These docs are for v7.0.0. Click to read the latest docs for v7.4.0.

BoltGATE 20-25

The BoltGATE 20-25 is a Multi-service IoT Edge Gateway designed for rolling stock applications.

Installation/Upgrade

For devices equipped with a linux image <= EL 21.4.0 and Azul Java 8u202, the JVM environment variables may be unset. Verify on the device's shell that echo $PATH includes a path similar to /usr/share/zulu-1.8.0_202/bin. If not it needs to be set manually before a fresh installation or an upgrade. This can be achieved by creating a custom profile under /etc/profile.d. Create file /etc/profile.d/java_paths.sh and edit it as:

export JAVA_HOME=/usr/share/zulu-1.8.0_202
export PATH=$PATH:/usr/share/zulu-1.8.0_202/bin

The path may vary depending on the java version, follow the symlink /usr/bin/java to obtain the correct one. Before installation or upgrade run the script to correctly set the PATH.

📘

This setup is not more needed since ESF version 7.0.1.

GPS Configuration

The BoltGATE 20-25 can be equipped with an internal GPS device. The ESF Position Service is already configured to manage it using the 1-5.2.4 USB address.

Ethernet Configuration

The default configuration of the Ethernet interfaces for a BoltGATE 20-25 is the following:

Interface NameGateway LabelStatus
enp3s0ETH1Enabled for LAN - Static address 172.16.0.1 with DHCP server
enp4s0ETH2Enabled for WAN - DHCP Client

Wireless Configuration

The wireless interface of the BoltGATE 20-25 is the wlp1s0. By default, the interface is disabled.

Firewall Configuration

The default ESF firewall configuration for the the BoltGATE 20-25 is as follows:

PortProtocolPermitted NetworkPermitted Interface Name
67udp0.0.0.0/0enp3s0
67udp0.0.0.0/0wlp1s0
53udp0.0.0.0/0enp3s0
53udp0.0.0.0/0wlp1s0
443tcp10.234.0.0/16tun0
443tcp0.0.0.0/0enp3s0
4443tcp10.234.0.0/16tun0
4443tcp0.0.0.0/0enp3s0
22tcp10.234.0.0/16tun0
22tcp0.0.0.0/0enp3s0
5353udp0.0.0.0/0enp3s0

Modem Support

ESF natively supports the BoltGATE 20-25 internal modem.

Forward Secure Sealing (FSS)

This device does not support FSS verification to detect log file tampering.

Journald persistence

EL 21.4.0 uses in RAM journal

AIDE Intrusion Detection Configuration

The default AIDE configuration from section "AIDE Intrusion Detection" can be applied to this device. An exception must be added to avoid false tampering events for the file /etc/timestamp:

NORMAL = p+n+u+g+s+selinux+sha256
/etc NORMAL
/opt NORMAL
!/etc/bind/named.conf
!/etc/resolv.conf
!/etc/adjtime*
!/etc/timestamp

The file /etc/timestamp is used by EverywareLinux 21.4.0 to maintain a backup timestamp, hence it may change during the gateway's lifecycle.

Clock Service

In order to be able to use the chrony-advanced option in the clock service configuration, chrony must be manually installed on the system, this is due to the fact that the chrony package conflicts with the ntp package, and the latter is installed by default.
The following command can be used to install the chrony package and uninstall the ntp package:

dnf install --allowerasing chrony chronyc

The chrony service will be managed by ESF, so we recommend to disable the service after installation.

systemctl stop chronyd
systemctl disable chronyd

📘

Note

NTS is not supported by chrony on this platform

Watchdog service

If the watchdog service is enabled it will not be possible to stop it. From the ESF console, if the service gets disabled it will just prevent the watchdog from starting at the next reboot of the system.