How it Works
Digi
Loading...
IX14
User Manual
22 pgs191.56 Kb0
User Manual
730 pgs11.16 Mb0
Table of contents
Loading...

Digi IX14, IX20, IX20W User Manual

DIGI INTERNATIONAL
9350 Excelsior Blvd, Suite 700 Hopkins, MN 55343, USA +1 (952) 912-3444 | +1 (877) 912-3444
www.digi.com

Digi Accelerated Linux (DAL) Release Notes

IX-series

INTRODUCTION

This is a major firmware release for all IX-series products. This is a mandatory production firmware release

SUPPORTED PRODUCTS

· Digi IX14
· Digi IX20
· Digi IX20W

KNOWN ISSUES

· VRRP does not always react when its interface changes state [DAL-3794]
· IPSEC failover doesn’t occur if SureLink tests aren’t passing [DAL-3291]
· non-primary DNS servers are still queried through the wrong interface when use_dns
configuration option is set to primary (resolved by changing use_dns to either always or never) [DAL-3156]

UPDATE BEST PRACTICES

Digi recommends the following best practices:
1. Test the new release in a controlled environment with your application before you update production devices.
2. Unless otherwise noted, apply updates in the following order:
a. Device firmware b. Modem firmware c. Configuration d. Application
Digi recommends Digi Remote Manager or Digi aView for automated device updates. For more information, follow the instructions for Digi Remote manager or Digi aView in the links below:
1. Instructions for Digi Remote Manager:
https://www.digi.com/resources/documentation/digidocs/90001436-13/default.htm#tasks/t_update_device_firmware.htm
2. Instructions for Digi aView:
https://www.digi.com/resources/documentation/digidocs/acl-kb/default.htm#Subsystems/kb-6300-cx/update-firmware.htm
If you prefer manually updating one device at a time, follow these steps:
93001321_N Release Notes Part Number: 93001321 Page 1
1. Download the firmware file from the Digi firmware support page.
2. Connect to the device’s web UI by connecting your PC to the WAN Ethernet port of the device and then going to http://192.168.210.1.
3. Select the System tab on the top navigation bar of the page, then select Firmware Update.
4. Select the Browse button in the Upload file section.n.
5. Browse for and select the downloaded firmware file.
6. Click the Update Firmware button.

TECHNICAL SUPPORT

Get the help you need via our Technical Support team and online resources. Digi oers multiple support levels and professional services to meet your needs. All Digi customers have access to product documentation. firmware, drivers, knowledge base and peer-to-peer support forums.
Visit us at https://www.digi.com/support to find out more.

CHANGE LOG

VERSION 20.8.22.32 (August 28,2020)

