19Appendix

19.1CGI interface

The additional HTTPS interfaces nph-vpn.cgi, nph-diag.cgi, nph-status.cgi and nph-action.cgi are implemented as CGI (Common Gateway Interface) scripts.

 

 

inset_35.jpg 

For more information on using the CGI interfaces, see mGuard Application Notes (UM EN MGUARD APPNOTES), available at phoenixcontact.net/products or help.mguard.com.

 

 

 

inset_32.jpg 

When executing the CGI scrips nph-vpn.cgi, nph-diag.cgi, nph-status.cgi and nph-action.cgi, only the following characters may be used in user names, passwords, and other user-defined names (for example, the name of a VPN connection):

Letters: A - Z, a - z

Digits: 0 - 9

Special characters: - . _ ~

 

If other special characters, such as "space" or the "question mark", are used, they must be encoded accordingly (URL encoding).

 

 

 

inset_34.jpg 

Using the command line tool wget only functions in combination with mGuard  firmware versions < 8.4.0. From mGuard  firmware Version 8.4.0, the command line tool curl can be used (parameters and options differ!).

Example:

wget --no-check-certificate "https://admin:mGuard@192.168.1.1/nph-vpn.cgi?name=Athen&cmd=up"

curl --insecure "https://admin:mGuard@192.168.1.1/nph-vpn.cgi?name=Athen&cmd=up"

The option --no-check-certificate (wget) or --insecure (curl) ensures that the HTTPS certificate on the mGuard does not undergo any further checking.

 

Table 19-1: Encoding of special characters (URL encoding)

(Space)

!

"

#

$

%

&

'

(

)

*

+

%20

%21

%22

%23

%24

%25

%26

%27

%28

%29

%2A

%2B

,

/

:

;

=

?

@

[

\

]

{

|

}

%2C

%2F

%3A

%3B

%3D

%3F

%40

%5B

%5C

%5D

%7B

%7C

%7D

19.2Command line tool „mg“

The following commands can be executed on the command line of the mGuard  by the users root and admin.

Table 19-2: Command line tool “mg“

Command

Parameter

Description

mg update

patches

An automatic online update will be started. The required package set will be determined automatically by the mGuard  (see“Automatic Update” on page 91).

Patch-Releases resolve errors in previous versions and have a version number which only changes in the third digit position.

minor

Minor- und major releases supple­ment the mGuard  with new properties or contain changes that affect the be­havior of the mGuard . Their version number changes in the first or second digit position.

major

mg status

/network/dns-servers

Used DNS server

Names of the DNS servers used by the mGuard  for name resolution.

/network/if-state/ext1/gw

Current default route

The IP address that the mGuard  uses to try to reach unknown networks.

/network/if-state/ext1/ip

External IP address

The addresses via which the mGuard  can be accessed by devices from the external network.

In Stealth mode, the mGuard  adopts the address of the locally connected computer as its external IP.

/network/if-state/ext1/netmask

Net mask of the external
IP address.

 

19.3LED status indicator and blinking behavior

19.3.1Description of LEDs

With the help of built-in LED diodes, mGuard devices indicate different system states. This can be status, alarm or error messages.

The states are indicated by permanent or temporary lighting or blinking of the LEDs. The displayed LED pattern can also represent a combination of different system states.

 

 

 

inset_0.jpg 

NOTE: Since several system states are indicated by the LEDs not clearly, only temporar­ily or in combination with other system states, the log files of the mGuard device must also be checked!

 

 

LED diodes of FL/TC MGUARD (RS200x/RS400x) devices:

P1

Stat

Mod

Info2 (Sig)

LED_gruen.png 

LED_gruen00645.png 

LED_gruen00646.png 

LED_gruen00647.png 

LED_gruen00648.png 

LED_rot.png 

LED_rot00649.png 

LED_gruen00650.png 

P2

Err

Fault

Info1

P1 / P2

LEDs P1 and P2 indicate which of the two power supplies is connected (devices of the FL/TC MGUARD RS2000 series: only P1 is available).

Info 2 / Info 1 (the LED Sig is not in use)

Active VPN connections or (as of Version 8.1) active firewall rule records can be indicated via the LEDs Info2 and Info1. The activation of the LEDs by a certain VPN connection or a certain firewall rule record is configured on the mGuard interface in the menu item Management >> Service Contacts.

The following states will be indicated:

ON

The VPN connection is established / the firewall rule record is set.

Blink

The VPN connection will be established or released or has been stopped/disabled by the remote peer.

OFF

The VPN connection is stopped/disabled on both peers.

Stat / Mod / Err / Fault

The LEDs Stat, Mod, Err and Fault indicate system states (status, alarm or error messages) (see Table 19-5).

In addition to the alarm messages, an illuminated Fault LED generally also indicates that the device is currently not in operation mode.

LAN / WAN

The LAN/WAN LEDs are located in the LAN/WAN sockets (10/100 and duplex LED).

The LEDs Indicate the ethernet status of the LAN or WAN port. As soon as the device is connected to the relevant network, a continuous light indicates that there is a connection to the network partner in the LAN or WAN. When data packets are transmitted, the LED goes out briefly.

If all LAN/WAN LEDs are illuminated, the system is booting.

