Hirschmann EAGLE mGuard Series Manual
Description and operating instruction
Industrial ETHERNET Firewall/VPN System
EAGLE mGuard
The industrial firewall/VPN system
– EAGLE mGuard TX/TX
– EAGLE mGuard TX/MM SC
– EAGLE mGuard TX/SM SC
– EAGLE mGuard TX/LH SC
– EAGLE mGuard MM SC/TX
– EAGLE mGuard MM SC/MM SC
– EAGLE mGuard MM SC/SM SC
– EAGLE mGuard MM SC/LH SC
– EAGLE mGuard FW TX/TX
– EAGLE mGuard FW TX/MM SC
– EAGLE mGuard FW TX/SM SC
– EAGLE mGuard FW TX/LH SC
– EAGLE mGuard FW MM SC/TX
– EAGLE mGuard FW MM SC/MM SC
– EAGLE mGuard FW MM SC/SM SC
– EAGLE mGuard FW MM SC/LH SC
in the following called EAGLE mGuard,
authenticates, validates and ensures that
the communication within the production
networks remains confidential, also beyond
the boundaries of the company.
– Interfaces:
depending on the type up to two 10/100
MBit/s twisted pair (TP/TX) ports (RJ45
socket) and/or up to two 100 MBit/s FX
ports (multimode, singlemode or
longhaul) with DSC connectors and addi-
tionally one V.24 interface for external
management or modem connection and a
USB interface.
– Network modes:
• Multi Client Transparent Mode
(MCT Mode), default setting
• Single Client Transparent Mode
(SCT Mode)
• Router Mode
– Firewall (FW)
– ARP Limiter
– Redundancy support
– ACA 11 and ACA 21-USB support
– Management: HTTPS, SNMPv3, SSH
– Redundant power supply
– Temperature range: 0°C – 60°C, no fan
– Housing: can be mounted on DIN rail, IP20
The VPN versions (EAGLE mGuard TX…/
EAGLE mGuard MM…) in addition support
Virtual Private Network (VPN) functions.
In the „Manual EAGLE mGuard Manage-
ment – Industrial ETHERNET Firewall/VPN
System“ you will find a detailed description
on the EAGLE mGuard.
EAGLE mGuard TX/TX
EAGLE mGuard FW TX/TX
EAGLE mGuard MM SC/TX
EAGLE mGuard FW MM SC/TX
EAGLE mGuard TX/MM SC
EAGLE mGuard TX/SM SC
EAGLE mGuard TX/LH SC
EAGLE mGuard FW TX/MM SC
EAGLE mGuard FW TX/SM SC
EAGLE mGuard FW TX/LH SC
EAGLE mGuard MM SC/MM SC
EAGLE mGuard MM SC/SM SC
EAGLE mGuard MM SC/LH SC
EAGLE mGuard FW MM SC/MM SC
EAGLE mGuard FW MM SC/SM SC
EAGLE mGuard FW MM SC/LH SC
Hirschmann. Simply a good Connection.
1
STATUS
P21
LS/DA
21
+24V (P1)
FAULT
+24V (P2)
0V
0V
V.24
Aufkleber MAC-Adresse
IP-ADDRESS
k
FAULT
R
V.24
2
g
USB
x
2
1
STATUS
P21
LS/DA
21
+24V (P1)
FAULT
+24V (P2)
0V
0V
V.24
Aufkleber MAC-Adresse
IP-ADDRESS
g
k
FAULT
R
V.24
USB
x
RS2-4R
h
1
2
RM
P
01
RM
21 FAULT
+24V (P1)
FAULT
+24V (P2)
0V
0V
V.24
DA
LS
DA
LS
DA
LS
DA
LS
3
4
Aufkleber MAC-Adresse
IP-ADDRESS
RING
2
1
STATUS
P21
LS/DA
21
+24V (P1)
FAULT
+24V (P2)
0V
0V
V.24
Aufkleber MAC-Adresse
IP-ADDRESS
g
k
FAULT
R
V.24
USB
x
2
1
STATUS
P21
LS/DA
21
+24V (P1)
FAULT
+24V (P2)
0V
0V
V.24
Aufkleber MAC-Adresse
IP-ADDRESS
g
k
x
FAULT
R
V.24
USB
2
The performance features described here
are binding only if they have been expressly
guaranteed in the contract. We have
checked that the contents of the technical
publication agree with the hardware and
software described. However, it is not possi-
ble to rule out deviations completely, so we
are unable to guarantee complete agree-
ment. However, the details in the technical
publication are checked regularly. Any cor-
rections which prove necessary are contai-
ned in subsequent editions. We are grateful
for suggestions for improvement.
We reserve the right to make technical
modifications.
Permission is not given for the circulation
or reproduction of this document, its use or
the passing on of its contents unless gran-
ted expressly. Contravention renders the
perpetrator liable for compensation for
damages. All rights reserved, in particular
in the case of patent grant or registration of
a utility or design.
Copyright
© Hirschmann
Automation and Control GmbH 2006
All Rights Reserved
Note
We would point out that the content of
these operating instructions is not part of,
nor is it intended to amend an earlier or exi-
sting agreement, permit or legal relation-
ship. All obligations on Hirschmann arise
from the respective purchasing agreement
which also contains the full warranty condi-
tions which have sole applicability. These
contractual warranty conditions are neither
extended nor restricted by comments in
these operating instructions.
