Planet IVR-100 User Manual

Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100
Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100
- 1 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100
Copyright
No part of this User’s Manual may be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form by any means, electronic or mechanical including photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal use, and without the prior express written permission of PLANET Technology.
Disclaimer
PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and makes no warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or fitness for a particular purpose.
PLANET has made every effort to ensure that this User’s Manual is accurate; PLANET disclaims liability for any inaccuracies or omissions that may have occurred. Information in this User’s Manual is subject to change without notice and does not represent a commitment on the part of PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in this User’s Manual. PLANET makes no commitment to update or keep current the information in this User’s Manual, and reserves the right to make improvements and/or changes to this User’s Manual at any time without notice.
If you find information in this manual that is incorrect, misleading, or incomplete, we would appreciate your comments and suggestions.
FCC Compliance Statement
This Equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: – Reorient or relocate the receiving antenna.
- 2 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100
Increase the separation between the equipment and receiver.Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
– Consult the dealer or an experienced radio/TV technician for help.
CE mark Warning
The is a class A device, In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures.
WEEE
To avoid the potential effects on the environment and human health as a result of the presence of hazardous substances in electrical and electronic equipment, end users of
electrical and electronic equipment should understand the meaning of the crossed-out wheeled bin symbol. Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE separately.
Trademarks
The PLANET logo is a trademark of PLANET Technology. This documentation may refer to numerous hardware and software products by their trade names. In most, if not all cases, these designations are claimed as trademarks or registered trademarks by their respective companies.
Revision
User’s Manual of PLANET Industrial 5-Port 10/100/1000T VPN Security Gateway Model: IVR-100 Rev.: 1.0 (December, 2020) Part No. EM-IVR-100_v1.0
- 3 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
Table of Contents
Chapter 1. Product Introduction ............................................................................................. 6
1.1 Package Contents ...................................................................................................... 6
1.2 Overview .................................................................................................................... 6
1.3 Topology ................................................................................................................... 11
1.4 Features ................................................................................................................... 12
1.5 Product Specif ic ations ............................................................................................. 14
Chapter 2. Hardware Introduction ....................................................................................... 17
2.1 Physical Desc ript ions ............................................................................................... 17
2.1.1 Front View .............................................................................................. 17
2.1.2 Top View ................................................................................................ 18
2.1.3 Wiring the Power Inputs ......................................................................... 18
IVR-100
2.1.4 Wiring the Fault Alarm Contact .............................................................. 19
2.1.5 Dimensions ............................................................................................ 21
2.2 Hardware Installation ............................................................................................... 22
2.2.1 DIN-rail Mounting ................................................................................... 22
2.2.2 Wall Mount Plate Mounting .................................................................... 23
2.2.4 Side Wall Mount Plate Mounting ............................................................ 25
Chapter 3. Preparation ........................................................................................................ 26
3.1 Requirements ........................................................................................................... 26
3.2 Setting TCP/IP on your PC ...................................................................................... 26
3.2.1 Windows 7/8 .......................................................................................... 26
3.2.2 Windows 10 ........................................................................................... 30
3.3 Planet Smart Discovery Utility .................................................................................. 33
Chapter 4. Web-based Management .................................................................................. 35
4.1 Introduction .............................................................................................................. 35
4.2 Logging in to the VPN Gateway ............................................................................... 35
4.3 Main Web Page ........................................................................................................ 36
4.4 System ..................................................................................................................... 38
4.4.1 Setup Wizard ......................................................................................... 39
4.4.2 Dashboard ............................................................................................. 45
4.4.3 Status ..................................................................................................... 46
4.4.4 Statistics ................................................................................................. 47
4.4.5 Connection Status ................................................................................. 47
4.4.6 SNMP ..................................................................................................... 48
- 4 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
4.5 Network .................................................................................................................... 49
4.5.1 WAN ....................................................................................................... 50
4.5.2 WAN Advanced ...................................................................................... 51
4.5.3 LAN Setup.............................................................................................. 52
4.5.4 Routing ................................................................................................... 53
4.5.5 WAN IPv6 Setting .................................................................................. 54
4.5.6 DHCP ..................................................................................................... 55
4.5.7 DDNS ..................................................................................................... 57
4.5.8 MAC Address Clone .............................................................................. 59
4.6 Security .................................................................................................................... 60
4.6.1 Firewall ................................................................................................... 61
4.6.2 MAC Filtering ......................................................................................... 63
4.6.3 IP Filtering .............................................................................................. 64
4.6.4 Web Filtering .......................................................................................... 65
4.6.5 Port Forwarding ..................................................................................... 66
IVR-100
4.6.6 DMZ ....................................................................................................... 67
4.7 VPN 68
4.7.1 IPSec ..................................................................................................... 69
4.7.2 GRE ....................................................................................................... 74
4.7.3 PPTP Server .......................................................................................... 76
4.7.4 L2TP Server ........................................................................................... 80
4.7.5 SSL VPN ................................................................................................ 85
4.7.6 VPN Connection .................................................................................... 86
4.8 Maintenance ............................................................................................................. 87
4.8.1 Administrator .......................................................................................... 87
4.8.2 Date and Time ....................................................................................... 88
4.8.3 Saving/Restoring Configuration ............................................................. 89
4.8.4 Upgrading Firmware .............................................................................. 90
4.8.5 Reboot / Reset ....................................................................................... 90
4.8.6 Diagnostics ............................................................................................ 91
Appendix A: DDNS Application .............................................................................................. 93
- 5 -
Industrial 5-Port 10/100/1000T VPN Security Gateway

