NETWORK object
Manual reconfiguration may cause malfunctions in Kaspersky IoT Secure Gateway 1000 up to the point where a full reinstallation is required. We recommended changing the configuration by means of the relevant settings in the Kaspersky IoT Secure Gateway 1000 web interface and the Kaspersky IoT Secure Gateway 1000 management web plug-in for Kaspersky Security Center 14.2 Web Console.
The NETWORK
object includes keys containing network settings. The list of these keys is shown in the table below.
List of NETWORK keys
Key name | Value type | Title | Required | Possible values | ||||||
| Object | Yes | - | |||||||
|
| Object | Object containing information about network protocol filtering | Yes | - | |||||
|
|
| Literal | FTP protocol filtering | Yes |
| ||||
|
|
| Literal | HTTP/HTTPS protocol filtering | Yes | |||||
|
|
| Literal | IMAP protocol filtering | Yes | |||||
|
|
| Literal | Modbus protocol filtering | Yes | |||||
|
|
| Literal | MQTT protocol filtering Only MQTT protocol version 3.1.1 filtering is supported. | Yes | |||||
|
|
| Literal | POP3 protocol filtering | Yes | |||||
|
|
| Literal | SMTP protocol filtering Only basic SMTP protocol filtering is supported. | Yes | |||||
| Object | Yes | - | |||||||
|
| Integer | Priority of Kaspersky IoT Secure Gateway 1000 in the cluster | Yes | From | |||||
|
| String | Cluster identifier. This is required for cluster nodes to uniquely recognize each other. The use of the ID does not guarantee protection against the actions of third parties. When setting up the network, you also need to secure the cluster network loop. | Yes | Cluster identifier. To avoid ID overlap, we recommend specifying a custom | |||||
|
| Literal | Enables or disables the network cluster. | Yes |
| |||||
|
| String | Cluster IP address. | Yes | String formatted as | |||||
|
| String | Cluster subnet mask. | Yes | String formatted as | |||||
| Object | Yes | - | |||||||
|
| Object list | List of firewall rules. The maximum size of the list is 512 objects. | Yes | - | |||||
|
|
| Literal | Enables or disables firewall rules. | Yes, if |
| ||||
|
|
| String | Rule type |
| |||||
|
|
| String | Source IP address. | String formatted as | |||||
|
|
| String | Destination IP address. | String formatted as | |||||
|
|
| String | Source port | Number that defines the source port | |||||
|
|
| String | Target port | Number that defines the target port | |||||
|
|
| String | Communication protocol | Available rule options: | |||||
|
|
| String | Rule scope | Available rule options: | |||||
| Object | Settings for address denylists and allowlists Used only if Kaspersky IoT Secure Gateway Network Protector is installed. | Yes | - | ||||||
|
| Literal | Enables or disables address denylists and allowlists. | Yes |
| |||||
|
| Literal | Flag that indicates the active status of address denylists and allowlists. | No | Always set to | |||||
|
| Object list | List of denied addresses. | Yes | - | |||||
|
|
| String | Denied IP address. | Yes, if | String formatted as | ||||
|
|
| Date and time | Timestamp | POSIX timestamp | |||||
|
|
| String | Name of the signature that was blocked | Signature name | |||||
|
| Literal | Enables or disables access to resources on the list of blocked addresses | Yes |
| |||||
|
| Object list | Address allowlist. | Yes | - | |||||
|
|
| String | Allowed IP address. | Yes, if | String formatted as | ||||
| Object | Yes | - | |||||||
|
| Literal | Enables or disables automatically obtaining an IP address over DHCP. | Yes |
| |||||
|
| String | DHCP server primary IP address | Yes | String formatted as | |||||
|
| String | DNS server primary IP address | Yes | String formatted as | |||||
|
| String | Internal network adapter IP address | Yes | String formatted as | |||||
|
| String | DHCP server secondary IP address | Yes | String formatted as | |||||
|
| String | Internal network adapter MAC address | No | String formatted as | |||||
|
| String | Internal network subnet mask | Yes | String formatted as | |||||
|
| String | DNS server secondary IP address | Yes | String formatted as | |||||
| Object | Yes | - | |||||||
|
| Object list | List of masquerading rules The maximum size of the list is 256 rules. | Yes | - | |||||
|
|
| String | Comments to the rule | Yes, if | Arbitrary string | ||||
|
|
| String | Internal network host IP address | String formatted as | |||||
|
|
| Integer | External port | Number that defines the external port | |||||
|
|
| Integer | Internal port | Number that defines the internal port | |||||
|
|
| String | Rule protocol | Available rule options: | |||||
|
|
| String | Interface to which the rule is applied. | Available rule options: | |||||
| Object | Turns masquerading on or off. | Yes | - | ||||||
|
| Literal | Yes |
| ||||||
| Object | Yes | - | |||||||
|
| Object list | List of routes | Yes | - | |||||
|
|
| String | Route action | Yes, if |
| ||||
|
|
| String | IP address. | Yes, if | String formatted as | ||||
|
|
| String | Subnet mask. | String formatted as | |||||
|
|
| String | Gateway IP address. | String formatted as | |||||
|
|
| String | Route status. | No |
| ||||
|
|
| String | Route type. | No |
| ||||
|
|
| String | Error message | No | Message about an error that occurred while performing an action on the route | ||||
| Object | Yes | - | |||||||
|
| Literal | Enables or disables automatically obtaining an IP address over DHCP. | Yes |
| |||||
|
| String | IP address of the default gateway. | Yes | String formatted as | |||||
|
| String | DNS server primary IP address | Yes | String formatted as | |||||
|
| String | External network adapter IP address | Yes | String formatted as | |||||
|
| String | External network adapter MAC address | No | String formatted as | |||||
|
| String | External subnet mask | Yes | String formatted as | |||||
|
| String | DNS server secondary IP address | Yes | String formatted as |