![\"Documentation](\"https:\/\/support.connexite.co.uk\/connexgate_images\/image6.png\")
<\/figure>\nThere are different cards with key informations:<\/p>\n
Key Information Displayed:<\/p>\n
- \n
- Device Information:<\/li>\n
- \n
- SKU (Stock Keeping Unit)<\/li>\n
- Serial Number<\/li>\n
- Hardware Version<\/li>\n
- FID (Factory ID)<\/li>\n<\/ul>\n
- System Overview:<\/li>\n
- \n
- System Status (Running\/Stopped)<\/li>\n
- Active Protocol (Modbus\/Profinet)<\/li>\n
- Deployment Model (Proxy\/NAT)<\/li>\n
- Shadow Servers count<\/li>\n<\/ul>\n
- License Information:<\/li>\n
- \n
- License Type<\/li>\n
- License ID<\/li>\n
- Device ID<\/li>\n
- Enabled Models<\/li>\n
- Enabled Protocols<\/li>\n
- Expiry Date<\/li>\n
- Validity Status<\/li>\n<\/ul>\n
- Devices Summary:<\/li>\n
- \n
- Total devices configured<\/li>\n
- Shadow device status overview<\/li>\n<\/ul>\n<\/ul>\n
Device Management<\/h2>\n
ConnexGate allows collection of data from any real device and protecting them from attacks that may be harmful for operational purposes.<\/p>\n
Think about a real PLC device providing information to an HMI screen, without any security measures applied due to mismanagement, protocol nature or subjected to administrative abuse. Any harmful attack may take the PLC out of service, change its parameters or apply some write commands that would eventually interrupt or broke operation, or disturb machine configuration or calibration.<\/p>\n
ConnexGate is positioned in front of the PLC\/Sensor\/RTU devices, and serves as the shadow of the actual device, providing same registers\/tags. This makes any attack would be defended and absorbed by connexGate, preventing any operational loss and trigger alarms to inform administrators.<\/p>\n
Shadow devices are here to reflect and update the real values read from actual devices. You can use the same register\/datablock or start from zero for each shadow. Also it is possible to create more than one shadow per real device, spreading different information on separate shadows.<\/p>\n
**Shadow Architecture**<\/p>\n
To create a shadow device, first click "Devices" in the sidebar navigation. Proxy model must be enabled in license.<\/p>\n
Shadow module implements a server architecture for protocol-aware proxying. Each configured device has a corresponding server that:<\/p>\n
- \n
- Listens on OT Network: Each shadow server binds to a unique port (starting from 5020) on the OT interface, appearing as a virtual PLC to clients on the OT network.<\/li>\n
- Protocol Translation: The shadow server understands the protocol semantics (Modbus or Profinet) and transfer requests between the OT network and the actual PLC on the PLC network.<\/li>\n
- Request Flow:<\/li>\n
- Client on OT network connects to <connexGate_OT_IP>:<Shadow_Port><\/li>\n
- Shadow server receives and parses the protocol request<\/li>\n
- Security checks are applied (IP ACL, command filtering)<\/li>\n
- Request is replied by the information collected from actual PLC. Information collection is continuous and refresh in configured intervals.<\/li>\n
- Protocol Support:<\/li>\n
- \n
- Modbus TCP: Supports read\/write operations with function codes 1-4 (read), 5-6, 15-16 (write). Each device can have register intervals configured for polling and caching.<\/li>\n
- Profinet (S7): Supports ISO-on-TCP protocol on port 102. Implements tag-based data management with polling and caching capabilities.<\/li>\n<\/ul>\n
- Security Integration: Each shadow server integrates with:<\/li>\n
- \n
- Command Filter: Validates read\/write permissions before forwarding requests<\/li>\n
- IP ACL: Checks client IP against allow\/deny lists before accepting connections<\/li>\n
- Request Logger: Logs all connection attempts and operations for audit<\/li>\n<\/ul>\n
- Protocol Switching: The system supports single-protocol mode (default) or multi-protocol mode (if enabled in license). In single-protocol mode, all devices must use the same protocol. Protocol switching requires stopping all shadow servers and restarting with the new protocol.<\/li>\n<\/ul>\n
