Initial Software Setup
Connecting To A Network
all network configuration is managed from the network tab of the settings panel to view and edit network settings, open the settings window by using the gear wheel in the status bar the network tab will list all available network interfaces the lan interface will report as “deactivated” until an ethernet cable is connected to the origin if you are connected to the origin via a remote device, then the network interface you are connecting on will not be able to be deactivated this is to prevent you from accidentally disconnecting yourself to see or configure network options, simply expand the relevant interface using the dropdown icon to the right network security tips it is highly recommended that you install your cincraft scenario system within a secured environment and follow best security practices when setting up the network the following guidelines help you configure a robust local network for the device wi‑fi security use wpa3‑enterprise where available; wpa2‑enterprise is acceptable if enterprise is not feasible, use wpa2‑personal with a long, unique passphrase and change it when staff roles change disable wps and the device’s ap mode in production do not use open or wep networks use separate wi‑fi networks (ssids) for management and production enable client isolation on production ssids so clients cannot talk directly to each other prefer the 5 ghz band for better performance and reduced interference network segmentation place the device on a dedicated management vlan or separate network, isolated from user and guest networks allow only the connections you need admin workstations to device management ports; device outbound access only to required cloud services (licensing, updates) block other inter‑vlan traffic by default use a dhcp reservation or a documented static ip so the device address is predictable firewall and access control start with a “block by default” inbound policy open only the required ports from authorized subnets (e g , ssh via vpn/bastion; https for the admin ui when enabled) do not expose device services to the internet or guest wi‑fi limit outbound traffic to the specific portals and update services the device needs; block unnecessary destinations use a vpn or bastion host for administrative access where possible, restrict by ip and limit login attempts turn off unused services and ports enable logging on network equipment and review access denials and alerts regularly