ADTRAN NetVanta 2730, Getting Started Manual

Page 1: ......

Page 2: ... on your Local Area Network LAN will have secure Internet access Document Contents This document contains the following sections Pre Configuration Tasks page 1 Preparing Your WWAN PC Card page 7 Registering Your Appliance page 11 Deployment Scenarios page 17 Verifying Your Connection page 35 Enabling Essential Security Services page 39 Additional Deployment Configuration page 47 Product Safety and...

Page 3: ...d activity Provides Ethernet port status as follows link spd activity LAN WAN Port Status PC Card Status Provides WWAN PC Card status as follows signal link act 10 100 Ethernet Port Status Provides Ethernet port status as follows link spd activity 10 100 1 000 Ethernet Port Off 10M Green 100M Solid link Blinking activity Off 10M Green 100M Amber 1 000M Solid link Blinking activity Off 10M Green 10...

Page 4: ...ources WAN Port X1 Provides dedicated WAN Internet Ethernet Port X2 Provides an additional Gigabit capable Ethernet port for general use Power Supply Provides power connection using supplied power cable Reset Button Press and hold to manually reset the appliance to SafeMode Ethernet Ports X3 X7 Provides configurable 10 100 Ethernet ports for connection to network devices on WAN LAN DMZ and other zo...

Page 5: ... iv ADTRAN NetVanta 2730 LED Reference Guide ADTRAN NetVanta 2730 LED Reference Guide Pwr LED Operational Unavailable Solid ROM Booting Firmware Loading Blinking SafeMode enabled Test LED PWR TEST PWR TEST ...

Page 6: ...ction provides pre configuration information Review this section before setting up your ADTRAN NetVanta 2730 appliance Checking NetVanta 2730 Package Contents page 2 Obtaining Configuration Information page 3 Obtaining WWAN Service Provider Information page 5 Verifying System Requirements page 5 1 ...

Page 7: ...hernet Cable 1 2 3 4 Release Notes Getting Started Guide 5 8 9 6 Any Items Missing If any items are missing from your package please contact ADTRAN support at 1 888 4 ADTRAN A listing of the most current support documents are available online at http www adtran com support The included power cord is intended for use in North America only For European Union EU customers a power cord is not included...

Page 8: ...ur ADTRAN appliance LAN IP Address Select a static IP address for your ADTRAN appliance that is within the range of your local subnet If you are unsure you can use the default IP address 192 168 168 168 Subnet Mask Record the subnet mask for the local subnet where you are installing your ADTRAN appliance Ethernet WAN IP Address Select a static IP address for your Ethernet WAN This setting only app...

Page 9: ...assword Note Your ISP may require your user name in the format name ISP com T1 E1 Static broadband Cable or DSL with a static IP Static IP IP Address Subnet Mask Default Gateway IP Address Primary DNS Secondary DNS optional Dial in to a server PPTP Server Address User Name Password If you connect via You likely use Please record Cable modem DSL with a router DHCP Host Name Home DSL PPPoE User Name...

Page 10: ...ript and HTTP uploads Supported browsers include the following Country Record the country where you purchased your WWAN card ServiceProvider Record the service provider from whom you purchased your WWAN card This is the brand name of the card Plan Type Record the plan type that you purchased from your provider If you are unsure about this information you may use Standard as the plan type User Name...

Page 11: ...Page 6 Verifying System Requirements ...

Page 12: ... Card Software page 8 Verifying Your Connection page 9 Alert DO NOT insert your PC card into the ADTRAN NetVanta 2730 appliance until you have completed the setup process for your card as described in this section If your WWAN PC card is already registered and activated with your service provider and you are able to access the Internet through your PC using this card you may skip this section and ...

Page 13: ...equired to remove the PIN protection from your SIM chip before using it with the appliance Please contact your WWAN service provider for more information on setup and PIN removal procedures Activating Your PC Card Software This section covers prerequisites necessary to set up most WWAN PC cards to work with the ADTRAN NetVanta 2730 Using an available desktop or laptop PC with Type II PC card slot ...

Page 14: ...interface select Start Run 3 Enter cmd in the Open field and click the OK button 4 At the prompt type the command ipconfig and press Enter on the keyboard 5 Your network device status will display Verify that you have obtained an IP Address for your Ethernet adaptor and that all other Local Area Network Connections display Media disconnected as their status Note The name of your Ethernet adaptor m...

Page 15: ...Page 10 WWAN PC Card Setup ...

Page 16: ...0 appliance Before You Register page 12 Creating a NetVanta Security Portal Account page 13 Registering and Licensing Your Appliance on NetVanta Security Portal page 13 Registration Next Steps page 16 Note Registration is an important part of the setup process and is necessary to receive the benefits of ADTRAN security services firmware updates and technical support 3 ...

Page 17: ...d register your appliance directly from the management interface once you reach Activating Licenses page 40 For a High Availability HA configuration you must use NetVanta Security Portal to associate a backup unit that can share the Security Services licenses with your primary appliance If you do not yet have a NetVanta Security Portal account you can use NetVanta Security Portal to register your ...

