3Com SECPATH U200-CS, Installation Manual

Page 1: ...H3C SecPath U200 Series Unified Threat Management Products Installation Manual Hangzhou H3C Technologies Co Ltd http www h3c com Manual Version 5PW101 20090520 ...

Page 2: ...2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensure accuracy of the contents but all statements ...

Page 3: ... 6 Maintaining Software Introduces how to maintain software of the H3C SecPath U200 series UTM devices including upgrading software and updating configuration files 7 Maintaining Hardware Introduces how to maintain hardware of the H3C SecPath U200 series UTM devices 8 Troubleshooting Describes some problems you may encounter during installation and startup of an H3C SecPath U200 series UTM device ...

Page 4: ...Documentation In addition to this manual each H3C SecPath Series Security Products documentation set includes the following Manual Description H3C SecPath Series Security Products User Manual Describes the features operation fundamentals and configuration commands of the H3C SecPath series security products guides you to make configuration and provides configuration examples Obtaining Documentatio...

Page 5: ...mentation to info h3c com We appreciate your comments Environmental Protection This product has been designed to comply with the requirements on environmental protection For the proper storage use and disposal of this product national laws and regulations must be observed ...

Page 6: ...orages 1 5 Dimensions and Weight 1 5 Fixed Interfaces and Slots 1 6 Power Input 1 6 Operating Environment Specifications 1 6 Components 1 7 Processor and Storages 1 7 Front Panel LEDs 1 7 Fixed Interfaces 1 8 AC Power Input 1 14 Clock 1 14 Port Lightning Arrester Optional 1 14 Power Lightning Arrester Optional 1 15 Signal Lightning Arrester Optional 1 15 System Software 1 16 ...

Page 7: ...U200 S can support up to 10 8 and 7 GE interfaces respectively delivering high scalability for user investment protection The U200 series are available with AC power supply to ensure high reliability fully satisfy requirements for network maintenance update and optimization support detection of chassis internal temperature support network management and provide a Web management interface The U200 ...

Page 8: ...ou can create multiple virtual firewalls each implementing a separate security policy These virtual firewalls are isolated from one another and thus can be managed separately z Diverse attack prevention functions Guards against attacks including Land Smurf Fraggle WinNuke Ping of Death Tear Drop IP Spoofing IP fragment fragment TCP flag invalid large ICMP packet IP Sweep port scan and DDoS attacks...

Page 9: ...ng arrester or port lightning arrester z Connecting the console cable AUX cable or Ethernet cables z Opening and closing the chassis cover z Installing or removing the mini card available only on the U200 S MIM module available only on the U200 A and U200 M or CF card U200 M Front view Figure 1 3 U200 M front view 1 10 100 1000 Mbps electrical Ethernet interface 0 2 10 100 1000 Mbps electrical Eth...

Page 10: ...re 1 2 U200 S Front view Figure 1 5 U200 S front view 1 10 100 1000 Mbps electrical Ethernet interface 0 2 10 100 1000 Mbps electrical Ethernet interface 1 3 10 100 1000 Mbps electrical Ethernet interface 2 4 10 100 1000 Mbps electrical Ethernet interface 3 5 10 100 1000 Mbps electrical Ethernet interface 4 6 Console port CONSOLE 7 USB interface 8 CF card ejector button 9 CF card slot 10 System LE...

Page 11: ...tion Item U200 A U200 M U200 S Processor RMI XLS208 750 MHz RMI XLS404 800 MHz Flash 32 MB Memory type and size DDR2 SDRAM 1 GB by default DDR2 SDRAM 512 MB by default External CF card 256 MB 512 MB or 1 GB Dimensions and Weight Table 1 2 Dimensions and weight of the U200 series Description Item U200 A U200 M U200 S Dimensions H W D excluding feet and mounting brackets 44 2 442 400 mm 1 74 17 40 1...

Page 12: ...2UA0 and NSQ1GP4U0 1 MIM expansion slot Available interface module NSQ1GT2UA0 and NSQ1GP4U0 1 Mini expansion slot Available interface module 2GE and NSQ1WLAN0 Power Input Table 1 4 Input voltage specifications Description Item U200 A U200 M U200 S Rated voltage range 100 VAC to 240 VAC 50 Hz or 60 Hz Maximum input current 1 6 A 0 6 A Maximum power 100 W 54 W Operating Environment Specifications Ta...

Page 13: ...y default the U200 A and U200 M are equipped with a 1 GB memory while the U200 S has a 512 MB memory Front Panel LEDs Figure 1 7 U200 A front panel LEDs Figure 1 8 U200 M front panel LEDs Figure 1 9 U200 S front panel LEDs Table 1 6 Description of the front panel LEDs LED Status Description Off No CF card is in position or the CF card cannot be identified On A CF card is in position and has passed...

Page 14: ...reserved without software support U200 A 6 10 100 1000 Mbps electrical Ethernet interfaces GE0 to GE5 U200 M 6 10 100 1000 Mbps electrical Ethernet interfaces GE0 to GE5 GE interfaces U200 S 5 10 100 1000 Mbps electrical Ethernet interfaces GE0 to GE4 CF card slot 1 Three CF card options of different memory sizes are available z 256 MB z 512 MB z 1 GB Console port 1 Introduction A U200 series devi...

Page 15: ...a configuration terminal Figure 1 10 illustrates the console cable Figure 1 10 Console cable Table 1 9 Console cable pinouts RJ 45 Signal direction DB9 Signal 1 Æ 8 CTS 2 Æ 6 DSR 3 Æ 2 RXD 4 Å 1 DCD 5 5 GND 6 Å 3 TXD 7 Å 4 DTR 8 Å 7 RTS For how to connect the console cable refer to the Connecting the Console Cable section in Chapter 4 Installing the U200 Series Device Ethernet interfaces 1 Introdu...