IX14-20.8.22.32.bin
SHA512:
deea32a3fd22257be2e08596162a83778966cfec751725ae533ec90bf0cf43466e6cd21ba 649ab4812fa6bcfb29400a71f3cca14dc27c478d9da69221fd1c5
MD5: 1c64b417f36e6425576f999506da9d79
IX20-20.8.22.32.bin
SHA512:
8f7772b60cf18abdd8325dc6fa8e4e4cc7a0f1d4eb201070fc14e6855fc1f05170ba40cb45 a83167170467d9e348e64f059184c25c82487005ea5691b8658cee
MD5: 55d7da428951313542aaf9a76e3eb410
IX20W-20.8.22.32.bin
SHA512:
c505383dd71a250f3692ea54ccc10e2e4b718670fb58afbf4f8448f30cbd25620eb451d6e 8123d7d0cad1e56a1f67f97c7bd997fa215053901c105884fa00ca9
MD5: afc95277a3f03a617fbf8c6a1079ee
FEATURES
1. Add new System → Scheduled taks → Allow scheduled scripts to handle SMS configuration option to allow custom python scripts to handle sending/receiving SMS messages [DALP-488]
2. Add digidevice.sms python module for sending/receiving SMS messages in a custom python script [DALP-488]
3. Add ability to load custom factory config file from the local filesystem, which if present is loaded when the device is reset to default settings [DALP-394]
1. The config file is the same as what can be downloaded when a user saves/exports the
configuration from the Configuration Maintenance page in the local web UI. That .bin config file can be placed in /opt/custom-default-config.bin
4. New WiFi scanner configuration options for filtering results of the scan by device type (access points vs clients), static vs moving devices, MAC address, or RSSI signal strength
5. DMNR Verizon Private Network support with new settings under VPN → NEMO [DALP-457]
93001321_N Release Notes Part Number: 93001321 Page 2
6. Added Serial Modbus Gateway service for utilizing the Modbus protocol to communicate with serial ports [DALP-573]
1. Configuration settings for the Modbus Gateway are found under Services → Modbus
Gateway
7. MQTT client support via Paho Python module [DALP-590]
8. Added Ethernet network bonding to allow the same MAC address and IP configuration to be shared for multiple physical Ethernet ports in either active/backup or round-robin mode [DALP-589]
1. Configuration options found under Network → Interfaces → Ethernet bonding. Bond
devices created here can then be assigned to network interfaces
2. Note: not available on the IX14
9. VRRP+ options added under Network → VRRP → VRRP+ for validating primary or backup connectivity and automatically changing VRRP priority [DALP-289]
1. Note a SureLink test must also be enabled for the network interface the VRRP entry is
assigned to
10. Cisco Umbrella content filtering options added under Firewall → Web filtering service configuration section [DALP-524]
ENHANCEMENTS
1. Disable voice services on Quectel EC25-AF when using T-Mobile SIMs [DAL-3707]
2. Add -I source address option to the ping CLI command [DAL-3682]
3. Add service.modbus.debug config option to enable debug logging on Serial Modbus [DAL­3561]
4. Add Central management configuration options for any DAL product to sync with aView, ARMT, or AVWOB [DALP-626]
5. Add 4GM and 4GT options to the Network->Modems→Access technology settings to specify a CAT-M modem to only connect on LTE CAT-M1 or NB-IoT, respectively [DALP-472]
6. Add options under System → Log → Server list to allow users to specify the TCP/UDP protocol and port of the remote syslog server [DALP-593]
7. Added configuration option under Serial → TCP connection to specify encrypted vs non­encrypted connection types
8. Added configuration option under Serial → TCP/Telnet/SSH connections to enable/disable TCP keep-alive messages and nodelay
9. Added new Base settings checkbox on custom serial configuration page in the web UI to allow users to specify whether they want to copy the base serial settings or not [DAL-3775]
10. Added new Monitoring→Device Health→Data point tuning configuration options to fine tune what datapoints are uploaded as health metrics to Digi Remote Manager
11. Added new Monitoring→Device Health → Only report changed values to Digi Remote Manager option to control sending metrics to Digi Remote Manager on the basis of whether the values have changed since they were last reported [DAL-3386]
12. Reduced data usage by 80% (based on default settings) for reporting health metrics to Digi Remote Manager [DAL-3394]
13. Fade Configuration saved pop-up window 5 seconds aer clicking the Apply button [DAL­3451]
14. Added new Status → Scripts page in the web UI to view custom scripts and applications configured in the device, along with their status (running vs idle) [DALP-533]
15. Add options in CLI to show and manually stop any custom scripts or applications [DALP­533]
16. Added Duplicate firmware option on the Firmware Update page in the local web UI to copy
93001321_N Release Notes Part Number: 93001321 Page 3
the active firmware to the secondary firmware partition [DALP-565]
17. Add system duplicate-firmware CLI command to copy active firmware to the secondary firmware partition [DALP-565]
18. Move update firmware CLI command to be under system [DAL-3092]
19. Add show vrrp CLI command to display the status of any configured VRRP instances [DAL­2953]
20. Use a random unprivileged port for performing ntp time syncs if standard port 123 fails [DAL-3650]
21. Added new Authoritative option under TACACS+, RADIUS, and LDAP user authentication methods to prevent falling back to additional authentication methods if enabled [DAL-3314 & DALP-540]
22. Added new options under Network → Wi-Fi to control Tx Power of the Wi-Fi module (default 100%) and allow multiple RADIUS servers for WPA2 Enterprise [DALP-85]
23. Include up/down status of hotspots in the show hotspot CLI output [DAL-2184]
24. Update to ModemManager 2020-05-19 [DAL-3254]
1. libqmi: updated to 1.25.4+
2. ibmbim: updated to 1.20.4+
3. libgudev: updated to version 233
4. Improved support for Quectel EC25/EG25 modules
BUG FIXES
1. Fix LED behavior to account for Surelink pass/fail results [DAL-3688]
2. Fixed issue preventing RADIUS/TACACS+ authentication from working unless local-user authentication was also configured [DAL-3701]
3. Fixed issue preventing 1002-CMG4 modem from connecting with Verizon private APN SIMs [DAL-3276]
4. Fixed issue where device would remain connected to Digi Remote Manager even aer cloud.service was changed to aView or disabled. Rebooting the device previously resolved the issue [DAL-3504]
5. Fixed bug where IPsec tunnels with multiple policies would only properly route traic for the last policy configured [DAL-3448]
6. Fixed missing CPU usage stats in show system CLI output [DAL-2540]
7. Fixed improper value of the active SIM slot in the modem sim-slot show CLI command output when SIM slot 2 was in use [DAL-3569]
8. Fixed issue preventing network interfaces from initializing if the interface name was longer than 7 characters [DAL-2327]
9. Fixed issue preventing WAN passthrough mode if WAN was configured with a static IP [DAL­3097]
10. Fixed errors displayed in CLI when configuring a USB serial port in remote access mode [DAL-3207]
11. Fixed issue preventing users from configuring an IP address as a remote syslog server [DAL­3433]
12. Handle incorrect value occasionally returned by by Telit LM940/LM960 module when querying to see which SIM slot is in use [DAL-3481]
13. Fixed issue preventing cellular modem connectivity if a custom gateway/subnet was configured but the modem wasn't in passthrough mode [DAL-3585]
14. Fixed issue causing aView IPsec tunnel (if enabled) to randomly fail when device was in passthrough mode [DAL-3657]
15. Fixed permission issue on /opt/custom/ directory preventing users from setting up custom
93001321_N Release Notes Part Number: 93001321 Page 4
CSS and logos [DAL-3710]
16. Fixed issue preventing VLANs from being assigned to Wi-Fi SSIDs [DAL-3113]
SECURITY FIXES
The highest level vulnerability that has been fixed in this release is listed as a High CVSS score of 6.7
1. Update to Linux kernel 5.7 (CVE-2020-10732 CVSS Score: 4.4 Medium
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L) [DAL-3322]
2. Added local user login rate limiting to default lockout additional login attempts for 15 minutes aer 5 login failures per user (Score: 6.7 Medium
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) [DAL-3390 and DAL-3505]
1. New configuration options are under the Login failure lockout section for each user in
the Authentication → User settings
3. Prevent /etc/config/start from running when shell is disabled (Score: 5.2 Medium
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L) [DAL-2846]
4. Prevent file path expansion on Firmware Update and File System pages in the local web UI (Score: 3.2 Low CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) [DAL-3513, DAL- 3471, & DAL-3518]
5. Prevent cross-site scripting on the Wi-Fi and Bluetooth scanner pages in the local web UI (Score: 3.8 Low CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) [DAL-3628]
6. Obfuscate text when showing the SIM PIN (Score: 3.2 Low
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N) [DAL-3462]
7. Set HTTP Auth Cookie as secure in the local web UI (Score: 3.1 Low
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N) [DAL-3393]
8. Fixed leaked file descriptors on serial connections [DAL-3202]