We would furthermore point out that for
reasons of simplicity, these operating
instructions cannot describe every
conceivable problem associated with the
use of this equipment. Should you require
further information or should particular
problems occur which are not treated in
sufficient detail in the operating instruc-
tions, you can request the necessary infor-
mation from your local Hirschmann sales
partner or directly from the Hirschmann
office (address: refer to chapter entitled
„Notes on CE identification“).
Safety Instructions
This manual contains instructions which
must be observed to ensure your own per-
sonal safety and to avoid
damage to devices and machinery. The
instructions are highlighted with a warning
triangle and are shown as
follows according to the degree of endan-
germent:
zDanger!
means that death, serious injury or
considerable damage to property
will result if the appropriate safety
measures are not taken.
zWarning!
means that death, serious injury or
considerable damage to property
can result if the appropriate safety
measures are not taken.
zCaution!
means that light injury or damage to
property can result if the appropria-
te safety measures are not taken.
Note: is an important piece of information
about the product, how to use the product,
or the relevant section of the documentati-
on to which particular attention is to be
drawn.
Certified usage
Please observe the following:
zWarning
The device may only be employed
for the purposes described in the
catalog and technical description,
and only in conjunction with external
devices and components recommen-
ded or approved by Hirschmann.
The product can only be operated
correctly and safely if it is transpor-
ted, stored, installed and assembled
properly and correctly. Furthermore,
it must be operated and serviced
carefully.
Safety Guideline Password
This device is a safety technological pro-
duct. In the interest of your own safety we
recommend strongly to change the
password immediately.
Safety Guidelines
Power Supply
䡺Switch the basic devices on only when
the case is closed.
zWarning!
The devices may only be connected
to the supply voltage shown on the
type plate.
The devices are designed for
operation with a safety extra-low
voltage.Thus, they may only be
connected to the supply voltage
connections and to the signal
contact with PELV circuits or
alternatively SELV circuits with the
voltage restrictions in accordance
with IEC/EN 60950.
䡺For the case where the module is opera-
ted with external power supply: Use only a
safety extra-low voltage in accordance with
IEC/EN 60950 to power the system.
䡺Relevant for North America:
The subject unit is to be suppplied by a
Class 2 power source complying with the
requirements of the National Electrical
Code, table 11(b). If power is redundant
supplied (two individual power sources) the
power sources together should comply with
the requirements of the National Electrical
Code, table 11 (b).
䡺Relevant for North America:
Use 60/75°C or 75°C copper(CU)wire only.
For use in Class 2 circuits.
Safety Guidelines
Shielding Ground
Note: The shielding ground of the connec-
table twisted pairs lines is connected to the
front panel as a conductor.
䡺Beware of possible short circuits when
connecting a cable section with conductive
shielding braiding.
Safety Guidelines Housing
zWarning!
Only technicians authorized by Hir-
schmann are permitted to open the
housing.
Note: The device is grounded via the sepa-
rated ground screw. It is located on the left
under the front panel.
䡺Make sure that the electrical installation
meets local or nationally applicable safety
regulations.
zWarning!
The ventilation slits must not be
covered so as to ensure free air cir-
culation.
The distance to the ventilation slots
of the housing has to be a minimum
of 10 cm.
Never insert pointed objects (thin
screwdrivers, wires, etc.) into the
inside of the subrack! Failure to
observe this point may result in inju-
ries caused by electric shocks.
Note: If installed in a living area or office
environment, the device must be operated
exclusively in switch cabinets with fire pro-
tection characteristics according to EN
60950.
Note: The housing has to be mounted in
upright position.
Safety Guidelines Environment
zWarning!
The device may only be operated in
the listed maximum surrounding air
temperature range at the listed
relative air humidity range (non-
condensing).
䡺The installation location is to be selec-
ted so as to ensure compliance with the cli-
matic limits listed in the Technical Data.
䡺To be used in an up to Pollution Degree
2 environment only (IEC 60664-1).
3
Based specifications and
standards:
The devices fulfil the following specificati-
ons and standards:
– EN 61000-6-2:2001 Generic standards –
Immunity for industrial environments
– EN 55022:1998 + A1 2000 + A2 2003 –
Information technology equipment –
Radio disturbance characteristics
– EN 60950:1:2001 – Safety of Information
Technology Equipment (ITE)
– EN 61131-2:2003 – Programmable
Controllers
– CFR-47 Part 15:2003 – Code of Federal
Regulations
– UL 508:1998 – Underwriters Labratories
Inc. Safety for Industrial Control
Equipment.
– UL 1604 Electrical Equipment for Use in
Class I and Class II, Div. 2 and Class III
Hazardous (Classified).
– Germanischer Lloyd VI-7-3 Part1 Ed.2003 –
Test Requirements for Electronic
Equipment
Certified devices are marked with a
certification identifier.
7Notes on CE
identification
The devices comply with the regula-
tions of the following European
directive:
89/336/EEC
Council Directive on the harmoniza-
tion of the legal regulations of mem-
ber states on electromagnetic com-
patibility (amended by Directives
91/263/EEC, 92/31/EEC and
93/68/EEC).