**Adding a Shadow Device**<\/p>\n
- \n
- Click "Add Device" button<\/li>\n<\/ul>\n
![\"Documentation](\"https:\/\/support.connexite.co.uk\/connexgate_images\/image7.png\")
<\/figure>\n- \n
- Fill in device information:<\/li>\n
- \n
- Name: Descriptive name for the device<\/li>\n
- Protocol: Select Modbus or Profinet<\/li>\n
- Backend IP: IP address of the actual PLC<\/li>\n
- Backend Port: Port number (Defautl to 502 for Modbus and 102 for Profinet)<\/li>\n
- Shadow Port: Port on OT side (auto-assigned starting from 5020)<\/li>\n
- Select Allow Read and\/or Allow Write to interact with shadow device<\/li>\n
- For Profinet devices only:<\/li>\n
- Rack: S7 rack number (default: 0)<\/li>\n
- Slot: S7 slot number (default: 1)<\/li>\n
- Depending on the protocol selected user should add register or tags information to be read from actual device and served from the shadow device<\/li>\n
- For Modbus:<\/li>\n
- Click \u201cAdd Register Interval\u201d<\/li>\n
- Select Register type<\/li>\n
- Type Start Register number, count of register to be read and polling interval from actual device<\/li>\n<\/ul>\n<\/ul>\n
![\"Documentation](\"https:\/\/support.connexite.co.uk\/connexgate_images\/image8.png\")
<\/figure>\n- \n
- Repeat same actions to add more registers to the same shadow configuration<\/li>\n
- Click add device to create shadow device<\/li>\n
- For Profinet<\/li>\n
- Fill all the informations needed, respectively, tag name, area, number (if DB area is selected) byte offset, data type and polling type.<\/li>\n<\/ul>\n<\/ul>\n
![\"Documentation](\"https:\/\/support.connexite.co.uk\/connexgate_images\/image9.png\")
<\/figure>\n- \n
- Click add tag. Tag would be shown on top, and an empty tag form will be shown.<\/li>\n
- Once you add all the tags, click add device to create shadow device<\/li>\n<\/ul>\n
- Devices will be listed by cards.<\/li>\n
- Each card shows information about shadow devices status and its interacted real devices.<\/li>\n
- Data button is used to show the latest data read from real device.<\/li>\n<\/ul>\n
![\"Documentation](\"https:\/\/support.connexite.co.uk\/connexgate_images\/image10.png\")
<\/figure>\n- \n
- Filter button is used to define IP addresses that would interact with shadow device<\/li>\n<\/ul>\n
![\"Documentation](\"https:\/\/support.connexite.co.uk\/connexgate_images\/image11.png\")
<\/figure>\n- \n
- You can add allowed and denied IP subnets to allow remote command access to the shadow servers.<\/li>\n
- Clicking add button on either side, would open a text box to enter a single ip address, a subnet or an interval of IP addresses<\/li>\n<\/ul>\n
![\"Documentation](\"https:\/\/support.connexite.co.uk\/connexgate_images\/image12.png\")
<\/figure>\nDelete button is self explained, and show a confirmation dialog to delete a shadow server<\/p>\n
Devices display status indicators shows either<\/p>\n
- \n
- Running: Shadow server is active and accepting connections<\/li>\n
- Stopped: Shadow server is not running<\/li>\n<\/ul>\n
Device Limits<\/p>\n
The system enforces license-based device limits. If the maximum number of devices is reached, you should delete an existing device before adding a new one.<\/p>\n
Forwarding Rules (NAT Mode)<\/h2>\n
Another deployment model of ConnexGate is to forward requests without any connection termination. This method allows sessions to be forwarded to backend PLC\/Sensor\/RTU device. Although this method is not providing same level of security with shadow servers, its easy of deployment helps real devices to be reachable within seconds. Even there is no session termination in this mode, ConnexGate still logs the requests and information returned from real device, providing detailed logs for remote collection and analysis.<\/p>\n
