Airwall Gateway Hardware Installation Guide

This is a generic installation guide for all Airwall Gateway hardware appliances series: 75, 110, 150, 250, and 500. For more specific installation instructions, specifications, and panel layouts for your specific model, download the platform guide from Documentation Downloads.

Note: For Airwall Gateway Advantech models, see Airwall Gateway AV3200g Hardware Installation Guide and Airwall Gateway AV3033 Hardware Installation Guide.

Follow this guide to set up basic network connectivity for an Airwall Gateway, and provision the gateway on the Airwall Conductor. The Conductor is the central configuration and management point for your Airwall secure network, and manages trust between devices and Airwall Gateways on your network. These instructions are based on Airwall Gateways and Conductor v2.2.8 and later.

Prerequisites

To bring the Airwall Gateway online, you need:

  • the Conductor IP address or URL that the Airwall Gateway connects to
  • network cables to connect the Airwall Gateway to your network, or a valid SIM card if you are only connecting via a cellular network
  • a micro-USB cable to connect a computer to the Airwall Gateway
    Note: If your Airwall Gateway model does not have a micro-USB console port, use a network cable to connect to your computer's ethernet port. If your computer does not have ethernet port, use a RJ45-to-USB cable.

Airwall Gateway panel layout

Figure 1. Unboxing Airwall Gateway 75

Unboxing the 75 Airwall Gateway

Figure 2. Airwall Gateway 75 panel layout

75 panel layout

Figure 3. Airwall Gateway 110 panel layout

110 panel layout

Figure 4. Airwall Gateway 150 panel layout

150 panel layout

Figure 5. Airwall Gateway 250 panel layout

250 panel layout

Figure 6. Airwall Gatway 500 panel layout

500 panel layout

Note: Check the specifications on the labels and platform guide included in the box to determine environments to which you can physically deploy the Airwall Gateway. Download the panel layouts and basic specifications for your Airwall Gateway from Documentation Downloads.

Connecting the Airwall Gateway to the network and the Conductor

Connect the Airwall Gateway to your network.

You can connect and configure the Airwall Gateway in one of three ways:
  • Console Port connect – Best option for Airwall Gateway series with a console port.
  • Diagnostic mode connect – Best option for Airwall Gateway series without a console port.
  • Use a DHCP server – Advanced option for adding a large number of Airwall Gateways, see Connecting Airwall Gateways using a DHCP server.
Note: Some Airwall Gateways have a micro-USB console port, others have a RJ45 console port, while some models have no defined console port. If your model has no console port, use Diagnostic mode to connect.

Console port connect

For provisioning, place the Airwall Gateway where it can reach the Conductor on your shared network. The fastest way to provision the Airwall Gateway is to connect a computer to the Airwall Gateway using the console port.
  1. Locate the Airwall Gateway in an area that complies with the safe operating guidelines, and then plug it in with the supplied power cord.
  2. Connect the Airwall Gateway to a network that has access to the Conductor (your company network or the Internet) using Port 1.
  3. Connect your computer to the micro-USB console port on the Airwall Gateway.
  4. Use a terminal (macOS or Linux) or terminal emulator such as PuTTY (Windows), to connect to the Airwall Gateway using baud rate 115200.
  5. At the login prompt, log in using Airshell with name airsh and no password.
    Note: For more on Airshell command line options, see Airshell Command Line.
  6. Check that the Airwall Gateway can reach the Conductor URL: 
    ping <Conductor URL>

    For example:

    ping my-conductor.tempered.com

    When the ping is successful, continue.

  7. Set the Conductor IP address or URL, and optionally, the port. For example, enter: 
    conductor set my-conductor.tempered.com
    The Airwall Gateway is now recognized in the Conductor, showing up in the Provisioning tab, the Licensing tab, or on the Airwalls page as ready to manage. When the Airwall Gateway is connected to the Conductor, you can manage and configure it from there.
  8. Connect the devices you want to protect to the Airwall Gateway on Port 2. See the platform guide that came with your Airwall Gateway for port locations.

Diagnostic mode connect

For provisioning, place theAirwall Gateways where it has network access to the Conductor through your company network or the Internet.
  1. Locate the Airwall Gateway in an area that complies with the safe operating guidelines, and then plug it in with the supplied power cord.
  2. Connect the Airwall Gateway to a network that has reachability to the Conductor (your company network or the Internet) using Port 1.
  3. Connect your computer to Airwall Gateway's Port 2 with an ethernet cable.
  4. For Airwall Gateway series:
    • with a multi-purpose or reset button, press the button for 3 seconds to enter diagnostic mode. After three seconds, the status LED blinks to indicate the Airwall Gateway is in diagnostic mode.
    • without a multi-purpose or reset button, place into diagnostic mode by connecting a VGA monitor and a USB keyboard to port 2 of the Airwall Gateway, and entering the login prompt:
      • 2.2.3 and later: Enter airsh to enter the console, and then enter diag.
        Note: If you are asked for a password, enter default airsh, or the password you set.
      • Earlier than 2.2.3: Enter diag, then enter password diag.

    Once the Airwall Gateway is in diagnostic mode, Overlay network communications from the Airwall Gateway are disabled and the device network is reconfigured with a static IP address.

  5. Open a web browser and go to http://192.168.56.3 to access the Airwall Gateway diagnostic page.


  6. Select Edit Settings and enter the Conductor URL. Select Update Settings.
  7. Click Reboot to take the Airwall out of diagnostic mode.
    Important: After restarting, the Airwall Gateway may require up to three minutes to return to operating mode.
    The Airwall Gateway is now recognized in the Conductor, showing up in the Provisioning tab, the Licensing tab, or on the Airwalls page as ready to manage. When the Airwall Gateway is connected to the Conductor, you can manage and configure it from there.
  8. Connect the devices you want to protect to the Airwall Gateway on port 2 and above.

License and Manage the Airwall Gateway in the Conductor

You need to Add Airwall Edge Service Licenses to the Conductor before you can provision and license Airwall Gateways. Airwall Edge Services include Airwall Gateways as well as Airwall Agents that allow people to connect their devices to your Airwall secure network.

To complete this step, a Conductor administrator must license and manage the Airwall Gateways. For instructions, see Provision and License Airwall Edge Services.

Once complete, Conductor administrators can configure the Airwall Gateways in the Conductor.