The EU declaration of conformity is
kept available for the responsible
authorities in accordance with the
above-mentioned EU directives at:
Hirschmann
Automation and Control GmbH
Stuttgarter Straße 45-51
D-72654 Neckartenzlingen
Telephone ++49-1805-14-1538
The product can be used in the resi-
dential sphere (residential sphere,
business and trade sphere and small
companies) and in the industrial
sphere.
– Interference proof:
EN 61000-6-2:2001
– Emitted immunity:
EN 55022:1998 + A1 2000
+ A2 2003, Class A
zWarning!
This is a Class A device. This equip-
ment may cause radio interference if
used in a residential area; in this
case it is the operator´s responsibili-
ty to take appropriate measures.
The precondition for compliance
with EMC limit values is strict adhe-
rence to the construction guidelines
specified in this description and
operating instructions.
Staff qualification
requirements
Note: Qualified personnel, as understood
in this manual and in the warning signs, are
persons who are familiar with the setup,
assembly, startup, and operation of this
product and are appropriately qualified for
their job. This includes, for example, those
persons who have been:
– trained or directed or authorized to
switch on and off, to ground and to label
power circuits and devices or systems in
accordance with current safety enginee-
ring standards
– trained or directed in the care and use of
appropriate safety equipment in accor-
dance with the current standards of safety
engineering
– trained in providing first aid.
General Safety Instructions
䡺This device is electrically operated.
Adhere strictly to the safety requirements
relating to voltages applied to the device as
described in the operating instructions!
zWarning!
Failure to observe the information
given in the warnings could result in
serious injury and/or major damage.
Only personnel that have received
appropriate training should operate
this device or work in its immediate
vicinity. The personnel must be fully
familiar with all of the warnings and
maintenance measures in these
operating instructions.
Correct transport, storage, and
assembly as well as careful operati-
on and maintenance are essential in
ensuring safe and reliable operation
of this device.
Use only undamaged parts!
䡺These products are only to be used in
the manner indicated in this version of the
”Description and Operating Instructions”.
䡺Particular attention is to be paid to all
warnings and items of information relating
to safety.
zWarning!
Any work that may have to be per-
formed on the electrical installation
should be performed by fully
qualified technicians only.
zWarning!
LED- or LASER components accor-
ding to IEC 60825-1 (2001):
CLASS 1 LASER PRODUCT.
LIGHT EMITTING DIODE - CLASS 1
LED PRODUCT.
FCC Note:
This equipment has been tested and found
to comply with the limits for a Class A digi-
tal device, persuant to part 15 of the FCC
Rules. These limits are designed to provide
reasonable protection against harmful inter-
ference when the equipment is operated in
a commercial environment. This equipment
generates, uses, and can radiate radio fre-
quency energy and, if not installed and
used in accordance with the instruction
manual, may cause harmful interference to
radio communications. Operation of this
equipment in a residential area is likely to
cause harmful interference in which case
the user will be required to correct the inter-
ference at his own expense.
,Recycling Note:
After its use, this product has to be
processed as electronic scrap and
disposed of according to the prevai-
ling waste disposal regulations of
your community / district / country /
state.
4
1. Functional description
1.1 FIREWALL- AND VPN FUNCTIONS
Firewall functions
The EAGLE mGuard FW supports the
following firewall functions:
– Stateful inspection firewall
– Transparent firewall:
Single client / multi client
– Configurable firewall rules:
– Received/transmitted data travel
– Modem access
– External management access
– IP masquerading, 1-to-1 NAT
– IP spoofing protection
VPN functions
The EAGLE mGuard supports the following
virtual private network (VPN) functions:
– Multipoint VPN:
Router and single client transparent mode
– VPN protocols: IPSec, L2TP
– Encoding algorithms:
– DES-56
– 3DES-168
– AES-128, AES-192, AES-256
– Authentification:
– Pre shared key (PSK)
– X.509v3 certificates
– Hashing algorithms: MD5, SHA-1
– NAT-T support
– Firewall rules for every VPN connection
1.2 OPERATION MODES
This device protects the network which is to
be safeguarded (trusted port k) from out-
side influences (untrusted port g). This can
be intentional attacks or unauthorized
accesses as well as disturbing network
occurrences as e.g. overload.
In the state of delivery the device operates
in the multi client transparent mode (MCT
mode). In this mode there are no network
settings necessary for operation (e.g. for
subnets).
This pre-configuration of the firewall ensu-
res that every IP travel from the trusted net-
work (k) is possible, but not the other way
round: travel from the untrusted (g) to the
trusted network is not possible. Therefore
already in the state of delivery configuraion
attacks from outside into the trusted net-
work are impossible.
Multi Client Transparent Mode
(MCT mode) – Single Client
Transparent Mode (SCT mode)
The MCT/SCT mode is a transparent bridge
mode. In this mode the device operates as a
2 port bridge where only IP and ARP frames
are transmitted, in compliance with the
firewall rules.
The access to the device is possible, too,
without configuring the IP address, using
the address 1.1.1.1.
In the MCT mode several clients are suppor-
ted in the network which is to be protected,
whereas in the SCT mode only one client is
possible.