Chapter 1. Product Introduction

1.1 Package Conte nts

The package should contain the following:
VPN Gateway x 1 Quick Installation Guide x 1 Wall-mount Kit x 1 Dust Cap x 5
If any of the above items are missing, please contact your dealer immediately.
IVR-100

1.2 Overview

Powerful Industrial VPN Security Solution
The innovation of the Internet has created tremendous worldwide opportunities for e-business and information sharing. It has become essential for businesses to focus more on network security issues. The demand for information security has become the primary concern for the enterprises. To fulfill this demand, PLANET has launched the IVR-100 Industrial VPN Security Gateway, an all-in-one appliance that carries several main categories across your industrial network security deployments: Cyber security, SPI firewall security protection, policy auditing (Content Filtering, VPN Tunnel an d V LA N ) , and easy management (Setup Wizard, QoS and Dashboard). Furthermore, its Dual-WAN Failover and Outbound Load Balancing features can improve the network efficiency while the web-based interface provides friendly and consistent user experience. For the harsh environment, the IVR-100 can not onl y operate stably under temperature range from -40 to 75 degrees C, but also is equipped with a compact IP30 metal case that allows either DIN-rail or wall mounting for efficient use of cabinet space.
- 6 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100
Excellent Ability in Threat Defense
The IVR-100 built-in SPI (stateful packet inspection) firewall and anti DoS/DDoS attack functions provide high efficiency and extensive protection for your network. Virtual server and DMZ functions can let you set up servers in the Intranet and still provide services to the Internet users.
Ideal VPN Security Gateway Solution for SMBs
The IVR-100 provides complete data security and privacy for accessing and exchanging most sensitive data, built-in IPSec VPN function with DES/3DES/AES encryption and MD5/SHA-1/SHA-256/SHA-384/SHA-512 authentication, and GRE, SSL, PPTP and L2TP server mechanism. The full VPN capability in the IVR-100 makes the connection solidly secure, more flexible, and more capable.
The IVR-100 supports many popular security features including Content Filtering to block specific URL, MAC/IP filtering, outbound load balancing and more. Furthermore, it provides higher performance with all Gigabit Ethernet interfaces which offer faster speeds for your network applications. The Gigabit
- 7 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100
user-defined interfaces flexibly fulfill the network requirements, and the dual-WAN interfaces enable the IVR-100 to support outbound load balancing and WAN fail-over features.
Cybersecurity Network Solution to Minimize Security Risks
The cybersecurity feature included to protect the switch management in a mission-critical network virtually needs no effort and cost to install. For efficient management, the IVR-100 is equipped with HTTPS web and SNMP management interfaces. With the built-i n web-based management interface, the IVR-100 offers an easy-to-use, platform independent management and configuration facility. As the IVR-100 supports SNMP, it can be managed via any management software based on the standard SNMP protocol.
Improving Network Efficiency
The IVR-100 has link redundancy, content filtering and many more functions to make the entire network system perform better. It is applicable to the small-scale sector (from 10 to 50 people), using a compact industrial design, with five Gigabit ports (WAN/LAN). The IVR-100’s economical price with complete cable management features make it an inevitable choice for the next-generation office network load balancer.
The IVR-100’s built-in content filtering feature can automatically resolve the IP address corresponding to all. Users’ network can be easily managed by just typing the URL of the websites like Facebook, YouTube and Yahoo.
The IVR-100 can connect dual WANs with up to two different ISPs. It creates a stable and qualified VPN connection for many important applications such as VoIP, video conferencing and data transmission.
- 8 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100
Convenient and Reliable Power System
To facilitate transportation and industrial-level applications, the IVR-100 provides an integrated power solution with a wide range of voltages (9~48V DC) for worldwide operability. It also provides dual-redundant, reversible polarity 9~48V DC power supply inputs for high availability applications.
- 9 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100
Stable Operating Performance under Difficult Environments
Today, the VPN demand expands from commercial applications to many critical networks in the harsh environment. The IVR-100 will be one of the ideal solutions that provide a high level of immunity against electromagnetic interference and heavy electrical surges typical of environments found on plant floors or in curb-side traffic control cabinets. The IVR-100 can operate stably under temperature range from -40 to 75 degrees C which enables the users to conveniently apply the device in almost any location of the network. The IVR-100 is also equ ip ped with a compact IP30 standard metal case that allows either DIN-rail or wall mounting for efficient use of cabinet space.
- 10 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100

