BoltGATE 20-25

The BoltGATE 20-25 is a Multi-service IoT Edge Gateway designed for rolling stock applications.

GPS Configuration

The BoltGATE 20-25 can be equipped with an internal GPS device. The ESF Position Service is already configured to manage it using the 1-5.2.4 USB address.

πŸ“˜

gpsd provider

gpsd provider is available since EL 30.1.0.

Ethernet Configuration

The default configuration of the Ethernet interfaces for a BoltGATE 20-25 is the following:

Interface Name

Gateway Label

Status

enp3s0

ETH1

Enabled for LAN - Static address 172.16.0.1 with DHCP server

enp4s0

ETH2

Enabled for WAN - DHCP Client

Wireless Configuration

The wireless interface of the BoltGATE 20-25 is the wlp1s0. By default, the interface is disabled.

To set the right Regulatory Domain create or edit the file /etc/modprobe.d/cfg80211.conf
with the following content and then reboot the system.

options cfg80211 ieee80211_regdom=<your regulatory domain>

Firewall Configuration

The default ESF firewall configuration for the the BoltGATE 20-25 is as follows:

Port

Protocol

Permitted Network

Permitted Interface Name

67

udp

0.0.0.0/0

enp3s0

67

udp

0.0.0.0/0

wlp1s0

53

udp

0.0.0.0/0

enp3s0

53

udp

0.0.0.0/0

wlp1s0

443

tcp

10.234.0.0/16

tun0

443

tcp

0.0.0.0/0

enp3s0

4443

tcp

10.234.0.0/16

tun0

4443

tcp

0.0.0.0/0

enp3s0

22

tcp

10.234.0.0/16

tun0

22

tcp

0.0.0.0/0

enp3s0

5353

udp

0.0.0.0/0

enp3s0

Modem Support

ESF natively supports the BoltGATE 20-25 internal modem.

Journald Persistence

EL 21.4.0 uses in RAM journal

AIDE Intrusion Detection Configuration

The default AIDE configuration from section "AIDE Intrusion Detection" can be applied to this device. An exception must be added if using EL 21.4.0 to avoid false tampering events for the file /etc/timestamp:

NORMAL = p+n+u+g+s+selinux+sha256
/etc NORMAL
/opt NORMAL
!/etc/bind/named.conf
!/etc/resolv.conf
!/etc/adjtime*
!/etc/timestamp

The file /etc/timestamp is used by Everyware Linux on version 21.4.0 to maintain a backup timestamp, hence it may change during the gateway's lifecycle.

Clock Service

If using EL 21.4.0, in order to be able to use the chrony-advanced option in the clock service configuration, chrony must be manually installed on the system, this is due to the fact that the chrony package conflicts with the ntp package, and the latter is installed by default.
The following command can be used to install the chrony package and uninstall the ntp package:

dnf install --allowerasing chrony chronyc

The chrony service will be managed by ESF, so we recommend to disable the service after installation.

systemctl stop chronyd
systemctl disable chronyd

πŸ“˜

NTS is not supported by chrony on this platform with EL 21.4.0.

Forward Secure Sealing (FSS)

EL 21.4.0 does not support FSS verification to detect log file tampering.

Watchdog Service

If the watchdog service is enabled it will not be possible to stop it. From the ESF console, if the service gets disabled it will just prevent the watchdog from starting at the next reboot of the system.

Diagnostic Service

πŸ“˜

rootfs usage alerts after fresh ESF installation

On EL 30.1.0 ESF might produce warning alerts about the rootfs usage, since the occupied space after installation is about 90% of the rootfs partition. You might want to tweak such threshold from the Diagnostic Service configuration to disable the warnings.