Please note that you have to carry through
the corresponding IP configurations in the
MCT mode.
Note: In the MCT mode no virtual private
networks (VPN) are supported.
Router mode
In the router mode the device operates as a
2 port router. The corresponding IP configu-
rations are to be carried through. You will
find a detailed description in the EAGLE
mGuard manual.
Note: In the router mode another network
access to the trusted network is supported
via the V.24 interface of the EAGLE mGuard,
using PPP. In this case the communication
with the EAGLE mGuard itself or with the
devices in the trusted network is possible,
in compliance with the firewall rules for the
modem connection.
PPPoE/PPTP mode
In the PPPoE/PPTP mode the EAGLE
mGuard operates the same way as in the
router mode, with the difference that on the
trusted port (k) the PPPoE/PPTP protocol is
used. Therefore internet access e.g. via a
DSL modem becomes possible.
1.3 SPECIFIC FUNCTIONS OF THE
TP/TX INTERFACE
Link control
The EAGLE mGuard monitors the connec-
ted TP/TX line segments for short-circuit or
interrupt using regular link test pulses in
accordance with IEEE standard 802.3
10/100BASE-T/TX. The EAGLE mGuard does
not transmit any data to a TP/TX segment
from which it does not receive a link test
pulse.
Note: A non-occupied interface is assessed
as a line interrupt. The TP/TX line to termi-
nal equipment which is switched off is like-
wise assessed as a line interrupt as the de-
energised bus coupler cannot transmit link
test pulses.
Auto polarity exchange
If the receive line pair is incorrectly connec-
ted (RD+ and RD- switched) polarity is auto-
matically reversed.
Autonegotiation
Autonegotiation is a procedure in which the
switch automatically selects the operating
mode of its 10/100 RJ-45 ports. When a
connection is set up for the first time, the
switch detects the speed (10 or 100 Mbit/s)
and the transmission mode of the connec-
ted network (half duplex or full duplex).
Autocrossing
If the autonegotiation function is active, the
EAGLE mGuard detects the transmit and
receive pairs (MDI, MDI-X). The EAGLE
mGuard automatically configures its port
for the correct transmit and receive pins.
Consequently it does not matter whether
you connect devices using a cross-over or
straight cable.
Fig. 1: Overview interfaces, display elements and controls of the EAGLE mGuard
2
1
STATUS
P21
LS/DA
21
+24V (P1)
FAULT
+24V (P2)
0V
0V
V.24
Aufkleber MAC-Adresse
IP-ADDRESS
g
k
x
FAULT
R
V.24
RS2-4R
h
1
2
RM
P
01
RM
21 FAULT
+24V (P1)
FAULT
+24V (P2)
0V
0V
V.24
DA
LS
DA
LS
DA
LS
DA
LS
3
4
Aufkleber MAC-Adresse
IP-ADDRESS
RING
2
1
STATUS
P21
LS/DA
21
+24V (P1)
FAULT
+24V (P2)
0V
0V
V.24
Aufkleber MAC-Adresse
IP-ADDRESS
g
k
FAULT
R
V.24
2
1
STATUS
P21
LS/DA
21
+24V (P1)
FAULT
+24V (P2)
0V
0V
V.24
Aufkleber MAC-Adresse
IP-ADDRESS
g
k
FAULT
R
V.24
1
STATUS
P21
LS/DA
21
+24V (P1)
FAULT
+24V (P2)
0V
0V
V.24
Aufkleber MAC-Adresse
IP-ADDRESS
k
FAULT
R
V.24
2
g
USB USB
x
USB
x
USB
x
MAC address field
IP address field
TX
MM
SM
LH
TX
MM
SM
LH
6pinterminal block
(screw locking
mechanism)
LED display
elements
Recovery button
V.24 interface
external
management
and modem
Port 1 and 2
TX (RJ45 connector, autonegotiaton
+ autopolarity + autocrossing)
or FX (SC connector; multimode,
singlemode, longhaul)
kg
EAGLE mGuard TX/TX
EAGLE mGuard TX/MM SC
EAGLE mGuard TX/SM SC
EAGLE mGuard TX/LH SC
EAGLE mGuard MM SC/TX
EAGLE mGuard MM SC/MM SC
EAGLE mGuard MM SC/SM SC
EAGLE mGuard MM SC/LH SC
EAGLE mGuard FW TX/TX
EAGLE mGuard FW TX/MM SC
EAGLE mGuard FW TX/SM SC
EAGLE mGuard FW TX/LH SC
EAGLE mGuard FW MM SC/TX
EAGLE mGuard FW MM SC/MM SC
EAGLE mGuard FW MM SC/SM SC
EAGLE mGuard FW MM SC/LH SC
Port 1 Port 2
(trusted) (untrusted)
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
5
1.7 CONTROLS
R – Recovery button
The Recovery button is used to set the devi-
ce into the following states:
– Restart
To produce a restart, press the recovery
button longer than 1,5 and shorter than 7
seconds, until the STATUS LED goes out
and the FAULT LED lits red.
– Flashing the firmware
To produce the flashing of the firmware,
press the recovery button longer than 7
seconds, until all port LEDs (LS/DA) lit
green.