Page 16: ...e Frame format Ethernet_II Ethernet_SNAP 10 Mbps autosensing Half full duplex auto negotiation 100 Mbps autosensing Half full duplex auto negotiation Rate and negotiation mode 1000 Mbps autosensing Full duplex auto negotiation The media dependent interface MDI standard is typically used for the Ethernet interfaces of network adaptors The media dependent interface crossover MDI X standard is typica...

Page 17: ...cables are shipped with the U200 series z Crossover cables At both ends of a crossover cable wires are crimped in the RJ 45 connectors in different sequences A crossover cable is used for connecting two terminals for example two PCs or UTM devices You can make crossover cables yourself as needed Figure 1 12 Ethernet cable Table 1 12 Straight through cable connector pinouts RJ 45 Signal Category 5 ...

Page 18: ...es and provide higher data transfer rates than common parallel interfaces and serial interfaces The U200 series support USB 2 0 to provide important storage and security functions For example with USB interfaces you can provide large flash memory space for application programs configuration files and VPN certificates for setting up secure VPN connections and secure distribution of configuration fi...

Page 19: ...e to get corrupted CF card 1 Introduction A compact flash CF card is used for storing logs host files and configuration files A U200 series device provides an external CF card slot for expanding storage space Three CF card options of different memory sizes are available z 256 MB z 512 MB z 1 GB Use the CF cards provided by H3C only because the U200 series may be incompatible with other CF cards 2 ...

Page 20: ... interface The clock module can work despite power failure to ensure that the system time is correct at reboot With the device powered off the clock module can work for at least 10 years Note that z Never replace the clock module battery when power is present on the device z The system time gets lost once the clock module battery is removed You can set it at the command line interface You can use ...

Page 21: ...r lightning arrester refer to the Installing a Power Lightning Arrester Optional section in Chapter 4 Installing the U200 Series Device Signal Lightning Arrester Optional Generally you need to install a signal lightning arrester between a signal cable and the connected device This can protect electronic components against surge over voltage resulting from lightning strikes or any other interferenc...

Page 22: ...orm integrating a rich set of security features including virtual firewall attack prevention load balancing and P2P traffic management Combining network and security technologies perfectly the series can be deployed in various complex network environments to provide strong security protection ...

Page 23: ... 2 Interface Cards and Interface Modules 2 1 2GE Module 2 1 NSQ1GT2UA0 Module 2 3 NSQ1GP4U0 Module 2 4 NSQ1WLAN0 Module 2 6 Arranging Slots and Naming Interfaces 2 7 Slot Arrangement 2 7 Naming Interfaces 2 7 Examples 2 7 ...

Page 24: ...Gigabit Ethernet interface module The 2GE module provides two RJ 45 electrical interfaces that support the Layer 3 routing function Each interface on the 2GE module is available with a link LED and an activity LED for monitoring the link status and data transmission status The 2GE module is connected to the processor through a 10 Gbps high speed bus and can provide all functions of Layer 3 Etherne...

Page 25: ...ds 802 3 802 3u 802 3ab Interface type Autosensing When working in the forced mode Ethernet does not support MDI MDIX autosensing Frame formats Ethernet_II Ethernet_SNAP Maximum transmission distance 100 m 328 08 ft over category 5 twisted pairs 10 Mbps autosensing Half full duplex auto negotiation 100 Mbps autosensing Half full duplex auto negotiation Rate and negotiation mode 1000 Mbps autosensi...

Page 26: ...nk LED and an activity LED for monitoring the link status and data transmission status The NSQ1GT2UA0 module is connected to the processor through a PCIE high speed bus to provide all functions of a Layer 3 Ethernet interface with high performance Front view Figure 2 3 NSQ1GT2UA0 front view 1 2 5 3 4 6 7 1 Captive screw 2 GE interface 0 3 Link LED LINK of GE interface 0 4 Data transmit receive act...

Page 27: ...terface with high performance Front view Figure 2 4 NSQ1GP4U0 front view 1 Captive screw 2 LINK ACT LED 3 SFP interface LEDs Table 2 3 Description of LEDs on the front panel of NSQ1GP4U0 LED Status Meaning Off No link is present on the interface On A 1000 Mbps link is present on the SFP interface LINK ACT Green Blinking The SFP interface is transmitting or receiving data at 1000 Mbps Interface spe...

Page 28: ...86 miles 70 km 43 50 miles Fiber type 62 5 125 μm multi mode 9 125 μm single mode 9 125 μm single mode 9 125 μm single mode 9 125 μm single mode Interface cable z The NSQ1GP4U0 module can work with SFP optical transceivers using optical fibers with LC type connectors Figure 2 5 and Figure 2 6 show an SFP optical transceiver and an optical fiber with LC type connectors respectively Figure 2 5 SFP o...

Page 29: ...ns of a Layer 3 Ethernet interface with high performance Front view Figure 2 7 NSQ1WLAN0 front view 1 Captive screw 2 Auxiliary antenna interface 3 Main antenna interface Interface specifications Table 2 5 Interface specifications of NSQ1GP4U0 Item Specification Interface type Antenna interface 2 4 GHz or 5 GHz Number of interfaces 1 Interface standards IEEE 802 11a IEEE 802 11b IEEE 802 11g 6 9 1...

Page 30: ...ere z interface type represents the type of the interface such as GigabitEthernet z X represents the number of the slot in which the interface module is inserted z Y represents the number of the interface on the interface module 2 The interfaces on the same interface module uses the same slot number X 3 The interfaces of the same type on an interface module are numbered starting with 0 for Y from ...

Page 31: ...2 8 3 If an NSQ1WLAN0 module is installed on the U200 S the WLAN interface on the module is named as follows z Wlan Radio 1 0 ...

