Global Setting

Settings

[Global Setting > Device Setting > Settings]

Settings are the information and configurations that help other networks or devices communicate with your appliance.

System Tab

Change password: update the current account password.

Port Configuration: Set the mode for each interface.

User Accounts: Manage accounts for web and CLI access management.

Hostname: Label specified for the device. This name is used in events and logs.

Show Mode: Show or hide the rule page for Transparent or Routing mode.

Bypass: Disable/Enable bypass setting

Login Message: Text that shows after a user logs on the appliance

Session Timeout: Number of minutes a session can stay open

Network tab

IP Configuration: Configure the mode (Routing or Transparent) for interfaces, and set the interface's IP addresses.

Virtual IPs: Add or delete a virtual IP.

Bridge: Create or delete a bridge network.

Learning UDP Protocol: Enable or disable learning UDP traffic in the Learn state.

IP Access Restriction: Manage IP addresses that can access web management.

CIMPLICITY Maximum Writes: Set a limit on the number of write commands per interval. This option is only available if you have purchased the license that supports GE protocol.

IFIX Maximum Writes: Set a limit on the number of write commands per interval. This option is only available if you have purchased the GE protocol.

GESDI Port: Configure the port settings for GESDI (version 6e and 6).

Default SLMP port: Set the default port for SLMP communication.

Default DICOM port: Set the default port for DICOM communications.

Learning Protocol Port 102: This port can be configured for S7COMM or MMS protocols.

Network > IP Configuration

Port Configuration: Set the mode for each interface. The default mode for both LAN and DEVICE interfaces is routing mode.

Edit icon: Click this icon to configure the IP address for the interface.

Network > Virtual IPs

Network > IP Access Restriction

Time tab

Time (NTP) Servers: Configure Network Time Protocol (NTP) servers to synchronize the system clock with accurate time sources.

Date Time: Set the current date and time for the system.

Timezone: Select the appropriate time zone to ensure the system clock reflects the correct local time.

Install license

[Global Setting > Device Setting > License]

OPSWAT will supply license files to you. Contact Support for a new or renewal production license, or an extension on evaluation licenses. Include the serial number of your appliance.

  1. Save the new license to a location on the MetaDefender Industrial Firewall network.
  2. Double-click the appliance in the MetaDefender Industrial Firewall Nodes (Configured) box to open the web interface.

Open the Configuration menu and click License. The License pane displays.

Open the Action menu and click Update License. The Upload pane displays.

In the Local License File box, click Browse to navigate to the file. Select the file.

Click the Upload License button to start the upload. The Progress Bar shows when the upload is completed.

Click the End User License Agreement (EULA) link and read it. Then, click the check box to show that you accept the terms. A green banner at the top of the page tells you the procedure succeeded. The License page opens with the new information.

Backups

[Global Setting > Device Setting > Backups > System]

System Backup

A backup or snapshot is a copy of your device configurations and data. The appliance creates a backup automatically before all configuration changes are made. You can also make a backup on demand.

You will perform all backup tasks from the Backup Configs pane. Open the Configuration menu and click Backups to access this pane, which displays the following information for the current backups:

  • Description: The appliance describes automatic backup that includes the date and time of the backup. For manual backups, the description comes from the Comment box.
  • Created: Timestamp in the format of Weekday:MM:DD: HH:MM:SS YYYY
  • Name: The system supplies the name. You cannot change it.

Create a backup

Open the Action menu and click Snapshot Running Config. A popup displays, “Snapshot (backup) the current config?”

Enter a comment that includes the cause for the backup. This text becomes the description on the Backup Configs pane. Click the Submit button to save the backup. A green banner at the top of the page tells you the procedure succeeded.

Click the Submit button to save the backup. A green banner at the top of the page tells you the procedure succeeded.

Export a backup

Double-click the backup you want to export. A detail page displays.

Open the Action menu and click Export. The Backup Config Export pane displays.

Enter the Password for this backup. Enter the password again in the Confirm Password box. Record the password in a safe place.

Click the Submit button. A popup page displays. Open the file or Save it. If you save it, the file goes to your local Downloads location. The default location for Windows systems is C:\Users<your user name>\Downloads.

Record the date and time you save it because this will be part of the .bin file name. You cannot edit the file name before it is saved.

Restore a backup

If a new configuration does not operate correctly, you can return an older configuration (rebuild). You can select a backup of this appliance or upload a configuration from a different appliance.

