BoltGATE 20-25
The BoltGATE 20-25 is a Multi-service IoT Edge Gateway designed for rolling stock applications.
GPS Configuration
The BoltGATE 20-25 can be equipped with an internal GPS device. The ESF Position Service is already configured to manage it using the 1-5.2.4 USB address.
Ethernet Configuration
The default configuration of the Ethernet interfaces for a BoltGATE 20-25 is the following:
Interface Name | Gateway Label | Status |
---|---|---|
enp3s0 | ETH1 | Enabled for LAN - Static address 172.16.0.1 with DHCP server |
enp4s0 | ETH2 | Enabled for WAN - DHCP Client |
Wireless Configuration
The wireless interface of the BoltGATE 20-25 is the wlp1s0. By default, the interface is disabled.
To set the right Regulatory Domain create or edit the file /etc/modprobe.d/cfg80211.conf
with the following content and then reboot the system.
options cfg80211 ieee80211_regdom=<your regulatory domain>
Firewall Configuration
The default ESF firewall configuration for the the BoltGATE 20-25 is as follows:
Port | Protocol | Permitted Network | Permitted Interface Name |
---|---|---|---|
67 | udp | 0.0.0.0/0 | enp3s0 |
67 | udp | 0.0.0.0/0 | wlp1s0 |
53 | udp | 0.0.0.0/0 | enp3s0 |
53 | udp | 0.0.0.0/0 | wlp1s0 |
443 | tcp | 10.234.0.0/16 | tun0 |
443 | tcp | 0.0.0.0/0 | enp3s0 |
4443 | tcp | 10.234.0.0/16 | tun0 |
4443 | tcp | 0.0.0.0/0 | enp3s0 |
22 | tcp | 10.234.0.0/16 | tun0 |
22 | tcp | 0.0.0.0/0 | enp3s0 |
5353 | udp | 0.0.0.0/0 | enp3s0 |
Modem Support
ESF natively supports the BoltGATE 20-25 internal modem.
Forward Secure Sealing (FSS)
This device does not support FSS verification to detect log file tampering.
Journald persistence
EL 21.4.0 uses in RAM journal
AIDE Intrusion Detection Configuration
The default AIDE configuration from section "AIDE Intrusion Detection" can be applied to this device. An exception must be added to avoid false tampering events for the file /etc/timestamp
:
NORMAL = p+n+u+g+s+selinux+sha256
/etc NORMAL
/opt NORMAL
!/etc/bind/named.conf
!/etc/resolv.conf
!/etc/adjtime*
!/etc/timestamp
The file /etc/timestamp
is used by EverywareLinux 21.4.0 to maintain a backup timestamp, hence it may change during the gateway's lifecycle.
Clock Service
In order to be able to use the chrony-advanced option in the clock service configuration, chrony must be manually installed on the system, this is due to the fact that the chrony
package conflicts with the ntp
package, and the latter is installed by default.
The following command can be used to install the chrony
package and uninstall the ntp
package:
dnf install --allowerasing chrony chronyc
The chrony
service will be managed by ESF, so we recommend to disable the service after installation.
systemctl stop chronyd
systemctl disable chronyd
NTS is not supported by chrony on this platform
Watchdog service
If the watchdog service is enabled it will not be possible to stop it. From the ESF console, if the service gets disabled it will just prevent the watchdog from starting at the next reboot of the system.
Updated over 2 years ago