FAQs
Frequently asked questions by our Customers
Frequently asked questions by our Customers
How do I get cellular service for the CDI devices.
The CDI devices are sold with a PRIVATE LTE APN SIM CARD already installed into the product. This is a private circuit and is already configured. You can optionally buy your own private APN from CDI or you can supply your own SIM cards for the devices. They do require STATIC IP addresses on the LTE side.
You should just connect the antennas , power up the device and it should begin connecting to a tower. As long as you do not have a RED alarm LED it should be connected to the LTE network.
Contact CDI support if you are having problems.
Are the PA100 series devices all FIPS 140-2 validated?
Yes certificate #1627 recently updated in January 2017 for hardware Random Number Generator requirement.
For more detailed information, sign up for our Support Center.
Are PA100 series backward compatible with your legacy encryption devices?
Yes they will work with our AES 128 and out triple DES devices (configured as clients).
Yes they will work with our AES 128 and out triple DES devices (configured as clients).
All CDI host serial ports are pinned to connect directly to a CISCO type RJ45 console port via a straight CAT5 cable. CDI provides a flat silver satin RJ45-RJ45 for each serial port on the device. This cable can be connected directly from the CDI device to the CISCO or CISCO LIKE device. We recommend using the supplied “Flat Silver Satin cables” as it makes it obvious that they are SERIAL RJ45 cables and not Ethernet connections.
What software platforms do you support?
Our hardware supports ANY software platform. Our management system supports Windows , W7 Pro 32/64, Server 2008,2008R2, 2016 SQL 2008,2012.2014. The system can run as a VM-Slice. We recommend installing on a server so that multiple users can access simultaneously. The system can be installed on a desktop for smaller installations.
Do CDI devices work with any SSH terminals and emulators?
Yes. OBM also combines with a built in intelligent SSH terminal that can automatically build the outbound connection to the device by just clicking the device icon in the OBM system. This will also get keystroke logged in the OBM log database for later forensic retrieval.
Does the OBM have its own RADIUS server for use by the devices?
Yes. You can also tie the OBM into your Active Directory domain.
Does the OBM support keystroke monitor of ALL maintenance data?
Yes the OBM will automatically log ALL keystroke data of an engineer’s session which will be stored on the secure server for later retrieval by a security administrator for audit.
How do I program an IP address locally into the network interface?
The default address of the network interface is 199.199.199.1. As long as an IP address has not already been configured in the product you can use a web browser to change the IP address. You can also connect a SERIAL cable to the console interface and access config menus using the administrator password.
How do I program an IP address locally into the network interface via the serial port on the CDI device?
As long as an IP address has not already been configured in the product you can use a serial connection to the CDI console port to configure an IP address in the CDI device. The default is 8/n/1 9600 baud.
How do I select which Power Control Module to use?
First determine how much current ( IN AMPS) that your connect device draws. This can be found in the manual or on the product itself.
Another way to measure current is through POWER or WATTS. for a 110 Volt device , devide the WATTS by 110 to get the current (AMPS). For a 230 volt device, divide the WATTS by 230 to get the current in AMPS.
CDI power control devices come in 10AMP and 20AMP models. You also need to know the VOLTAGE as the external Power control modules use different parts numbers based on the voltage.
Keep in mind that our 10 AMP and 20AMP models use a different size IEC connector. Take a look at you power cord for your existing device. If it is using a C13 connector it is under 10AMPs. If it is using the large square C19 connector it is over 10 amps and should use our 20 AMP models.
If you are using the INTERNAL POWER CONTROL on a PA244x or PA288x then you can use ANY voltage.
Contact CDI support and they would be glad to help you determine which , and how many PCM’s to select for your application.
When I power the CDI device up I do not see a DTM LED on the modem interface on the front panel. What should I do?
The DTM LED on the front panel indicates the CDI device is ready for communication. If this LED is not lit then there is a problem with your hardware. Contact customer support.
When I power up the CDI device the ALM led and the SEC led are illuminated.
This is normal and indicates that the CDI device has no keying information in it. You need to configure the device with OBM or FEL This also could indicates that the device has been completely reset via the front panel switch or has been tampered via opening the chassis.
