FAQs - EdgeFire

Product FAQs for TXOne Network Defense Solutions: Edge Series

This document collects and answers the most common questions about EdgeFire. Possible categories include, but are not limited to, Hardware, Signature, Software, USB, etc.

Hardware

1. Does EdgeFire support redundant power supply unit (PSU) mechanisms?
Yes, EdgeFire supports redundant PSUs.

2. Does EdgeFire support hardware bypass?
No, EdgeFire DOESN'T support this fail-safe mechanism (hardware bypass).

3. Can EdgeFire support installation in a serial interface environment? (Version: 1.0.x)
No, the Edge series is network-based and does not support serial communication.

Signature

1. Does EdgeFire provide WannaCry threat attack prevention? (Version: 1.0.x)
Yes, EdgeFire has built-in signature content that includes WannaCry threat attack detection and prevention.

2. How can we get the latest signature and information on the signature release cycle? (Version: 1.0.x)
We handle this in 2 stages:

1. Stage 1: Before IPS rule editing development is completed, the release policy is as follows:
   a. Controlled signature releases are managed manually. Users are notified through the Support Portal (BSP) to download the new signatures. Signature offerings will be handled by the support team.
   b. Online updates will follow the Automatic Update (AU) process.
   c. A new signature is released every 1.5 months. Out-of-cycle releases will be issued if outbreak events occur.
2. Stage 2: After IPS rule editing features are completed, they will be introduced in an update following General Market Release (GM). The release policy will then be as follows.
   a. Signature files will be updated in the Download Center every 2 weeks.
   b. Online updates will follow the AU process every 2 weeks.

3. How can we update the latest signature on Edge Series Products? (Version: 1.0.x)
We provide two methods for signature upgrade.

1. Manually: You can access the EdgeFire web console and manually import the signature to the EdgeFire product
2. Through EdgeOne: EdgeFire is managed by EdgeOne, which provisions signatures to each managed EdgeFire device.

4. How can we get the CVE list for the latest release signature set? (Version: 1.0.x)
Currently, the CVE list is available on demand. After the controlled release period, we will introduce a new method for users to access the CVE list.

5. Can we capture the packets on the device for debugging, such as with other TrendMicro products? (Version: 1.0.x)
Yes, currently, EdgeFire supports packet capture triggered by IPS events.

Software

1. Which systems (DCS, PLC, SCADA, HMI, OPC, etc.) and industrial control system (ICS) protocols (Ethernet/IP, OPC, Profibus, PROFINET, Modbus, etc.) are supported?
EdgeFire includes an OT protocol decoder. In the current phase, TXOne is focusing on factory automation protocols such as Modbus, CIP, PROFINET, and more. Please refer to the User Guide for the most recent list of supported protocols.

2. Does EdgeFire support Common Event Format (CEF) syslog output?
Yes, EdgeFire supports standard CEF & Log Event Extended Format (LEEF) syslog formats. It can forward syslog messages directly to an external syslog server.

3. Does EdgeFire support baseline learning? (Version: 1.0.x)
Yes, EdgeFire supports the baseline learning feature to help users easily create rule policies from application traffic.

4. Does EdgeFire support continuous threat detection for OT and IT systems (such as alerts, CVE monitoring, workflow, etc.)? (Version: 1.0.x)
Yes, EdgeFire leverages TXOne’s threat intelligence to provide continuous threat detection, including cybersecurity event logs with details such as event names and CVE information.

5. Which system operation mode does EdgeFire support? (Version: 1.0.x)
EdgeFire only supports inline mode. In inline mode, EdgeFire is installed directly in the path of traffic.

6. Does EdgeFire support VLAN network detection? (Version: 1.0.x)
Yes, EdgeFire supports detection and inspection for single VLAN networks.

7. Which OT protocols does the current version of EdgeFire support? (Version: 1.0.x)
For the most up-to-date list of supported protocols, please refer to the User Guide.

8. What is your protocol support plan? (Version: 1.0.x)
For the most up-to-date list of supported protocols, please refer to the User Guide.

9. Does EdgeFire support editing action per IPS rule? (Version: 1.0.x)
Yes, currently, EdgeFire supports the IPS rule editing feature.

10. Does EdgeFire plan to support antivirus software?
No, EdgeFire doesn't support file-based or streaming-based antivirus software. It uses signature-based detection methods.

