SSV IGW/936A User guide
OT/IT NETWORK GATEWAY
IGW/936A
with DNP/8331
System Reference
SSV SOFTWARE SYSTEMS Document Revision 1.1 // 2023-06-13
Introduction
2
IGW/936A // System Reference
CONTENT
1
INTRODUCTION .................................................................................................... 4
1.1
Checklist .................................................................................................................... 5
1.2
Required Equipment ................................................................................................. 5
1.3
Document Conventions ............................................................................................. 5
2
SAFETY GUIDELINES .......................................................................................... 6
3
OVERVIEW ............................................................................................................ 7
3.1
Control Elements ....................................................................................................... 7
3.2
Features and Technical Data .....................................................................................
4
PINOUTS ............................................................................................................... 9
4.1
10/100 Mbps Ethernet Interface LAN1 ..................................................................... 9
4.2
10/100 Mbps Ethernet Interface LAN2 ..................................................................... 9
4.3
USB 2.0 Host Port ...................................................................................................... 9
4.4
Screw Terminals ...................................................................................................... 10
4.5
LED Functions .......................................................................................................... 10
5
CABLE CONNECTIONS ..................................................................................... 11
5.1
Ethernet Link ........................................................................................................... 11
5.2
Power Supply ........................................................................................................... 12
6
SSV/WEBUI ......................................................................................................... 13
6.1
Status ....................................................................................................................... 14
6.2
System ..................................................................................................................... 15
6.2.1 System > System Identification ................................................................................ 15
6.2.2 System > System Management ................................................................................ 15
6.2.3 System > Firmware Update ...................................................................................... 16
6.2.4 System > Time and ate ........................................................................................... 17
6.2.5 System > COM Ports (Serial Ports) ........................................................................... 17
6.2.6 System > Watchdog .................................................................................................. 18
6.2.7 System > Logging ...................................................................................................... 20
6.3
Network ................................................................................................................... 21
6.3.1 Network > WAN ........................................................................................................ 21
6.3.2 Network > LAN1........................................................................................................ 22
6.3.3 Network > LAN2........................................................................................................ 23
6.3.4 Network > Firewall and NAT ..................................................................................... 24
6.4
Services .................................................................................................................... 25
6.4.1 Services > General .................................................................................................... 25
6.4.2 Services > OpenVPN ................................................................................................. 26
6.4.3 Services > yn NS .................................................................................................... 27
6.4.4 Services > HCP Server ............................................................................................. 28
6.4.5 Services > SNMP ....................................................................................................... 28
6.4.6 Services > Remote Access (OpenSSH) ...................................................................... 29
6.4.7 Services > SSV/WebUI .............................................................................................. 30
6.5
Proxies ..................................................................................................................... 31
Introduction
IGW/936A // System Reference
3
6.5.1 Proxies > Web ........................................................................................................... 31
6.5.2 Proxies > NS............................................................................................................ 32
6.5.3 Proxies > FTP ............................................................................................................. 32
6.5.4 Proxies > TCP ............................................................................................................ 33
6.5.5 Proxies > U P ........................................................................................................... 33
6.6
Logout ...................................................................................................................... 34
7
APPLICATION EXA PLES ................................................................................ 35
7.1
OT/IT Domain Isolation ........................................................................................... 35
8
CREATING A VPN CONNECTION ..................................................................... 39
9
HELPFUL LITERATURE ..................................................................................... 42
CONTACT ................................................................................................................. 42
DOCU ENT HISTORY ............................................................................................. 42
Introduction
4
IGW/936A // System Reference
1 INTRODUCTION
This document describes the basic hardware components, the necessary cable connections as well as
the web-based user interface (SSV/WebUI) of the OT/IT Network Gateway IGW/936A.
Figure 1: Typical application with the IGW/936A
Figure 1 shows the IGW/936A as an infrastructure module for domain isolation between the Ether-
net based networks of an IT and OT environment. In addition, various OT modules in RS485-based
bus systems, such as Modbus RTU, can be accessed from an IT Ethernet LAN via an IGW/936A.
Thereby an access rights management down to the single Modbus data point is possible.
Further applications for the IGW/936A are:
• Industrial OT/IT Firewall
• Proxy Server
• VPN Gateway
• Linux evice Server
Please note:
To operate the IGW/936A further equipment is needed. Please see
chapter 1. .
Introduction
IGW/936A // System Reference
5
1.1 Checklist
Compare the content of your IGW/936A package with the checklist below. If any item is missing or
appears to be damaged, please contact SSV.