Page 18: ...istration page 13 Licensing Security Services and Software page 14 Managing Licenses page 14 Registering a Second Appliance as a Backup page 15 Product Registration You must register your ADTRAN security appliance on NetVanta Security Portal to enable full functionality 1 Login to your NetVanta Security Portal account If you do not have an account you can create one at www adtran com NetVantaSecur...

Page 19: ...nterprise Support Services Dynamic Support 8x5 Dynamic Support 24x7 Software and Firmware Updates Managing Licenses To manage your licenses perform the following tasks 1 In the NetVanta Security Portal Service Management Associated Products page check the Applicable Services table for services that your ADTRAN appliance is already licensed for Your initial purchase may have included security servi...

Page 20: ...g a Second Appliance as a Backup To ensure that your network stays protected if your ADTRAN appliance has an unexpected failure you can purchase a license to associate a second appliance of the same model as the first in a High Availability HA pair After registering and associating the second appliance this appliance will automatically share the Security Services licenses of the primary appliance ...

Page 21: ...nse for the backup unit This will ensure that you do not miss any reporting data in the event of a failover Under Desktop Server Software click Buy Now for ViewPoint Follow the instructions to complete the purchase To return to the Service Management Associated Products page click the serial number link for this appliance For information on configuring an HA pair see Scenario B HA Pair in NAT Rout...

Page 22: ...onnecting your ADTRAN NetVanta 2730 Initializing the NetVanta 2730 page 18 Selecting a Deployment Scenario page 19 Scenario A NAT Route Mode Gateway page 20 Scenario B HA Pair in NAT Route Mode page 24 Scenario C L2 Bridge Mode page 31 Tip Before completing this section fill out the information in Obtaining Configuration Information page 3 You will need to enter this information during the Setup W...

Page 23: ...de of the ADTRAN NetVanta 2730 appliance The card should sit firmly in place Applying Power 1 Connect the AC plug to the power supply 2 Plug one end of the power supply to the back of the ADTRAN NetVanta 2730 Warning ADTRAN power supplies are platform specific Do not use power supplies from other ADTRAN platforms 3 Connect the AC plug to an appropriate power outlet The Power LED on the front panel...

Page 24: ...anta 2730 as replacement for an existing gateway appliance A NAT Route Mode Gateway ADTRAN NetVanta 2730 in addition to an existing gateway appliance C Layer 2 Bridge Mode Existing ADTRAN NetVanta 2730 gateway appliance ADTRAN NetVanta 2730 in addition to an existing ADTRAN NetVanta 2730 gateway appliance B NAT with HA Pair A Internet DMZ Zone LAN Zone link spd M0 X0 lan X1 wan X2 X3 X4 X5 X6 X7 X...

Page 25: ...gateway Two Internet sources may be routed through the ADTRAN appliance for load balancing and failover purposes Because only a single ADTRAN appliance is deployed the added benefits of high availability with a stateful synchronized pair are not available A Internet DMZ Zone LAN Zone link spd M0 X0 lan X1 wan X2 X3 X4 X5 X6 X7 X8 signal link act activity NSA 240 WWAN WAN Internet ...

Page 26: ...onnect the other end of the cable to the X0 port on your ADTRAN NetVanta appliance The Link LED above the X0 LAN port will light up in green or amber depending on the link throughput speed indicating an active connection Amber indicates 1 Gbps Green indicates 100 Mbps Unlit while the right activity LED is illuminated indicates 10 Mbps Accessing the Management Interface The computer you use to mana...

Page 27: ...subnet Do you have the Ethernet cable connected to your computer and to the X0 LAN port on your appliance Is the connector clip on your network cable properly seated in the port of the security appliance Note Some pop up blockers may prevent the launch of the Setup Wizard You can temporarily disable your pop up blocker or add the management IP address of your appliance 192 168 168 168 by default t...

Page 28: ...AN home page you have configured your ADTRAN NetVanta 2730 appliance correctly If you cannot view the ADTRAN home page renew your management station DHCP address 4 If you still cannot view a Web page try one of these solutions Restart your Management Station to accept new network settings from the DHCP server in the ADTRAN security appliance Restart your Internet Router to communicate with the DHC...

Page 29: ...e ADTRAN NetVanta 2730 operates as the primary gateway device and the other ADTRAN NetVanta 2730 is in passive mode All network connection information is synchronized between the two devices so that the backup appliance can seamlessly switch to active mode without dropping any connections if the primary device loses connectivity B Internet Adtran 1 Adtran 2 HA Link link spd M0 X0 lan X1 wan X2 X3 ...

Page 30: ... perform the following setup 1 On the back panel of the Backup ADTRAN security appliance locate the serial number and write the number down You need to enter this number in the High Availability Settings page 2 Verify that the Primary appliance and Backup ADTRAN security appliances are registered and running the same ADTRAN Security services 3 Make sure the Primary appliance and Backup ADTRAN secu...