– Recovery procedure
To produce the recovery procedure, press
the recovery button 6 times shortly. The
EAGLE mGuard answers flashing 6 times
yellow with the STATUS LED. Press the
button again 6 times.
In the „Manual EAGLE mGuard Manage-
ment – Industrial ETHERNET Firewall/VPN
System“ you will find detailed information
how to carry through the recovery actions.
1.8 INTERFACES
10/100 MBit/s connection
10/100 Mbit Ports (8-pin R45 sockets) allow
terminal equipment or independent net-
work segments complying with the stan-
dards IEEE 802.3 100BASE-TX / 10BASE-T to
be connected. These ports support autone-
gotiation, autocrossing and the autopolarity
function.
Factory settings: autonegotiation active.
The socket casings are electrically connec-
ted to the front panel of the EAGLE
mGuard. The pin configuration complies
with MDI-X.
– Pin configuration of the RJ45 socket:
– TD+: pin 3, TD-: pin 6
– RD+: pin 1, RD-: pin 2
– remaining pins: not used.
Fig. 2: Pin configuration of an TP/TX
interface
100 Mbit/s connection
100 MBit/s F/O ports (DSC sockets) allow
terminal equipment or independent
network segments complying with the
standard IEEE 802.3 100BASE-FX to be
connected.
State on delivery: full duplex.
Note: Make sure, that you conncet LH ports
only to LH ports, SM ports only to SM ports
and MM ports only to MM ports.
V.24 interface
(external management, modem)
A serial interface for local connection of
– an external management station (VT100
terminal or a PC with corresponding ter-
minal emulation) is available via the RJ11
socket (V.24 interface). A link can thus be
established with the User Interface UI.
– an AutoConfiguration Adapter ACA 11 is
available via the RJ11 socket (V.24 interfa-
ce).
– an analog modem is available.
n.c.
Pi
n
8
n.c. Pin 7
TD- Pin 6
n.c. Pin 5
n.c. Pin 4
Pin 3TD+
Pin 2RD-
Pin 1RD+
1.4 SPECIFIC FUNCTIONS OF THE
F/O INTERFACE
Link control
According to IEEE 802.3 standard 100BASE-
FX an EAGLE mGuard monitors the atta-
ched F/O lines for open circuit conditions.
1.5 FURTHER FUNCTIONS
AND FEATURES
Diagnosis
In case of a reset the EAGLE mGuard runs a
hardware self test. During operation an inte-
grated watch dog (monitoring unit) moni-
tors the function of the software.
Reset
The EAGLE mGuard will be reset by the
following actions:
– management
– input voltages fall below a threshold
– watchdog
– switching between transparent mode and
router mode
After a reset the following actions are car-
ried through:
– self test
– initialization
1.6 DISPLAY ELEMENTS
Equipment status
These LEDs provide information about sta-
tuses which affect the function of the entire
EAGLE mGuard.
P1 – Power 1 (green LED)
– lit: – supply voltage 1 present
– not lit: –
supply voltage 1 is less than 9.6 V
P2 – Power 2 (green LED)
– lit: – supply voltage 2 present
– not lit: –
supply voltage 2 is less than 9.6 V
FAULT – Failure (red LED)
– lit: – The indicator contact is
open, i.e. it indicates an
error.
– not lit: – The indicator contact is
closed, i.e. it does not
indicate an error.
STATUS – Device status
(yellow/green LED)
– flashes green: – Initialization of the device
– lit green: – Device is operational
– flashes yellow slowly:
– Device is in router re-
dundancy backup mode
Port Status
These LEDs display port-related informati-
on.
LS/DA 1 to 2, V.24 – Data, Link status
(three green LEDs)
– not lit: – no valid link
– lit green: – valid link
– blinking green (3 blinks per period)
– port is disabled
– flashes yellow:– receiving data
– running light: – initialization phase after a
reset
Display of ACA function
The LEDs “STATUS” and “V.24” together
display information on the functionality of
the AutoConfiguration Adapter (ACA).
STATUS and V.24 – ACA activity
(two green LEDs)
– both LEDs flash simultaneously (slow):
– ACA writing process
– both LEDs flash simultaneously (fast):
– ACA reading process
– both LEDs flash alternated fast (about 5
sec.): – ACA error
Note: If necessary, the modem access is to
be activated via PPP. For the modem access
you need an adapter connector (not inclu-
ded in the state of delivery).
VT100 terminal settings:
– Speed: 9,600 Baud
– Data: 8 bit
– Stopbit: 1 bit
– Handshake: off
– Parity: none
The V.24 interface baud rate can be configu-
red to 9,600 up to 56,800 baud. The factory
default is 9,600 baud.
The socket casing is galvanically connected
to the front panel of the device.
Note: In chapter 6 „Technical data“ you
find the order number for the terminal
access cable which is to be ordered
separately.
Fig. 3: Pin configuration of the V.24
interface for the management access
USB interface
The USB socket offers an interface for the
local connection of an AutoConfiguration
Adapters ACA 21-USB. It is a device for
saving/loading the configuration and for
loading the software.
