Lock Mode
In Lock mode, the Lock is acting as a combined router and firewall on the network. With its factory default settings, the Lock is connected to the Internet via its WAN port or a 4G modem. In this mode, the Lock creates its own protected local network for the connected OT devices. The devices are connected to the Lock by cable or via WLAN access point.
Client Mode
In Client Mode, the Lock is functioning as a switch on the network, switching traffic but not providing Internet access. The Lock can provide secure remote access to the network but cannot protect the devices connected to the same LAN as the default gateway to Internet is another device on the network.
Client mode can be used for connecting the Lock to an existing network (e.g. an office network) without changing cabling or settings on the LAN devices. In this mode, the Lock joins the network like any other device (e.g. a PC) and provides remote users access to other devices in the same network.
WAN port or modem should not be used in Client mode. To connect to Internet the Lock must be connected to the gateway via one of the LAN ports and either fixed IP address or DHCP Client configured.
Deploying Node in Client Mode
Note, that in Client mode the Lock will obtain its address from the DHCP, so the local network needs to have a DHCP server available. If not, Client mode cannot be used.
- IMPORTANT Remove WAN cable if connected
- Connect your computer to the Lock using the service port.
- Log into the Lock’s browser interface as admin.
- Go to the page Network > LAN
- Set “Protocol” as “DHCP client”, then click “Switch protocol” and after the page has reloaded click “Save”. Wait until the changes have been saved.
- Connect the Lock from any LAN port to the network
If you need to configure Client Mode with static addresses
- Connect your computer to the Lock using the service port.
- Log into the Lock’s browser interface as admin.
- Go to the page Network > LAN.
- Set “Protocol” as “Static”, then click “Switch protocol” and wait until the page has reloaded
- Set LAN IP (free static IP from the target network, e.g. 192.168.100.10 in the example) and set the netmask (255.255.255.0 in the example)
- Set Gateway IP to point to the firewall/router on the target network (192.168.100.1 in the example)
- Finally click “Save”. Wait until the changes have been saved.
- Connect the Lock from any LAN port to the network
Note:
- Do not use mobile connection when in Client mode
- Do not connect any LAN port directly to the internet
- Do not connect the controlled devices to any LAN port
- The lock will scan the entire LAN network for connected devices and will grant device access to any user with a matched Key. Please keep this in mind when considering network and information security.
- In cases where access rights need to be restricted, switch on MAC/IP Filtering (under Advanced Settings) or set up the Lock in its factory default configuration.
- In Client Mode, the Lock’s inbuilt firewall does not protect the devices in the LAN network.
Note: With earlier SW versions than v3.3.3 on Lock 100 and Lock 200, the Lock will automatically change to default configuration if the USB modem or WAN cable is connected to the Lock after it has been set to Client Mode. For this reason, neither USB modem nor WAN cable should be connected to Lock when changing the Lock to Client mode. This does not apply from v3.3.3 onwards (Lock 100 & Lock 200) and on all Lock 150 and Lock 500 versions.
Deploying Lock in Lock Mode
If you need to go back to Lock mode change the "Protocol" field back to "Static" address and click the "Switch Protocol" button to activate the settings. Go to the Status page and check you see Lock in the Mode field. Plug the Internet cable back to the WAN port. To enable the LAN DHCP, go to Network > LAN DHCP server and deselect the Disable DHCP server checkbox. Click Save to activate the settings.