Knox Keysecure 5 User manual

KNOX

NETWORKING GUIDE

Configuring network communication and security settings

for your MedVaults and Knox KeySecure® 5& 6 Devices

1601 W. Deer Valley Road, Phoenix, AZ 85027

Phone: 800-552-5669 ● Fax: 623-687-2290

knoxbox.com

Knox Networking Guide

The Knox® Company, the Knox logo and all other Knox Company product or service names are registered

trademarks or trademarks of the Knox Company.

Restricted Rights Legend

U.S. GOVERNMENT RESTRICTED RIGHTS. UNPUBLISHED—RIGHTS RESERVED UNDER THE

COPYRIGHT LAWS OF THE UNITED STATES. Use, duplication, or disclosure is subject to restrictions set forth

in the FAR Section 52.227-14 Alt. III(g)(3), FAR Section 52.227-19, DFARS 252.227-7014(b), or DFARS

227.7202, as amended from time to time.

Knox Networking Guide

TABLE OF CONTENTS

TABLE OF CONTENTS .............................................................................................................................. 3

KNOX NETWORKING OVERVIEW ............................................................................................................ 4

Target Audience .................................................................................................................................. 4

Connecting to KnoxConnect Cloud ..................................................................................................... 4

Network Compatibility.......................................................................................................................... 6

NETWORK & SECURITY SETTINGS ........................................................................................................ 7

Adding a Certificate Issued by a Certificate Authority ............................................................................. 7

Adding an Enterprise Client Certificate ................................................................................................... 8

Edit or Delete a Certificate ...................................................................................................................... 9

Replacing an Expired Certificate ....................................................................................................... 10

Adding a Network Template .............................................................................................................. 11

Creating Network Profiles ................................................................................................................. 12

ASSIGNING PROFILES TO KNOX DEVICES ......................................................................................... 14

ASSIGNING PROFILES TO KNOX DEVICES USING APPLY TO ALL .................................................. 15

KNOX DEVICE SYNC SOFTWARE ......................................................................................................... 17

INSTALLING KNOXCONFIG SOFTWARE (KeySecures with FW v1.8.6 or earlier) ............................ 20

KNOXCONFIG SOFTWARE SETTINGS .................................................................................................. 21

Setting the WiFi Dynamic IP Configuration ........................................................................................... 21

Setting the WiFi Static IP Configuration ................................................................................................ 23

Setting the Ethernet Dynamic IP Configuration ..................................................................................... 24

Setting the Ethernet Static IP Configuration .......................................................................................... 24

Saving Your Settings ............................................................................................................................. 25

Exit ........................................................................................................................................................ 25

Knox Networking Guide

KNOX NETWORKING OVERVIEW

Knox KeySecure 5 and 6 and MedVault devices can communicate with KnoxConnect

Cloud via ethernet or WiFi network connections. This network connection enables

administrators to manage users and upload audit events for KeySecure, eKey, and

MedVault to KnoxConnect Cloud. This document outlines the steps necessary to

configure Knox devices to connect to your jurisdiction’s network.

Target Audience

The Knox Networking User Guide is intended for use by your jurisdiction’s

KnoxConnect administrators and IT or IT Security personnel.

Those configuring Knox devices for network connectivity should have previous

knowledge of or experience with connecting devices to your network. Users who will

be configuring devices must have a KnoxConnect Cloud role of Primary Admin,

Secondary Admin, or Device Admin.

Connecting to KnoxConnect Cloud

Initial Setup

Initial network parameters are configured in KnoxConnect Cloud and

transmitted to the device via a USB to Mini USB cable using Knox

Device Sync software running on Windows® 10.

Operation

Once the network connections have been configured, your Knox device will be able to connect through your

internet-enabled network for remote management and upload of audit event records to KnoxConnect Cloud. Knox

devices can operate both continuously online and with periodic connectivity.

Note: When operating with periodic connectivity, it is important to ensure devices connect regularly to obtain

updated firmware, settings, and user additions or deletions. Audit event records in KnoxConnect Cloud will reflect

only transactions from or prior to the time of last connection.

Knox Networking Guide

Connecting via Mobile Gateway

Knox devices can connect to a mobile gateway via WiFi or

Ethernet. They can be synced to KnoxConnect Cloud

anywhere you have internet access.

Connecting via WLAN

Knox devices store authorized PINs and audit event records

when disconnected from KnoxConnect Cloud allowing it to

operate with only periodic connection to a station’s Wireless

LAN. When in range of the network they will sync with

KnoxConnect Cloud using the stored network settings.

Connecting via WiFI Hotspot

Knox devices can also be connected via WiFi hotspot located

inside or outside of the vehicle. When in range of the hotspot,

they will sync with KnoxConnect Cloud.

Knox Networking Guide

Network Compatibility

Knox devices have the following communication capabilities:

Communication Standards:

• 802.3 Ethernet

• 802.11 b/g/n (2.4GHz)

Supported Security/Encryption:

• WPA-PSK: TKIP

• WPA\WPA2: Mixed

• WPA2-PSK: AES

• WPA2-EAP-TLS

• WPA2-EAP-PEAP with TLS

• WPA2-EAP PEAP with MSCHAP

Note: EAP-FAST is not currently supported. Please contact Knox Technical Support if your encryption type is

not shown.