– Pin configuration of the USB interface:
– pin 1: VCC
– pin 2: - data
– pin 3: + data
– pin 4: ground
– AutoConfiguration Adapter ACA:
The ACA is a device for saving the confi-
guration data of a MICE, EAGLE mGuard,
RS2.../... or MACH switch. If one device
should fail, the ACA facilitates a conceiva-
ble simple assumption of the configurati-
on data by an alternative device of the
same type.
In case of a reset the EAGLE mGuard
compares the contents of the ACA with its
own configuration data. If the configura-
tion data do not correspond, the EAGLE
mGuard takes over the configuration data
of the ACA.
The function of the ACA is displayed by
the LEDs “STATUS” and “V.24” (refer to
chapter 1.6 display elements).
The configuration data is saved on the
ACA via the web based management.
6pin terminal block
The supply voltage and the indicator
contact are connected via a 6pin terminal
block with screw locking mechanism.
Pin 1
Pin 1
Pin 8
Pin 5
Pin 6
RJ11 DB9-Buchse
2
3
5
7
8
1
2
3
4
5
6
CTS
n.c.
TX
GND
RX
RTS
Pin 7
6
zWarning!
The EAGLE mGuard equipments are
designed for operation with a safety
extra-low voltage.Thus, they may
only be connected to the supply vol-
tage connections and to the signal
contact with PELV circuits or
alternatively SELV circuits with the
voltage restrictions in accordance
with IEC/EN 60950.
– Voltage supply: Redundant voltage sup-
plies are supported. Both inputs are
decoupled. There is no load distribution.
With redundant supply, the power pack
supplies the EAGLE mGuard only with the
higher output voltage. The supply voltage
is electrically isolated from the housing.
You can choose between DC or AC vol-
tage when connecting the supply voltage.
You use the +24V und 0V pins to connect
the AC voltage (see Fig. 4 and 5).
Fig. 4: Pin configuration of 6pin terminal
block, connecting DC voltage
Fig. 5: Pin configuration of 6pin terminal
block, connecting AC voltage
– Indicator contact:
The indicator contact is used to supervise
the functions of the EAGLE mGuard and
thus facilitates remote diagnosis.
Contact interrupt indicates the following
by means of a potential-free indicator
contact (relay contact, closed circuit):
– the failure of at least one of the two
supply voltages.
– a permanent fault in the EAGLE mGuard
(internal 3,3 V DC voltage, supply vol-
tage 1 or 2 < 9.6 V, ...).
– the faulty link status of at least one port.
The indication of the link state on the
EAGLE mGuard can be masked on a
port-by-port basis using the manage-
ment software.
State of delivery: there is no link test.
– self test error
Note: In the case of the voltage supply
being routed without redundancy, the
EAGLE mGuard indicates the failure of a
supply voltage. You can prevent this
message by feeding in the supply voltage
through both inputs.
Ground connection
The EAGLE mGuard is grounded via a sepa-
rate screw connection.
FAULT
G
18...30 VAC
G
18...30 VAC
+
24V(P1) 0V 0V +24V(P2)
FAULT
9,6...60 VDC9,6...60 VDC
+24V(P1) 0V 0V +24V(P2)
+-
-+
2. Configuration
To get access to the EAGLE mGuard, you
act as follows (device in the state of
delivery):
䡺To configure the EAGLE mGuard, start a
web browser with https capability on
the PC connected to the trusted port (k)
(e. g. MS Internet Explorer V. 5.0 or
higher).
䡺Connect the untrusted port (g) to your
network.
䡺In the address field of the web browser
you enter the following address:
https://1.1.1.1/
Result: The configuration connection to the
EAGLE mGuard is being built up. A security
note is displayed.
䡺Quit the security note with “Yes”.
䡺For login you enter:
– Login: admin
– Password: private
(Observe the use of small and capital
letters!)
Result: The administrator website of the
EAGLE mGuard is displayed.
䡺Configure the device.
Alternatively you can carry through the IP
configuration for the MCT mode via the
HiDiscovery protocol. You will find the
HiDiscovery software on the CD ROM which
is included in the scope of delivery.
Note: If the configuration connection to the
EAGLE mGuard is not built up, you will find
detailed information in the „Manual EAGLE
mGuard Management – Industrial ETHER-
NET Firewall/VPN System“.
3. Assembly, startup procedure
and dismantling
Before installation and startup please pay
attention to the security notes on the pages
2 and 3. With the following steps you set
the EAGLE mGuard into operation:
3.1 UNPACKING, CHECKING
䡺Check whether the package was deliver-
ed complete (see scope of delivery).
䡺Check the individual parts for transport
damage.
zWarning!
Use only undamaged parts!
3.2 ASSEMBLY
The equipment is delivered in a ready-to-
operate condition. The following procedure
is appropriate for assembly:
䡺Pull the terminal block off the EAGLE
mGuard and wire up the supply voltage and
indicator lines.
䡺Fit the EAGLE mGuard on a 35 mm
standard bar to DIN EN 50 022.
䡺Attach the upper snap-on slide bar of
the EAGLE mGuard to the standard bar and
press it down until it locks in position.
䡺Connect the device to the local network
or the local PC which is to be protected
(k).
䡺Connect the socket for connection to the
external network (g), e. g. the Internet.
(Via this network the connctions to the
remote device or the remote network
are realized.)
Notes:
– The front panel of the EAGLE mGuard is
grounded via a separate ground connec-
tion.