11. How many accounts does EdgeFire support? (Version: 1.0.x)
The Edge Series supports up to 32 accounts and allows only one user to log in to the web console simultaneously.

12. Does EdgeFire support custom rules? (Version: 1.0.x)
At this time, we are unable to fulfill this request.

13. Does EdgeFire support AD/LDAP/RADIOUS? (Version: 1.0.x)
Yes, EdgeFire supports TACACS+, Radius, and SAML SSO.

14. How many subnets does EdgeFire support? (Version: 2.1.x)
EdgeFire supports multiple subnets through its LAN interfaces. EdgeFire 1012 supports up to 8 subnets, while the EdgeFire 1014 model supports up to 10 subnets.

15. Does EdgeFire support HA features? (Version: 1.0.x)
Yes, EdgeFire supports HA features.

16. Does EdgeFire support VPN features? (Version: 1.0.x)
Yes, EdgeFire supports L2TP VPN.

17. Does EdgeFire support WAN2 and load balancing? (Version: 1.0.x)
Yes, EdgeFire supports WAN2 with load balancing.

18. Does EdgeFire support a VLAN trunk environment? (Version: 1.0.x)
EdgeFire only supports single VLAN tag environments in gateway mode. While in under bridge mode, EdgeFire supports VLAN trunk environment and can receive multiple VLAN tags from the trunk port (WAN1) to forward the VLAN traffic to a different client.

19. Can EdgeFire be used as a switch? (Version: 1.0.x)
The 8 LAN ports on EdgeFire act as switch ports because they are connected to an internal switch chip. LAN-to-LAN traffic operates like a switch unless the ports belong to different zones or VLANs. However, EdgeFire does not support traditional switch protocols like Spanning Tree Protocol (STP).

20. Can syslog be sent to SIEM solutions? Which ones have been tested? (Version: 1.0.x)
Yes, syslog can be sent to SIEM. We’ve also tested with Splunk, Syslog-ng, and other syslog servers.

21. How can we detect a link-down event in EdgeFire? (Version: 1.0.x)
The end-user can check system logs or receive email notifications.

22. Can configuration settings be copied to another partition after switching partitions? (Version: 1.0.x)
No, configuration settings are copied only after a firmware upgrade, not when switching partitions.

23. Can EdgeFire be rolled back to factory default value? (Version: 1.0.x)
Yes, this can be done by pressing the "Reset" hardware button. However, the firmware will retain the previous version.

24. Can EdgeFire support bridge mode? (Version: 1.1.x)
Yes, EdgeFire supports bridge mode.

25. Does EdgeFire support out-of-band (OOB) interface? (Version: 1.1.x)
Yes, EdgeFire supports configurable OOB interface for both gateway mode and bridge mode.

26. Does EdgeFire support SMB access control? (Version: 1.1.x)
Yes, EdgeFire supports SMB access control.

27. Does EdgeFire support the Suspicious Object (SO) feature, and is it capable of integrating with third-party solutions? (Version: 2.0)
Yes, EdgeFire supports the SO feature and can receive SOs from the OT Defense Console (ODC). Additionally, ODC provides standard third-party APIs for integration with external solutions.

28. Does EdgeFire support Cyber-Physical Systems Detection and Response (CPSDR)? (Version: 2.1)
Yes, EdgeFire fully supports CPSDR.

29. Does EdgeFire support x.509 certificate import for establishing an IPSec VPN tunnel? (Version: 2.1)
Yes, EdgeFire supports x.509 certificate import in the IPSec VPN profile. All IPSec VPN profiles share the same x.509 certificate.

30. Does EdgeFire support dual WAN connections? (Version: 2.1)
Yes, EdgeFire supports WAN1 and WAN2 interfaces connecting to the external networks simultaneously.

31. Does EdgeFire support dual failover? (Version: 2.1)
Yes, EdgeFire supports the failover feature when WAN1 and WAN2 interfaces are active and connecting to the external networks.

32. When the failover feature is enabled and the WAN 2 interface takes over external connections from the WAN 1 interface, will the connections switch back to WAN 1 when it becomes active again? (Version: 2.1)
Yes, EdgeFire supports a failback feature, allowing external connections to switch back to WAN 1 when it is back online.

