TC mGuard 4G LTE mSC Quick Start GuidePublished date: 01/20/2020ContentsIntroduction . 2Objectives. 2Requirements . 2Network Diagram . 2Service Workstation VPN Configuration . 3mGuard Secure VPN Client Configuration Upload. 6Service Target (machine) Configuration . 8TC mGuard 4G LTE Configuration Upload . 12Connect the mGuard Secure VPN Client to the TC mGuard 4G LTE . 14Conclusion . 15Version History: . 15

IntroductionObjectivesThis guide will show how to configure a TC mGuard 4G LTE through the mGuard Secure Cloud.RequirementsTC mGuard RS2000 4G LTE or TC mGuard RS4000 4G LTE, 4G LTE Antenna, Cellular Data Plan,mGuard Secure Cloud Account, and mGuard Secure VPN Client SoftwareDisclaimer: Data plansPhoenix Contact does not provide data plans. Please contact your local cellular provider to acquirea data plan and SIM card. The SIM card size is standard, or 2FF.Disclaimer: Verizon usersThe Verizon mGuards (PNs 1010461 and 1010462) are registered and certified as “M2M” deviceswith Verizon. For optimal experience, Verizon highly recommends using an M2M SIM card withthese devices. M2M SIM cards and data plans can be purchased at Diagram

Service Workstation VPN ConfigurationThis section describes how to create a VPN configuration for a computer with the mGuard Secure VPNClient installed.1. Navigate to and sign inooSign up for an account if you do not have oneAccount registration can take up to 24 hours to process2. Click the service workstation tab3. Click the “ ” icon to add a new workstation4. Enter a name and click okay5. Click on the all service workstations tab6. Find your newly created workstation, and click the wrench icon to start the configuration wizard

7. Choose the mGuard Secure VPN Client, enter a unique password, and click next. For informationon the other client types refer to the Phoenix Contact technical support team. 800-322-3225o Download a 30-day free trial of the mGuard Secure VPN Client software here if you donot already have it installed.8. Select the desired port. IPsec VPN uses ports UDP 500/4500, if you know your IT department isblocking these ports use the VPN Path Finder option via port TCP 443.

9. Enter the IP address of the network you are trying to reach. This will be the network that the TCmGuard is on.o Hint: if you plan to connect to multiple networks, change the netmask to Click request11. Download the VPN configuration.

mGuard Secure VPN Client Configuration Upload12. Open the mGuard Secure VPN Client software.13. Select Configuration Profiles14. Click Add/Import15. Choose Profile Import and click next16. Locate the configuration profile downloaded from the mGuard Secure Cloud and click nexto Note: Make sure to include the entire zip file! Unzipping the file will cause the profile tolose the associated x.509 certificate required for the VPN connection.

17. Click next once more and click finish the profile import.18. Click the connection slider icon next to the connection profile19. Enter the PIN to start the connectiono Note: This PIN is the password entered during the service workstation configuration20. Verify that the VPN connection has established between the computer and the mGuard SecureCloud.o All the icons in the VPN client will turn greeno The person icon on the mGuard Secure Cloud website will also turn greenDisclaimer: Connection statusIf any of the connection indicators do not turn green, the VPN will notwork. Here are the top ways to troubleshoot a failed connection:1. If you are connected both locally and over Wi-Fi, disable oneof the connections.2. IT might be blocking the traffic through the corporatenetwork. Connect to the Internet through a hotspot on yoursmart phone to check if IT is blocking traffic. If necessary,contact your IT department to allow traffic through therequired ports3. Check to see if proxies are preventing the connection4. Disable any other active VPN tunnels on your computer.5. Make sure the network adapter with “NCP Secure Client” isset to obtain an IP address automatically. (see image to theright)

Service Target (machine) ConfigurationThis section describes how to create a VPN configuration for the TC mGuard 4G LTE.21. Click the Service Targets (machines) tab and click the icon shown below to expand the list ofoperators/locations22. Click the to create a new operator/locationo Operators/locations are tabs used to help manage devices based on geographic location,customer name, project name, etc. Choose a name based on how you plan to group yourdevices on the cloud.23. Navigate to your new tab and click the icon to add a new machine24. Give the machine a unique name and click okay