How do I get cellular service for the CDI devices.
The CDI devices are sold with a PRIVATE LTE APN SIM CARD already installed into the product. This is a private circuit and is already configured. You can optionally buy your own private APN from CDI or you can supply your own SIM cards for the devices. They do require STATIC IP addresses on the LTE side.
You should just connect the antennas , power up the device and it should begin connecting to a tower. As long as you do not have a RED alarm LED it should be connected to the LTE network.
Contact CDI support if you are having problems.
Are the PA100 series devices all FIPS 140-2 validated?
Yes certificate #1627 recently updated in January 2017 for hardware Random Number Generator requirement.
For more detailed information, sign up for our Support Center.
Are all your security products PCI compliant?
Yes.
What software platforms do you support?
Our hardware supports ANY software platform. Our management system supports Windows , W7 Pro 32/64, Server 2008,2008R2, 2016 SQL 2008,2012.2014. The system can run as a VM-Slice. We recommend installing on a server so that multiple users can access simultaneously. The system can be installed on a desktop for smaller installations.
Can CDI devices be shipped overseas?
Yes, we can ship to all countries on the US export list. The devices have an international power supply, but the country plug must be requested at time of order or you will have to provide a standard IEC C13 power cord, in country.
What about connecting your modem in foreign countries?
CDI devices contain a third party modem that has been homologated for global operation around the world and is accepted in most of the civilized countries.
Are CDI devices remotely flash up-gradeable?
Yes.
Do CDI devices work with any SSH terminals and emulators?
Yes. OBM also combines with a built in intelligent SSH terminal that can automatically build the outbound connection to the device by just clicking the device icon in the OBM system. This will also get keystroke logged in the OBM log database for later forensic retrieval.
Categories: Pre-Purchase Questions, Software
What types of encryption does CDI support?
PA100 series supports up to AES 256 bit cipher feedback that is NIST FIPS 140-2 validated along with multisession SSH 2048. PA200 series supports AES 128 bit encryption and multisession SSH 2048.
Are PA100 series backward compatible with your legacy encryption devices?
Yes they will work with our AES 128 and out triple DES devices (configured as clients).
Are PA200 series backward compatible with your legacy SAM devices?
Yes they will work with our SAM11, SAM22, and SAM44 devices.
What types of authentication does CDI work with?
RSA SecureID (built in, no need for ACE server connection), Password and ID, Challenge Response Token, Password and ID/ encryption, Full AES encryption. CDI recommends setting up your HEAD END devices for TACACS+ or Active Directory and then setting your remote device to “Device Authentication”. This will authenticate the user at the HEAD END and the device will automatically authenticate with each other from the HEAD END to the remote.
Can CDI devices be set to work with RADIUS, TACACS+, Active Directory for authentication?
Yes. In fact we recommend setting up our client devices for network authentication and enforcing auto key exchange no the remote devices. This allows the use of ANY token along with immediate changes to the database being reflected in the system.
Does the OBM have its own RADIUS server for use by the devices?
Yes. You can also tie the OBM into your Active Directory domain.
Does the OBM support keystroke monitor of ALL maintenance data?
Yes the OBM will automatically log ALL keystroke data of an engineer’s session which will be stored on the secure server for later retrieval by a security administrator for audit.
How do I get cellular service for the CDI devices.
The CDI devices are sold with a PRIVATE LTE APN SIM CARD already installed into the product. This is a private circuit and is already configured. You can optionally buy your own private APN from CDI or you can supply your own SIM cards for the devices. They do require STATIC IP addresses on the LTE side.
You should just connect the antennas , power up the device and it should begin connecting to a tower. As long as you do not have a RED alarm LED it should be connected to the LTE network.
Contact CDI support if you are having problems.
Are PA200 series backward compatible with your legacy SAM devices?
Yes they will work with our SAM11, SAM22, and SAM44 devices.
How do I connect my PA100/PA200 to a Cisco RJ45 console?
All CDI host serial ports are pinned to connect directly to a CISCO type RJ45 console port via a straight CAT5 cable. CDI provides a flat silver satin RJ45-RJ45 for each serial port on the device. This cable can be connected directly from the CDI device to the CISCO or CISCO LIKE device. We recommend using the supplied “Flat Silver Satin cables” as it makes it obvious that they are SERIAL RJ45 cables and not Ethernet connections.
