 |
Online help |
Information for customers switching from INSYS OS
INSYS Smart Devices with icom OS (devices of the MRX, MRO and SCR series) are perfectly suitable for customers who have used industrial routers with INSYS OS (the series MoRoS, EBW, IMON, MLR, RSM and QLM) as platform for their applications. The fundamental differences to icom OS are covered in the following.
Concept of operations
INSYS OS: Configuration changes are taken over with a click on OK in the web interface and become effective immediately.
icom OS: The router operates with profiles. A profile can be considered as the "configuration" of the router. Moreover, it is possible to have more than one profile on the router and one of these is always active (running profile). Changes will be stored in the opened profile upon a click on Save settings first without having an effect on the running profile. As soon as the opened profile differs from the running profile, a button for activating the profile appears in the header. Only upon activation, the opened profile becomes running profile and the changes become effective.
Startup Wizard
INSYS OS: Only if the router is in default settings or has been reset to them, a quick start wizard appears on the start page of the web interface that makes the most important settings for a first configuration together with the user.
icom OS: There are several configuration wizards in the Help menu. The Startup wizard is very similar to the one in INSYS OS and assists with the first configuration. It is always available and adds a new profile so that the opened profile will not be modified. Further wizards exist for example for adding another WAN network or another local network and extend the running profile.
Switch and networks
INSYS OS: MoRoS routers have a 4-port switch for the local network and an additional LAN port for external networks (LAN ext). The configuration is performed by using PC in the local network.
icom OS: The routers have five (SCR: two) Ethernet ports that can be assigned free to up to five different local (LAN) or external (WAN) networks. The first Ethernet port is reserved for the configuration network (in which the configuration PC is located) in default settings. The second port is assigned to the LAN and the fifth to the WAN (not for SCR).
WAN networks
INSYS OS: A WAN connection will either be established on demand (Dial-Out) or permanently using the internal modem or the modem connected to the LAN ext connection. Redundant operation is possible by configuring a connection via LAN ext and using the internal modem as fallback.
icom OS: Either the internal modem or the WAN network with the port to which the external modem is connected is contained as communication interface in a WAN chain (will be made automatically when using the startup wizard). The connection will only be established by the start of the WAN chain. Redundant operation is possible by configuring several WAN chains with different connection options and appropriate priorities and defining the respective other WAN chain for the start in case of failure.
VPN connections
INSYS OS: OpenVPN, PPTP, IPsec and GRE connections can be configured. Client routes and push routes are identical when using the router as OpenVPN server.
icom OS: Interfaces are configured for OpenVPN, IPsec and GRE connections. In order to establish such a connection, these must be configured in one or more WAN chains. Certificates are stored in a distinct certificate manager and assigned to the VPN interface when configuring it. OpenVPN connections cannot be established without authentication or with a static key only any more. OpenVPN server routes are entered into the routing table in the Routing menu and client routes can be configured independent of the push routes. A distinct interface exists for IPsec connections now Therefore, a local tunnel address must be configured now and the routes to the networks to be tunnelled (more routes are possible now) must be entered into the routing table manually. With activated netfilters (firewall), all connections (VPN establishment and traffic through the VPN tunnel) must be permitted explicitly! PPTP is not supported as tunnel protocol any more.
Routing
INSYS OS: The standard gateway will be set as default route automatically.
icom OS: The default route must be set manually in the Routing menu (will be made automatically when using the startup wizard).
Firewall
INSYS OS: Exceptions for router functions/services will be added automatically in the background.
icom OS: All exceptions for router functions/services must be added manually in the Netfilter menu (will be made automatically when using the startup wizard).
Network Address Translation (NAT)
INSYS OS: NAT is already activated for incoming and outgoing IPv4 packets in default settings. When adding port forwarding rules, exceptions for them will automatically be added in the firewall.
icom OS: NAT is configured by adding appropriate netfilter rules. Source NAT (SNAT) rules modify IP address and port of the sender (Source) and destination NAT (DNAT) rules modify the destination accordingly. This allows a detailed definition of the procedures for masquerading, netmapping, IP forwarding and port forwarding. If such rules are added, exceptions for them must be added manually in the firewall (will be made automatically when using the startup wizard).
DHCP server
INSYS OS: A DHCP server is already active in the local network in default settings.
icom OS: A DHCP server is only active in the configuration network (that is assigned to port 1) in default settings. No DHCP server is active in the other networks.
NTP synchronisation
INSYS OS: Synchronisation of the system time using a configured NTP server is performed with each restart in default settings.
icom OS: A synchronisation of the system time must be triggered using an event (a fix set timer for example) (will be made automatically when using the startup wizard).