Page 32: ...tion 3 2 Electromagnetic Interference Prevention 3 3 Lightning Protection 3 4 Workbench Requirements 3 4 Rack Mounting Requirements 3 4 Safety Precautions 3 4 Safety Signs 3 4 General Safety Recommendations 3 5 Electricity Safety 3 5 Installation Tools Meters and Devices 3 5 Installation Accessories Supplied with a U200 Series Device 3 5 User supplied tools 3 5 Reference 3 5 Checklist Before Insta...

Page 33: ... available at the installation site Temperature and Humidity Requirements The equipment room must maintain proper humidity to prevent poor insulation electricity creepage and corrosion accompanying high humidity and to prevent washer contraction and electrostatic discharge accompanying low humidity In dry environments where relative humidity is very low electrostatic discharge ESD is more likely t...

Page 34: ... 2 H2S 0 006 NH3 0 05 Cl2 0 01 Electrostatic Discharge Prevention Sources and damages of static electricity By design a U200 series device is ESD preventative but excessive buildup of static electricity can still damage the card circuitry and even the entire device On the communication network connected to a U200 series device static electricity is primarily introduced from the outside electrical ...

Page 35: ...esistance of the ESD preventive wrist strap The resistance reading should be in the range of 1 to 10 megohms between human body and the ground The U200 series are not delivered with ESD preventive wrist straps Make sure that an ESD preventive wrist strap is available yourself Electromagnetic Interference Prevention All interference sources external or internal adversely affect the device in the wa...

Page 36: ... Installing the U200 Series Device Workbench Requirements When installing the device on a workbench make sure that The workbench is sturdy enough to support the weight of the device and installation accessories The workbench is well grounded Rack Mounting Requirements When installing the device in a rack follow these guidelines Install the device in an open rack if possible If you install the devi...

Page 37: ...present Connect the interface cables correctly Use an uninterrupted power supply UPS When powering off the device double check to make sure the device is powered off Avoid maintaining the device alone when power is present Installation Tools Meters and Devices Installation Accessories Supplied with a U200 Series Device AC power cord Console cable PGND cable Left and right front mounting brackets U...

Page 38: ...edges avoiding touching the electronic components on it EMI prevention Take effective measures against interference from the power grid Separate the protection ground of the device from the grounding device or lightning protection grounding device as far as possible Keep the device far away from radio stations radar and high frequency devices working at high current Use electromagnetic shielding w...

Page 39: ...the rack is appropriate for the device The front and rear of the rack are at least 0 8 m 31 50 in away from walls or other devices Safety precautions The device is far away from moist areas and heat sources You have identified the emergency power switch in the equipment room Tools Installation accessories supplied with the device are complete and in good condition User supplied tools are available...

Page 40: ...on Procedure 4 6 Precautions 4 7 Installing a Power Lightning Arrester Lightning Protection Busbar Optional 4 7 Selecting and Installing a Signal Lightning Arrester Optional 4 8 Connecting the Power Cable 4 9 Power Supply Port and PGND Terminal 4 9 Connecting the AC Power Cord 4 10 Connecting Interface Cables 4 11 Connecting the Console Cable 4 11 Connecting Ethernet Cables 4 12 Connecting an Ethe...

Page 41: ...ntioned in Chapter 3 Preparing for Installation are satisfied Installation Flowchart Figure 4 1 Installation flowchart Mounting a U200 Series Device You can mount a U200 series device on a workbench or in a rack Mounting a U200 Series Device on a Workbench If a 19 inch rack is not available you can mount a U200 series device on a clean workbench During installation make sure ...

Page 42: ...ce and installation accessories z There is at least 10 cm 3 94 in of clearance around the device for heat dissipation z No heavy object is placed on the device for fear of device damage and poor heat dissipation Rack Mounting a U200 Series Device Installing an N68 rack A U200 series device can be installed in an H3C N68 rack For how to install an N68 rack see N68 Cabinet Installation Guide Attachi...

Page 43: ...gure 4 4 Attach front rack mounting brackets to the U200 S Mounting the device in a rack Follow these steps to mount the device in a rack Step1 Check that the rack is well grounded and steady Step2 Fix the device in the rack horizontally and securely by fastening the mounting brackets onto the front rack posts with pan head screws The size of the pan head screws should satisfy the installation req...

Page 44: ... using the device The power input end of a U200 series device is equipped with a noise filter The neutral ground of the power input end is directly connected to the chassis and is called PGND also called the chassis ground You need to securely connect the PGND cable to the earth ground to safely lead induced current and leakage current to the ground and reduce the EMS of the device The PGND cable ...

Page 45: ...nect the naked part of the PGND cable to the ground directly If a grounding bar is available connect the PGND cable to the grounding bar as follows 1 Use a cable stripper to strip off the insulation rubber about 15 mm 0 59 in from the PGND cable 2 Wrap the naked part onto the grounding post of the grounding bar 3 Fix the PGND cable onto the grounding post with a hex nut Figure 4 7 Connect the PGND...

Page 46: ...s to install a port lightning arrester Step1 Use a double faced adhesive tape to stick the port lightning arrester to the device The port lightning arrester should be as close to the grounding screw as possible Step2 Cut short the grounding cable of the port lightning arrester according to its distance to the grounding screw Then fix the grounding cable onto the grounding screw of the device Step3...

Page 47: ...e port lightning arrester be as short as possible and be well connected to the grounding screw of the device You need to check with a multimeter after connection z Install a lightning arrester for every port connected to an outdoor cable Installing a Power Lightning Arrester Lightning Protection Busbar Optional The U200 series devices are not shipped with lightning arresters for power supplies You...

