WebAccess/VPN is an advanced VPN management solution for the safe interconnection of Advantech routers and LAN networks in the public Internet. The connection among devices and networks can be regional or global and can combine different technology platforms and various wireless, LTE, fixed, and satellite connectivities. WebAccess/VPN provides an easy and secure connectivity platform for applications such as branch connection, remote access, machine monitoring in industry sectors like Utilities & Energy, Automation, Predictive maintenance, Industrial IoT for any end device types such as Computers, PLCs, RTUs, Cameras, Terminals…
WebAccess/VPN is distributed as Cloud or On-Premises solution. Available is a software image for Amazon cloud (AWS), an image for VirtualBox, and a pre-installed licensed WebAccess/VPN server on Advantech Industrial Computer UNO-2372G.
• WebAccess/VPN makes it easy to set, scale and supervise secure networks of Advantech routers and other devices in Internet environment.
• WebAccess/VPN solves network security issues and provides secure connections for individual LANs.
• All communication going through the VPN Portal is encrypted and hidden from potential intruders.
• The architecture of WebAccess/VPN withstands common attack vectors. The network traffic runs through OpenVPN tunnels.
• Independent of mobile operators. No need for public or static IPs. No need for private APN or DDNS.
• Each device connected to the router within VPN network has a fixed private IP address for transparent communication.
• User-friendly Management helps admins and users to configure and control routers in their defined LANs
• WebAccess/VPN is compatible with SCADA systems, Linux, Windows, Smart phones, Tablets etc.
• WebAccess/VPN is compatible with existing network topologies such as Cellular, Fibre, Satellite, ADSL.
• The secure interconnection networking platform
Communication among devices and third-party devices is encrypted. Only the devices with valid certificates can connect to each other and safe HTTPS protocol is used for VPN portal UI connection. WebAccess/VPN provides complete supervision over the network and builds a highly resistant „private environment“ within the Internet.
The key security factors:
- All connecting devices must be validated
- All-time encryption over all phases
- VPN tunnel established using strong cryptography
• Sub-network concept for inter-router access control
The networks concept within the WebAccess/VPN allows the customer to create “fine grade groups” of router visibility/reachability. The routers are grouped into Networks with device possibility to be visible in more networks crossovers. This feature allows the customer to create separate groups of routers that are visible to each other and also assign a router to be a member of more networks concurrently.
• Independent management for each router interface
WebAccess/VPN provides 4 user selected modes – each mode can be operated on every router interface (Ethernet or WIFI) independently.
- VPN Public - connected devices to the router are visible for all routers in the same network
- 1:1 NAT - LAN IP addresses are translated to the virtual address space
- Local Only - LAN settings is managed but devices on this LAN cannot access the VPN
- Ignored - LAN is not managed at all
• Standalone VPN Client access for any other device
One of the top features - Standalone VPN Client. From a practical point of view we talk about computers, PC´s or other devices accessing routers and devices connected to routers through the encrypted OpenVPN channel (VPN Public, 1:1 NAT modes).
• Zero-touch centralized configuration
All devices are directly managed using a secure control channel from WebAccess/VPN. The reconfigurations of routers in the field (LAN IP settings, assign to network membership, access control) are distributed automatically in real time.
• Access control - Fine grade firewall rules
WebAccess/VPN portal supports custom selected filtering rules for each connected device or whole network independently. Based on the communication direction WebAccess/VPN operates with two categories - Incoming and Outgoing communication. Each direction has its own default policy settings that can be „Allowed“ or „Denied“ by user.
• Central point for direct access to router GUI
WebAccess/VPN is the central point of direct online access to the router web interface via internal proxy server. It´s a handy tool for instant remote device maintenance and diagnostics.
• Available installation options
- Private Cloud Software solution for Amazon Web Services (AWS)
- On-Premises Software solution available as a software image for VirtualBox
- On-Premises Hardware Box solution where WebAccess/VPN software is installed on Advantech industrial computer
|WebAccess/VPN, SW for 50 routers and 10 VPN Standalone clients|
|WebAccess/VPN, SW for 500 routers and 50 VPN Standalone clients|
|WebAccess/VPN, SW for 5 000 routers and 100 VPN Standalone clients|
|WebAccess/VPN, HW Box UNO-2372 for 100 routers and 20 standalone VPN clients|
|WebAccess/VPN, HW Box UNO-2372 for 500 devices and 100 standalone VPN clients|
WebAccess/VPN VPN-BOX-UNO23 Leaflet
WebAccess-VPN_Application_Note_1.1.3_20230125.pdf | 01.02.2023
Advantech EULA WebAccess/VPN.pdf | 16.03.2022
End User License Agreement Document
Security patch applicable to 1.1.x WebAccess/VPN installations