1.3 Topology

PLANET IVR-100 can work as a VPN security gateway in an industria l application f or a company that has a factory and many different divisions. With IPSec/GRE/PPTP/L2TP/SSL VPN solutions, the IVR-100 provides secured data communication for branches, vendors, and mobile workers with a flexible way to connect back to the headquarters.
The IVR-100 connects dual WANs with up to two different ISPs. It creates a stable and qualified VPN connection for many important applications such as VoIP, video conferencing and data transmission.
- 11 -
Industrial 5-Port 10/100/1000T VPN Security Gateway

1.4 Features

Hardware
5 10/100/1000BASE-T RJ45 ports 1 undefined Ethernet port (LAN/WAN) Dual-WAN function 1 USB 3.0 port for system configuration backup and firmware upgrade Reset button
Industrial Case and Installation
IP30 metal case Solid DIN-rail, wal l-mount or side wall-mount design Supports 6KV DC Ethern et ESD protec t io n
IVR-100
Fault alarm for power input failure DC redundant power with reverse polarity protection -40 to 75 degrees C operating temperature
IP Routing Feature
Static Route Dynamic Route (RIPv1/v2)
Firewall Security
Stateful Packet Inspection (SPI) firewall Blocks DoS/DDoS attack Content filtering MAC/IP filtering Blocks SYN/ICMP flooding
VPN Features
IPSec (Host to Host)/GRE/PPTP server/L2TP/SSL(Open VPN) Max. Connection Tunnel Entries: 60 VPN tunnels, Encryption methods: DES, 3DES, AES, AES-128/192/256 Authentication methods: MD5, SHA-1, SHA-256, SHA -384, SHA-512
Networking
Outbound load balancing Failover for dual-WAN
- 12 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
Static IP/DHCP client for WAN Protocols: TCP/IP, UDP, ARP, IPv4, IPv6 Port forwarding QoS DMZ VLAN IGMP Proxy SNMP(v1/v2C/v3) DHCP server/NTP client MAC address clone DDNS: PLANET DDNS, PLANET Easy DDNS, DynDNS and No-IP Cybersecurity
Others
IVR-100
Setup wizard Dashboard for real-time system overview Supported access by HTTP or HTTPS Auto reboot
Configuration backup and restoration via remote/USB port Firmware upgrade via remote/USB port Event message logging to remote syslog server PLANET Smart Discovery utility/UNI-NMS supported
- 13 -
Industrial 5-Port 10/100/1000T VPN Security Gateway

