Administration Console

Accessing the ESF Gateway Administration Console

ESF provides a web-based, user interface for the administration and management of your IoT gateway. The ESF Gateway Administration Console enables you to monitor the gateway status, manage the network configuration, and manage the installed application and services.
By default, ESF firewall configuration allows to access the Console only from the Ethernet interface configured for LAN-only operation and from Everyware Cloud VPN. See the Gateway Configurations section of the documentation for information about the default network interface configuration on the different supported gateways.

The ESF Gateway Administration Console can be accessed over HTTP, HTTPS and HTTPS with client side certificate based authentication, the default ports are the following:

  • HTTP port: disabled by default
  • HTTPS without client authentication port: 443
  • HTTPS with client authentication port: 4443

Each of the three protocol/authentication method combinations above can be enabled, disabled and configured in the HTTP/HTTPS Configuration section.

See Gateway Administration Console Authentication for more details about authentication.

The Security -> WebConsole configuration section contains an Allowed Ports parameter that can be used to restrict access to ESF Gateway Administration Console on specific ports. See the HTTP/HTTPS Configuration section for more details. By default the Console can be accessed on all available ports.

The ESF Gateway Administration Console can be accessed by typing an URL that refers to the gateway IP address and uses the https:// scheme (e.g. https://172.16.0.1). Once the URL is submitted, the user is required to login and is then redirected to the ESF Gateway Administration Console page.
The ESF Web Console supports multiple login identities with different permission.

🚧

The default admin identity name and password is admin/< device-serial-number > for Eurotech devices.
For non-Eurotech devices (e.g. the Raspberry PI), the default admin identity credentials are admin/admin.

The device serial number can be found printed on the Eurotech device.

Password change

🚧

Change the Default Password

Eurotech recommends changing the default password after initial setup and before deployment, as well as limiting access to the ESF Gateway Administration Console to a trusted local network interface using appropriate firewall rules. Starting from ESF 7.1, it is possible to force a password change for a given identity at next login.

Once logged in, the user can always modify its password. To access the option, click on the button near the username in the header section. A dropdown menu appears with the logout and the password modification options. When clicking on "Change password", the following dialog will appear:

After confirming the changes, the user will be logged out.

Accessing the ESF Gateway Administration Console over a Cellular Link

In order to connect to the ESF Gateway Administration Console via a cellular interface, the following requirements must be met:

  • The service plan must allow for a static, public IP address to be assigned to the cellular interface.

  • The used ports must not be blocked by the provider.

  • The user must add Open Port entries for the cellular interface. This may be done either through the ESF Gateway Administration Console in the Firewall tab.

If some of the used ports is blocked by the service provider, there is an option to reconfigure the gateway to use another port (i.e., 8080). In order to do so, the following requirements must be met:

  • The HttpService configuration must be changed to use the new ports.

  • The new ports must be open in the firewall for all network interfaces.

HTTPS related warnings

Most browsers will probably warn the user that the connection is not secure when ESF Gateway Administration Console is accessed using HTTPS.

In order to remove the warning, the browser must be able to verify the identity of the gateway as an HTTPS server (see [1]). The verification process will fail with default server certificate provided by ESF because it is self-signed and it is not suitable for hostname verification.

Fixing this might require to configure the browser to trust the certificate provided by the gateway and/or using a server certificate signed by a CA trusted by the browser and assigning a DNS name to the gateway in order to pass hostname verification.

[1] https://tools.ietf.org/search/rfc2818#section-3.1

System Use Notification Banner

For security reasons, it may be needed to display to the user a banner that describes the intended system use before authenticating.
The system use notification message is customisable by authorised personnel in the Security section of the ESF Wen UI, in the Web Console tab.

Once enabled and configured, the ESF Web UI will display a banner before every access attempt, as depicted in the image below.