Ports (required for communication):

• 443 - SSL communication

• 123 – Network Time Protocol (optional)

IP Configuration

• Dynamic

• Static

Knox Networking Guide

NETWORK & SECURITY SETTINGS

IMPORTANT: Before beginning setup, please consult your IT or IT Security personnel for assistance and

required information. You will need to know the type of security your organization uses for WiFi connections and

have the certificate information (if applicable) available in order to proceed.

If using security that does not require use of Certificates, proceed to the section: Adding Network Templates.

Adding a Certificate Issued by a Certificate Authority

1. Select Network Settings from side menu.

2. Select Certificate Authority Certificates tab and then select the Add button.

3. Provide a name and optional description for the certificate.

Knox Networking Guide

4. Add the certificate:

a. To upload the certificate in PEM format, select the Upload a CA certificate in PEM format radio

button, then select Choose File button to select the file.

b. To add the certificate via text, select Upload a CA certificate by pasting in the PEM radio button and

paste the complete text of the PEM (including beginning and ending characters) in the provided field.

5. Select Upload button to save the certificate. A green success message will display when saved.

Note: You can navigate to the Certificate tab to verify the new certificate appears in the list.

Adding an Enterprise Client Certificate

1. Select Network Settings from side menu.

2. Select the Enterprise Client Certificates tab and then select the Add button.

3. Provide a name and optional description for the certificate.

4. Add the certificate:

a. To upload the certificate, select the Upload a client certificate in PFX/PKCS12 format radio button,

then select Choose File to browse to the file location.

b. To add the certificate via text file, select the Upload a client certificate by pasting in the PEM radio

button and paste the complete text of the PEM text, including beginning and ending characters.

5. Provide the private key password if required.

6. Select Upload to complete the installation process. A green success message will display when saved.

Note: You can navigate to the Enterprise Client Certificates tab to verify the new certificate appears in the

list.

Knox Networking Guide

Edit or Delete a Certificate

Note: Only the name and description field of a certificate may be edited.

1. To edit the certificate information.

a. From the Network Settings page, select the Certificate Authority Certificates or Enterprise Client

Certificates tab. A list of certificates will be shown.

b. Select the Edit button for the certificate you wish to modify.

c. Make changes and select the Save button.

2. To delete the certificate.

Improper deletion may result in loss of communication with devices and require reconfiguration

via USB to restore communication. Please consult with IT or IT Security personnel before deleting

a certificate.

a. Remove the certificate from all assigned network templates.

b. From the Network Settings page, select the Certificate Authority Certificates or Enterprise Client

Certificates tab. A list of certificates will be shown.

c. Select the Delete button for the certificate you wish to modify.

d. Select OK on the dialogue box.

Note: The system will provide an error message if any template or device is still assigned to use the

certificate. Remove the certificate from all templates and retry.

Knox Networking Guide

Replacing an Expired Certificate

If a deployed certificate is about to expire, it will need to be replaced for devices to be recognized by the network

and maintain their connectivity with KnoxConnect. For security reasons, the certificates can only be updated using

Knox Device Sync.

Improper replacement may result in loss of communication with devices and require reconfiguration via

USB to restore communication. Please consult with IT or IT Security personnel before replacing a

certificate.

For CA Certificate:

1. Open up the applicable Network Template.

2. Use the drop-down menu by CA Certificate to select replacement certificate.

3. Save changes and refer to the section below “Syncing KeySecure or MedVault” to implement updates.

For Client Certificates

1. Open the KeySecure or MedVault edit page.

2. Under the Device Hardware Programming Section, click on the drop-down arrow next to Client Certificate.

3. Save changes and refer to the section “To Sync KeySecure and MedVault with KnoxConnect Cloud”

to force the certificate to update.

Knox Networking Guide

Adding a Network Template

Network connection settings are established by creating Network Templates. The Network Template contains

profiles for networks that the Knox devices will use to communicate with KnoxConnect Cloud and can be applied

to one or more Knox devices allowing for quick configuration. Each template can support up to seven network

profiles, which can be prioritized. To begin, a default network access template must be established.

1. From the KnoxConnect side menu, select Network Settings and then select the Network Templates tab.

2. Select Add Template Button.

3. Provide a name for the template in the Template Name field.

4. Select IP assignment type for Ethernet and WiFi:

a. If devices will get their IP addresses dynamically using DHCP, select the Dynamic radio button.

b. If devices will have static IP addresses, select the Static radio button and populate the Gateway IP,

Network Mask and DNS IP fields.

Note: Knox devices are unable to switch between Ethernet and WiFi. Ignore IP assignment type that is not

relevant to your configuration.

Knox Networking Guide

Creating Network Profiles

For each network template, you will need to create at least one profile. Each network template supports up to

seven WiFi network profiles or one Ethernet network profile.