**Forwarding Architecture**<\/p>\n
To create rules for backend device forwarding, you should click the \u201cForwarding Rules\u201d menu item. NAT model must be enabled in license in order to configure new rules.<\/p>\n
Forwarding engine implements stateless port forwarding for transparent traffic flow between networks. Current implementation is configured to forward traffic from OT side to PLC side, allowing any SCADA or similar systems to be able to retrieve data as they are usually running.<\/p>\n
Forwarding policy requires an IP address from the OT network interface IP range, to accept connections, and forward this request to any device on the PLC networks. Translation makes the requester IP seen as the ConnexGate PLC interface IP. Users can create separate translation rules, no matter backend real device is single or more.<\/p>\n
To configure a forwarding rule, click on the \u201cAdd Forwarding Rule\u201d button on the top right of the forwarding rules page.<\/p>\n
![\"Documentation](\"https:\/\/support.connexite.co.uk\/connexgate_images\/image13.png\")
<\/figure>\nThis would open a configuration modal, to enter all information needed for traffic flow. Users should fill all fields where only description is optional:<\/p>\n
![\"Documentation](\"https:\/\/support.connexite.co.uk\/connexgate_images\/image14.png\")
<\/figure>\n- \n
- Rule Name: Descriptive name for the rule<\/li>\n
- OT Destination IP: IP address on OT side. This is the IP address where clients would connect and establish connections.<\/li>\n
- PLC Destination IP: Actual PLC device IP address. All packets destined to OT destination IP, would be forwarded to this IP address.<\/li>\n
- Protocol: TCP or UDP. Both modbus and profinet uses TCP protocol.<\/li>\n
- Port: Port number to be forwarded. This would define which port client would send the requests.<\/li>\n
- Description: This field is optional but highly encouraged to help distinguish rules<\/li>\n
- Click "Add Forwarding Rule" to create the rule<\/li>\n
- \n
- !!! It is important to have both OT and PLC links is up before configuring any forwarding rules. Please make sure that both network interface is up and ready for packet exchange. You can use ping tools to validate network connections. Once both side network is up, rules can be configured and applied.<\/li>\n
- Rules are persistent and would be available in case of any power reset or reboot.<\/li>\n<\/ul>\n<\/ul>\n
**How NAT Rules Work**<\/p>\n
![\"Documentation](\"https:\/\/support.connexite.co.uk\/connexgate_images\/image15.png\")
<\/figure>\nA typical forwarding scenario is running with the following steps:<\/p>\n
Requester initates the connection with its own IP as source and ConnexGate OT side IP as destination.<\/p>\n
Upon receiving ConnexGate translate the source IP to its PLC side interface IP and destination IP to PLC address.<\/p>\n
ConnexGate sends out packets from PLC side interface.<\/p>\n
PLC receives the packets as if they arrive from ConnexGate, and reply to ConnexGate PLC IP<\/p>\n
ConnexGate receives the reply, change the source IP to its OT side interface IP, desination IP to original requester IP, and sends out from OT side interface.<\/p>\n
This scenario is mostly applied where actual PLC IP address cannot be changed or where there are many PLC with the same IP addresses. Using ConnexGate would allow packet transmissions, without requiring any change on PLC configuration. Which is often very hard if not impossible.<\/p>\n
Network Configuration<\/h2>\n
There are two physical interfaces on ConnexGate (some devices may have different port configurations). Usually these two interface would face to OT network and PLC network. ConnexGate also support VPN configuration (currently only Wireguard is supported) that would allow it to be accessible from remote sites.<\/p>\n
Clicking "Network" in the sidebar navigation would open the network settings page.<\/p>\n
![\"Documentation](\"https:\/\/support.connexite.co.uk\/connexgate_images\/image16.png\")
