Moxa EDR-810-VPN-2GSFP [71/139] Settingcheck

Industrial Secure Router User's Manual EDR-G902/G903 Series Features and Functions

4-8

SettingCheck

SettingCheck is a safety function for industrial users using a secure router. It provides a double confirmation

mechanism for when a remote user changes the security policies, such as Firewall filter, NAT, and

Accessible IP list. When a remote user changes these security polices, SettingCheck provides a means of

blocking the connection from the remote user to the Firewall/VPN device. The only way to correct a wrong

setting is to get help from the local operator, or go to the local site and connect to the device through the

console port, which could take quite a bit of time and money. Enabling the SettingCheck function will execute

these new policy changes temporarily until doubly confirmed by the user. If the user does not click the confirm

button, the EtherDevice Router will revert to the previous setting.

Firewall Policy

Enables or Disables the SettingCheck function when the Firewall policies change.

NAT Policy

Enables or Disables the SettingCheck function when the NAT policies change.

Accessible IP List

Enables or Disables the SettingCheck function when the Accessible IP List changes.

Layer 2 Filter

Enable or disable the SettingCheck function when the Layer 2 filter changes.

Timer

Setting Description Factory Default

10 to 3600 sec.

The timer waits this amount of time to double confirm when the

user changes the policies

180 (sec.)

For example, if the remote user (IP: 10.10.10.10) connects to the EtherDevice Router and changes the

accessible IP address to 10.10.10.12, or deselects the Enable checkbox accidently after the remote user clicks

the Activate button, connection to the EtherDevice Router will be lost because the IP address is not in the

EtherDevice Router’s Accessible IP list.

If the user enables the SettingCheck function with the Accessible IP list and the confirmer Timer is set to 15

seconds, then when the user clicks the Activate button on the accessible IP list page, the EtherDevice Router

will execute the configuration change and the web browser will try to jump to the SettingCheck Confirmed page

automatically. Because the new IP list does not include the Remote user’s IP address, the remote user cannot

connect to the SettingCheck Confirmed page. After 15 seconds, the EtherDevice Router will roll back to the

original Accessible IP List setting, allowing the remote user to reconnect to the EtherDevice Router and check

what’s wrong with the previous setting.