and update of connected door components and terminals
Any other use is not in accordance with the intended purpose and therefore not permitted. Modifications
are not allowed.
1.4 Target group
This document is solely intended for experts and people trained in electrical engineering.
Only perform the actions described in this document if you belong to this target group. Interflex
Datensysteme GmbH is not liable for any damages caused by improper installation or initial
operation.
1 General information
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 5
1.5 Safety
WARNING
Danger to life due to electric shock
People can be seriously hurt or killed through physical contact with live parts (e.g. 230V~).
uMake sure that you cannot touch live lines during installation.
uSwitch off the power supply of the devices.
uPlease observe the applicable safety regulations and take all precautionary measures to ensure safe
installation.
NOTICE
Damage due to electrostatic discharge (ESD)
Electrical components and modules can be damaged by only slight, hardly noticeable electrostatic
discharge (ESD) without this becoming immediately obvious. ESD damages result in malfunctions and
even failure of the product.
uMake sure that effective protective measures against electrostatic discharge are in place when
working on the open device.
NOTICE
Property damage due to transient overvoltages
Transient overvoltages (surges, bursts) in the energy supply network can lead to malfunctions and
failures.
uUse suitable mains filters that are professionally installed and operated.
NOTICE
Damage to property due to manipulation of the controller
Manipulation of the controller can lead to data loss.
uInstall the controller in the secured area, taking the technical requirements into account
1.6 Abbreviations
AC Alternating Current
BLE Bluetooth Low Energy
CIDR Classless Inter-Domain Routing
DC Direct Current
DIP switch Switch in IC design, connections in two rows (Dual In-line Package)
EMC Electromagnetic Compatibility
ESD Electrostatic discharge
2 System overview
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 6
GND Ground
IEEE Institute of Electrical and Electronics Engineers
NC contact Normally closed contact
NO contact Normally open contact
PoE Power over Ethernet
RFID Radio-Frequency Identification
SH Shield
SSH Secure shell
2 System overview
2.1 Range of functions
Main functions of the IF-4041 Gateway:
nCertificate-based encryption from the terminal via the Gateway to the host
nGrant or withdraw access permissions online in real time
nNo cabling to end device required
nSeamless integration into IF-6040
3 Mounting the Gateway
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 7
2.2 Electronic assembly units
1
5
2 3
4
6
1Connection for serial service
cable
2DIP switches 3Reset button
4USB connection for dongle
of IF-ServiceApp
5Power supply without PoE 6RJ45, Ethernet 10/100
3 Mounting the Gateway
1. Open the lid of the housing.
2. Mount the Gateway to the wall with the enclosed screws
For surface-mounted routing of cabling, use a saw to cut open the ribs on the bottom shell of the
housing on both sides and break the web out and rework any sharp-edged parts with a file.
3. Close the housing cover
4 Connecting the Gateway
1. If not PoE: Connect the power supply
2. Connect the network cable
5 Initial operation
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 8
5 Initial operation
The IF-4041 Gateway is part of the Controller product family. That is why the term Controller is
used in this section and in the following sections.
Prerequisites
üService IF6040 Pki Service installed
üIF6040 Tls Proxy service installed
üCertificates set up for communication with the application server and for the TLS server (see Security
media center)
üAccessories for connecting host computer and controller (see below)
With the appropriate accessories, the following options are available for connecting the host computer to
the controller:
üVia WLAN with the IF-ServiceApp 75-99-0013
üVia service interface or USB
Service interface USB
IF-4xxx controller 75-4070-0001
service cable 4xxx (connection in housing)
IF-4070 controller 75-4070-0002
service cable 4xxx (connection via RJ45)
IF-5xxx master terminal 75-99-0006
Service cable 5xxx
5.1 Connecting the controller to the network
You can connect the controller to the network via a service cable and the serial service interface or via
WLAN with the IF-ServiceApp.
IF-ServiceApp
Prerequisites
üController is connected to the IF-ServiceApp.