<\/figure>\nOT and PLC side configuration should be properly configured first, before creating any shadow device or forwarding rules. Any change in network configuration is instantly applied when clicked to \u201cSave Network Configuration\u201d button.<\/p>\n
!!! Administration interface is accessible from interface addresses. If you change interface addresses, you should reconnect to administration interface using new ip address. New URL would be https:\/\/<new_ip_address>:8080<\/p>\n
**Network Configuration**<\/p>\n
Network configruation fileds in the network page are mostly self-explained<\/p>\n
OT Side Configuration:<\/p>\n
- \n
- IP Address: Static IP address for OT interface<\/li>\n
- Subnet Mask: Network mask<\/li>\n
- Gateway: Default gateway (this is the gateway to other networks)<\/li>\n<\/ul>\n
PLC Side Configuration:<\/p>\n
- \n
- IP Address: Static IP address for PLC interface<\/li>\n
- Subnet Mask: Network mask<\/li>\n<\/ul>\n
DNS Configuration:<\/p>\n
- \n
- DNS Servers: Comma-separated list of DNS server IP addresses<\/li>\n<\/ul>\n
**VPN Configuration**<\/p>\n
ConnexGate is supporting Wireguard as VPN connectivity. OpenVPN and IPSec support would be added in the upcoming releases.<\/p>\n
VPN connectivity would be important, if backend PLC devices would be managed remotely. Since many OT protocol lacks proper encryption, VPN usage would be very important on remote connections.<\/p>\n
Users should copy their Wireguard configuration into the \u201cWireguard Configuration\u201d box. Clicking \u201cSave Configuration\u201d would install the wireguard configuration for permanent use.<\/p>\n
Configuration is not activated automatically. User should click \u201cConnect\u201d button to activate the tunnel. There is an \u201cAuto Connect\u201d button to restore the connection in case of any failure, such as remote server failure, power shortage or wide area access.<\/p>\n
System Status<\/h2>\n
System Status page show raw system information, network interface status, protocols, active shadows and system health. This page is showing raw data, retrieved from core modules directly. These information is important while troubleshooting or opening a service request. .<\/p>\n
Information Displayed:<\/p>\n
- \n
- System Information:<\/li>\n
- Deployment Model<\/li>\n
- \n
- Status (Running\/Stopped)<\/li>\n
- Active Protocols<\/li>\n
- Shadow Servers<\/li>\n<\/ul>\n
- Network Interfaces (Raw Data):<\/li>\n
- \n
- OT Interface: Name, IP address, status<\/li>\n
- PLC Interface: Name, IP address, status<\/li>\n<\/ul>\n<\/ul>\n
Logging<\/h2>\n
ConnexGate provides detailed logs of all requests to shadow servers and requests forwarded to backend devices.<\/p>\n
The Logging system provides multi-layered logging capabilities<\/p>\n
**Firewall Logs**<\/p>\n
- \n
- Tracks all connection attempts to shadow servers. Each log entry includes:<\/li>\n
- Timestamp, device ID, client IP, action (allowed\/denied), protocol, and reason<\/li>\n
- Logs are stored in memory with configurable limits and can be cleared<\/li>\n
- Integration with IP ACL and command filtering for security event logging<\/li>\n<\/ul>\n<\/ul>\n
Firewall log table consist of following items with filtering options<\/p>\n
- \n
- Filtering: Filter by device ID, client IP, action (allowed\/denied), protocol<\/li>\n
- Real-time Updates: Logs refresh automatically<\/li>\n
- Statistics: Total logs, allowed count, denied count, unique IPs, unique devices<\/li>\n
- Clear Logs: Button to clear all firewall logs<\/li>\n
- Log Information<\/li>\n
- \n
- Timestamp<\/li>\n
- Device ID<\/li>\n
- Client IP<\/li>\n
- Action (Allowed\/Denied)<\/li>\n
- Protocol<\/li>\n
- Details<\/li>\n<\/ul>\n<\/ul>\n
**Request Logs**<\/p>\n
- \n
- These are forwarding logs, that are not terminated on the ConnexGate but only forwarded through it. ConnexGate uses intelligent packet inspections, to identify the requests and create logs for each of them.<\/li>\n
