Airwall Gateway AV3033 Hardware Installation Guide

This is the installation guide for the Airwall Gateway AV3033 hardware appliance. The Airwall Gateway AV3033 is an Advantech FWA3033 internet security platform with pre-installed Airwall firmware.
Note: The Airwall AV3033 is a similar platform to the Airwall Gateway 500.

Follow this guide to set up basic network connectivity for an Airwall Gateway, and provision the gateway on the Airwall Conductor. The Conductor is the central configuration and management point for your Airwall secure network, and manages trust between devices and Airwall Gateways on your network. These instructions are based on Airwall Gateways and Conductor v2.2.8 and later.

Prerequisites

To bring the Airwall Gateway online, you need:

  • the Conductor IP address or URL that the Airwall Gateway will connect to
  • a network cable to connect the Airwall Gateway to your network
  • a network cable to connect your computer to the Airwall Gateway during set up, and subsequently to connect your protected device

Airwall Gateway AV3033 panel layout

Figure 1. Airwall Gateway AV3033 panel layout


1 LCD screen
2 Keypad
3 Power LED
4 RJ45 console port
5 2 USB ports
6 6 RJ45 ethernet ports
7 4 SFP ports
8 DVI port
9 Fans
10 Power button
11 Dual power supply

Connecting the Airwall Gateway AV3033 to the network and the Conductor

Complete the following steps to connect an Airwall Gateway AV3033 to your network to your Conductor. You can connect through the console port (command line) or through diagnostic mode (UI).

Console port connect

Complete the following steps to connect an Airwall Gateway AV3033 to your network to your Conductor using the console port. For provisioning, place the Airwall Gateway where it can reach the Conductor on your shared network.
  1. Locate the Airwall Gateway in an area that complies with the safe operating guidelines, and then plug it in with the supplied power cord.
  2. Connect the Airwall Gateway to a network that has access to the Conductor (your company network or the Internet) using Port 1.
  3. Connect a computer to the Airwall Gateway's console port.
    Note: If your computer does not have an RJ45 port, you can use an RJ45-to-USB cable.
  4. Use a terminal (macOS or Linux) or terminal emulator (Windows), to connect to the Airwall Gateway using baud rate 115200.
  5. At the login prompt, log in with: name: airsh and no password.
  6. Check that the Airwall Gateway can reach the Conductor URL:
    ping <Conductor URL>
    For example:
    ping my-conductor.tempered.com
    Once the ping is successful, continue.
  7. Set the Conductor IP address or URL and, optionally, the port. For example, enter:conductor set my-conductor.tempered.com
    The Airwall Gateway should now be recognized in the Conductor, showing up on the Licensing tab, or on the Airwalls page as ready to manage. Once the Airwall Gateway is connected to the Conductor, you can manage and configure it there. For more Airshell command line options, see Airshell Command Line.
  8. Remove the cable from your computer and connect the devices you want to protect to the Airwall Gateway on the RJ45 or SFP ethernet ports.

Diagnostic mode connect

Complete the following steps to connect an Airwall Gateway AV3033 to your network through diagnostic mode. Once in diagnostic mode, the Airwall issues an IP address from the 192.168.56.0/24 network to your computer connected to RJ45 Port 2. Your computer must be set up for DHCP.
  1. Locate the Airwall Gateway in an area that complies with the safe operating guidelines, and then plug it in with the supplied power cord.
  2. Connect the Airwall Gateway to a network that has access to the Conductor (your company network or the Internet) using RJ45 Port 1.
  3. Connect your computer to the Airwall Gateway's console port with a serial interface. Then connect your computer to the Airwall Gateway's Port 2 with an ethernet cable.
  4. Use the Airwall Gateway AV3033 LCD screen and buttons to enter diagnostic mode. The Airwall issues the IP address 192.168.56.3 to your computer to access diagnostic mode.
  5. When you see that you have an IP address on the 192.168.56.0/24 network subnet, verify that you can reach the Airwall by pinging 192.168.56.3.
  6. Open a web browser and go to http://192.168.56.3 to access the Airwall Gateway diagnostic page.


  7. Click Settings > Edit Settings and enter the Conductor URL. Click Save.
  8. In the upper right corner click Reboot.
    Note: After restarting, the Airwall Gateway may require up to 3 minutes to return to operating mode.

    The Airwall Gateway should now be recognized in the Conductor, showing up on the Licensing tab, or on the Airwalls page as ready to manage. Once the Airwall Gateway is connected to the Conductor, you can manage and configure it there. For more Airshell command line options, see Airshell Command Line.

  9. Remove the cable from your computer and connect the devices you want to protect to the Airwall Gateway on the RJ45 or SFP ethernet ports.

License and Manage the Airwall Gateway in the Conductor

You need to Add Airwall Edge Service Licenses to the Conductor before you can provision and license Airwall Gateways. Airwall Edge Services include Airwall Gateways as well as Airwall Agents that allow people to connect their devices to your Airwall secure network.

To complete this step, a Conductor administrator must license and manage the Airwall Gateways. For instructions, see Provision and License Airwall Edge Services.

Once complete, Conductor administrators can configure the Airwall Gateways in the Conductor.