VERSION 20.5.38.58 (July 20, 2020)

This is a recommended release
ENHANCEMENTS
1. Increased minimum password complexity to at least 10 characters containing at least one uppercase letter, one lowercase letter, one number, and one special character [DAL-3491]
1. Note: Devices that were running older firmware that had user passwords that do not
meet these minimum requirements aer upgrading to 20.5.38.58 will still be able to use that password to authenticate with the device. However, if the user attempts to update user's password in the DAL device's configuration settings aer upgrading to 20.5.38.58, the updated password must comply with the new minimum requirements
BUG FIXES
1. Fixed delay in connecting with FirstNet SIMs caused by interference from Lightweight M2M (LWM2M) service on Telit modules [DAL-3236]
2. Prevent interruptions to QCDM/QXDM port on Sierra modems caused by ModemManager interaction [DAL-3469]
3. Fixed bug preventing dual-APN connectivity with AT&T SIMs and Sierra modems [DAL-3586]
SECURITY FIXES
The highest level vulnerability that has been fixed in this release is listed as a High CVSS score of 6.5, which is rated as a Medium
1. Removed remote_control service used when receiving remote commands from aView/ARMT/AVWOB in favor of HTTPS secure commands. Vulnerability discovered by Stig Palmquist (CVE pending) [DAL-3460]
93001321_N Release Notes Part Number: 93001321 Page 5
2. Add failed login attempts to event log sent to remote syslog servers, if enabled [DAL-3492]

VERSION 20.5.38.39 (May 29, 2020)