– Do not open the housing.
– The shielding ground of the twisted pair
lines which can be connected is electrical-
ly connected to the front panel.
Fig. 8: Assembling the EAGLE mGuard
3.3 STARTUP PROCEDURE
You start up the EAGLE mGuard by connec-
ting the supply voltage via the 6-pin termi-
nal block. Lock the terminal block with the
locking screw at the side.
3.4 DISMANTLING
䡺To take the EAGLE mGuard off the
ISO/DIN rail, insert a screwdriver horizontal-
ly under the housing into the locking slide,
pull it (without tipping the screwdriver)
downwards and lift the EAGLE mGuard
upwards.
EAGLE
2
1
STATUS
P21
LS/DA
21
+24V(P1)
FAULT
+24V(P2)
0V
0V
V.24
AufkleberMAC-Adresse
IP-ADDRESS
g
k
x
FAULT
R
V.24
Fig. 6: Configuration before installing the
EAGLE mGuard (example)
Fig. 7: Configuration with firewall after
installing the EAGLE mGuard (example)
7
5. Technical data
General data
Operating voltage 9.6 to 60 V DC safety extra-low voltage (SELV/PELV), redundant inputs decoupled.
Relevant for North America: Nec Class 2 power source 5 A maximum.
or 18 to 30 V AC
Buffer time min. 10 ms at 24 VDC
Potential difference between input Potential difference to input voltage, +24 VDC: 32 VDC
voltage and housing Potential difference to input voltage, ground: -32 VDC
Power consumption at 24 V DC at 24 V AC
EAGLE mGuard (with 2 TX ports) 6.9 W max.; 23.5 Btu (IT)/h 7.2 W max.; 24.6 Btu (IT)/h
EAGLE mGuard (with 1 TX and 1 FX port) 8.1 W max.; 27.6 Btu (IT)/h 8.1 W max.; 27.6 Btu (IT)/h
EAGLE mGuard (with 2 FX ports) 9.5 W max.; 32.4 Btu (IT)/h 9.6 W max.; 32.8 Btu (IT)/h
Overload current protection at input non-changeable fuse
Dimensions W x H x D 46 mm x 131 mm x 111 mm 1.8 in x 5.2 in x 4.4 in
Weight 340 g 0.8 lb
Ambient temperature Surrounding air: 0 ºC to + 60 ºC 32 °F to 140 °F
Storage temperature Surrounding air: - 40 ºC to + 70 ºC -40 °F to 158 °F
Humidity 10% to 95% (non condensing)
Atmospheric pressure Suitable for operation up to 2000 m (6561 ft), 795 hPa, higher altitudes on demand
Pollution Degree 2
Laser protection Class 1 conforming to EN 60825-1
Protection type IP 20
Interference proof
Discharge of static electricity
Contact discharge EN 61000-4-2 Test level 3
Air discharge EN 61000-4-2 Test level 3
Electromagnetic fields EN 61000-4-3 Test level 3
Fast transients EN 61000-4-4 Test level 3
Surge voltage symmetrical EN 61000-4-5 Test level 2
Surge voltage asymmetrical EN 61000-4-5 Test level 3
Cable-based RF faults EN 61000-4-6 Test level 3
EMC emitted immunity
EN 55022 Class A
FCC 47 CFR Part 15 Class A
Germanischer Lloyd Rules for Classification and Construction VI - 7 - 3 Part 1, Ed. 2003
Stability
Vibration IEC 60068-2-6 Test FC, testing level in line with IEC 61131-2:2003
Germanischer Lloyd Guidelines for the Performance of Type Tests Part 1
Shock IEC 60068-2-27 Test Ea, testing level in line with IEC 61131-2:2003
Certifications
cUL 508 / CSA 22.2 No.142 complies with
cUL 1604 / CSA 22.2 No.213 pending
Germanischer Lloyd complies with
Network size
TX port 10BASE-T/100BASE-TX
Length of a twisted pair segment 100 m approx.
F/O port 100BASE-FX
According to IEEE 802.3u 100BASE-FX
System attenuation
50/125 µm fiber (multimode) (MM) 0 to 8 dB
62.5/125 µm fiber (multimode) (MM) 0 to 11 dB
9/125 µm fiber (singlemode) 0 to 16 dB
Wave length (SM) 1300 nm
9/125 µm fiber (singlemode), Longhaul 7 to 29 dB
Wave length (LH) 1550 nm
F/O line length (example)
50/125 µm fiber (MM) 5 km approx. (data of fiber: 1.0 dB/km, 800 MHz*km)
62.5/125 µm fiber (MM) 4 km approx. (data of fiber: 1.0 dB/km, 500 MHz*km)
9/125 µm fiber (SM) 30 km approx. (data of fiber: 1300 nm, 0.4 dB/km)
9/125 µm fiber Longhoul (LH) 24 to 86.6 km (data of fiber: 1550 nm, 0.3 dB/km)
4. Further support
In the event of technical queries, please talk
to the Hirschmann contract partner respon-
sible for looking after your account or
directly to the Hirschmann office. You can
find the addresses of our contract partners
– on the Internet
(http://www.hirschmann.de).