Are all your security products PCI compliant?
Yes.
What types of encryption does CDI support?
PA100 series supports up to AES 256 bit cipher feedback that is NIST FIPS 140-2 validated along with multisession SSH 2048. PA200 series supports AES 128 bit encryption and multisession SSH 2048.
What types of authentication does CDI work with?
RSA SecureID (built in, no need for ACE server connection), Password and ID, Challenge Response Token, Password and ID/ encryption, Full AES encryption. CDI recommends setting up your HEAD END devices for TACACS+ or Active Directory and then setting your remote device to “Device Authentication”. This will authenticate the user at the HEAD END and the device will automatically authenticate with each other from the HEAD END to the remote.
What types of authentication does CDI work with?
RSA SecureID (built in, no need for ACE server connection), Password and ID, Challenge Response Token, Password and ID/ encryption, Full AES encryption. CDI recommends setting up your HEAD END devices for TACACS+ or Active Directory and then setting your remote device to “Device Authentication”. This will authenticate the user at the HEAD END and the device will automatically authenticate with each other from the HEAD END to the remote.
I have cabled everything up, but I cannot get through the CDI device. What should I do?
All CDI devices are intentionally shipped with no credentials in them. You must configure the device through the OBM or the free Front End Loader “FEL”.
How do I connect my PA100/PA200 to a Cisco RJ45 console?
All CDI host serial ports are pinned to connect directly to a CISCO type RJ45 console port via a straight CAT5 cable. CDI provides a flat silver satin RJ45-RJ45 for each serial port on the device. This cable can be connected directly from the CDI device to the CISCO or CISCO LIKE device. We recommend using the supplied “Flat Silver Satin cables” as it makes it obvious that they are SERIAL RJ45 cables and not Ethernet connections.
After I connect the cable to the CISCO LIKE device I cannot talk to it via the CDI device. What should I do?
Ensure that you see the DTR LED on the port that you connected the cable to. DTR is one of the indicators that the cable is pinned correctly and the device is ready for communication.
How do I program an IP address locally into the network interface?
The default address of the network interface is 199.199.199.1. As long as an IP address has not already been configured in the product you can use a web browser to change the IP address. You can also connect a SERIAL cable to the console interface and access config menus using the administrator password.
How do I program an IP address locally into the network interface via the serial port on the CDI device?
As long as an IP address has not already been configured in the product you can use a serial connection to the CDI console port to configure an IP address in the CDI device. The default is 8/n/1 9600 baud.
When I power the CDI device up I do not see a DTM LED on the modem interface on the front panel. What should I do?
The DTM LED on the front panel indicates the CDI device is ready for communication. If this LED is not lit then there is a problem with your hardware. Contact customer support.
When I power up the CDI device the ALM led and the SEC led are illuminated.
This is normal and indicates that the CDI device has no keying information in it. You need to configure the device with OBM or FEL This also could indicates that the device has been completely reset via the front panel switch or has been tampered via opening the chassis.
How do I connect to a CISCO router or any network element with a DB9 interface?
Each CDI flat RJ45-RJ45 cable also comes with an RJ45 to DB9F connector, The connector is pinned out to connect to any DTE type serial interface typically found on a PC type product. Use the flat RJ45-RJ45 cable and snap on the RJ45-DB9 adapter. If you see DTR on the CDI device when the cable is connected, odds are it is the correct cable.
I have an interface other than an RJ45 or DB9 for connection to the CDI device. What should I do?
Contact CDI support with the make and model number of your device and we can tell you how to connect to the interface. This will require purchase of an adapted from CDI or the ability for you to make an adapter.
After I connect to the CDI device I cannot talk to the connected appliance.
After you authenticate to the CDI device you will see of list of ports that are supported. Each port will show the status of both DTR and RTS. You should see DTR/UP RTS/UP. This indicates that the connected device is presenting RS232 signals to the CDI device. If you see DTR/DWN RTS/DWN , chances are that your cable is wrong or unplugged (or your appliance is powered down).