Page 48: ...ulti purpose socket of the power lightning arrester z If the live and zero wires are on the left and right respectively supposing that you are facing the socket the PE terminal of the power lightning arrester is not grounded z If the live and zero wires are on the right and left respectively supposing that you are facing the socket the polarity of the power socket of the power lightning arrester i...

Page 49: ... with U shape ports maximum discharge current 3KA common mode 400V differential mode 170V RJ 11 z The signal lightning arrester should be grounded as near as possible The grounding resistance must be less than 4 ohms The grounding resistance must be less than 1 ohm if there are special grounding requirements z Connect the grounding cable to the special purpose grounding cable of the signal lightni...

Page 50: ...g was buried during construction and cabling z Before connecting the AC power cord make sure that the power supply of the building is well grounded Connection procedure Follow these steps to connect the AC power cord Step1 Make sure that the PGND terminal is securely connected to the ground Step2 Connect one end of the supplied AC power cord to the power socket on the device and the other end to t...

Page 51: ...he RJ 45 connector of the console cable to the console port on the device and the DB 9 female connector to the serial port on the configuration terminal Step3 Power on the device after verifying the connection Verify the connection and power on the device The configuration terminal displays the startup banner of the UTM device if the connection is correct For details see the Powering on the Device...

Page 52: ...ou can connect a port on the 2GE module with a straight through cable or crossover cable as follows Step1 Power off the device and then install the module into the corresponding interface module slot For the installation of a 2GE interface module see the Installing a Mini Card section in Chapter 7 Maintaining Hardware Step2 Use a straight through or crossover network cable to connect an interface ...

Page 53: ...hernet cable see the Connecting an Ethernet Cable to the 2GE Module section on page 4 12 This section only covers how to connect an SFP optical module Follow these steps to connect an optical fiber to the NSQ1GP4U0 module Step1 Install the NSQ1GP4U0 module into the intended slot in the chassis For the installation procedures see the Installing a MIM Module section in Chapter 7 Maintaining Hardware...

Page 54: ...antenna see Interface Cable in the section talking about the NSQ1WLAN0 module in Chapter 2 Interface Modules Follow these steps to install an antenna to the NSQ1WLAN0 module Step1 Install the NSQ1WLAN0 module into the corresponding slot For the installation procedures see Installing a Mini Card in Chapter 7 Maintaining Hardware Step2 Fasten the antenna to the antenna interface by rotating the ante...

Page 55: ...the Parameters for the Console Terminal 5 1 Power On of the Device 5 4 Checklist Before Device Power On 5 4 Powering On the Device 5 4 Checklist Operations After Power On 5 4 Startup Process 5 5 Configuration Fundamentals 5 7 Command Line Interface 5 7 Features of the Command Line Interface 5 7 Management of Commands 5 7 Logging In to a U200 Series Device Through a Web Browser 5 8 ...

Page 56: ...Console Cable in Chapter 4 Installing the U200 Series Device Setting the Parameters for the Console Terminal Step1 Create a connection Select Start Programs Accessories Communications HyperTerminal and enter a connection name in the Connection Description dialog box as shown below Figure 5 1 Create a connection Step2 Select a connection port Select a serial port from the Connect using drop down li...

Page 57: ...rameters Set the properties of the serial port in the COM1 Properties dialog box as shown in Figure 5 3 Table 5 1 Set serial port parameters Item Value Bits per second 9600 bps default Data bits 8 Parity None Stop bits 1 Flow control None To use the default settings click Restore Defaults ...

Page 58: ...wn below Figure 5 4 HyperTerminal window Step5 Set HyperTerminal properties In the HyperTerminal window select File Properties from the menu and select the Settings tab to enter the properties setting dialog box as shown below Select VT100 or Auto detect from the Emulation drop down list and click OK to return to the HyperTerminal window ...

Page 59: ...rrectly connected the configuration terminal or PC is powered on and the emulation program is properly configured z If an external CF card is needed to store applications the CF card is properly installed Powering On the Device Step1 Turn on the power source Step2 Turn on the power switch on the device Checklist Operations After Power On After powering on the device check that 1 The LEDs on the fr...

Page 60: ...terminal For more information see Startup Process on page 5 5 5 After the power on self test POST the system prompts you to press Enter When the command line prompt appears the UTM device is ready to configure Startup Process After power on the UTM device initializes its memory and then runs the extended BootWare The following information appears on the terminal screen taking the U200 A for exampl...

Page 61: ... BootWare menu press Ctrl B as prompted within four seconds otherwise the system will proceed with application decompression z If you want to enter the extended BootWare menu after the system starts application decompression you need to restart the UTM device Starting to get the main application file flash main bin The main application file is self decompressing Done System is starting User interf...

Page 62: ...ecessary Step7 Perform reliability configuration for the device if necessary For the configuration details of the protocols or functions of the device refer to the related user manuals Command Line Interface Features of the Command Line Interface A U200 series device is available with the command line interface CLI for you to configure manage and maintain the device The CLI provides the following ...

Page 63: ...nect GigabitEthernet 0 0 of the UTM device to a PC using an Ethernet cable For the connection of the Ethernet cable refer to Connecting Ethernet Cables in Chapter 4 Installing the U200 Series Device Step2 Configure an IP address for the PC ensuring the PC and the UTM device can ping through each other Set the IP address to any one but 192 168 0 1 within the range of 192 168 0 0 24 For example set ...

Page 64: ...5 9 Figure 5 7 Web interface for the U200 M ...

Page 65: ...rading Backing Up the Application with TFTP at the Command Line Interface 6 18 Upgrading the Application with FTP 6 20 Upgrading the Application with FTP on the BootWare Menu 6 20 Upgrading the Application with FTP at the Command Line Interface 6 21 Maintaining Application and Configuration Files 6 26 Displaying All Files 6 26 Setting the Application File Type 6 27 Deleting a File 6 28 Specifying ...