- \n
- Modbus\/TCP Parsing: Parses Modbus Application Data Units (ADU), extracting transaction IDs, unit IDs, function codes, and register addresses. Correlates requests with responses using transaction IDs.<\/li>\n
- S7\/Profinet Parsing: Parses ISO-on-TCP protocol (TPKT\/COTP layers) and S7 protocol, extracting function codes, data block numbers, and offsets. Handles fragmented packets and correlates requests\/responses using PDU references.<\/li>\n
- Flow Tracking: Maintains bidirectional flow tracking (client \u2194 server) to match requests with responses<\/li>\n
- Protocol Decoding: Decodes register values (Modbus) and data block values (S7) for human-readable display<\/li>\n<\/ul>\n<\/ul>\n
Request log table consist of following items with filtering options<\/p>\n
Features:<\/p>\n
- \n
- Pagination: Limit and offset for large log sets<\/li>\n
- Real-time Updates: Logs refresh automatically<\/li>\n
- Clear Logs: Button to clear all request logs<\/li>\n
- Log Information:<\/li>\n
- \n
- Timestamp<\/li>\n
- Source IP<\/li>\n
- Destination IP<\/li>\n
- Protocol<\/li>\n
- Request\/Response details<\/li>\n
- Parsed protocol information<\/li>\n<\/ul>\n
- Logs are stored in a rotating file-based storage in addition to in-memory buffer. Current log storage is 100MB which is very large for OT protocol traffic.<\/li>\n<\/ul>\n
**Remote Logging**<\/p>\n
Logs created in ConnexGate would be sent out to a remote collector using syslog or mqtt protocols.<\/p>\n
- \n
- Syslog feature sends out logs via UDP to syslog servers. Supports configurable severity levels for different log types.<\/li>\n
- MQTT is used to connect any broker using asynchronous MQTT publishing. It supports;<\/li>\n
- \n
- TLS\/SSL encryption (port 8883) with certificate-based authentication<\/li>\n
- Username\/password authentication<\/li>\n
- Automatic reconnection with exponential backoff<\/li>\n
- Connection status tracking and statistics<\/li>\n
- JSON-formatted log messages published to configurable topics<\/li>\n<\/ul>\n<\/ul>\n
**Logging Settings**<\/p>\n
Purpose: Configure remote logging to Syslog and MQTT brokers.<\/p>\n
Syslog Configuration:<\/p>\n
- \n
- Enabled: Enable\/disable Syslog logging<\/li>\n
- Host: Syslog server IP address or hostname<\/li>\n
- Port: Syslog port (default: 514)<\/li>\n
- Severity Levels: Configure severity for firewall allowed, denied, and request logs<\/li>\n<\/ul>\n
![\"Syslog](\"https:\/\/support.connexite.co.uk\/connexgate_images\/setting-syslog.png\")
Syslog configuration<\/figcaption><\/figure>\n MQTT Configuration:<\/p>\n
- \n
- Enabled: Enable\/disable MQTT logging<\/li>\n
- Broker: MQTT broker IP address or hostname<\/li>\n
- Port: MQTT port (1883 for non-TLS, 8883 for TLS)<\/li>\n
- Topic: MQTT topic for log messages<\/li>\n
- Username\/Password: Authentication credentials (optional)<\/li>\n
- TLS Certificates: CA certificate, client certificate, and key files (for TLS)<\/li>\n
- Connection Status: Real-time connection status and statistics<\/li>\n
- Manual Connect\/Disconnect: Buttons to manually control MQTT connection<\/li>\n<\/ul>\n
![\"MQTT](\"https:\/\/support.connexite.co.uk\/connexgate_images\/settings-mqtt.png\")
MQTT configuration<\/figcaption><\/figure>\n MQTT Status Information:<\/p>\n
- \n
- Connection status (Connected\/Disconnected)<\/li>\n
- Broker and port<\/li>\n
- Client ID<\/li>\n
- Last connect\/disconnect times<\/li>\n
- Last error and error time<\/li>\n
- Connection attempts<\/li>\n
- Messages sent\/failed<\/li>\n
- TLS status<\/li>\n<\/ul>\n
Saving Settings:<\/p>\n
- \n
- Configure Syslog and\/or MQTT settings<\/li>\n
- Click "Save Remote Logging Settings"<\/li>\n
- Settings are applied immediately<\/li>\n
- MQTT connection is established automatically if enabled<\/li>\n<\/ul>\n
License Management<\/h2>\n
Purpose: View license information, activate licenses, and manage device keys.<\/p>\n