33. Can detected assets be constantly monitored by EdgeFire even if they are not online? (Version: 2.1)
Yes, EdgeFire supports an asset bookmark feature that allows users to lock assets on the list even when they are not online.

34. Does EdgeFire (gateway mode) support IPv6 protocol? (Version: 2.1)
No, EdgeFire in gateway mode doesn't support IPv6.

35. Does EdgeFire (bridge mode) support IPv6 protocol? (Version: 2.1)
Yes, EdgeFire in bridge mode can detect IPv6 protocol but only provides basic control. You can configure EdgeFire in bridge mode to either allow or block IPv6 traffic.

36. Does EdgeFire support SAML SSO for account management? (Version: 2.1)
Yes, EdgeFire fully supports SAML SSO login.

37. If I create an any-to-any policy enforcement rule (meaning both the source and destination fields are set to ‘any’), can the policy rule auto-learning feature still learn new rules? (Version: 2.1)
Yes, EdgeFire firmware 2.1 optimizes the policy rule auto-learning feature, allowing it to learn new connections and generate policy enforcement rules for review, even if an any-to-any policy enforcement rule already exists in the device rule list.

38. Can EdgeFire still protect assets if I do not create any policy enforcement rules? (Version: 2.1)
Yes, by setting IPS profile in the default rule, EdgeFire running firmware 2.1 can protect assets without policy enforcement rules.

39. How many IPSec VPN tunnels can EdgeFire establish for connection? (Version: 2.1)
EdgeFire 1012 supports up to 50 IPSec VPN tunnels, while EdgeFire 1014 supports up to 100. However, IPSec VPN and L2TP/IPSec VPN share the same maximum supported tunnel number.

40. How many L2TP/IPSec VPN tunnels can EdgeFire establish for connection? (Version: 2.1)
EdgeFire 1012 supports up to 50 L2TP/IPSec VPN tunnels, while EdgeFire 1014 can support up to 100 L2TP/IPSec VPN tunnels. However, IPSec VPN and L2TP/IPSec VPN share the same maximum supported tunnel number.

41. Can I export the learned policy enforcement rules after the policy rule auto-learning process is complete? (Version: 2.1)
Yes, you can download the learned policy enforcement rules as an Excel file by clicking the "Download the Learning Result" button on the Policy Rule Auto-Learning page.

42. Does EdgeFire support L2 policy enforcement rules? (Version: 2.1)
Only EdgeFire in bridge mode supports L2 policy enforcement rules. EdgeFire in gateway mode does not support L2 policy enforcement rules.

43. What is the recommended setting for the deny action? (Version: 2.1)
We recommend the setting “drop" connection for optimal compatibility to connect with assets or management switches.

44. Which OT protocols in the power and electricity domain does EdgeFire support with advanced settings in protocol filter profiles? (Version: 2.1)
EdgeFire supports advanced settings in protocol filter profiles for the following protocols: DNP3, ICCP TASE.2, IEC 61850-GOOSE, IEC 61850-MMS, IEC61850-R-GOOSE, IEC-104, IEEE C37.118, OCPP 1.6J, OCPP 2.0.1.

45. Which OT protocols in the factory automation domain does EdgeFire support with advanced settings in protocol filter profiles? (Version: 2.1)
EdgeFire supports advanced settings in protocol filter profiles for the following OT protocols: CIP, FINS, GE CMP, GE SRTP, MELSOFT, Modbus, OPC CLASSIC, OPC UA, and PROFINET.

46. Which OT protocols in the healthcare domain does EdgeFire support in protocol filter profiles? (Version: 2.1)
DICOM and HL7 protocols are supported in protocol filter profiles.

47. Which OT protocols in the building automation domain does EdgeFire support with advanced settings in protocol filter profiles? (Version: 2.1)
EdgeFire supports advanced settings in protocol filter profiles for the BACnet protocol.

48. Which OT protocols in the general OT category does EdgeFire support in protocol filter profiles? (Version: 2.1)
CoAP, Ether-S-Bus, EtherSIO, MDLC, Moxa Protocol, PCWorx, RTPS/DDS, Wonderware SuiteLink are all supported in protocol filter profiles.

49. Which OT protocols in the general IT category does EdgeFire support with advanced settings in protocol filter profiles? (Version: 2.1)
EdgeFire supports advanced settings in protocol filter profiles for the SMB protocol.