Page 66: ...lication file z Backup application file z Secure application file The three kinds of application files are stored in flash memory If you have loaded the three application files into flash memory the system will boot using these three files in order For more information about application files refer to the Maintaining Application and Configuration Files section on page 6 26 The following gives the ...

Page 67: ...on and Configuration Files on page 6 26 The following gives the types of the configuration files and their priorities at a boot z Main configuration file The file type is M The system boots using the main configuration file by default z Backup configuration file The file type is B When the boot using the main configuration file fails the system boots using the backup configuration file z Default c...

Page 68: ...Upgrading the Signature Database and Maintaining Configuration Files on page 6 34 In the CLI approach the following two methods are available for software upgrading z Upgrade BootWare and applications using the Xmodem protocol through a serial interface z Upgrade applications using TFTP FTP through Ethernet interface on BootWare menu or through command lines z The BootWare program is upgraded toge...

Page 69: ...otWare Menu BootWare Main Menu When the device is powered on the system first initializes the memory After the initialization the system the U200 A for example runs the extended BootWare and the following information is displayed on the console terminal The information displayed on the terminal may vary with different BootWare versions System is starting Booting Normal Extend BootWare H3C SecPath ...

Page 70: ...ystem enters the self extraction process of applications if you want to enter the extended BootWare menu you need to reboot the device z The extended BootWare menu is referred to as BootWare main menu in this manual unless otherwise specified Press Ctrl B when Press Ctrl B to enter extended boot menu appears The system displays Please input BootWare password You can try up to three times to enter ...

Page 71: ...fore does not take effect at a reboot This option is useful when the password is lost 7 BootWare Operation Menu BootWare operation submenu Refer to the BootWare Operation Submenu section on page 6 8 8 Clear Super Password Clear the super password The super password is used in user level switching No super password is set by default This setting is valid only for the first reboot of the device At s...

Page 72: ...e BootWare main menu to enter the Ethernet submenu where you can upgrade the application and BootWare with FTP TFTP The system displays Enter Ethernet SubMenu Note the operating device is flash 1 Download Application Program To SDRAM And Run 2 Update Main Application File 3 Update Backup Application File 4 Update Secure Application File 5 Modify Ethernet Parameter 0 Exit To Main Menu Ensure The Pa...

Page 73: ...our choice 0 3 Items on this submenu are described in the following table Table 6 4 File control submenu Menu item Description 1 Display All File Display all files 2 Set Application File type Set the application file type 3 Delete File Delete a file 0 Exit To Main Menu Return to the BootWare main menu BootWare Operation Submenu Select 7 on the BootWare main menu to enter the BootWare operation sub...

Page 74: ...evices 2 Set The Operating Device Set the current operating device 3 Set The Default Boot Device Set the default boot device 0 Exit To Main Menu Return to the BootWare main menu Upgrading BootWare and Application Through a Serial Interface Introduction to Xmodem Use Xmodem when upgrading BootWare or application through a serial interface Xmodem is a file transfer protocol that is widely used due t...

Page 75: ...ing Baudrate Avaliable Note indicates the current baudrate Change The HyperTerminal s Baudrate Accordingly Baudrate Avaliable 1 9600 Default 2 19200 3 38400 4 57600 5 115200 0 Exit Enter Your Choice 0 5 Select a proper baud rate For example select 5 for a baud rate of 115200 bps and the system displays the following information Baudrate has been changed to 115200 bps Please change the terminal s b...

Page 76: ...ey and the system will prompt the current baud rate and return to the previous menu The system displays The current baudrate is 115200 bps After you download files to upgrade applications by changing the baud rate restore the baud rate in the HyperTerminal to 9600 bps in time so as to ensure the normal display on the console screen when the system boots or reboots ...

Page 77: ...lication file refer to the Modifying Serial Interface Parameters section on page 6 10 Select 2 on the serial port submenu and the system prompts Please Start To Transfer File Press Ctrl C To Exit Waiting CC Select Transfer Send file in the terminal window The following dialog box appears Figure 6 5 Send File dialog box Click Browse to select the application to be downloaded and select Xmodem from ...

Page 78: ... if the baud rate is 115200 bps it will take about 30 minutes to upgrade the application through a serial interface Therefore you are recommended to upgrade the application through Ethernet Upgrading BootWare Enter the BootWare main menu refer to BootWare Main Menu on page 6 4 Select 7 to enter the BootWare operation submenu where you can perform all BootWare operations For detailed description on...

Page 79: ...on file to be downloaded and select Xmodem from the Protocol drop down list Then click Send and the following dialog box appears Figure 6 8 Sending file dialog box After the file is downloaded successfully the following information appears on the terminal interface Download successfully 534828 bytes downloaded Updating Basic BootWare Y N z If you select N the system displays Not update the Basic U...

Page 80: ...sing TFTP to save upgrade and maintenance time Trivial File Transfer Protocol TFTP a protocol in the TCP IP protocol suite is used for trivial file transfer between client and server It provides not so complex and low cost file transfer services TFTP provides unreliable data transfer services over UDP and does not provide any access authorization and authentication mechanism It employs timeout and...

Page 81: ...file is stored z The U200 series are not available with TFTP Server software You need to purchase and install one yourself z You can upgrade the applications of the U200 series through GigabitEthernet 0 0 only Step2 Configure Ethernet interface parameters on the BootWare menu Enter the BootWare main menu and select 3 to enter the Ethernet submenu where you can select 5 to enter the Ethernet Parame...

Page 82: ...as bin cannot exceed 50 characters Target File Name Name of the target file after the file is downloaded to the device The extension of the target file needs to be the same with that of the downloaded file Note that the first main bin is the file name automatically remembered by the system at the last update the second main bin is the source file name set by the user Server IP Address IP address o...