Bar graph and SIM1/2 (Mobile)

Table 19-3: LEDs on TC MGUARD RS4000 3G  and TC MGUARD RS2000 3G  

LED

State and Meaning

Bar graph

LED 3

Top

Off

Off

Off

Green

LED 2

Middle

Off

Off

Green

Green

LED 1

Bottom

Off

Yellow

Yellow

Yellow

Signal strength (dBm)

–113 ... 111

–109 ... 89

–87 ... 67

–65 ... 51

Network reception

Very poor to none

Sufficient

Good

Very good

SIM 1

Green

On
Blinking

SIM card 1 active
No PIN or incorrect one entered

SIM 2

Green

On
Blinking

SIM card 2 active
No PIN or incorrect one entered

19.3.2LED lighting and blinking behavior

Table 19-4: Description of the lighting and blinking behavior of the LED diodes

Heartbeat

The blinking behavior is similar to a heartbeat, in which two strokes are performed in quick succession, followed by a short break.

Running light

Three lights form a continuously repeating running light from left to right and back again.

Blink 50/1500

Flashing with 1500 ms break (50 ms on, then 1500 ms off)

Blink 50/800

Flashing with 800 ms break (50 ms on, then 800 ms off)

Blink 50/100

Flashing with 100 ms break (50 ms on, then 100 ms off)

Blink 500/500

Constant blinking (500 ms on / 500 ms off)

Morse code

(. . . – – – . . .)

The blinking behavior shows the Morse codeSOS’, in which the blink­ing behavior "3x short, 3x long, 3x short" is repeated continuously.

ON

The diode lights up permanently.

ON (n sec)

The diode lights up permanently for the indicated time (in seconds n)

19.3.3Representation of system states

The system states (status, alarm or error messages), which are displayed by the LED's lighting and blinking behavior, are shown in Table 19-5.

Table 19-5: System states of FL/TC MGUARD devices represented by lighting and blinking behavior of the LEDs

STAT

MOD

Info 2

(Sig)

ERR

FAULT

Description of the system state

Heart­beat

 

 

 

 

The system status is OK.

 

 

 

ON

 

A severe error has happened.

ON
(12 sec)

ON
(3 sec)

 

ON
(12 sec)

ON
(12 sec)

The system is booting.

Morse code

 

 

 

 

The license to operate this firmware is missing.

Morse code

 

 

Morse code

 

Bootloader replacement failed due to hardware error.

 

 

 

 

ON

A power failure was detected.

 

 

 

 

ON

No connectivity on WAN interface (link supervision configurable on device)

 

 

 

 

ON

No connectivity on LAN interface (link supervision configurable on device)

 

 

 

 

ON

No connectivity on LAN 1–4 interface (link supervision configurable on device)

 

 

 

 

ON

No connectivity on DMZ interface (link supervision configurable on device)

 

 

 

 

ON

Power supply 1 or 2 failed (alarm configurable on device)

 

 

 

 

ON

Temperature too high / low (alarm configurable on device)

 

 

 

 

ON

(Redundancy) Connectivity check failed (alarm configurable on device)

 

 

 

 

ON

(Modem) Connectivity check failed (alarm configurable on the device)

 

 

 

ON
(3 sec)

 

ECS: The ECS is incompatible.

 

 

 

ON
(3 sec)

 

ECS: The capacity of the ECS is exhausted.

 

 

 

ON
(3 sec)

 

ECS: The root password from the ECS does not match.

 

 

 

ON
(3 sec)

 

ECS: Failed to load the configuration from the ECS.

 

 

 

ON
(3 sec)

 

ECS: Failed to save the configuration to the ECS.

 

ON

 

 

 

PPPD: The internal modem got a connect (set by pppd).

 

Blink
50/1500

 

 

 

PPPD: The internal modem is armed and expecting a dial in.

 

Blink
500/500

 

 

 

PPPD: The internal modem is dialing.

 

 

 

ON
(2 sec)

 

RECOVERY: The recovery procedure failed.

ON
(2 sec)

 

 

 

 

RECOVERY: The recovery procedure succeeded.

ON

 

 

 

ON

FLASH PROCEDURE: The flash procedure has been started. Please wait.

Running light

Running light

Running light

 

ON

FLASH PROCEDURE: The flash procedure is currently executed.

Blink
50/800

Blink
50/800

Blink
50/800

 

ON

FLASH PROCEDURE: The flash procedure succeeded.

 

ON

 

ON

 

FLASH PROCEDURE: The flash/production procedure failed.

 

 

 

Blink
50/100
(5 sec)

 

FLASH PROCEDURE WARNING: Replacing the rescue system. Do not power off. When the blinking stops, the replacement of the rescue system is over.

 

 

 

ON

 

FLASH PROCEDURE: The DHCP/BOOTP requests failed.

 

 

 

ON

 

FLASH PROCEDURE: Mounting the data storage device failed.

 

 

 

ON

 

FLASH PROCEDURE: The flash procedure failed.

 

 

 

ON

 

FLASH PROCEDURE: Erasing the file system partition failed.

 

 

 

ON

 

FLASH PROCEDURE: Failed to load the firmware image.

 

 

 

ON

 

FLASH PROCEDURE: The signature of the firmware image is not valid.

 

 

 

ON

 

FLASH PROCEDURE: Failed to load the install script.

 

 

 

ON

 

FLASH PROCEDURE: The signature of the install script is not valid.

 

 

 

ON

 

FLASH PROCEDURE: The rollout script failed.