Technical support – online help, FAQs, training courses
Please narrow down your support topic.
Login
The iCS - VPN is a remote access service for simple and secure networking of sites, systems or mobile devices via a VPN network.
The iRM enables rollouts of device firmware, configurations, security certificates and applications including logging.
Here you get access to our Partner Portal – become a part of our network now!
If you would like to complain about one of our solutions or return it for other reasons, you first need a return shipping number (RMA number). Before shipping, please request this number from our Customer Service Center using the contact options listed below.
Our support team will be happy to provide you with information about the return process.
If you would like to dispose of an electrical appliance purchased from INSYS icom GmbH correctly, you have the option of returning it to us directly.
To do this, please get in touch with your contact person in Sales via the head office to initiate the return in the same way as for returns.
Mail: info@insys-icom.de
Phone: +49 941 58692-0
Please label the transport unit clearly as an old device and remember any stored passwords or security certificates before disposing of the device. It is recommended that you block existing access to the device (e.g. on your VPN server) and reset the device to factory settings (if possible) before passing it on or disposing of it.
An overview of the complete online help function can be found on this page..
Have you tried it over HTTPS? We have deactivated HTTP connection with firmware version 4.4. Your device should be accessible over HTTPS. You find more on this topic under the following link:
This means that the router’s firewall blocks the ICMP packets. Under Netfilter/IP-Filter create a new output firewall rule, select ICMP as protocol, and choose your wished output interface.
If you’ve configured your device using the setup wizard and no firewall rules or other settings are missing, then make sure you entered the proper Access Point Name under Interfaces/LTE.
For some providers, such as Telekom, it is very important to have a proper APN entry, and they will block your connection otherwise.
As of Version 6.12 of the icom OS we do not support this mode yet, nor is it planned at the moment to implement this feature
The blinking gear indicates that the profile opened in the router differs from the profile running in the router. A click on the gear activates the opened profile, i.e. it becomes the running profile. See Profiles for detailed information.
Port 1 of the card in slot 1 (leftmost) is assigned to IP net 1 (configuration network) in default settings (for routers with 5-port switch; for routers with 2-port switch, port ETH1 is assigned to IP net 1). This local network has the static IP address 192.168.1.1. It is intended for accessing the router from a configuration PC. The firewall rules for HTTP (port 80) and HTTPS (port 443) access are also entered for this in default settings.
It is recommended to use IP nets 2-5 and the other ports for the application to still enable local configuration access to the router. If the application’s requirements or other circumstances do not allow this, port 1 can also be configured accordingly like ports 2-5. It should be ensured that router access in case of an emergency is still possible using other means
The internal clock of the router should always be set correctly to ensure that time-controlled events are processed precisely to the desired time, system messages are dated correctly and certificates are within their validity period. A regular synchronisation with an NTP (Network Time Protocol) server is recommended for this. This can be achieved using the action Synchronise clock via NTP. The action will be triggered by a regular event, like the expiration of a timer or the condition change of an interface.
The startup wizard makes all necessary settings that the time is always synchronised when the respective WAN chain went online.
In order to get a synchronisation at a certain time, the router must be configured as follows:
Moreover, the following prerequisites must be met:
The router allows a very complex configuration to cover almost all application cases custom-made. This can cause a complex troubleshooting – in particular for configurations made by third parties.
A comfortable troubleshooting option is provided by the plausibility check. It mainly serves for detecting obvious configuration gaps. It cannot expose all configuration failures of the function. This applies especially to IP filters and NAT rules.
If connections cannot be established, this may be caused by missing or wrong IP filter rules (firewall). This can be located by deactivating the IP filters temporarily in the Netfilter menu on the IP filter page.
In contrast to a local network (LAN), a WAN connection will not be started immediately. A WAN connection will then be established, if a WAN chain, which contains the respective WAN interface, is started. The status of the existing WAN chain is displayed in the Status menu on the System status page.
The following prerequisites must be met for a functional WAN connection:
The following explains how to add another WAN network to an existing configuration and what must be observed when doing so.
Click on Save settings
Click on Save settings
Click on Save settings
Click on Save settings
It can be useful due to reasons of security to block an IP version (IPv4 or IPv6) for data traffic completely. Proceed as follows for this:
In order to dispatch a message via e-mail within an action, it is necessary to configure the e-mail account in the router and add appropriate netfilter rules.
The configuration of the e-mail account takes place in the menu Events on the page E-mail account. Useful instructions for this are available in the inline help of this page that can be displayed with a click on ? Display help text.
If Netfilters are activated, it is neceesary to add the following netfilter rule to enable e-mail dispatch:
If the SMTP server of the e-mail account is specified in form of a domain name, it is necessary to add the following netfilter rule to enable a DNS resolution.