Page 83: ...he procedure of setting up an upgrade environment refer to step 1 in the Upgrading the Application Using TFTP on the BootWare Menu section on page 6 15 z Run the terminal emulation program on the PC and then configure the IP addresses of the client and sever to be on the same network segment Ensure the connectivity between the U200 series and the PC In this example the IP address of GigabitEtherne...

Page 84: ...wait TFTP 11611272 bytes received in 65 second s File downloaded successfully z When you download an application file if a file having the same name with the downloaded file exists on the U200 series device the system prompts whether to overwrite the file on the device You need to select Y or N for confirmation z For details about the tftp command see the accompanying documentation z You can upgra...

Page 85: ...he TCP IP suite It is mainly used for file transfer between remote hosts FTP provides reliable and connection oriented data transfer service over TCP Compared with TFTP the FTP software is much bigger There are two approaches to upgrading an application file using FTP z Using the BootWare menu In this approach the U200 series device can serve as the FTP client only z Using command lines In this ap...

Page 86: ... files contained in the current file system and the available space of the storage device For details refer to step 2 in Upgrading Backing Up the Application with TFTP at the Command Line Interface on page 6 18 Step3 Enable FTP server on the PC configure the path where the application file is stored and set the FTP username and password In this example the username is guest and the password is 123...

Page 87: ...tation z You can upgrade a configuration file using the same method as upgrading an application file A configuration file can be modified by a text editor You can modify a configuration file and then download the modified configuration file to the device and the modification takes effect after the device reboots Step6 Back up an application file Using FTP you can backup an application file by uplo...

Page 88: ... in 0 074 second s 63 00Kbyte s sec Upload and backup of the application file is finished ftp quit Quit FTP client view 221 Service closing control connection Close the service control connection U200 series device servers as FTP server PC serves as FTP client Step1 Set up an FTP upgrade environment Figure 6 11 Set up an FTP upgrade environment z Connect GigabitEthernet 0 0 on the device to the PC...

Page 89: ...el 3 Set the user level to 3 z The FTP service is enabled after the authentication and authorization of the FTP server are configured The FTP server supports multi client access A remote FTP client sends a request to the FTP server The FTP server executes an action accordingly and returns the execution result to the client z After you configure the FTP server authentication and authorization you n...

Page 90: ... from the PC to the device and saves it as main bin ftp binary 200 Type set to I ftp lcd d update Local directory now D update ftp put main_ bin main bin 200 Port command okay 150 Opening BINARY mode data connection for main bin 226 Transfer complete z When you upgrade an application file if a file having the same name with the uploaded file exists on the server the system overwrites the file on t...

Page 91: ...ftp lcd d update Change the local directory ftp put main_ bin main bin Upload the file from the PC to the device ftp get main bin main_ bin Download the file from the device to the PC Maintaining Application and Configuration Files You can modify and display a file type on the file control submenu Select 4 on the BootWare main menu to enter the file control submenu The system displays File CONTROL...

Page 92: ...lable space For details about the dir command refer to the accompanying documentation Setting the Application File Type Setting application file type on the BootWare menu You can modify the type of application files on the BootWare menu or using commands after the application files boot you cannot modify the type of an application file of type S For more information about the attributes of each ty...

Page 93: ...nd the file has become the main application file for the next startup In addition the type of main_bak bin automatically changes from M to N A You can display all the files in the file control submenu to verify the type of these two files Select 2 on the file control submenu and the system displays M MAIN B BACKUP S SECURE N A NOT ASSIGNED NO Size B Time Type Name 1 11673608 Jun 15 2008 05 39 50 M...

Page 94: ...e bin If you want to restore the file you can use the undelete command Restore file test txt in the recycle bin H3C undelete test txt Undelete flash test txt Y N y Undeleted file flash test txt For details about the delete and undelete commands refer to the accompanying documentation Specifying a Configuration File for Next Startup You can specify a configuration file for next startup in two appro...

Page 95: ...the BootWare main menu Select option 5 The system displays please input old password Enter your old password at this prompt please input old password In case you enter a wrong password the system displays Wrong password Please input password again If you fail to provide the correct password after three consecutive attempts the system will halt prompting Wrong password system halt After you enter t...

Page 96: ...ult configuration but the original configuration file is still stored in the storage medium To restore the original configuration you can use the display saved configuration command to display the configuration and then copy and execute the configuration z If the password is stored in plain text you can use the display current configuration command to view the password in the current configuration...

Page 97: ...or the first reboot of the device The super password will be restored after a second reboot Backing Up and Restoring BootWare Select 7 on the BootWare main menu to enter the BootWare operation submenu Refer to BootWare Operation Submenu on page 6 8 for details Backing Up the Full BootWare Backing up the full BootWare using BootWare menu options To backup a full BootWare you need to backup the basi...

Page 98: ...BootWare menu options Select 2 on the BootWare operation submenu to overwrite the BootWare in the system with the BootWare stored in flash memory To restore a full BootWare you need to restore the basic segment and then the extended segment Will you restore the Basic BootWare Y N Select Y Begin to restore Normal Basic BootWare Done At this moment restoration of the basic segment is finished The sy...

Page 99: ...pecify the main backup software and remove software files Software upgrade is performed with TFTP see Figure 6 12 Therefore to download a software upgrade file from a TFTP server you must set the IP addresses of your U200 series device the TFTP client and the TFTP server correctly and ensure that they are reachable to each other Figure 6 12 Network diagram for TFTP configuration On the TFTP client...

Page 100: ...nfiguration file maintenance At the Web interface you can perform the following operations to maintain configuration files z Backing up the current configuration file as an encrypted and compressed file z Saving compressed configuration files to the local device z Uploading a compressed configuration file from the local device to the U200 series device z Importing a compressed configuration file t...