Access: Click "License" in the sidebar navigation.<\/p>\n
![\"License](\"https:\/\/support.connexite.co.uk\/connexgate_images\/license.png\")
License management<\/figcaption><\/figure>\n Technical Implementation<\/p>\n
The License Management system implements a cryptographic license validation system:<\/p>\n
- \n
- License Structure: Licenses are JSON files containing:<\/li>\n
- License metadata (ID, type, expiry date)<\/li>\n
- Feature flags (enabled models: proxy\/nat, enabled protocols: modbus\/profinet)<\/li>\n
- Resource limits (max devices, max shadow servers)<\/li>\n
- Cryptographic signature for tamper detection<\/li>\n
- Device Keys: Each device has a unique RSA key pair:<\/li>\n
- Private Key: Stored securely at \/etc\/connexgate\/license\/device_private_key.pem (not transmitted)<\/li>\n
- Public Key: Used for license generation, can be shared with license server<\/li>\n
- Keys are generated based on device serial number for device binding<\/li>\n
- License Activation:<\/li>\n
- HMAC-based: Simple license keys with HMAC signature validation<\/li>\n
- Device-specific encrypted: Licenses encrypted with device public key, decrypted with private key<\/li>\n
- License server generates licenses based on device public key and requested features<\/li>\n
- Feature Gating: The LicenseManager class validates licenses on:<\/li>\n
- System startup<\/li>\n
- Configuration changes<\/li>\n
- Periodic intervals (hourly)<\/li>\n
- API endpoint access (returns 403 if feature not licensed)<\/li>\n
- Service Integration: When licenses are activated:<\/li>\n
- NAT engine automatically starts if NAT model is enabled<\/li>\n
- Packet capture service initializes if NAT is enabled<\/li>\n
- Proxy engine starts if proxy model is enabled<\/li>\n
- UI elements are enabled\/disabled based on license features<\/li>\n<\/ul>\n
License Information<\/p>\n
![\"License](\"https:\/\/support.connexite.co.uk\/connexgate_images\/license-current.png\")
License information and activation<\/figcaption><\/figure>\n Displayed Information:<\/p>\n
- \n
- License Type (tier1, tier2, tier3, tier4)<\/li>\n
- License ID<\/li>\n
- Device ID (Serial Number)<\/li>\n
- Enabled Models (proxy, nat)<\/li>\n
- Enabled Protocols (modbus, profinet)<\/li>\n
- Expiry Date<\/li>\n
- Validity Status (Valid\/Invalid\/Expired)<\/li>\n<\/ul>\n
Device Keys Status<\/p>\n
Status Indicators:<\/p>\n
- \n
- \u2713 Factory Keys Loaded: Device keys are present and loaded<\/li>\n
- \u2717 Factory Keys Not Loaded: Device keys are missing<\/li>\n<\/ul>\n
Reload Keys: Button to reload device keys from disk (useful if keys were generated after application startup).<\/p>\n
Activating a License<\/p>\n
Method 1: Request from License Server<\/p>\n
- \n
- Ensure device keys are loaded (generate if needed)<\/li>\n
- Click "Request License from Server"<\/li>\n
- Enter license server URL (default: http:\/\/192.168.255.191:8001)<\/li>\n
- Enter required information:<\/li>\n
- License Type: tier1, tier2, tier3, or tier4 (REQUIRED)<\/li>\n
- Enabled Models: Array of models (e.g., ["proxy", "nat"])<\/li>\n
- Enabled Protocols: Array of protocols (e.g., ["modbus", "profinet"])<\/li>\n
- Max Devices: Maximum number of devices (optional)<\/li>\n
- Max Servers: Maximum number of shadow servers (optional)<\/li>\n
- Expiry Date: License expiration date in YYYY-MM-DD format (optional)<\/li>\n
- Click "Request License"<\/li>\n
- License is automatically received and activated<\/li>\n<\/ul>\n
Method 2: Activate with License Key<\/p>\n
- \n
- Obtain encrypted license key from license provider<\/li>\n
- Paste license key into "License Key" field<\/li>\n
- Click "Activate License"<\/li>\n
- License is validated and activated<\/li>\n<\/ul>\n
After Activation:<\/p>\n
- \n
- NAT engine and packet capture service are automatically started if NAT model is enabled<\/li>\n
- Enabled features become available in the UI<\/li>\n
- License information is updated<\/li>\n<\/ul>\n
Troubleshooting<\/h2>\n