OT/IT Network Gateway IGW/936A
1.2 Required Equipment
To configure the IGW/936A a computer with the following features is required:
• Windows 7 or higher
• Web browser (e.g. Firefox, Chrome)
• 10/100 Mbps Ethernet LAN interface and TCP/IP configuration
1.3 Document Conventions
Convention
Usage
bold
Important terms
monospace
Filenames, Pathnames, program code, command lines
Table 1: Conventions used in this document
Safety Guidelines
6
IGW/936A // System Reference
2 SAFETY GUIDELINES
Please read the following safety guidelines carefully! In case of property or personal damage by
not paying attention to this document and/or by incorrect handling, we do not assume liability. In
such cases any warranty claim expires.
ATTENTION!
OBSERVE PRECAUTIONS FOR HANDLING – ELECTROSTATIC SENSITIVE DE-
VICE!
• The power supply should be in immediate proximity to the device.
• The power supply must provide a stable output voltage between 1 – 4 VDC. The output
power should be at least .5 W.
• Please pay attention that the power cord or other cables are not squeezed or damaged in
any way when you set up the device.
• Do NOT turn on the power supply while connecting any cables, especially the power cables.
This could cause damaged device components! First connect the cables and THEN turn the
power supply on.
• The installation of the device should be done only by qualified personnel.
• Discharge yourself electrostatic before you work with the device, e.g. by touching a heater of
metal, to avoid damages.
• Stay grounded while working with the device to avoid damage through electrostatic dis-
charge.
Overview
IGW/936A // System Reference
7
3 OVERVIEW
3.1 Control Elements
Figure : Front view
Overview
8
IGW/936A // System Reference
3.2 Features and Technical Data
Processor
Manufacturer / Type
Sochip S3 with ARM Cortex
-
A7 CPU ( NP/8331)
Clock speed
10
08 MHz
Memory
RAM
128 MB R3 S RAM
Storage media
8 GB NAN Flash mass storage for
o
perating system and application
software
Interfaces
Ethernet
2x 10/100 Mbps (RJ45)
USB
1x USB 2.0 Host
Serial I/Os
1x RS485 serial port (screw terminal)
1x RS232/RS485 serial port (screw terminal)
Special Functions
RTC
1x Real Time Clock
Watchdog
1x Timer watchdog (hardware
-
based, software
-
configurable)
1x Power supervisor (hardware-based)
Boot loader
U
-
Boot
b
oot
l
oader
with A/B d
ual
b
oot
partitions
Operating sys
tem
SSV ebian Buster Linux
Administration
SSV/WebUI plus
f
irmware
Security
TCP/IP protocol stack with IPv4 a
nd IPv6 support
and various
s
ecurity
protocols
Firewall with netfilter + iptables, setup via SSV/WebUI
Displays / Control Elements
LEDs
1x Powe
r
1x Status
1x System status (programmable)
1x VPN status (programmable)
Electrical Characteristics
Power supply
12 .. 24 V C (typ. 24 V C) from external power supply
Power consumption
< 10
W
Mechanical Characteristics
Protection class
IP20 industria
l case for 35 mm IN
-
rail mounting
Mass
< 270 g
Dimensions
112 mm x 100 mm x 45 mm
Operating temperature
0 .. 60 °C
Standards and Certifications
EMC
CE
Environmental
standards
RoHS, WEEE
Table : Technical Data
Pinouts
IGW/936A // System Reference
9
4 PINOUTS
4.1 10 100 Mbps Ethernet Interface LAN1
Pin
Name
Function
TX+
10/100 Mbps LAN, TX+
2
TX
-
10/100 Mbps LAN, TX
-
3
RX+
10/100 Mbps LAN, RX+
4
---
Not Co
n
nected
5
---
Not Co
n
nected
6
RX
-
10/100 Mbps LAN, RX
-
7
---
Not Co
n
nected
8
---
Not Co
n
nected
Table 3: Pinout Ethernet interface LAN1
4.2 10 100 Mbps Ethernet Interface LAN2
Pin
Name
Function
TX+
10/100 Mbps LAN, TX+
2
TX
-
10/100 Mbps LAN, TX
-
3
RX+
10/100 Mbps LAN, RX+
4
---
Reserved
5
---
Reserved
6
RX
-
10/100 Mbps LAN, RX
-
7
---
Reserved
8
---
Reserved
Table 4: Pinout Ethernet interface LAN
4.3 USB 2.0 Host Port
Pin
Name
Function
VCC5
5
V C Power Output
2
ATA
-
USB Host
-
3
ATA
+
USB Host
+
4
GN
Ground
Table 5: Pinout USB host port
Pinouts
10
IGW/936A // System Reference
4.4 Screw Terminals
erminal
Signal
A1
COM2
Serial Port:
RS485 RX/TX+
A
COM2
Serial Port:
RS485 RX/TX
-
A3
Vin
+
(1
2
.. 2
4
V C)
A4
Vin
-
B1
---
B
COM3
Serial Port: TX (RS232), RX/TX
-
(RS485)
B3
COM3
Serial Port: RX (RS232), RX/TX+ (RS485)
B4
Signal
Ground
Table 6: Pinout screw terminals
4.5 LED Functions
LED
Description
Off
Flash
On
Power
No Power
---
Power On
Reserved
Always Off
---
---
S1
System
Not ready
Booting
Ready
S
VPN
Off
Connecting
Ready
Table 7: LED functions
Cable Connections
IGW/936A // System Reference
11
5 CABLE CONNECTIONS
For the IGW/936A commissioning, only a LAN connection to a PC must be established and the 24 V C
supply voltage must be provided.
