Airwall Gateway Hardware Installation Guide

This is a generic installation guide for all Airwall Gateway hardware appliances (75, 110, 150, 250, and 500 Airwall Gateways). For more specific installation instructions, specifications, panel layouts for your specific model, download the platform guide for your model from Documentation Downloads.

Follow this guide to set up basic network connectivity for an Airwall Gateway, and provision the gateway on the Airwall Conductor. The Conductor is the central configuration and management point for your Airwall secure network, and manages trust between devices and Airwall Gateways on your network. These instructions are based on Airwall Gateways and Conductor v2.2.8 and later.

Here are the basic steps, explained in more detail below:

  1. Unbox the Airwall Gateway and get familiar with the parts
  2. Connect the Airwall Gateway to your network and to the Conductor
  3. Manage the Airwall Gateway in the Conductor

Before you begin

To prepare for bringing the Airwall Gateway online, you need to:

  • Get the Conductor IP address or URL that the Airwall Gateway will connect to
  • Have network cables to connect the Airwall Gateway to your network
  • Have a micro USB cable to connect a computer to the Airwall Gateway

Step 1: Unbox the Airwall Gateway

The first step is to unbox the Airwall Gateway and become familiar with the parts. At the end of this step, you’ll be ready to connect the Airwall Gateway to the management software (the Airwall Conductor).

  1. Open the box and carefully remove the Airwall Gateway.
    This picture shows an Airwall Gateway 75.
    Unboxing the 75 Airwall Gateway

  2. Check out the platform guide/quick start guide that came with your Airwall Gateway to get familiar with the top and front panel of the Airwall Gateway.
    Here are the panel layouts for the most common Airwall Gateways:
    • 75
      75 panel layout

    • 110
      110 panel layout

    • 150
      150 panel layout

    • 250
      250 panel layout

    • 500
      500 panel layout

  3. Check the specifications on the labels and platform guide included in the box to determine which environments you can physically deploy the Airwall Gateway. Download the panel layouts and basic specifications for your Airwall Gateway from Documentation Downloads.

Step 2: Connect the Airwall Gateway to the network and the Conductor

The next step is to connect the Airwall Gateway to your network. At the end of this step, your Airwall Gateway will be powered on and connected to the Conductor.

You can connect and configure the Airwall Gateway in one of two ways:
  • Manually Connect – Faster for a few Airwall Gateways
  • Use a DHCP Server – Faster if you are configuring more than a few.

Option 1 – Manually Connect

For provisioning, place the Airwall Gateway where it can reach the Conductor on your shared network. The fastest way to provision the Airwall Gateway is to connect a computer to the Airwall Gateway using the console port.
  1. Plug in the Airwall – Locate the Airwall Gateway in an area that complies with the safe operating guidelines, and then plug it in with the supplied power cord.
  2. Connect to your network – Connect the Airwall Gateway to a network shared with the Conductor (your company network or the Internet) using Port 1.
  3. Connect a computer to the Airwall Gateway – Connect your computer to the micro USB console port on the Airwall Gateway.
    1. Using a terminal (macOS or Linux) or terminal emulator (Windows), connect to the Airwall Gateway using baud rate 115200.
    2. Check that the Airwall Gateway can reach the Conductor URL: 
      ping <Conductor URL>

      For example:

      ping my-conductor.tempered.com

      Once the ping is successful, continue.

    3. At the login prompt, log in with: name: airsh and no password.
    4. Set the Conductor IP address or URL, and optionally, the port. For example, enter: 
      conductor set my-conductor.tempered.com
  4. 4. Connect to devices – Connect the devices you want to protect to the Airwall Gateway on Port 2. See the platform guide that came with your Airwall Gateway for the location of Port 2.
The Airwall Gateway should now be recognized in the Conductor, showing up on the Licensing tab, or on the Airwalls page as ready to manage. Once the Airwall Gateway is connected to the Conductor, you can manage and configure it there. For more Airshell command line options, see Airshell Command Line.

Option 2 – Use a DHCP Server to Connect

For provisioning, place the Airwall Gateway on a network where it can reach the Conductor on your shared network, or on the Internet. Once you set up DHCP on your network, you can skip steps 2 and 3 when setting up any additional Airwall Gateways.
  1. Plug in the Airwall Gateway – Locate the Airwall Gateway in an area that complies with the safe operating guidelines, and then plug it in or apply power.
  2. Check DHCP – Ensure there is a DHCP server and a DNS resolver or DNS server for the local domain that is accessible on the shared network.
  3. Create a DNS SRV record – On the DNS server, check that there is (or have a network administrator add) a SRV record pointing to the Conductor URL: 
    _service._proto.name TTL class SRV priority weight port target
    For example, if your shared network domain is me.com and the Conductor hostname is cond-01, then the SRV record should be: 
    _ifmap._tcp.example.com. 3600 IN SRV 10 0 8096 cond-01.me.com

    *Use the TTL, priority and weight for your DNS environment. Port 8096 is the default, but you can change it in the Conductor and set it to an alternate port.

  4. Connect to your network – Connect the Airwall Gateway to a network shared with the Conductor using Port 1 (your company network or the Internet). The DHCP server assigns an IP address, netmask, and a default gateway to the Airwall Gateway. The Airwall Gateway then does an DNS lookup and configures itself using the Conductor address.
  5. Ping the Conductor URL – Check that you can reach the Conductor by pinging it. Enter: 
    ping my-conductor.tempered.com
  6. Connect to devices – Connect the devices you want to protect to the Airwall Gateway on Port 2.
The Airwall Gateway should now be recognized in the Conductor, showing up on the Licensing tab, or on the Airwalls page as ready to manage. Once the Airwall Gateway is connected to the Conductor, you can manage and configure it there (including serial ports).

Step 3: License and Manage the Airwall Gateway in the Conductor

You need to Add Airwall Edge Service Licenses to the Conductor before you can provision and license Airwall Gateways. Airwall Edge Services include Airwall Gateways as well as Airwall Agents and Servers that allow people to connect their devices to your Airwall secure network.

To complete this step, a Conductor administrator must license and manage the Airwall Gateways. For instructions, see Provision and License Airwall Edge Services.

Once complete, Conductor administrators can configure the Airwall Gateways in the Conductor.