Our support line is also at your disposal:
Tel. +49(1805) 14-1538
Fax +49(7127) 14-1551
Answers to Frequently Asked Questions can
be found on the Hirschmann product site
www.hirschmann-ac.de
The FAQs are located in the Automation
and Network Solutions section.
www.hicomcenter.com gives you an up-to-
date overview of training courses about
technology and products.
Hirschmann Automation and Control GmbH
Stuttgarter Straße 45-51
D-72654 Neckartenzlingen
Germany
Tel.: ++49 / 1805 / 14-1538
Fax: ++49 / 7127 / 14-1551
E-Mail: [email protected]
Internet: http://www.hirschmann-ac.com
Printed in Germany
Subject to alterations
Interfaces
EAGLE mGuard V.24 port external management, modem, ACA
Indicator contact 1 A maximum, 24 V
USB interface
in addition 2 type depending ports each:
kPort 1 (trusted) gPort 2 (untrusted)
– EAGLE mGuard TX/TX TX port with RJ-45 socket (10/100 MBit/s) TX port with RJ-45 socket (10/100 MBit/s)
– EAGLE mGuard TX/MM SC TX port with RJ-45 socket (10/100 MBit/s) FX port (multimode / MM)
– EAGLE mGuard TX/SM SC TX port with RJ-45 socket (10/100 MBit/s) FX port (singlemode 1300 nm / SM)
– EAGLE mGuard TX/LH SC TX port with RJ-45 socket (10/100 MBit/s) FX port (singlemode 1550 nm / LH)
– EAGLE mGuard MM SC/TX FX port (multimode / MM) TX port with RJ-45 socket (10/100 MBit/s)
– EAGLE mGuard MM SC/MM SC FX port (multimode / MM) FX port (multimode / MM)
– EAGLE mGuard MM SC/SM SC FX port (multimode / MM) FX port (singlemode 1300 nm / SM)
– EAGLE mGuard MM SC/LH SC FX port (multimode / MM) FX port (singlemode 1550 nm / LH)
– EAGLE mGuard FW TX/TX TX port with RJ-45 socket (10/100 MBit/s) TX port with RJ-45 socket (10/100 MBit/s)
– EAGLE mGuard FW TX/MM SC TX port with RJ-45 socket (10/100 MBit/s) FX port (multimode / MM)
– EAGLE mGuard FW TX/SM SC TX port with RJ-45 socket (10/100 MBit/s) FX port (singlemode 1300 nm / SM)
– EAGLE mGuard FW TX/LH SC TX port with RJ-45 socket (10/100 MBit/s) FX port (singlemode 1550 nm / LH)
– EAGLE mGuard FW MM SC/TX FX port (multimode / MM) TX port with RJ-45 socket (10/100 MBit/s)
– EAGLE mGuard FW MM SC/MM SC FX port (multimode / MM) FX port (multimode / MM)
– EAGLE mGuard FW MM SC/SM SC FX port (multimode / MM) FX port (singlemode 1300 nm / SM)
– EAGLE mGuard FW MM SC/LH SC FX port (multimode / MM) FX port (singlemode 1550 nm / LH)
Displays
Equipment status 1 x green LED P1 – power 1, supply voltage 1 present
1 x green LED P2 – power 2, supply voltage 2 present
1 x red LED FAULT – indicator contact is open and indicates error
1 x red/green LED STATUS – booting, heartbeat, system error
Port status 3 x green LED LS/DA 1 to 2, V.24 – data, link status
Controls
Recovery button R– Restart, Recovery procedure
– Flashing the firmware
Scope of delivery
EAGLE mGuard incl. terminal block for supply voltage, description and operating instructions
manual EAGLE mGuard on CD-ROM
Order number
EAGLE mGuard TX/TX 943 011-301
EAGLE mGuard TX/MM SC 943 011-302
EAGLE mGuard TX/SM SC 943 011-303
EAGLE mGuard TX/LH SC 943 011-304
EAGLE mGuard MM SC/TX 943 011-305
EAGLE mGuard MM SC/MM SC 943 011-306
EAGLE mGuard MM SC/SM SC 943 011-307
EAGLE mGuard MM SC/LH SC 943 011-308
EAGLE mGuard FW TX/TX 943 011-311
EAGLE mGuard FW TX/MM SC 943 011-312
EAGLE mGuard FW TX/SM SC 943 011-313
EAGLE mGuard FW TX/LH SC 943 011-314
EAGLE mGuard FW MM SC/TX 943 011-315
EAGLE mGuard FW MM SC/MM SC 943 011-316
EAGLE mGuard FW MM SC/SM SC 943 011-317
EAGLE mGuard FW MM SC/LH SC 943 011-318
Accessories
ETHERNET manual 943 320-011
Manual
Basics Industrial ETHERNET and TCP/IP 280 720-834
Terminal access cable 943 301-001
Rail Power Supply RPS 30 943 662-003
Rail Power Supply RPS 60 943 662-001
Rail Power Supply RPS 120 943 662-011
AutoConfiguration Adapter ACA 11 943 751-001
AutoConfiguration Adapter ACA 21-USB 943 271-001
Network Management Software HiVision 943 471-100
This manual suits for next models
16
Table of contents
Other Hirschmann Firewall manuals
