About Kaspersky IoT Secure Gateway 1000 operating modes

In situations not covered by the standard operating scenarios of Kaspersky IoT Secure Gateway 1000, the system automatically switches to one of the following emergency modes: non-immune mode, developer mode, or emergency support mode.

Once activated, the mode name is displayed in the upper right corner on all pages of the Kaspersky IoT Secure Gateway 1000 web interface, and in the upper right corner of Kaspersky Security Center 14.2 Web Console after each synchronization. Click the mode name to view its description. Mode activation events are recorded in the system audit log.

Non-immune mode

Non-immune mode is activated after you start the VPN application for the first time. When Kaspersky IoT Secure Gateway 1000 is operating in a non-immune mode, the device immunity is not guaranteed. However, there are no limitations to the functionality and operation of Kaspersky IoT Secure Gateway 1000.

The non-immune mode cannot be disabled in Kaspersky IoT Secure Gateway 1000 or the Kaspersky Security Center 14.2 Web Console. Exiting the non-immune mode is only possible after a complete reinstallation of Kaspersky IoT Secure Gateway 1000 on the device.

Developer mode

Developer mode is activated after you start Kaspersky Debug Service (KDS) required for testing and debugging of components.

Kaspersky Debug Service is delivered with the Kaspersky IoT Secure Gateway 1000 SDK as a separate installation package. When Kaspersky Debug Service starts, developer mode is activated only for the user/developer who started the debug service.

If Kaspersky IoT Secure Gateway 1000 is operating in the developer mode, the application signatures are verified as follows when they are installed in Kaspersky IoT Secure Gateway 1000:

• If the application is installed using Kaspersky IoT Secure Gateway 1000 or Kaspersky Security Center 14.2 Web Console, the application signature is verified at all stages (download, installation, and launch of the application).
• If the application is installed via the KDS, the application signature is not verified.
• If the application is pre-installed in Kaspersky IoT Secure Gateway 1000, the application signature is not verified during the application launch. There are no download and installation stages since the application is pre-installed.

There are no limitations to the functionality of Kaspersky IoT Secure Gateway 1000.

The non-immune mode cannot be disabled through the Kaspersky IoT Secure Gateway 1000 web interface or Kaspersky Security Center 14.2 Web Console. Developer mode can only be exited after completely reinstalling Kaspersky IoT Secure Gateway 1000 on the device where Kaspersky Debug Service was started.

Emergency support mode

Emergency support mode is activated when at least one of the following events occurs:

• Error as a result of self-testing.
• Error during automatic file integrity check on startup.
• A security application, such as Kaspersky IoT Secure Gateway Network Protector, crashing.

  Kaspersky IoT Secure Gateway Network Protector may crash if industrial protocol traffic filtering rules cannot be loaded or have not been defined, application self-diagnostics complete with an error, or the application is not responding.

The following happens when emergency support mode is activated:

• A message about the crash and its cause is recorded in the system audit log. If emergency support mode was activated as a result of Kaspersky IoT Secure Gateway Network Protector crashing, a message about the crash is also recorded in the firewall audit log.
• The user's active connection session is terminated.
• Stoppage of all running applications is initiated.
• If emergency support mode was activated as a result of Kaspersky IoT Secure Gateway Network Protector crashing, any traffic except service traffic that supports the functioning of Kaspersky IoT Secure Gateway 1000 and network connectivity as determined by preset allow rules is blocked.

The emergency support mode cannot be disabled in Kaspersky IoT Secure Gateway 1000 or Kaspersky Security Center 14.2 Web Console. You can exit the emergency support mode in the following ways:

• Device reboot (it is possible to re-enter emergency support mode).
• Restoration from a backup copy.
• Full reinstallation of Kaspersky IoT Secure Gateway 1000 on the device.