Detailed information on this subject can be found in the documentation of the IF-ServiceApp.
5 Initial operation
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 9
Service interface
Accessing the controller via SSH requires the freeware PuTTY version 0.73 or higher:
1. Switching on the power supply
2. Establish serial connection between host computer and controller
3. Open PuTTY
4. Check and adjust parameters
5. Start communication with Open
6. Log in with username fieldservice
7. Specify a password
Details on valid password requirements and how to change a password can be found under
Users and passwords [}14].
Only after entering a password are the network services started and the network connection can
be established.
Network connection is activated, the default setting is DHCP
When the RUN LED lights up, an SSH connection can be established.
The start-up procedure takes up to 30 seconds.
Leave PuTTY open during the next steps as further entries are required during initial operation.
5 Initial operation
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 10
5.2 Configuring the controller in IF-6040
In IF-6040 under Access > Access management > Controllers:
1. Select Interflex CHP under Options in the Transmission protocol field
2. Enter the serial number of the controller under Connections.
3. Select a suitable Configuration under Connections > Peripheral server.
Suitable: The Controller host protocol and firmware update option is activated in the Interfaces
tab and an enabled port is entered. If required, create a suitable configuration.
4. Under Perform action, select the Update controller data on the peripheral server menu item
When configuring and troubleshooting, use the current information underSystem >
Configurations > Security > Controllers, Status tab.
Detailed information on this subject can be found in the IF-6040 documentation
5.3 Registering the controller
Prerequisites
üPKI certificate installed and configured
IF-ServiceApp
To register the controller:
1. Use the USB cable to connect the dongle to the USB port of the controller
The IF-ServiceApp is connected to the controller.
2. UnderAccess > Access management > Controllers menu sequence Perform action > Register
controller
3. Make a note of the information on the registration window (URL of the TLS server, registration
password (nonce))
4. In the IF‑ServiceApp, click on the Find controller in the left menu
5. Select the desired controller to establish a connection
A prompt for the controller password is shown
6. Assign a controller password during the initial login
7. Enter the URL of the TLS server
8. Enter registration password (nonce)
5 Initial operation
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 11
Service interface
1. In IF-6040 underAccess > Access management > Controllers: Select Perform action > Register
controller
2. Copy the URL of the IF-6040 in the registration window
3. In the console: Enroll -u <URL of IF-6040>
4. Copy password in the registration window
5. Command enroll -n <password>
Controller is enrolled on IF-6040.
If the controller was already registered once, the second command should be enroll -f.
5.4 Connecting devices
Connecting devices to the controller
1. Make a note of the device’s serial number
2. Use the WinSCP tool to connect the controller via the network
3. Logging to the controller
4. Enter the serial number in the ble-node-list.json file in the /mnt/app folder
5. Reset controller with facory-reset application-restart
Connecting devices with IF-6040
1. “Wake up” the device by means of a booking
2. Update view:
The device is shown in IF-6040 as a terminal that has been assigned to the controller
3. + click
4. Enter a name in the Basic data tab
The device is added to the list of terminals
The possible settings for the terminals are described in the IF-6040 online help.
6 Further information for initial operation
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 12
6 Further information for initial operation
6.1 Restarting the controller
Some changes require a restart of the controller. You can do this directly on the controller or with the
appropriate commands via the console.
Warm boot
A warm boot performs the following actions:
nClose application
nRestart application
Associated console command: factory-reset application-restart
Reboot
A reboot performs the following actions:
nClose application
nShut down operating system
nBoot operating system
nRestart application
1. Set switches:
2. Shortly press the Reset button
3. Wait until the RUN LED lights up again (procedure can take up to 30 seconds)
Associated console command: factory-reset reboot
6 Further information for initial operation
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 13
Cold boot
All settings made on the controller via IF-6040 or OC Task are deleted or reset to default. System or
operating system settings, such as the IP address or password, are retained.
Use the cold boot during initial operation and in the event of malfunctions that cannot be
remedied by other means, e.g., a warm boot.