Page 101: ...le including the path and extension on the TFTP server The extension of the file can only be bin or app Filename Specify the name of the destination file to be saved on the U200 series device The extension of the file must be the same as that of the source file File Type Specify the file attribute to either of the following z Main Main boot application for next startup z Backup Backup boot applica...

Page 102: ...mple for the file to be saved on the UTM device z Select If file with same name exists overwrite it without reminding z Select Reboot the device automatically after the upgrading is finished z Click Apply to commit the settings z Then the upgrade starts and the upgrade progress page appears When the upgrade finishes you can see an upgrade completed message 4 Verify the upgrade result Use the displ...

Page 103: ...gure 6 16 Version information On the interface you can perform the following operations z Displaying information about the current and the last version of the specified signature database z Clicking the icon to roll back the selected signature database to the last version Configuring automatic upgrade Select System Management Device Management Signature Upgrade from the navigation tree to enter th...

Page 104: ...nagement Device Management Upgrade Manual from the navigation tree to enter the manual upgrade configuration page Figure 6 18 Page for manually upgrading a signature database Make settings to manually upgrade a signature database as shown in Table 6 18 Table 6 18 Settings for manually upgrading a signature database Item Description Signature Package Type Select the signature database to be upgrade...

Page 105: ...licking Import after specifying the path of the file The device automatically restarts to bring the configuration into effect Upload Configuration File Upload a compressed configuration file from the local console PC to the U200 series device by specifying the path of the file and clicking Upload Export Configuration File Export a configuration file from the U200 series device to save it as the ba...

Page 106: ...ID ID of the compressed configuration file Date Date when the compressed configuration file was created Software Version Software version of the device at the time when the compressed configuration file was created Device model Model of the device where the compressed configuration file was created ...

Page 107: ... Removing and Installing Blank Panels 7 4 Removing a Blank Panel 7 4 Installing a Blank Panel 7 4 Installing and Removing a Mini Card 7 5 Installing a Mini Card 7 5 Removing the Mini Card 7 6 Installing and Removing a MIM Module 7 7 Installing a MIM Module 7 7 Removing a MIM Module 7 7 Inserting and Removing a CF Card 7 8 Installing a CF Card 7 8 Removing the CF Card 7 9 ...

Page 108: ... or ESD preventive gloves when maintaining the device hardware For more information refer to the Electrostatic Discharge Prevention section in Chapter 3 Preparing for Installation z Put the removed mini interface module CF card and MIM on an antistatic worktable with the PCB side facing upward or place them in antistatic bags z When checking or moving a removed mini interface module CF card and MI...

Page 109: ...chassis and pry the cover with the head of the screwdriver tipping towards you until the cover becomes loose as shown in Figure 7 2 Figure 7 2 Insert a screwdriver into unlock slot and turn the screwdriver s head upwards Step4 With the front panel of the device facing you push the chassis cover about 5 cm 1 97 in backwards Figure 7 3 Push the chassis cover about 5 cm 1 97 inches backwards Step5 Li...

Page 110: ... of the U200 A 1 Connector for MIM in slot 1 2 MIM slot 1 3 Connector for MIM in slot 2 4 MIM slot 2 5 Power supply 6 Fan Figure 7 6 shows the internal structure of the U200 M with the chassis cover removed Figure 7 6 Internal structure of the U200 M 1 Connector for the MIM in slot 1 2 MIM slot 1 3 Power supply 4 Fan Figure 7 7 shows the internal structure of the U200 S with the chassis cover remo...

Page 111: ...rface card or module in the slot To do that loosen the fastening screws on the panel with a Phillips screwdriver at the rear of the device as shown in Figure 7 8 Figure 7 8 Remove a blank panel Place away the removed blank panel and screws in a safe place for reuse Installing a Blank Panel If you are not installing a new card or module in an empty slot you are recommended to install the blank pane...

Page 112: ...ff the device Step2 Remove the blank panel from the interface card slot at the rear of the device For how to remove a blank panel refer to the Removing a Blank Panel section on page 7 4 Step3 Gently push the card into the slot along the guide rails Figure 7 10 Install a mini card Step4 Fasten the captive screws on the card with a flat blade screwdriver Figure 7 11 Fix the mini card ...

Page 113: ...Step1 Power off the UTM device Step2 Loosen the captive screws on the mini card with a flat head screwdriver at the rear of the device Figure 7 12 Loose the captive screws Step3 Pull the mini card out along the guide rails Figure 7 13 Uninstall a mini card z Put away the removed mini card in an antistatic bag z If you are not installing a new mini card in the empty slot install a blank panel to pr...

Page 114: ...ils Figure 7 14 Install a MIM module Step4 Fasten the captive screws on the module with a flat blade screwdriver Figure 7 15 Fix the MIM Step5 Power on the device and look at the status LED of the slot on the front panel If the LED stays on after the module completes initialization the module is operating normally if the LED goes off the interface module fails the self test Removing a MIM Module F...

Page 115: ...vent dust from entering the chassis For how to install a blank panel refer to Installing a Blank Panel on page 7 4 Inserting and Removing a CF Card Installing a CF Card Follow these steps to install a CF card Step1 Make sure that the CF card LED is not flashing before proceeding with the next step Step2 Press the CF card eject button in and make sure it does not project from the panel Step3 Insert...

Page 116: ... the device will fail to boot up Removing the CF Card Follow these steps to remove the CF card Step1 Make sure that the CF card LED is not flashing before proceeding with the next step Step2 Press the eject button so that it projects from the panel Figure 7 19 Press the eject button Step3 Press the eject button again so that the CF card comes part way out and then pull the card out of the slot Fig...