Note: Network profile 0 must be populated.

Note: If using EAP_PEAP-MSCHAP Profile 0 must be used for this Enterprise Security type.

Creating an Ethernet profile

1. Select Profile 0 (Required for using ethernet)

2. Select Profile Type Ethernet.

3. Select the Create button (Save button if template was already created).

Creating a Personal WiFi profile (no Certificate)

1. Select a Profile number.

2. Select the Yes radio button for ‘Populate this profile?’.

3. Select the Profile type Personal WiFi.

4. Select Priority for the profile (7 is highest).

5. Provide the SSID Name and password.

6. Select the Create button (Save button if template was already created).

Knox Networking Guide

Creating an Enterprise WiFi profile.

1. Select a profile number.

2. Select profile type Enterprise WiFi.

3. Select Priority for the profile (7 is highest)

4. Enter the network ID in SSID name field.

5. Select your network’s EAP Method from the EAP Method dropdown.

6. As required for the EAP method selected, select the certificate the CA Certificate dropdown.

7. Select the Create button (Save button if template was already created).

Note: Repeat steps for each network the devices will connect to.

Note: Remember to select the Save button after each profile has been entered.

Knox Networking Guide

ASSIGNING PROFILES TO KNOX DEVICES

Once the network templates have been created you can assign them to your Knox devices.

1. Select the Knox Device from menu on the left. In this example KeySecure is selected however the same

navigation is used for MedVault

2. Select the Edit button for the KeySecure or MedVault you wish to apply the Network Template.

3. Scroll down to the Device Hardware Programing Section.

4. Select the Network Template you want to apply to that unit from the dropdown list.

5. If using Static IP addresses input the Static Ethernet IP or Static WiFi IP address for this device.

6. If using Enterprise Security, complete the following fields:

• Enterprise Identity

• Client Certificate: select the certificate from the dropdown list (if applicable)

• Enterprise Password (if applicable)

• Re-enter Password (if applicable)

• Enterprise Anonymous Identity (if applicable)

7. Select Save button.

Knox Networking Guide

ASSIGNING PROFILES TO KNOX DEVICES USING APPLY TO ALL

If all Knox devices in your jurisdiction will have the same profile, you can use the Apply to all Menu.

1. Select Apply to all KeySecure Menu button.

Note: In this example KeySecure is selected however the same navigation is used for MedVault

2. Scroll down towards the bottom of the page.

Knox Networking Guide

3. Complete the following fields:

• Network Template

• Enterprise Identity

• Client Certificate: select the certificate from the dropdown list (if applicable)

• Enterprise Password (if applicable)

• Enterprise Anonymous Identity (if applicable)

4. Remember to select the Save button after each field completed.

Note: If using static IP addresses, you must apply a static IP address to each unit individually.

Knox Networking Guide

KNOX DEVICE SYNC SOFTWARE

For initial set up and configuration of your Knox device, KnoxConnect Cloud no longer requires the use of

KnoxConfig software. Settings are configured in KnoxConnect then synced with your Knox device using Knox

Device Sync software.

To install Knox Device Sync:

1. Select Admin from the side menu in KnoxConnect.

2. Select the Software Download tab and then select Download the Knox Device Sync Software.

3. Open the downloaded Knox Device Sync software file.

4. Select the Next button.

Note: Installing this software may require administrator rights to your PC. Contact your IT department for

assistance.

Knox Networking Guide

To Sync Knox Devices with KnoxConnect Cloud

Note: You must first configure the settings in KnoxConnect Cloud for the Knox device before syncing.

Note: Before beginning, check KnoxConnect Cloud to verify that the firmware on your Knox device is the most

recent version.

1. Open Knox Device Sync by clicking on the icon on your desktop.

2. Connect the Knox device to the computer with the USB to Mini USB cable.

3. The Knox device serial number will automatically populate.

4. Select the Start button and the Knox device will update, status will read “Finished: OK” when complete.

Knox Networking Guide

5. Repeat Step 4 if the Knox device Firmware was not the current version, the first update will install new

firmware and the second update will load network templates.

6. Repeat steps 2-4 for each Knox device you are syncing or close Knox Device Sync if done.

Knox Networking Guide

INSTALLING KNOXCONFIG SOFTWARE (KeySecures with FW v1.8.6 or earlier)

Devices with firmware version 1.8.6 or below must be configured using KnoxConfig. Follow these steps to

download and install the KnoxConfig Software:

1. Before you start the installation, make sure the KeySecure is not connected to the PC via USB.

2. Log into KnoxConnect at knoxconnect.net as the device administrator to download the KnoxConfig

Software.

3. From the left Selection Panel, select Admin.

4. Select the Software tab.

5. From the Software Download list, select Download the KnoxConfig Software.

6. Locate and open the downloaded KnoxConfig Software file.

7. Select the Install button to begin the installation of the KnoxConfig Software and its associated drivers.

8. Follow installation prompts to launch the software.

9. After installation is complete KnoxConfig will automatically run.

Knox KeySecure 5 User manual

Popular Network Hardware manuals by other brands