To use a backup from a different appliance, save the backup to a location on this MetaDefender Industrial Firewall network:

  • To upload the software to the appliance, open the Action menu and click Upload. The Upload pane displays.
  • Click Browse in the Local Filename of config box to navigate to the file. Record the name.
  • Enter a Password for this backup.
  • Click the Upload Config button to start the upload. The Progress Bar shows when the upload completes.
  • This backup shows in the Backup Configs table.

Find the backup name in the Backup Configs table. You can click a column header to filter the table contents.

Delete a backup

Find the backup in the Backup Configs table. You can click a column header to filter the table contents.

Click the backup row to open a detail page.

Open the Action menu and click Delete. Click the Submit button to confirm your action. A green banner at the top of the page tells you that the procedure succeeded.

Configuration Backup

[Global Setting > Device Setting > Backups > Configuration]

A backup or snapshot is a copy of your device configurations. Unlike a system backup, it includes both configuration settings and some data as a binary file. The configuration backup is a JSON text file that contains only the device configuration.

Create a backup

Open the header menu and click Snapshot Running Config. A popup will appear, allowing you to:

  • Choose all configurations to export.
  • Select specific parts of the full configuration.

Export a backup

On the Action items of the each line, we can click on the export icon to export the configuration text file.

Restore a backup

On the Action items of the each line, we can click on the Apply button to apply the backup configuration.

Device Update

[Global Setting > Device Setting > Device Updates]

The software was installed on the appliance before it was shipped to you. As part of installation, you need to update the software to the latest release. You will also use this procedure to update new personalities (versions) of the appliance software.

Open the Action menu and click Upload Software. The Upload pane displays.

In the Local Filename of update package box, click Browse to navigate to the file for the appliance software.

Click the Upload Package button. The Progress Bar shows when the upload completes.

Click Apply in the Action column of the Software pane to apply the update. The new software version will show in the Version column with the Active column checked

External Services

Use the External Services options to view information about servers associated with the appliance, including:

  • DNS servers
  • SNMP servers and trap recipients
  • RADIUS servers
  • Remote syslog
  • Time (NTP) servers

When you click on one of these options, an associated pane displays. Use the Action menu on the pane to add, edit, or delete these servers.

Encryption

Use the Encryption options to view and update SSL/TLS credentials and X509 certificates associated with the appliance.

SSL/TLS Credentials

Click the SSL/TLS Credentials option. The SSL/TLS Credentials pane displays. Use the Action menu to perform one of the following:

  • Create a local keypair
  • Import a keypair
  • Set an SSL key

You can update an existing credential by selecting it, then using the Action menu on the resulting detail pane to:

  • Add, edit, export or delete an individual certificate
  • Delete all associated certificates

X509 Certificates

Click the x509 Certificates option. The X509 Certificates pane displays. Use the Action menu to import an X509 certificate.

Certificates

[Global Setting > Device Setting > External Services > Certificates]

This section allows you to manage certificates used for secure communication between the Industrial Firewall and other systems. You can create, import, and view details of various certificate types to establish trust and encryption across network entities.

Certificate Types:

  • Local CA Certificate: A certificate authority (CA) certificate generated by the firewall for signing local certificates.
  • Local Certificate: Certificate issued to this firewall, usually signed by the local or trusted CA.
  • Remote CA Certificate: Certificate from a remote party (e.g., peer firewall) used to verify identity.

Actions available:

  • Create Certificate: Generate a new certificate signed by the Local CA. Or import from an external CA.
  • Import Remote CA: Upload a CA certificate from a remote device or external source.
  • Import Remote Certificate: Upload an individual certificate (e.g., remote VPN peer certificate).
  • Use Trusted CA for secure VPN or remote access.
  • Local CA should be used to generate internal certificates if no external CA is involved.
  • Regularly review expiration dates to avoid service disruption.
  • Avoid using Untrusted CA unless for inspection or debugging purposes.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
On This Page
Global SettingSettingsSystem TabNetwork tabNetwork > IP ConfigurationNetwork > Virtual IPsNetwork > IP Access RestrictionTime tabInstall licenseBackupsSystem BackupCreate a backupExport a backupRestore a backupDelete a backupConfiguration BackupCreate a backupExport a backupRestore a backupDevice UpdateExternal ServicesEncryptionSSL/TLS CredentialsX509 CertificatesCertificates