Thank you for your purchase of a BlastWave certified OnLogic Gateway. The following Quick Start Guide will walk you through the initial connection and configuration of your device.
Before you begin, please take a moment to review power, mounting, ambient temperature, and airflow considerations.
Each BlastWave certified OnLogic Gateway provides two (2) RJ45 Ethernet ports. One of these will be used for Uplink (to the Internet, Higher Levels, or Routing network) and the other will in most cases connect downstream to the Endpoint network (with the devices to be protected, such as RTUs, PLCs, or Relays).
After removing the unit from its shipping material, provide at least one live network connection to the Uplink port that can connect to the BlastShield Orchestrator hosted in the cloud at https://lighthouse.blastwave.com across UDP/12345 or within your on-premise network, if so configured.
The devices will utilize different RJ45 network ports depending upon the model number employed. The label in software may actually be opposite, however, in current iterations the Uplink port will be located on the left, if oriented as the picture below. It is critical that the Uplink port (sometimes called the WAN port) be connected to the correct subnet.
Please note that in certain cases, the Gateway may be configured in passive mode utilizing only a single Ethernet port. Contact your BlastWave Representative for more information.
While the manufacturer intends these devices to function as “headless” systems, with no permanent keyboard, video, or mouse (KVM) required. For initial configuration, please connect a digital video monitor to the device using either DisplayPort or a DisplayPort-to-HDMI adapter.
Before the BlastWave certified OnLogic Gateway may be used, it must first be registered to your BlastShield Orchestrator with a valid cryptographic invitation.
After the device properly boots and loads the firmware image, it will display the BlastShield Main Menu which should include a “Local IP Address” and a “provisioning PIN code.” If you do not see both the IP Address and the PIN code, the device will not be prepared for provisioning into the BlastShield system. Follow these troubleshooting steps if you run into an issue:
At this point, log into your BlastWave Orchestrator and select Gateways from the left-hand menu. Click “Add New Gateway” and fill out the form with all required information. Finally, click “Save Changes” in the bottom right corner of the interface.
When the Orchestrator presents you with a choice, select “Provision Running Gateway Appliance” and complete the popup dialog with the IP address and PIN number from the interface of the device.
Finally, click on “Provision.”
In only moments after provisioning, the Gateway status in the BlastWave Orchestrator should change from “Unregistered” to “Online.”
If the device does not connect and move to an online status, it is likely that a firewall is blocking the gateway from communicating on UDP/12345 with the Internet and your cloud-hosted Orchestrator (or with your on-premise Orchestrator, as applicable).
Please contact the BlastWave support team or your internal Network Support team for more help and support.
If possible, BlastWave recommends utilizing DHCP with Address Reservations to simplify the configuration of the BlastShield Gateway, now and in the future. Use your DHCP server interface to assign the appropriate address reservation by MAC address. Check with your internal network team and policy documentation for more information. Once a reservation has been created, cycle the power on the BlastWave Certified OnLogic Gateway to verify at the device console that the correct IP has been assigned.
If DHCP (with or without reservations) will not be used on the Uplink connection, you will need to select “Configure network interfaces” from the main console menu.
Then select “Manual Configuration” from the options listed.
When configuring the Uplink Port, verify that the Linux interface name matches the one noted above (Network Connections) for your device model. Generally, the interface designations are listed in numerical order, not physical order.
Finally, enter the correct IP address, subnet gateway (router), and DNS server addresses. Please note that the IP address must be entered with the network prefix, sometimes called CIDR notation. It is imperative that the address include the network prefix or the subnet will default to a thirty-two bit subnet (i.e., /32).
Commonly, the prefix will be twenty-four bits, or /24, to indicate a subnet mask of 255.255.255.0. Be certain to verify the bit length of the subnet where you will Uplink your BlastWave Certified OnLogic Gateway or inconsistent behavior will result!
Consult a subnet calculator if needed: https://www.calculator.net/ip-subnet-calculator.html
After completing the steps above, the Gateway is ready to protect. You may at this time assign Endpoint devices behind the Gateway.
Please visit https://support.blastwave.com for more information.