1. Set switches:
2. Shortly press the Reset button
3. Wait until the RUN LED lights up again permanently (procedure can take up to 45 seconds)
4. Reset switch position:
Associated console command: factory-reset application
Reset network settings to factory default
The network settings are reset.
1. Set switches:
2. Shortly press the Reset button
The previous network settings are not saved temporarily, unlike in earlier device variants.
Factory reset
All factory settings are restored.
For initial operation, the controller can then only be accessed via a serial console or the IF-
ServiceApp.
1. Set switches:
2. Shortly press the Reset button
3. Wait until the RUN LED lights up again (procedure can take up to 30 seconds)
6 Further information for initial operation
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 14
4. Reset switch position:
Associated console command: factory-reset full
6.2 Users and passwords
The default user is fieldservice. A dialog is presented after the first login to specify the password for
this user.
uLogin to the controller and specify the password
Prerequisites for a valid password
nMinimum 8 characters in length
nContains upper and lowercase letters and numbers
If one of these features is missing, the minimum length is extended by 2 digits.
nDoes not contain mutated vowels, special characters or sequences of characters (e.g. "aaa")
nDoes not contain the default password
After four consecutive incorrect entries, the entry is blocked for 25seconds.
6.3 Log files of the CloudReady controller
Two services of the CloudReady controller write their output in log files:
ncloudreadyd
nservice-app-mgr
The log files are located in the /home/fieldservice/app/log folder.
Name conventions
The log files of both services are named according to the following convention:
<service-name>-<controller-hostname>.log
In the factory state, the host name corresponds to the controller’s serial number. Changes to the
host name are only adopted in the file name of the log files after the services have been
restarted.
For a controller with the serial number 123456, the log files have the following names:
ncloudreadyd-123456.log
nservice-app-mgr-123456.log
6 Further information for initial operation
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 15
The maximum size of the log files is 5MB. If the file size is reached:
nThe current log file is renamed:
<service-name>-<controller-hostname>.<Number of backup>.log
nNew log file with the original name is created. This log file is written to.
The higher the number in the backup’s file name, the older the backup. If the maximum number of 10
backups has been reached and the active log file has attained a size of 5MB, the oldest backup is
deleted.
The directory looks like this then:
cloudreadyd-123456.log --> active log file
cloudreadyd-123456.1.log --> previous log file
...
cloudreadyd-123456.10.log --> oldest log file
Thus, the maximum 11 log files use up a maximum of 55 MB of storage.
script showlog
The showlog script lists log files of the CloudReady controller. The showlog -? and showlog -h
commands show the script options:
-a Show the complete logfile (if -f is set the -n parameter cannot be used)
-l List all existing logfiles
-v [INTEGER] Open desired logfile number/version
-s Show logging for the service-app-mgr (default is cloudreadyd)
-n [INTEGER] Number of log entries to show with the -f option (default = 400 entries)
-f Show end of logfile and follow the output
-?, -h Print this help screen
If the -l parameter is used, all other parameters are ignored.
Examples
Command Result
showlog -n xx Shows last xx entries of the cloudreadyd service
showlog -s -n xx Shows last xx entries of the service-app-mgr service
Open a specific log file
showlog -v xx Opens the xx-th backup of the cloudreadyd service
showlog -s -v xx Opens the xx-th backup of the service-app-mgr service
Track log entries (not in backups)
6 Further information for initial operation
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 16
Command Result
showlog -f Shows the last 10 lines of the current log file of the cloudreadyd service
and from there every additional line
showlog -s -f Shows the last 10 lines of the current log file of the service-app-mgr
service and from there every additional line
View the log file
showlog -a -f Shows the complete current log file of the cloudreadyd service and from
there every additional line (no search possible)
showlog -s -a -f Shows the complete current log file of the service-app-mg service and
from there every additional line (no search possible)
View and search the log file
showlog -a Opens the complete current log file of the cloudreadyd service and in
the console tool less (search possible)
showlog -s -a Opens the complete current log file of the service-app-mgr service in
the console tool less (search possible)
6.4 Checking and setting network parameters
The DHCP (dynamic IP address) option is set by default. With the nmcli-wrapper tool, you can set the
Static IP option.