5.1 Ethernet Link
Connect the LAN interface of the IGW/936A with an Ethernet LAN cable to a PC.
The IP address of the LAN2 interface is ex-factory set to 192.168.1.126.
Figure 3: Ethernet LAN connection
Cable Connections
12
IGW/936A // System Reference
5.2 Power Supply
The IGW/936A needs a supply voltage of 12 .. 24 V C to work.
Connect the cables of the provided plug-in power supply with the screw terminals of the IGW/936A
like shown in fig. 4.
Figure 4: Connecting the power supply
erminal
Signal
A3
Vin
+
(1
2
.. 2
4
V C)
A4
V
in
-
Table 8: Screw terminal power pins
CAUTION!
Providing the device with a higher voltage than the regular 1 .. 4 VDC
could cause damaged device components!
Do NOT power up the device while connecting the power supply or any
other cables. This could cause damaged device components! First connect
the power supply and THEN turn it on.
The boot process starts immediately after power up and can take up to one minute.
LED S1 flashes during the boot process and is permanently on when the IGW/936A is ready.
SSV/WebUI
IGW/936A // System Reference
13
6 SSV/WEBUI
The SSV/WebUI is the web-based user interface of SSV gateways. It enables configuration of inter-
faces, protocols, services and so on.
To open the login page of the SSV/WebUI enter the ex-factory IP address and port number of LAN2
of the IGW/936A manually in a web browser:
192.168.1.126:7777
Enter the supplied username and password and click on [Login].
Figure 5: Login page of the SSV/WebUI
After a successful login, the SSV/WebUI shows a horizontal menu bar with all available functions di-
vided into groups.
Figure 6: Menu bar of the SSV/WebUI
SSV/WebUI
14
IGW/936A // System Reference
6.1 Status
Figure 7: Status page
Figure 7 shows an example system status page with the addresses of all IP interfaces plus additional
information about NS servers and the default gateway.
SSV/WebUI
IGW/936A // System Reference
15
6.2 System
6.2.1 System > System Identification
Figure 8: System identification
This page summarizes various properties for gateway identification.
Host name
Input of an arbitrary name to be able to identify a certain gateway reliably.
Location
Location information or details to find the installation location of a specific gateway.
Contact
E-mail address input to be able to reach the person responsible for the gateway.
Serial number
Preset serial number of the gateway. This number can be used to answer queries about the produc-
tion week, factory settings, delivery, etc. with the help of the manufacturer database.
Identify device through front LED
Clicking on [Flash] causes one of the gateway's front panel LE s to flash for approx. 5 seconds. This
allows a specific gateway to be visually identified.
6.2.2 System > System anagement
Figure 9: System management
SSV/WebUI
16
IGW/936A // System Reference
The functions summarized here can be used to force a system reboot (restart) and to duplicate the
configuration settings or reset them to the factory default state.
Reboot system
Clicking on [Reboot] causes the gateway's operating system to shut down. This is followed by a re-
boot. The SSV/WebUI session must then be restarted. This action may cause the loss of unsaved set-
tings.
Configuration download
The configuration settings of the gateway can be downloaded and saved as a file to the PC.
Configuration upload
A configuration file saved on the PC can be uploaded to the gateway to apply the settings from this
file.
IMPORTANT!
This action causes the current gateway settings to be overwritten by the
uploaded file. This may lock you out of the SSV/WebUI for further access.
Configuration reset
Allows to reset the to the factory default state. All individual settings made via the SSV/WebUI will
be overwritten.
6.2.3 System > Firmware Update
Figure 10: Firmware update
Firmware info
Current firmware version and hash value for integrity checks on the installed firmware image.
Firmware update via API
Check if there is a firmware update available. ownload and install a new firmware image from a
trusted SSV server. Software u dates are a critical matter. In case of doubt, contact our su ort be-
fore erforming an u date.
SSV/WebUI
IGW/936A // System Reference
17
6.2.4 System > Time and Date
Figure 11: System time and date
Local time zone configuration
The time zone in which the gateway is located can be set here. The setting is required in order to car-
ry out the necessary correction during a time synchronization with time servers on the Internet (cor-
rection with respect to Greenwich Mean Time (GMT)).
Time and date configuration
The internal gateway real-time clock can be synchronized automatically via an external time server
(in a LAN or on the Internet) or manually.