Page 117: ...7 10 z Do not remove the CF card when the UTM device is booting or the LED is flashing to avoid hardware damage z To protect the CF card put it away in an antistatic bag ...

Page 118: ...roubleshooting the Configuration System 8 2 No Display on the Terminal Screen 8 2 Garbled Characters Displayed on the Terminal Screen 8 2 Serial Port Response Failure 8 2 Dealing With Password Loss 8 3 Troubleshooting the Cooling System 8 3 Troubleshooting Interface Cards Modules Cables and Connections 8 3 ...

Page 119: ... the chassis cover Step2 Check the power cord for loose connection or damage If no problem is found with the power cord and the problem persists contact your sales agent Troubleshooting Fans Symptom Fan failure message as shown below appears at reboot Jun 22 16 11 37 485 20072008 H3C DEV 4 FAN FAILED Fan 1 failed Solution Follow these steps to troubleshoot fans Step1 Remove the chassis cover Step2...

Page 120: ...ured in the emulation program z Terminal settings are incorrect The required settings are 9600 bits per second 8 data bits 1 stop bit no flow control and VT100 for terminal emulation type z The console cable is not in good condition Garbled Characters Displayed on the Terminal Screen Symptom After the device is powered on the configuration terminal displays illegible characters Solution If the Dat...

Page 121: ... temperature too high in Slot 0 index is 1 Jun 28 10 27 28 432 20072008 H3C DEV 1 BOARD TEMPERATURE UPPER Trap 1 3 6 1 4 1 2011 2 23 1 12 1 16 hwBoaardTemperatureHigher frameIndex is 0 slotIndex 0 0 Jun 28 10 27 28 433 20072008 H3C DEV 4 BOARD TEMP TOOHIGH Board temperature is too high on Frame 0 Slot 0 type is RPU When the temperature exceeds 90 C 194 F power off the device immediately and contac...

Page 122: ...latory compliance A 2 FCC Part 15 A 2 FDA A 2 Canada regulatory compliance A 2 ICES 003 A 2 Japan regulatory compliance A 3 VCCI A 3 EN55022 CISPR 22 Compliance A 3 Appendix B Safety Information Sicherheits informationen安全信息 B 1 Overview Überblick 概述 B 1 Conventions Used Symbole Erläuterung应用惯例 B 2 General Requirements Allgemeine Anforderungen通用要求 B 2 Power Cable Zuleitung电缆 B 4 Laser Laser激光辐射 B ...

Page 123: ... NZS CISPR22 CLASS A CISPR 24 EN 55024 EN 61000 3 2 EN 61000 3 3 Safety UL 60950 1 CAN CSA C22 2 No 60950 1 IEC 60950 1 EN 60950 1 A11 AS NZS 60950 EN 60825 1 EN 60825 2 FDA 21 CFR Subchapter J European Directives compliance LVD EMC Directive These products comply with the European Low Voltage Directive 2006 95 EC and EMC Directive 2004 108 EC A copy of the signed Declaration of Conformity can be ...

Page 124: ...therefrom shall be covered by the customers Note This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy an...

Page 125: ...isturbance may arise When such trouble occurs the user may be required to take corrective actions EN55022 CISPR 22 Compliance These products comply with the requirements of EN55022 CISPR 22 for Class A Information Technology Equipment ITE Warning If this equipment is used in a domestic environment radio disturbance may arise When such trouble occurs the user may be required to take corrective acti...

Page 126: ...lease follow the local safety regulations The safety precautions introduced in the product manuals are supplementary and subject to the local safety regulations When various operations are executed on the products the precautions and special safety instructions provided with the products must be followed to the full Anmerkung Lesen Sie bitte alle Arbeitsanweisungen und Sicherheitvorschriften sorgf...

Page 127: ...symbol and description Sicherheitssymbole und Beschreibung 安全标识和描述 Safety Symbol Symbole 安全标识 Description Erläuterung 描述 Generic alarm symbol To suggest a general safety concern Alarm Hinweis auf ein generelles Sicherheitsproblem 一般注意标识 用于一般安全提示 ESD protection symbol To suggest electrostatic sensitive equipment ESD Schutz Hinweis auf Beschädigung infolge elektrostatischer Entladung 防静电标识 用于表示静电敏感的...

Page 128: ...r ständigen Inbetriebnahme geerdet werden Der Querschnitt der Erdverbindung sollte mindestens 1 0mm2 betragen z 进行设备 系统操作前 请确保永久接地 并且用于进行保护接地连接的接地线截面不小于 1 0mm2 z For AC supplied model The device applies to TN power systems z Mit Wechselstrom betriebenes Modell Das Gerät arbeitet mit einem Phase Nullleiter System z AC 电源输入 此设备用于 TN 电源系统 z For DC supplied model The device applies to DC power source ...

Page 129: ...unkenflug verursachen was zu Feuer oder einer Augenverletzung führen kann 说明 禁止安装和移动带电的线缆 因为导电体和带电的线缆 即使短暂接触 也会引起电火花或电弧 从而 导致失火或是伤害眼睛 z Before the power cable is installed or removed the power switch must be turned off z Das System muss stets abgeschaltet werden bevor die Zuleitung angebracht oder entfernt wird z 在安装 移动线缆之前 请切断电源 z Before the power cable is connected it must be confirmed that the ...

Page 130: ...this equipment is Class 1 Die von diesem Laser ausgehende Gefahr entspricht der Kategorie 1 本设备的激光防护等级是 1 类 Warning When performing installation and maintenance operations of optical fibers you should not stand close to or look into the optical fiber outlet directly with unaided eyes Warnung Während der Installation und Instandhaltung der optischen Fasern dürfen Sie nicht zu nahe am Ausgang der op...