The nmcli-wrapper -? command lists the call parameters of the nmcli-wrapper command:
-? Print this help screen
-a Add connection
-l List connections
-u <connection> Activate connection
-e <connection> Edit connection
-d <connection> Deactivate connection
-x <connection> Delete connection
-r <connection> Restart (Deactivate and Activate) connection
-s <connection> Show network settings
If the connection contains a space, it must be enclosed in quotation marks.
Example: nmcli-wrapper -s "Connection with a space"
6 Further information for initial operation
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 17
Restoring the default IP address
You have the option of restoring the default IP address if you can no longer reach the controller after
changing the IP address.
uPerform a factory reset.
Further information can be found in the section Restarting the controller.
Static IP address
1. List connections with nmcli-wrapper -l
2. Select the connection
3. Open the connection with nmcli-wrapper -e for editing
Current Connection Type: [Wired-connection]
Current Method: [DHCP]
1: Static-IP
2: DHCP
Select a value from 1 to 2 [2]: 1
4. Select static IP (see above)
5. Enter IP address/subnet mask (CIDR):
IPv4 address/netmask: 172.18.70.52/16
6. Enter IPv4 Gateway address
IPv4 Gateway: 172.18.70.1
7. No DNS server used, therefore:
IPv4 DNS server: (r)emove/(e)dit? r
8. No IPv4 search domain used, therefore:
9. IPv4 search domain []: (r)emove/(e)dit? r
10. Enter the host name or accept suggestion with [Enter]
To apply the settings:
11. Restart the controller
- or –
Enter nmcli-wrapper -r <connection name>
When connected via network, not via a serial cable:
If the IP address has been changed, a new PuTTY connection with the new IP address must be
established when restarting.
6 Further information for initial operation
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 18
Dynamic IP address
1. List connections with nmcli-wrapper -l
2. Select the connection
3. Open the connection with nmcli-wrapper -e for editing
Current Connection Type: [Wired-connection]
Current Method: [DHCP]
1: Static-IP
2: DHCP
Select a value from 1 to 2 [2]: 2
4. Select DHCP (see above)
5. Enter the host name or accept suggestion with [Enter]
To apply the settings:
6. Restarting the controller
- or –
Enter nmcli-wrapper -r <connection name>
When connected via network, not via a serial cable:
If the IP address has been changed, a new PuTTY connection with the new IP address must be
established when restarting.
6.5 Relevant configuration files
The following configuration files are relevant in this context:
IFTls.exe_custom.config (*) Information about the AuthenticationMode, the customer
system certificate and the host connections (ports, etc.)
IFPki.exe_custom.config (*) The names of the customer certificate and the customer
system certificate (as entered into the supplied
PkiAdministrationTool.exe tool).
Via configuration editor:
if6040.applicationserver
.exe_custom.config (**)
For delivery of registration data, even via email: Connection
data to the SMTP server (not included in scope of delivery).
(*) In the installation folder of both NoM services, e.g. c:\Program Files\Interflex
\IF6040\CommunicationSecurity\...
(**) In the installation folder of the application server, e.g. c:\Program Files\Interflex
\IF6040\ApplicationServer.
6.6 Tools
To manage the certificates and to check the certificate chain, you have to use special tools that are
described briefly on the pages that follow.
6 Further information for initial operation
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 19
IFCertificationTool.exe
Menu or keyboard commands
File >
New custom system certificate
Page for creating a new, derived customer system certificate
File > New Tls certificate Page for saving a file (certificate chain) with the customer
system certificate (TLS) as the last certificate that cannot be
derived further
File >
Import custom system certificate
Page for importing a backup copy of the customer system
certificate; this is important, e.g., after moving the computer
to a different location and when using remote operation
File >
Delete IFCommunicationSecurity
certificates
Deletes existing IF‑6040 certificates on the PKI server; e.g. if
an unsuitable customer system certificate is saved
accidentally, or after uninstallation of IF‑6040
Page for creating a new, derived customer system certificate
Custom certificate key Supplied customer certificate and transport password
(transport key).