ConnexGate troubleshooting options provide tools to check network connectivity and packet flows, to diagnose network related issues and control proper delivery of packets for detailed analysis.<\/p>\n
Clicking "Troubleshooting" in the sidebar navigation would show two tab for ping and packet capture tools.<\/p>\n
**Ping Tool**<\/p>\n
Ping tool is used to test network connectivity to hosts. This is the default tab for troubleshooting section:<\/p>\n
![\"Documentation](\"https:\/\/support.connexite.co.uk\/connexgate_images\/image3.png\")
<\/figure>\nTo start a ping test;<\/p>\n
- \n
- Enter target host (IP address or hostname)<\/li>\n
- Select network interface (optional, default: OT interface)<\/li>\n
- Configure:<\/li>\n
- \n
- Count: Number of ping packets (1-100, default: 4)<\/li>\n
- Timeout: Timeout per packet in seconds (1-60, default: 5)<\/li>\n<\/ul>\n
- Click "Ping"<\/li>\n
- Ping results will be shown on the text box right belowe the configuration card with detailed informations such as success status, packet transmitted\/received, loss percentage, statistics, and full linux like ping output<\/li>\n<\/ul>\n
![\"Documentation](\"https:\/\/support.connexite.co.uk\/connexgate_images\/image4.png\")
<\/figure>\n**Packet Capture**<\/p>\n
This tab is used to capture network packets for analysis:<\/p>\n
![\"Documentation](\"https:\/\/support.connexite.co.uk\/connexgate_images\/image5.png\")
<\/figure>\nTo start a capture session<\/p>\n
- \n
- Select network interface<\/li>\n
- Configure filter (optional tcpdump filtering format, e.g., "tcp port 502" for Modbus)<\/li>\n
- Set packet count (default: 10) or duration (seconds)<\/li>\n
- Click "Start Capture". Captured packets would be shown in real time<\/li>\n
- Click "Stop Capture" to end capture<\/li>\n
- Note: Packet capture may impact system performance. Administrators should use it for limited time period when necessary.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
OT\/ICS \u203a Security<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":6387,"menu_order":5,"comment_status":"open","ping_status":"closed","template":"","doc_tag":[118,115,120],"class_list":["post-6392","docs","type-docs","status-publish","hentry","doc_tag-connexgate-documentation","doc_tag-connexite","doc_tag-ot-security","no-post-thumbnail"],"acf":[],"_links":{"self":[{"href":"https:\/\/docs.connexite.co.uk\/index.php\/wp-json\/wp\/v2\/docs\/6392","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/docs.connexite.co.uk\/index.php\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/docs.connexite.co.uk\/index.php\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/docs.connexite.co.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/docs.connexite.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=6392"}],"version-history":[{"count":1,"href":"https:\/\/docs.connexite.co.uk\/index.php\/wp-json\/wp\/v2\/docs\/6392\/revisions"}],"predecessor-version":[{"id":6440,"href":"https:\/\/docs.connexite.co.uk\/index.php\/wp-json\/wp\/v2\/docs\/6392\/revisions\/6440"}],"up":[{"embeddable":true,"href":"https:\/\/docs.connexite.co.uk\/index.php\/wp-json\/wp\/v2\/docs\/6387"}],"wp:attachment":[{"href":"https:\/\/docs.connexite.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=6392"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/docs.connexite.co.uk\/index.php\/wp-json\/wp\/v2\/doc_tag?post=6392"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- These are forwarding logs, that are not terminated on the ConnexGate but only forwarded through it. ConnexGate uses intelligent packet inspections, to identify the requests and create logs for each of them.<\/li>\n
- \n
- DNS Servers: Comma-separated list of DNS server IP addresses<\/li>\n<\/ul>\n
- Filter button is used to define IP addresses that would interact with shadow device<\/li>\n<\/ul>\n
- \n
- \n
- Fill in device information:<\/li>\n
- Click "Add Device" button<\/li>\n<\/ul>\n