25. Click the wrench icon next to your newly created machine to start the VPN builder26. Choose mGuard Mobile (4G/3G) for a TC mGuard RS2000.Choose mGuard Ethernet plus 4G/3G for a TC mGuard RS4000o Note: “mGuard Ethernet plus 4G/3G” has an additional section for configuring the WANport on the TC mGuard RS4000. The option “mGuard Mobile (4G/3G)” can be selected ifyou do not plan to use the physical WAN port for Internet connection.27. Choose a connection method and click nexto IPsec traditionally uses ports UDP 500 and 4500, but other options are availabledepending on your network setup and IT department

28. Choose “Generic 4G/3G/GSM” for the provider type.29. Enter the APN if known. If unknown, leave this blank. The TC mGuard will automatically receivethe APN from the providero Default for AT&T SIM cards is broadbando Default for Verizon SIM cards is vzwinternet30. Click next31. TC mGuard RS4000 only:Configure the external or WAN IP address as static or DHCP and click next

32. Set the LAN IP address of the mGuard and click nexto Note: This IP address must be in the same subnet as the other networked devices behindthe mGuard.33. Set the format of the mGuard configuration file and download. This example uses the .atv filetype.o .atv files are used for uploading the configuration from the web based managero .ecs files are used for uploading the confirmation from an SD card

TC mGuard 4G LTE Configuration Upload34. Connect an Ethernet cable from your PC to the TC mGuard and login.o Default IP address: Default username: admino Default password: mGuard35. Navigate to Management Configuration Profiles36. Click the folder icon next to “Upload configuration to profile”37. Locate the profile downloaded from the mGuard Secure Cloud and click upload

38. Click the “restore” icon next to the new profile. This will activate the new profile.o Note: The IP address of the mGuard will change to the LAN IP address set during themGuard Secure Cloud configuration wizard.39. Verify the new profile is active by observing the green check mark next to the profile name40. Navigate to Network Mobile Network and verify that the device is connected to the InternetDisclaimer: Cellular connection timeAn authentication process occurs the first time the mGuard connects to the cellular network to verifythe device is certified, and the SIM card has a valid data plan. You will see verbiage such as“provider OTA registration” on the Mobile Network information screen during this process.The authentication process can take up to 15 minutes depending on location and connectionstrength. To optimize the authentication process, connect two antennas to the device and place theantennas near a window.

41. Log into the mGuard secure cloud to verify the device has also connected to the mGuard SecureCloud. The VPN status will now say onlineDisclaimer: Connection StatusIf a TC mGuard RS4000 is connected to the Internet via the dedicated WAN port and the deviceshows “offline,” your IT department might be blocking the VPN traffic. Please contact IT and askthem to allow traffic through the ports configured during setup.If either TC mGuard is configured to connect to the Internet via the cellular network, yet the mGuardSecure Cloud shows the device as offline, please verify with the cellular provider that the data planis valid.Connect the mGuard Secure VPN Client to the TC mGuard 4GLTE42. Connect the mGuard Secure VPN Client. The person icon in the top left corner of the SecureCloud website will turn green43. Once the VPN client is connected, the start button next to the created service target will turngreen. Click the start button to establish a VPN connection from the computer to the mGuard.44. If successful, all the icons in the top left corner will turn green and the gear will start spinning.45. Verify the connection, by entering the IP address of a device connected locally to the mGuard in aweb browser and access the web-based manager over the cloud.Congratulations! You have successfully connected your laptop to a remote network via themGuard Secure Cloud.

ConclusionThis concludes the TC mGuard 4G LTE quick start guideVersion History:1/20/2020 V00: Original publication

Make sure the network adapter with “NCP Secure Client” is set to obtain an IP address automatically. (see image to the right) Service Target (machine) Configuration This section describes how to create a VPN configuration for the TC mGuard 4G LTE. 21. Click the Service Targets (machines)