1.5 Product Specifications

IVR-100
Product Model
Hardware
Ethernet
USB Port
Reset Button
Enclosure
LED Indicators
Installation
VPN security gateway IVR-100
5 10/100/1000BASE-T RJ45 Ethernet ports including
3 LAN ports  1WAN port  1 LAN/WAN port
1 USB 3.0 port for system configuration backup and firmware upgrade < 5 sec: System reboot
> 5 sec: Factory default IP30 metal case Power1/Power2 (Green)
Fault (Red) DIN-rail, wall-mount or side wall-mount design Removable 6-pin terminal block
Connector
Alarm
Power Requirements Power Consumption Weight Dimensions (W x D x H) ESD Protection
Software
Management Operation Mode
Routing Protocol
Pin 1/2 for Power 1 Pin 3/4 for power fault alarm Pin 5/6 for Po wer 2
One relay output for power failure. Alarm relay current carry ability: 1A @ 24V AC
9-48V AC, 1A max. 9W max.
0.53kg 135 x 87.8 x 50 mm 6KV DC
Web browser Routing mode Static route: 32
Dynamic route (RIPv1/v2): 4096
NAT Throughput
Firewall Security
Outbound Load Balancing
Max. 900Mbps Stateful packet inspection (SPI)
Blocks DoS/DDoS attack Supported algorithms: Weight
- 14 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
HTTP, HTTPS, NTP, DNS, PLANET
PPPoE,
IVR-100
IPv4, IPv6, TCP/IP, U D P, AR P,
Protocol
Content Filtering
Log
Others
DDNS, PLANET Easy DDNS, DHCP, SNMP(v1/v2C/v3), SNMP, QoS, VLAN, IGMP Proxy
MAC filtering IP filtering Web filtering
System operation log Event message logging to remote syslog server
Outbound load balancing Failover for dual-WAN Port forwarding DMZ Cybersecurity Dashboard Setup wizard Auto reboot PLANET Smart Discovery utility/UNI-NMS supported
VPN
VPN Function VPN Tunnels VPN Throughput VPN concurrent users Encryption Methods Authentication Methods
Standards Conformance
Regulatory Compliance
Stability Testing
IPSec (Host to Host)/GRE/PPTP server/L2TP/SSL (Open VPN) Max. 60 Max. 100Mbps Max. 60 DES, 3DES, AES or AES-128/192/256 encr ypting MD5/SHA-1/SHA-256/SHA-384/SHA-512 authentication algorithm
CE, FCC IEC60068-2-32 (free fall)
IEC60068-2-27 (shock) IEC60068-2-6 (vibration)
IEEE 802.3 10BASE-T IEEE 802.3u 100BASE-TX/100BASE-FX IEEE 802.3ab Gigabit 1000T
Standards Compliance
IEEE 802.1Q VLAN tagging RFC 768 UDP RFC 791 IP RFC 792 ICMP RFC 2068 HTTP
- 15 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
Environment Specifications
IVR-100
Operating
Storage
Standard Accessories
Packet Contents
Temperature: -40 ~ 75 degrees C Relative Humidity: 5 ~ 95% (non-condensing)
Temperature: -40 ~ 85 degrees C Relative Humidity: 5 ~ 95% (non-condensing)
IVR-100 x 1 Quick Installation Guide x 1 Wall-mount Kit x 1 Dust Cap x 5
- 16 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
P1
P2
Lights to indicate that po wer input
“Blink” to indicate there is traffic on
Ports

Chapter 2. Hardware Introduction

2.1 Physical Descriptions

2.1.1 Front View

LED
IVR-100
Green
Fault
LNK / ACT Green
1000
USB Port
Red
Amber
USB 3.0 port for system configuration backup and restoration.
Lights up when the power is on.
has failed. “Steady on” to indicate the port is
connected to other network device successfully.
the port. “Steady on” to indicate that the
port is successfully connecting to the network at 1000Mbps. “Off” to indicate that the port is successfully connecting to the network at 10Mbps or 100Mbps.
Power on the device and press the reset
Reset Button
Gigabit Port 1-3 It is a LAN port for connecting to a switch.
Gigabit Port 4
Gigabit Port 5
- 17 -
button for less than 5 seconds to reboot it or over 5 seconds to restore it to factory default settings.
Default is LAN port. It can be defined as LAN port or WAN port.
It is a WAN port for connecting to a perimeter gateway.
Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100

2.1.2 Top View

The upper panel of the Industrial Gateway consists of one terminal block connector within two DC power inputs.

2.1.3 Wiring the Power Inputs

The 6-contact terminal block connector on the top panel of Industrial Gateway is used for two DC redundant power inputs . Pl ease follow the steps below to insert the power wire.
1. Insert positive and negative DC power wires into contacts 1 and 2 for POWER 1, or 5 and 6 for
POWER 2.
- 18 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
To avoid damage, please use the Industrial Gateway under its specification.
2. Tighten the wire-clamp screws for preventing the wires from loosening.
1 2 3 4 5 6
Power 1 Fault Power 2
IVR-100
+ - + -
The wire gauge for the terminal block should be in the range from 12 to 24 AWG.