This is a mandatory release
FEATURES
1. LDAP user authentication [DALP-192]
2. Add option on the System → Firmware Update page in the web UI to have the DAL device query a firmware server for available firmware updates [DALP-481]
3. Added new WiFi → Access points → [ssid_name] → Isolate clients option to enable/disable WiFi client isolation [DAL-2019]
4. Add configuration options under Central management for a proxy connection to Digi Remote Manager [DAL-3150]
5. Added new Enable watchdog configuration option to monitor the connection to Digi Remote Manager, along with options to reboot the device or restart its connection to Digi Remote Manager if the watchdog times out. The default settings are to restart the connection to Digi Remote Manager if the watchdog times out aer 30 minutes [DAL-2954]
6. New application mode for serial ports to allow full control of serial ports through custom python/shell programs. Also allows additional USB-to-serial adapters to be configured and connected to using the /dev/serial/<config_key_name> path [DAL-2807]
7. IX20W: Add new WiFi SSID and passphrase, enabled by default. The default SSID is now <device model>-<serial num> and the default passphrase is the unique default password of the device [DAL-3050]
ENHANCEMENTS
1. Added the ability to configure DHCP pools larger than /24 subnets [DAL-2864]
2. Add a statusall option to the show ipsec CLI command to display verbose IPsec status [DAL-2711]
3. Use modem PDP context 1 when an AT&T SIM in inserted to match new requirements from AT&T [DAL-3093]
4. Add AT&T FirstNet IMSIs so they can be dierentiated from other types of AT&T SIMs [DAL­3163]
5. Added Python HID module to allow the DAL device to control PSUs via Python programs [DAL-2092]
6. Allow network analyzer to be configured to monitor any network interface instead of just wired Ethernet ports [DAL-2146]
7. Added option to ping CLI command to ping a broadcast address [DAL-2571]
8. Added new health metric to report the interface used by the DAL device for its configured IPsec tunnels [DAL-2710]
9. Added new health metric to report the LTE SNR value of the modem(s) on the DAL device [DAL-2904]
10. Limit metrics upload to no more than 2 per minute if backlogged [DAL-2870]
11. Added new Locally authenticate CLI configuration option to control whether a user is required to provide device-level authentication when accessing the console of the device through Digi Remote Manager. Default is to allow console access without providing device­level authentication, since the user is already logged in and authenticated through Digi Remote Manager [DAL-1510]
12. Report device SKU in RCI response to Digi Remote Manager [DAL-2940]
93001321_N Release Notes Part Number: 93001321 Page 6
13. IX14: Report the SKU on IX14 variants (was already reported for other IX-series products) [DAL-2539]
14. Add wbdata APN to fallback list [DAL-3182]
15. Improved recovery of Telit modem firmware updates should the update get interrupted [DAL-2984]
16. Fixed spelling of System utilization chart on Intelliflow page in the local web UI [DAL-2260]
17. Added new Health sample upload window debug configuration option to provide a delay window/jitter when uploading health metrics to Digi Remote Manager (default 2-minutes) [DAL-2607]
18. Commonize the format and naming of rx/tx health metrics reported to Digi Remote Manager [DAL-2896]
19. Add IPv6 options to traceroute CLI command [DAL-2618]
20. Add count of bytes transmitted and received to the output of the show network interface X CLI command [DAL-2980]
21. Updated mmcli-dump command used when generating a support report to only run its list of AT commands on the cellular modem once [DAL-3013]
22. Updated placement of the Apply button on the Device Configuration page of the web UI to account for usability on smaller screens and keep it always visible when scrolling [DAL­3029]
23. Display the secondary/alternate firmware image version as the Alt. Firmware Version in the output of the show system CLI command [DAL-3057]
24. Retain modem firmware files in the event that the firmware upgrade was interrupted [DAL­2856]
25. Renamed OpenVPN server device type configuration options to clarify which options are OpenVPN managed versus device-only [DAL-2857]
26. Changed the Idle timeout configuration settings for remote-access serial ports to use to blank instead of 0s, to better match the format of the Idle timeout option for user login sessions [DAL-2623]
27. Added a 5-second wait time between setting LTE band configuration updates on a Telit modem and rebooting the modem to apply the configuration change [DAL-2972]
28. Add support for AES_GCM family of IPsec ciphers [DAL-2715]
BUG FIXES
1. Load FirstNet-specific firmware on Telit LM960 modems when a FirstNet SIM is present (bug aects firmware versions 20.2.x and older) [DAL-3163]
2. Fix VRRP crashes by upgrading keepalived to version 20.0.20 (bug aects firmware versions
20.2.x) [DAL-3181]
3. Prevent IPsec tunnel from being setup if its local network/interface is down (bug aects firmware versions 20.2.x and older) [DAL-2336]
4. Fixed rare issue where the cellular modem could not initialize aer resetting the modem (bug aects firmware versions 20.2.x and older) [DAL-1409]
5. Update analyzer to continue running even if the users SSH session ends (bug aects firmware versions 20.2.x and older) [DAL-2154]
6. Prevent re-uploading of invalid health metrics data if Digi Remote Manager sends a response that the contents of the health metrics are invalid (bug aects firmware versions
20.2.x and older) [DAL-2868]
7. Fixed bug preventing stale conntrack entries from being flushed when a WiFi-as-WAN (client mode) network changes, connects, or re-connects (bug aects firmware versions 20.2.x and older) [DAL-2775]
93001321_N Release Notes Part Number: 93001321 Page 7
Loading...
+ 15 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use