BoltGATE 20-25

The BoltGATE 20-25 is a Multi-service IoT Edge Gateway designed for rolling stock applications.

Installation/Upgrade

For devices equipped with a linux image <= EL 21.4.0 and Azul Java 8u202, the environment variables need to be set manually before a fresh installation or an upgrade. This can be achieved by creating a custom profile under /etc/profile.d. Create file /etc/profile.d/java_paths.sh and edit it as:

export JAVA_HOME=/usr/share/zulu-1.8.0_202
export PATH=$PATH:/usr/share/zulu-1.8.0_202/bin

The path may vary depending on the java version, follow the symlink /usr/bin/java to obtain the correct one.

GPS Configuration

The BoltGATE 20-25 can be equipped with an internal GPS device. The ESF Position Service is already configured to manage it using the 1-5.2.4 USB address.

Ethernet Configuration

The default configuration of the Ethernet interfaces for a BoltGATE 20-25 is the following:

Interface Name

Gateway Label

Status

enp3s0

ETH1

Enabled for LAN - Static address 172.16.0.1 with DHCP server

enp4s0

ETH2

Enabled for WAN - DHCP Client

Wireless Configuration

The wireless interface of the BoltGATE 20-25 is the wlp1s0. By default, the interface is disabled.

Firewall Configuration

The default ESF firewall configuration for the the BoltGATE 20-25 is as follows:

Port

Protocol

Permitted Network

Permitted Interface Name

67

udp

0.0.0.0/0

eno1

67

udp

0.0.0.0/0

wlp1s0

53

udp

0.0.0.0/0

eno1

53

udp

0.0.0.0/0

wlp1s0

443

tcp

10.234.0.0/16

tun0

443

tcp

0.0.0.0/0

eno1

4443

tcp

10.234.0.0/16

tun0

4443

tcp

0.0.0.0/0

eno1

22

tcp

10.234.0.0/16

tun0

22

tcp

0.0.0.0/0

eno1

5353

udp

0.0.0.0/0

eno1

Modem Support

ESF natively supports the BoltGATE 20-25 internal modem.

Forward Secure Sealing (FSS)

This device does not support FSS verification to detect log file tampering.

Journald persistence

EL 21.4.0 uses in RAM journal

AIDE Intrusion Detection Configuration

The default AIDE configuration from section "AIDE Intrusion Detection" can be applied to this device. An exception must be added to avoid false tampering events for the file /etc/timestamp:

NORMAL = p+n+u+g+s+selinux+sha256
/etc NORMAL
/opt NORMAL
!/etc/bind/named.conf
!/etc/resolv.conf
!/etc/adjtime*
!/etc/timestamp

The file /etc/timestamp is used by EverywareLinux 21.4.0 to maintain a backup timestamp, hence it may change during the gateway's lifecycle.

Clock Service

In order to be able to use the chrony-advanced option in the clock service configuration, chrony must be manually installed on the system, this is due to the fact that the chrony package conflicts with the ntp package, and the latter is installed by default.
The following command can be used to install the chrony package and uninstall the ntp package:

dnf install --allowerasing chrony chronyc

📘

Note

NTS is not supported by chrony on this platform