50. How many PCAP files can EdgeFire store for triggered IPS rules? (Version: 2.1)
EdgeFire can store up to 5 PCAP files on the device for triggered IPS rules.

51. How many PCAP files can EdgeFire store for triggered CPSDR rules? (Version: 2.1)
EdgeFire does not store PCAP files in the device for triggered CPSDR rules. Instead, you must configure the PCAP server settings to upload the files to a remote server.

52. Does EdgeFire support a fiber interface (multi-mode)? (Version: 2.1)
Yes, the combo WAN1 and WAN2 interface supports fiber by installing a multi-mode Small-Form Pluggable (SFP) fiber module.

53. Does EdgeFire support a fiber interface (single-mode)? (Version: 2.1)
Yes, the combo WAN1 and WAN2 interface supports fiber by installing a single-mode SFP fiber module.

54. Does EdgeFire support multiple languages on the web management console? (Version: 2.1)
Yes, EdgeFire running firmware 2.1 supports multiple languages, allowing users to import language packs. Currently the language pack supports English and Japanese.

55. What is the threat prevention throughput of EdgeFire 1012? (Version: 2.1)
EdgeFire 1012 can reach up to 200Mbps (with all security features enabled).

56. What is the threat prevention throughput of EdgeFire 1014? (Version: 2.1)
EdgeFire 1014 can reach up to 850Mbps (with all security features enabled)

57. What is the IPSec VPN throughput of EdgeFire 1012? (Version: 2.1)
EdgeFire 1012 can reach up to 50Mbps for the IPSec VPN tunnel.

58. What is the IPSec VPN throughput of EdgeFire 1014? (Version: 2.1)
EdgeFire 1014 can reach up to 200Mbps for the IPSec VPN tunnel.

59. What is the network latency if I deploy EdgeFire-Series in my OT networks? (Version: 2.1)
The expected network latency will be within 500 microseconds (μs).

60. A PC/Desktop using Intel NIC connection with EdgeFire experiences random packet loss. What should I do? (Version: 2.1)
Please check that the Energy Efficient Ethernet (EEE) feature on the PC/Desktop NIC card has been disabled. For more information, you can refer to the following link:

https://community.intel.com/t5/Ethernet-Products/Intel-Communication-Intel-Ethernet-Controller-I226-Series-Random/td-p/1453177/page/2

If your driver is 2.1.3.3 or above:
Please disable the Energy Efficiency Ethernet and Ultra Low Power Mode settings on the driver. You can do that with the following steps:

1. Open Device Manager.
2. Double-click your network adapter: Intel Ethernet Connection I219-LM
3. Click on the "Advanced" tab and update the following settings:

• Energy Efficient Ethernet (EEE): Set to Off
• Speed & Duplex: Set to Auto Negotiation
  Additionally, ensure that these same settings are applied on your switch or router after verifying that all connected devices have the latest drivers:
• Energy Efficient Ethernet (EEE): Set to Off
• Speed & Duplex: Set to Auto Negotiation

61. How do I perform a quick hardware diagnostic for EdgeFire-series before I contact TXOne tech support for RMA service? (Version: 2.1)
EdgeFire-series running firmware 2.1 supports a hardware diagnostic function. Log in with Admin account. On the web management console, please go to "Admin > Diagnostics > Hardware Diagnostics," press "Run Diagnostic Test," and export the test result for TXOne technical support.

62. What is the suggested action if I attempt to log in EdgeFire through the web management console and get the message "Error: Another account was logged in. Please contact the administrator (902-1)"? (Version: 2.1)

This warning message indicates that multiple users are attempting to log in using the same account under one of the following scenarios:

1. Delay Login: The error occurs when one user is already logged in, and another user tries to log in simultaneously.
2. Normal Login: The error occurs when one user is already logged in, and another user attempts to log in but faces a permissions issue.
3. SAML SSO Login: The error occurs when one user is already logged in, and another user attempts to log in but encounters a permissions-related problem.

USB

1. Does EdgeFire support signature updates by USB dongle? (Version: 1.0.x)
Yes, EdgeFire supports signature update by USB dongle.

2. Does EdgeFire support zero-configuration via USB? (Version: 1.0.x)
Yes, EdgeFire supports zero configuration by USB dongle.