Airwall Gateway Hardware Installation Guide

This is a generic installation guide for all Airwall Gateway hardware appliances (75, 110, 150, 250, and 500 Airwall Gateways). For more specific installation instructions, specifications, and panel layouts for your specific model, download the platform guide for your model from Documentation Downloads.

Note: For Airwall Gateway Advantech models, see Airwall Gateway AV3200g Hardware Installation Guide and Airwall Gateway AV3033 Hardware Installation Guide.

Follow this guide to set up basic network connectivity for an Airwall Gateway, and provision the gateway on the Airwall Conductor. The Conductor is the central configuration and management point for your Airwall secure network, and manages trust between devices and Airwall Gateways on your network. These instructions are based on Airwall Gateways and Conductor v2.2.8 and later.

Here are the basic steps, explained in more detail below:

  1. Unbox the Airwall Gateway and get familiar with the parts.
  2. Connect the Airwall Gateway to your network and to the Conductor.
  3. Manage the Airwall Gateway in the Conductor.

Before you begin

To bring the Airwall Gateway online, you need:

  • the Conductor IP address or URL that the Airwall Gateway connects to
  • network cables to connect the Airwall Gateway to your network, or a valid SIM card if you are only connecting via a cellular network
  • a micro-USB cable to connect a computer to the Airwall Gateway
    Note: If your Airwall Gateway model does not have a micro-USB console port, use a network cable to connect to your computer's ethernet port. If your computer does not have ethernet port, use a RJ45-to-USB cable.

Step 1: Unbox the Airwall Gateway

Unbox the Airwall Gateway and become familiar with the parts.

  1. Open the box and carefully remove the Airwall Gateway.
    This picture shows an Airwall Gateway 75.
    Unboxing the 75 Airwall Gateway

  2. Check out the platform guide/quick start guide that came with your Airwall Gateway to get familiar with the top and front panel of the Airwall Gateway.
    Here are the panel layouts for the most common Airwall Gateways:
    • 75
      75 panel layout

    • 110
      110 panel layout

    • 150
      150 panel layout

    • 250
      250 panel layout

    • 500
      500 panel layout

  3. Check the specifications on the labels and platform guide included in the box to determine environments to which you can physically deploy the Airwall Gateway. Download the panel layouts and basic specifications for your Airwall Gateway from Documentation Downloads.

Step 2: Connect the Airwall Gateway to the network and the Conductor

Connect the Airwall Gateway to your network.

You can connect and configure the Airwall Gateway in one of three ways:
  • Console port – Best option for Airwall Gateway series with a console port.
  • Diagnostic mode – Best option for Airwall Gateway series without a console port.
  • Use a DHCP server – Advanced option for adding a large number of Airwall Gateways, see Connecting Airwall Gateways using a DHCP server.
Note: Some Airwall Gateways have a micro-USB console port, others have a RJ45 console port, while some models have no defined console port. If your model has no console port, use Diagnostic mode to connect.

Console port connect

For provisioning, place the Airwall Gateway where it can reach the Conductor on your shared network. The fastest way to provision the Airwall Gateway is to connect a computer to the Airwall Gateway using the console port.
  1. Plug in the Airwall – Locate the Airwall Gateway in an area that complies with the safe operating guidelines, and then plug it in with the supplied power cord.
  2. Connect to your network – Connect the Airwall Gateway to a network that has access to the Conductor (your company network or the Internet) using Port 1.
  3. Connect a computer to the Airwall Gateway – Connect your computer to the micro-USB console port on the Airwall Gateway.
    1. Use a terminal (macOS or Linux) or terminal emulator such as PuTTY (Windows), to connect to the Airwall Gateway using baud rate 115200.
    2. At the login prompt, log in using Airshell with name airsh and no password.
      Note: For more on Airshell command line options, see Airshell Command Line.
    3. Check that the Airwall Gateway can reach the Conductor URL: 
      ping <Conductor URL>

      For example:

      ping my-conductor.tempered.com

      When the ping is successful, continue.

    4. Set the Conductor IP address or URL, and optionally, the port. For example, enter: 
      conductor set my-conductor.tempered.com
      The Airwall Gateway is now recognized in the Conductor, showing up in the Provisioning tab, the Licensing tab, or on the Airwalls page as ready to manage. When the Airwall Gateway is connected to the Conductor, you can manage and configure it from there.
  4. Connect to devices – Connect the devices you want to protect to the Airwall Gateway on Port 2. See the platform guide that came with your Airwall Gateway for the location of Port 2 and above.

Diagnostic mode connect

For provisioning, place theAirwall Gateways where it has network access to the Conductor through your company network or the Internet.
  1. Plugin the Airwall – Locate the Airwall Gateway in an area that complies with the safe operating guidelines, and then plug it in with the supplied power cord.
  2. Connect to your network – Connect the Airwall Gateway to a network that has network reachability to the Conductor (your company network or the Internet) using Port 1.
  3. Connect a computer to the Airwall Gateway – Connect your computer to Port 2 with an ethernet cable.
    • For Airwall Gateway series with a Multi-Purpose or Reset button, press the button for 3 seconds to enter Diagnostic Mode. After three seconds, the status LED blinks to indicate the Airwall Gateway is in Diagnostic Mode.
    • For Airwall Gateway series without a Multi-Purpose or Reset button, place into Diagnostic Mode by connecting a VGA monitor and a USB keyboard to port 2 of the Airwall Gateway, and enter the login prompt:
      • 2.2.3 and later: Enter airsh to enter the console, and then enter diag.
        Note: If you are asked for a password, enter default airsh, or the password you set.
      • Earlier than 2.2.3: Enter diag, then enter password diag.

    Once the Airwall Gateway is in diagnostic mode, Overlay network communications from the Airwall Gateway are disabled and the device network is reconfigured with a static IP address.

    1. Open a web browser and go to http://192.168.56.3 to access the Airwall Gateway diagnostic page.


    2. Select Edit Settings and enter the Conductor URL. Select Update Settings.
    3. Click Reboot to take the Airwall out of diagnostic mode.
      Important: After restarting, the Airwall Gateway may require up to three minutes to return to operating mode.
      The Airwall Gateway is now recognized in the Conductor, showing up in the Provisioning tab, the Licensing tab, or on the Airwalls page as ready to manage. When the Airwall Gateway is connected to the Conductor, you can manage and configure it from there.
  4. Connect to devices - Connect the devices you want to protect to the Airwall Gateway on port 2 and above.

Step 3: License and Manage the Airwall Gateway in the Conductor

You need to Add Airwall Edge Service Licenses to the Conductor before you can provision and license Airwall Gateways. Airwall Edge Services include Airwall Gateways as well as Airwall Agents and Servers that allow people to connect their devices to your Airwall secure network.

To complete this step, a Conductor administrator must license and manage the Airwall Gateways. For instructions, see Provision and License Airwall Edge Services.

Once complete, Conductor administrators can configure the Airwall Gateways in the Conductor.