Installing Kaspersky IoT Secure Gateway 1000

To start using Kaspersky IoT Secure Gateway 1000, install it on a Kraftway Rubezh-N device. This requires the following files that are included in the Kaspersky IoT Secure Gateway 1000 distribution kit:

• Files for generating an installation image that are included in the archive named kisg_netprotector_<network device type>_release_install_<system version number>_ru_en.tar.gz, where <network device type> can be "diode" for a unidirectional gateway or "router" for a network router, and <system version number> consists of four decimal numbers separated by dots, such as 1.2.3.4.
• Files of the flasher installation image generation utility, delivered as the archive kisg_flasher_<system version number>_ru_en.tar.gz, where <system version number> consists of four decimal numbers separated by periods.

Installation of Kaspersky IoT Secure Gateway 1000 is performed by Kaspersky experts. The instructions described in this section are provided for information purposes.

To install Kaspersky IoT Secure Gateway 1000:

1. Prepare a computer with Ubuntu version 20.04 or later for creating bootable USB drive with the Kaspersky IoT Secure Gateway 1000 image. All further actions must be performed on this computer.
2. Install the wget and sha512sum utilities:

   sudo apt-get install wget coreutils

3. Add the Docker repository PGP™ key to the system:

   sudo apt-get update

   sudo apt-get install ca-certificates curl gnupg

   sudo install -m 0755 -d /etc/apt/keyrings

   curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

   sudo chmod a+r /etc/apt/keyrings/docker.gpg

4. Add the Docker repository address to the system by running the following commands:

   echo \

   "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \

   "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \

   sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

5. Update the package information and install Docker:

   sudo apt-get update

   sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

6. Prepare Docker to run with user permissions:

   sudo groupadd docker

   sudo usermod -aG docker <system user name>

   newgrp docker

   If the Docker container has no access to external network after executing these commands, restart the operating system.

7. Verify that Docker starts without errors by running the test image:

   docker run hello-world

8. Connect the USB drive with the flasher utility archive to the computer and copy the archive to a separate directory.

   The flasher utility includes a script to create a boot image.

9. Unpack the flasher archive:

   tar -xvf kisg_flasher_<system version number>_ru_en.tar.gz

   The following files will be added to the directory:

   • ./resources: the directory that contains resources for building the flasher utility.
   • build.sh, script for building a Kaspersky IoT Secure Gateway 1000 boot image.
   • buildkisgflasher.sh: a helper script for building a flasher image in a Docker environment.
   • Dokerfile: a file for creating a replicable environment for building a Kaspersky IoT Secure Gateway 1000 bootable image.
   • flasher.conf: a configuration file for building a flasher image.
   • README.md: instructions for building a flasher image and installing a Kaspersky IoT Secure Gateway 1000 image.
10. Go to the directory where you unpacked the flasher utility.
11. Place the archive with files for generating a Kaspersky IoT Secure Gateway 1000 installation image in the resources directory. The archive name must have the format kisg_netprotector_<network device type>_release_install_<system version number>_ru_en.tar.gz.

    You can place one installation image archive in the directory if you intend to use one type of network device only, or both archives (for unidirectional gateway and network router) to be able to choose between the types of network device when installing Kaspersky IoT Secure Gateway 1000.

12. Edit the flasher.conf configuration file, so that it contains only the following lines:

    set -eu

    KISG_images=()

    KISG_device=kraftway

13. Verify that the wget utility can download a Debian OS image by running the following command:

    wget https://www.debian.org/CD/

    If the wget utility fails to get the Debian OS image, place the Debian 11.4.0 image and SHA512 checksums into the resources directory. If there is no Internet connection on the computer with the flasher utility, obtain a Debian Docker image by running the docker pull debian: bullseye command and copy the resulting image to the flasher utility directory.

14. Build the boot image of Kaspersky IoT Secure Gateway 1000 by running the build script using the following command:

    ./build.sh

15. Make sure that the boot image of Kaspersky IoT Secure Gateway 1000 is built successfully by running the following command:

    file KISGFlasher.iso

16. Connect a new USB drive to the computer with the flasher utility.
17. Write the Kaspersky IoT Secure Gateway 1000 boot image to the USB drive by running the following command with root privileges:

    dd bs=4M if=$(pwd)/KISGFlasher.iso of=/dev/sdx status=progress oflag=sync

    where /dev/sdx is the name of the USB drive to which you need to write the image.

18. Wait for the writing process to complete successfully and remove the USB drive.
19. Connect the USB drive to the Kraftway Rubezh-N device.
20. Connect the Kraftway Rubezh-N device through a COM port to a local computer using a cable with an RJ45-DB9 connector and start a COM port terminal application on the local computer.

    All further actions must be performed in the terminal of the computer connected to the Kraftway Rubezh-N device.

21. Click the on/off button in the left part of the Kraftway Rubezh-N front panel.
22. While the device is starting, press DELETE on the console keyboard.

    The main BIOS menu of the Kraftway Rubezh-N device opens in the console.

23. Configure the settings for loading Kaspersky IoT Secure Gateway 1000 from a bootable USB drive:
    1. Select the Save & Exit tab.
    2. In the Boot Override section, use the ↑ and ↓ keys to select UEFI: <name of bootable USB drive>.
    3. Press ENTER to start booting from the USB drive.
24. Wait for the image to load from the USB drive.
25. In the debian login form that appears in the console, enter the default Debian Live CD user name and password to log in to LiveUSB.
26. If you have compiled a boot image for two network device types, select from the menu the Kaspersky IoT Secure Gateway 1000 image to install on the device (unidirectional gateway and network router) and press ENTER.

    If you have compiled a boot image for one network device type only, installation starts automatically.

27. Wait for the installation process to complete. After installation, the Kraftway Rubezh-N device shuts down.
28. Remove the USB drive from the Kraftway Rubezh-N device.
29. Click the on/off button in the left part of the Kraftway Rubezh-N front panel.
30. While the device is starting, press DELETE on the console keyboard.

    The main BIOS menu of the Kraftway Rubezh-N device opens in the console.

31. Configure the boot order for Kaspersky IoT Secure Gateway 1000:
    1. Select the Boot tab.
    2. For Boot Option # 1, select UEFI OS.
32. Exit BIOS while saving the changes:
    1. Select the Save & Exit tab.
    2. On the Save & Exit tab, select Save Changes & Exit.
33. Wait for the download to complete and visually check that Kaspersky IoT Secure Gateway 1000 starts correctly.

After Kaspersky IoT Secure Gateway 1000 starts for the first time, it is recommended to configure the network, create and upload an administrator certificate, configure the date and time, and replace the web server certificate with the one that is used in your organization.

Page top