6.2.5 System > CO Ports (Serial Ports)
Figure 1 : Serial port settings
SSV/WebUI
18
IGW/936A // System Reference
The serial interfaces of the gateway can be used universally for different applications. Via this page
individual interfaces can be reserved for operation as a serial console (remote console) or as a COM
port redirector. By such a reservation the respective interface is no longer available for other appli-
cations.
Please note:
The COM1 port of this gateway is located inside the housing. It is not
accessible from the outside. The COM1 port is fixed as a serial console
for service purposes. Any other usage is not ossible.
None
The serial interface can be used by any application, e.g. by Node-RE for Modbus-based communica-
tion with external modules.
Remote console
The respective serial port forms a console for communication with the Linux operating system.
Please note that a login with username and password is required to access the console.
Com port redirector
This function forms a protocol converter between the IP-based transport protocols U P or TCP,
which are available e.g. for the LAN interfaces, and the respective assigned serial port. The UP or
TCP side can be operated in client or server mode.
6.2.6 System > Watchdog
Figure 13: Watchdog settings
The gateway has various watchdog timers (or counters) intended to ensure the most trouble-free
24/7 operation possible. There are individual configuration options available for these watchdogs.
SSV/WebUI
IGW/936A // System Reference
19
Enable watchdog service
Enable or disable watchdog services of the gateway.
Enable default watchdog
Activate the individual watchdogs listed here with the factory default settings.
Reboot interval
Set a time interval after which a gateway reboot is automatically triggered. The gateway reboot sets
all system processes to a (defined) initial state.
A typical use case for this gateway is operation as a VPN client in a remote maintenance application.
For this, depending on the configuration, it is important that a permanent VPN connection to an ex-
ternal VPN server exists. If this VPN connection is interrupted, the gateway must automatically try to
reach the server again.
The following two setting options can be used to trigger a reboot if no VPN server connection is es-
tablished within a certain time or if no VPN connection exists for a certain time.
VPN1: Start delay
Monitors whether a VPN connection is established within a certain time. The gateway can automati-
cally contact a VPN server after each boot process in order to integrate itself as a client in a VPN. If
this integration does not work within the time specified here, a reboot is triggered.
VPN1: Offline delay
Monitors how long no VPN connection to an external server has existed. If a VPN connection to the
server has been interrupted and no new connection has been established, a reboot is triggered after
the set time has elapsed.
In many use cases, a gateway simultaneously maintains local connections to other systems as well as
various external connections to the Internet (so-called WAN connections = Wide Area Network con-
nections), e.g., to a time server and other special cloud and IoT service platforms. WAN connections
are much more vulnerable to interference than a local connection.
The following three setting options can be used to configure data volume-based WAN condition
monitoring to trigger an automatic restart of the WAN interface hardware in case of malfunction
(e.g., a reset of an internal cellular modem).
WAN: Traffic threshold
Number of bytes per minute that must be transferred at least from the WAN to the gateway if there
is a functioning WAN connection. This threshold determines whether the WAN connection is classi-
fied as OK or critical (undetermined). This function is only useful for gateways with an internal cellu-
lar modem.
WAN: Start delay
Time period within which the number of bytes per minute specified by the threshold value (see Traf-
fic threshold) must be reached after a gateway boot process. Otherwise a WAN interface hardware
restart is triggered after the set time has elapsed. This function is only useful for gateways with an
internal cellular modem.
WAN: Idle delay
Maximum time that may elapse without reaching the number of bytes per minute specified by the
threshold (see Traffic threshold). Otherwise a WAN interface hardware restart is triggered after the
set time has elapsed. This function is only useful for gateways with an internal mobile modem.
SSV/WebUI
20
IGW/936A // System Reference
Mobile: reset count
This function is only for gateways with an internal cellular modem.
Mobile: reboot count
This function is only intended for gateways with an internal cellular modem.
6.2.7 System > Logging
Figure 14: Logging settings
The gateway generates a log file with extensive entries at runtime. It is used for diagnostics and for
finding the cause of unusual system behaviour and other events.
Please note:
The log file is regenerated with every gateway boot process and is lost
when the supply voltage is switched off.
Download log file
ownload and save the log file to the PC.
Download service startup graph
ownload and save a graph in SVG-format with an overview of the start-up of individual system ser-
vices to the PC.
Table of contents
Other SSV Gateway manuals
SSV
SSV IGW/935 User manual
SSV
SSV IGW/100 Application guide
SSV
SSV RMG/941 Series Application guide
SSV
SSV IGW/910 Application guide
SSV
SSV IGW/922 Application guide
SSV
SSV IGW/920 User manual
SSV
SSV IGW/925 Installation and user guide
SSV
SSV IGW/922 User manual
SSV
SSV MGW/865 User manual
SSV
SSV IGW/925-W Application guide