Custom certificate Path to the supplied customer certificate
New custom system certificate key
Repeat custom system certificate key
Password for derived customer system certificate.; needed,
e.g. to perform a re-import at a later stage.
New custom system certificate name Name of the new, derived customer system certificate. Pay
attention to the character string that comes before the name;
it is automatically placed in front of the name.
New custom system certificate
directory
Path for exporting the new customer system certificate, e.g.
for a later import after relocating the computer
Computer name Name of the computer withIF6040 Pki Service service.
Complete domain name (FQDN). Is later automatically
added to a field of the derived customer system certificate.
Additional computer names Fallback computers. Are also added to the derived customer
system certificate. Complete domain name (FQDN) or wild
cards of the domain.
With regard to Additional computer names: If only a single computer is mentioned in the certificate
(field Computer name), the certificate only applies to this individual computer. After the computer has
been relocated, you have to derive a new certificate and, e.g., re-register all NoM smartphones. Interflex
thus recommends specifying possible fallback computers. Make a note of the additional computer
names and save the data in a safe place. The tool does not show this data later on.
6 Further information for initial operation
© 2021 Interflex Datensysteme GmbH IF-4041 Gateway 20
Page for deriving and saving a new customer system certificate (TLS)
The saved file contains the three derived certificates with the customer system certificate (TLS) as the
last certificate that cannot be derived further.
Custom certificate key Supplied customer certificate and transport password (transport key)
Custom certificate Path to the supplied customer certificate
Custom system
certificate key
Password of the derived customer system certificate
Custom system
certificate
Path to the customer system certificate
Computer name for Tls Name of the computer with the serviceIF6040 Tls Proxy
Additional computer
names for Tls
Fallback computers. Are also added to the derived customer system
certificate.
New TLS certificate key
Repeat TLS certificate
key
Password for the derived customer system certificate (TLS) Required for the
subsequent import onto the TLS server.
New TLS certificate
name
Name of the new, derived customer system certificate (TLS).
New TLS certificate
directory
Path for exporting the file with the new Customer system certificate (TLS)
With regard to Additional computer names for Tls: If only a single computer is mentioned in the
certificate (see field Computer name for Tls), the certificate only applies to this individual computer. After
the computer has been relocated, you have to derive a new certificate and, e.g., re-register all NoM
smartphones. Interflex thus recommends specifying possible fallback computers. Wildcards are also
permitted. Make a note of the Additional computer names for Tls and save this data at a safe location.
The tool does not show this data later on.
With regard to New TLS certificate name: The character string that comes before the name is
automatically placed in front of the name.
With regard to New TLS certificate directory: Required for the subsequent import on the TLS server.
The file contains the three derived certificates with the customer system certificate (TLS) as the last
certificate that cannot be derived further.
IFTlsCertificationTool.exe
Menu commands
File >
Import Tls certificate
Opens the dialog for importing the file (certificate chain) with
the customer system certificate (TLS).
File >
Delete IFComminicationSecurity
certificates
Deletes existing IF‑6040 certificates on the TLS server, e.g., if
an unsuitable customer system certificate is saved
accidentally, or after uninstallation of IF‑6040
Other manuals for Interflex IF-4041
1
Table of contents
Other Allegion Gateway manuals
Popular Gateway manuals by other brands
ZyXEL Communications
ZyXEL Communications AMG1001-T Series user guide
Advantech
Advantech WISE-3310 user manual
Philips
Philips Dynalite DTK622-USB installation instructions
Technicolor
Technicolor CGA4234 Instruction guide
Alcatel-Lucent
Alcatel-Lucent PacketStar PSAX 2300 installation guide
Planet
Planet VIP-880 Series Specifications