Sevio Basic - User Manual

The Sevio Router is a device designed to provide secure local access to automation devices and data processing/IT systems, aligning with the Industry 4.0 model. Its core functionality revolves around an internal firewall that ensures network isolation and secure communication.

Function Description:

The Sevio Router acts as a gateway, facilitating secure local communication between automation devices and IT systems. It achieves this by implementing an internal firewall that provides network isolation, preventing direct exposure of automation networks to external threats. This firewall is a fundamental feature, offering several advantages:

• No IP address conflicts: It eliminates the need to modify existing automation network configurations, simplifying deployment.
• Enhanced protection from local attacks: The firewall isolates the automation network, providing a barrier against internal threats.
• Privacy and security protection: It ensures that access to automation devices is exclusive and protected, only allowing authenticated control stations to connect.

The "Secure Local Access" feature, enabled by the Sevio Router, allows for the configuration of one or more exclusive and protected accesses from the WAN (Wide Area Network) to the automation devices. This is achieved while preserving the firewall's isolation, thereby avoiding complex configurations like port forwarding, which can introduce security vulnerabilities.

The device integrates with the Sevio Portal, a web application used for configuring and monitoring Sevio system devices within a "Realm." Through the portal, users can enable the Secure Local Access feature, set up static IP addresses for the Sevio Router on the WAN network, and configure Local Control Stations.

Usage Features:

The Sevio Router is configured through the Sevio Portal, which provides a user-friendly interface for managing device settings. Key usage features include:

• Sevio Portal Configuration:

  • Device Selection: Users log into the Sevio Portal, navigate to the "Devices" section, and select the specific Sevio Router to configure.
  • Static IP Setup: A static IP address must be assigned to the Sevio Router on the WAN network. This is crucial for configuring Local Control Stations and avoids automatic IP address modifications that can occur with DHCP.
  • Local VPN Enablement: The "Local VPN" feature is enabled through the portal, and a "Key" can be set or personalized for use by Local Control Stations.
  • IP Address Range Configuration: An IP address range is defined to specify the number of Local Control Stations allowed to connect simultaneously to automation devices. This range can support from 1 to 4 Local Control Stations. It's important that the first three octets of this range match the Sevio network, and the range should not overlap with IP addresses used for remote devices.

• Local Control Station Configuration (Windows 10® and Windows 7®):

  • VPN Connection Setup: Users configure a VPN connection on their Local Control Station. This involves:
    • Selecting a built-in VPN provider (Windows built-in).
    • Assigning a connection name (e.g., "Sevio Local").
    • Entering the Sevio Router's WAN IP address as the server name.
    • Choosing "L2TP/IPsec with pre-shared key" as the VPN type and entering "sevio" as the pre-shared key.
    • Inputting "local-vpn" as the username and the key set on the Sevio Portal as the password.
    • Flagging "Remember my sign-in info" for convenience.
  • Internet Connectivity Management:
    • By default, during a VPN connection, Windows OS sends all traffic through the VPN, inhibiting Internet connectivity. To enable Internet connectivity on the Local Control Station while connected to the VPN, users must deselect the "Use default gateway on remote network" option in the advanced TCP/IP settings of the VPN connection. This ensures that only traffic intended for the automation network goes through the VPN, while other traffic uses the local Internet connection.
  • Connecting and Disconnecting: Users can connect to or disconnect from the private network via the Network icon in the application bar, selecting the "Sevio Local" network and choosing "Connect" or "Disconnect."

Important Technical Specifications:

• Network Isolation: The Sevio Router's internal firewall provides robust network isolation, preventing IP address conflicts and enhancing security.
• VPN Protocol Support: The system supports the L2TP/IPsec VPN Client Protocol, ensuring secure communication channels.
• Scalability: The IP address range configuration allows for simultaneous connections from up to 4 Local Control Stations, providing flexibility for different operational needs.
• Compatibility: The configuration procedures are detailed for Windows 10® and Windows 7®, but the system is designed to be compatible with other operating systems that support the VPN Client Protocol.
• Authentication: Access is protected through authenticated control stations, using a combination of username, password, and a pre-shared key.

Maintenance Features:

• Sevio Portal Monitoring: The Sevio Portal allows users to view the status of devices within their Realm, aiding in monitoring and troubleshooting.
• Configuration Management: The portal provides tools to modify device configurations, including network settings and VPN parameters, ensuring flexibility for system adjustments.
• Firmware Updates: While not explicitly detailed in the provided text, a system like Sevio would typically include provisions for firmware updates to enhance security, add new features, and address any bugs.
• Documentation: The availability of a "User Guide" (mentioned in the text) suggests comprehensive documentation for maintenance and operational procedures.
• Liability Disclaimer: Sevio S.r.l. reserves the right to make changes to products without prior warning and denies liability during the use or application of products or circuit diagrams, which implies that users are responsible for proper implementation and staying updated with product changes.