2.1.4 Wiring the Fault Alarm Contact

The fault alarm contacts are in the middle of the terminal block connector as the picture shows below. Inserting the wires, the Industrial Gateway will detect the fault status of the power failure and then forms an open circuit. The following illustration shows an application example for wiring the fault alarm contacts.
1 2 3 4 5 6
Insert the wires into the fault alarm contacts
- 19 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100
1. The wire gauge for the terminal block should be in the range between 12 and 24 AWG.
2. Alarm relay circuit accepts up to 24V, max. 1A currents.
- 20 -
Industrial 5-Port 10/100/1000T VPN Security Gateway

2.1.5 Dimensions

IVR-100
- 21 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100

2.2 Hardware Installation

This section describes how to install the Industrial Gateway. There are three methods to install the Industrial Gateway -- DIN-rail mounting, wall mounting and side wall mounting. Basic knowledge of networking is assumed. Please read the following sections and perform the procedures in the order being presented.
(The device shown on this chapter is just a representation of the said device.)

2.2.1 DIN-rail Mounting

Step 1: Lightly slide the DIN-rail into the track.
Step 2: Check whether the DIN-rail is tightly on the track.
- 22 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100
Step 3: Connect your device to hub / switch.
A. Connect one end of a standard network cable to the LAN port (port 1) of the device. B. Connect the other end of the cable to the hub / switch.
The UTP Category 5, 5e or 6 network cabling with RJ45 tips is recommended.
Step 4: Connect your device to internet.
A. Connect one end of a standard network cable to the WAN port (port 5) of the device. B. Connect the other end of the cable to the LAN port of ISP network device (such as a modem).
If there is only one line connected to the outer network in your network environment, it is suggested that you use WAN port (port 5).
Step 5: Power on the device. When the device receives power, the Power LED should remain solid Green.

2.2.2 Wall Mount Plate Mounting

To install the Industrial Gateway on the wall, please follow the instructions below.
Step 1: Remove the DIN-rail from the Industrial Gateway. Use the screwdriver to loosen the screws to
remove the DIN-rail.
Step 2: Place the wall-mount plate on the rear panel and use the screwdriver to screw the wall mount
plate tightly on the Industrial Gateway.
- 23 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100
Step 3: Use the hook holes at the corners of the wall mount plate to hang the Industrial Gateway on the
wall.
Step 4: To remove the wall mount plate, reverse the steps above. Step 5: Proceed with Steps 3, 4 and 5 in Secti on 2.2.1 DIN-rail Mounting to connect the network
cabling and power on the device.
- 24 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100

2.2.4 Side Wall Mount Plate Mounting

To install the Industrial Gateway on the wall, please follow the instructions below.
Step 1: Remove the DIN-rail from the Industrial Gateway. Use the screwdriver to loosen the screws to
remove the DIN-rail.
Step 2: Place the wall-mount plate on the side panel and use the screwdriver to screw the wall mount
plate tightly on the Industrial Gateway.
Step 3: Use the hook holes at the corners of the wall mount plate to hang the Industrial Gateway on the
wall.
Step 4: To remove the wall mount plate, reverse the steps above. Step 5: Proceed with Steps 3, 4 and 5 in Section 2.2.1 DIN-rail Mounting to connect the network
cabling and power on the device.
- 25 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100

Chapter 3. Preparation

Before getting into the device’s web UI, user has to check the network setting and configure PC’s IP address.

3.1 Requirements

User is able to confirm the following items before configuration:
1. Please confirm the network is working properly; it is strongly suggested to test your network connection by connecting your computer directly to ISP.
2. Suggested operating systems: Windows 7 / 8 / 10.
3. Recommended web browsers: IE / Firefox / Chrome.

3.2 Setting TCP/IP on your PC

The default IP address of the VPN Gateway is 192.168.1.1, and the DHCP Server is on. Please set the IP address of the connected PC as DHCP client, and the PC will get IP address automatically from the VPN Gateway. Please refer to the following to set the IP address of the conn ect ed PC.

3.2.1 Wind ows 7/8

If you are using Windows 7/8, please refer to the following:
1. Click on the network icon from the right side of the taskbar and th en click on “Open Net work and
Sharing Center”.
- 26 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
2. Click "Change adapter settings".
IVR-100
3. Right-click on the Local Area Connection and select Properties.
- 27 -
Industrial 5-Port 10/100/1000T VPN Security Gateway
IVR-100
4. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties or directly double-click on
Internet Protocol Version 4 (TCP/IPv4).
- 28 -
Loading...
+ 65 hidden pages