Endian 4i Edge Appliance is an appliance (desktop or rail-mounted) that provides secure access to SCADA equipment. This document is a reference manual that describes the GUI and all the configuration options of its functionalities.
The latest updates and corrections to this manual, referred to the latest release of the Endian 4i Edge Appliance, will be available online at http://docs.endian.com/3.0/4i/. If you think that you have found any errors, either simple typos or even content errors, feel free to provide us feedback using the form on Endian web site.
This reference manual is Copyright (c) 2011-2016 Endian S.p.A., Italy and corresponds to revision 5 of the online version.
The version 3.0, being a major release, has been a long path, which sees the introduction of several new features, plus many changes and improvements under the hood, among which the major rewrite of the VPN module stands out.
The VPN module has been rewritten and its structure improved, separating the authentication part from the tunnelling and encryption part. The new features introduced in the VPN module are:
Algorithms available for encryption: Blowfish 128/192/256-bit, Twofish 128/192/256-bit, Serpent 128/192/256-bit, Camellia 128/192/256-bit, CAST-128.
Hashing algorithm: SHA2 256/384/512-bit, AESXCBC.
Support for IKEv2.
Support for XAUTH.
Multiple OpenVPN servers can run concurrently, introducing load-balancing and providing scalability.
User management and authentication has been unified for OpenVPN, L2TP, and XAUTH, and completed by several new functionalities:
Support for multiple authentication server (local, LDAP, Active Directory).
Integrated certificate authority
Support for external certification authorities.
Support for groups of users.
Two-Factor Authentication (password and certificate management).
A brand new reporting dashboard to visualise events logged by the Endian 4i Edge Appliance has been developed from scratch.
More detailed graphical reports are therefore available for various categries of events: System, intrusion attempts, and connections.
Integration of ntopng into Endian 4i Edge Appliance provides live monitoring of network traffic and network flows.
Additional languages for the GUI have been introduced: Portuguese, Chinese, Russian, and Turkish.
The menubar and the left-hand side menus now remain visible also when browsing a long page to its bottom.
Application firewall is now available, with the possibility to filter traffic generated by more than 170 application.
The Endian 4i Edge Appliance Reference Manual 3.0 (“this document”) is copyright (c) 2011 Endian S.r.l.., Italy (“Endian”).
This document has been edited and written by Stefano David with the help of the other Endian Team members, building on the previous 2.4 version written by (in alphabetical order) Andreas Ender, Diego Gagliardo, Luca Giovenzana, Christian Graffer, Raphael Lechner, Chris Mair, Raphael Vallazza, and Peter Warasin. Some parts of the 2.4 documentation were based on the IPCop Administrative Guide by Chris Clancey, Harry Goldschmitt, John Kastner, Eric Oberlander, Peter Walker and on the IPCop Advanced Proxy Administrative Guide by Marco Sondermann.
The information contained within this document may change from one version to the next and may also change over time without notice to improve the content, to correct any error or mistake, or to describe new or changed features. The date of the last update is always present at the bottom of every page.
All programs and details contained within this document have been created to the best of our knowledge and tested carefully. However, errors cannot be completely ruled out. Therefore Endian does not express or imply any guarantees for errors within this document or a consequent damage arising from the availability, performance, or use of this or related material.
Endian and the Endian logo are trademarks of Endian S.r.l.., Italy.
The use of names in general use, names of firms, trade names, etc. in this document, even without special notation, does not imply that such names can be considered as free in terms of trademark legislation and that they can be used by anyone. All trade names are used without a guarantee of free usage and might be registered trademarks. As a general rule, Endian adheres to the notation of the manufacturer. Other products mentioned here could be trademarks owned by the respective manufacturer.
For more information about Endian S.r.l.., Italy and its products, please visit Endian’s web site at http://www.endian.com.
Many resources (tutorials, how-tos, examples) in this manual are taken from those web sites:
http://help.endian.com. The new support center for the Endian products, that should become the reference site to support customers and users. Several links to howtos on this site are provided on this documentation at the end of the various subsections.
http://jira.endian.com. The site where to search for bugs or to open new ones. If a fix for a buggy packages exists, but the package has not yet been released, you might also find here some workaround to apply on your system.