If a container cannot be accessed via its IP address, it is recommended to check the following settings:
Yes, this is possible.
Just keep in mind that if the other device is lacking a feature, for example DSL or LTE, those settings will be skipped over during the import.
Regarding this topic, we have a written configuration guide:
https://docs.insys-icom.de/pages/en_m3_internet_via_lte_v2.html
and even a YouTube tutorial for you:
https://youtu.be/Rg2A27Yxnlg
This is due to the fact that you are trying to access an entry that does not exist.
Each entry, for example a netfilter rule, has its own index number.
In this case, you are trying to access the 6th element of the list but only 5 elements exist.
1, Start WAN connection. This step sets up the Internet connection. If it fails, our router was not able to set up the connection. Make sure the Ethernet cable is connected to the router, or the SIM card is inserted and activated properly.
2, Start secure channel to server. This step connects the router to the icom Connectivity Suite – VPN service. This step can fail if your LAN network’s firewall settings block the ports and IP addresses necessary for the connection. Please, contact your network administrator and make sure you opened all the necessary ports for the connection.
3, Get configuration. If this failed, you might have selected the wrong device type, typed in the wrong device code, or registered the wrong serial number for the device.
4, Apply configuration. This step rarely fails, however icom OS firmware version 5.8 had a bug, in which profile activation was not possible with a device uptime of 24 days. Please contact our support team at support@insys-icom.de if this is not the case and you’re experiencing this issue.
This generally means a DNS error, however a routing conflict can lead to this as well:
– Is the OpenVPN server online and reachable over its domain name? Ask your provider or network administrator.
– Make sure your Insys device’s DNS settings are correct and it is allowed to make DNS requests.
– Have you configured 2 or more interfaces in the same IP range? Even if net2 and net3 are in the same IP range, the OpenVPN connection will not work, and you’ll receive this error message.
Yes, it is possible.
We have a highly detailed configuration guide for you regarding this topic.
The guide includes a step-by-step tutorial on how to configure 1-to-1 NAT using our icom OS devices, and even a troubleshooting guide:
https://docs.insys-icom.de/pages/en_m3_ip_forwarding.html
We do not have a complete list, as the icom OS uses the same commands in CLI that you find in your ASCII profile.
We have however a video tutorial on this topic:
and a written documentation in every router under “Help/Documentation/Online Help/Command Line Interface (CLI)“.
If your device has a firmware version of 1.x.x the update cannot be carried out!
In the event of large version jumps, incremental updates are first necessary. These updates are available from the INSYS support department:
No, it’s not possible. These firmware versions are incompatible with each other.
Some e-mail service providers don’t support TLS versions 1.0 and 1.1 anymore. Please update your device to the lates firmware, in which we implemented TLS versions 1.2 and 1.3.
The latest firmware is found under the following link:
https://www.insys-icom.com/en/support/documentation-and-downloads/
No, this is not possible. The two operating systems are incompatible with each other.
You have 2 options:
For more information about our Extended Support services visit:
https://www.insys-icom.com/en/support/technical-support/extended-support/
This is not possible with Insys OS devices.
Our new icom OS devices, such as the MIRO, SCR, ECR, MRO and MRX are capable of simultaneously running multiple OpenVPN and even IPSec tunnels.
Test our icom OS devices free of charge:
We have not set an arbitrary limit.Theoretically you can register as many data points as you wish.
This does not mean however that you will be able to simultaneously use thousands of data points.
The maximum simultaneously usable data points strongly depends on how often the points are polled, and how large of a data traffic they produce.
Please visit the following link for a written manual:
https://docs.insys-icom.de/pages/en_m3_install_ids_container.html
or the following link for a YouTube Tutorial video:
We have not set an arbitrary limit.Theoretically you can register as many data points as you wish.
This does not mean however that you will be able to simultaneously use thousands of data points.
The maximum simultaneously usable data points strongly depends on how often the points are polled, and how large of a data traffic they produce.
This usually means that your device’s date set incorrectly. Your certificate is literally not valid yet, as your device is in the past. You can set the correct date and time over Administration/Time.
This behaviour is caused by the TIA Portal of Siemens, who is also responsible for support in this case.
INSYS has little to no influence here.
Try deactivating the option SIMATIC Industrial Ethernet (ISO) for the OpenVPN Virtual Ethernet Adapter under your PC’s network connection settings.
We do not support this mode, nor is it planned at the moment to implement this feature.
Yes, that is possible.
Please contact our colleagues in the Customer Service Center at support@insys-icom.de to do the necessary changes to your account.
You have to manually assign the license to the device by clicking on the gear symbol and selecting an available license.
Our Customer Service Center supports you:
Available: Monday – Friday from 8:00-12:00 and 13:00-17:00