Page 31: ...eful HA select Enable Stateful Synchronization A dialog box is displayed with recommended settings for the Heartbeat Interval and Probe Interval fields The settings it shows are minimum recommended values Lower values may cause unnecessary failovers especially when the appliance is under a heavy load You can use higher values if your appliance handles a lot of network traffic Click OK Tip Preempt ...

Page 32: ...ed when a failover occurs on a HA pair that is using either RIP or OSPF dynamic routing and it is only displayed when the Advanced Routing option is selected on the Network Routing page When a failover occurs Dynamic Route Hold Down Time is the number of seconds the newly active appliance keeps the dynamic routes it had previously learned in its route table During this time the newly active applia...

Page 33: ...e added security of not synchronizing certificates is to temporarily enable the Include Certificate Keys setting and manually synchronize the settings and then disable Include Certificate Keys To verify that Primary and Backup ADTRAN security appliances are functioning correctly wait a few minutes then trigger a test failover by logging into the Primary unit and doing a restart The Backup ADTRAN s...

Page 34: ... protection provided before the failover To enable HA you can use the interface to configure your two appliances as a HA pair in Active Idle mode NetVanta Security Portal provides several methods of associating the two appliances You can start by registering a new appliance and then choosing an already registered unit to associate it with You can associate two units that are both already registere...

Page 35: ... Products page scroll down to the Associated Products section 4 Under Associated Products click HA Secondary 5 On the My Product Associated Products page in the text boxes under Associate New Products type the serial number and the friendly name of the appliance that you want to associate as the child secondary backup unit 6 Select the group from the Product Group drop down list The product group ...

Page 36: ...etwork traffic L2 Bridge Mode employs a secure learning bridge architecture enabling it to pass and inspect traffic types that cannot be handled by many other methods of transparent security appliance integration Using L2 Bridge Mode a ADTRAN security appliance can be non disruptively added to any Ethernet network to provide in line deep packet inspection for all traversing IPv4 TCP and UDP traffi...

Page 37: ...nnect the X1 port on your ADTRAN NetVanta 2730 to the LAN port on your existing Internet gateway device Then connect the X0 port on your ADTRAN to your LAN Configuring the Primary Bridge Interface The primary bridge interface is your existing Internet gateway device The only step involved in setting up your primary bridge interface is to ensure that the WAN interface is configured for a static IP ...

Page 38: ...In the Bridged to drop down list select the X1 interface 5 Configure management options HTTP HTTPS Ping SNMP SSH User logins or HTTP redirects 6 Click OK Note Do not enable Never route traffic on the bridge pair unless your network topology requires that all packets entering the L2 Bridge remain on the L2 Bridge segments You may optionally enable the Block all non IPv4 traffic setting to prevent t...

Page 39: ...Page 34 Scenario C L2 Bridge Mode ...

Page 40: ...s instructions to ensure proper connectivity of your ADTRAN NetVanta 2730 appliance Verifying Management Interface Connectivity page 36 Verifying WAN Internet Connectivity page 36 Viewing the WWAN Connection Status page 37 Managing the WWAN Connection Status page 37 Verifying WWAN Failover Functionality page 38 5 ...

Page 41: ...ystem Security Dashboard page displays then you have correctly configured the ADTRAN NetVanta 2730 to work with the computer on your LAN Complete the next section to verify WAN Internet connectivity Verifying WAN Internet Connectivity Complete the following steps to confirm your Internet connectivity 1 In the Windows interface of a computer connected to the LAN port select Start Run 2 Enter cmd in...

Page 42: ...ager window allows you to connect disconnect and view current WWAN connection status 1 In the ADTRAN NetVanta 2730 appliance management interface navigate to Network Interfaces 2 In the Interface Settings section under WWAN click the Manage button 3 The Connection Manager windows displays your connection status 4 If the Connection Manager shows disconnected click the Connect button You will connec...

Page 43: ...ctivity Refer to the front panel of the appliance to see when the WWAN PC card shows activity 3 Launch a Website such as http www adtran com in a browser using a computer that is connected to the ADTRAN NetVanta 2730 appliance and using the appliance as its sole Internet connection If the Website displays your ADTRAN NetVanta 2730 is operational and connected to a valid WWAN service provider accou...

Page 44: ...rity services are an essential component of a secure network deployment This section provides instructions for registering and enabling security services on your ADTRAN NetVanta 2730 appliance Activating Licenses page 40 Enabling Security Services page 40 Applying Security Services to Network Zones page 46 6 ...

Page 45: ...ncludes all license keys for services or software enabled on NetVanta Security Portal It is available on http www adtran com NetVantaSecurityPortal To activate licenses 1 Navigate to the System Licenses page 2 Under Manage Security Services Online do one of the following Enter your NetVanta Security Portal credentials then click the Synchronize button to synchronize licenses with NetVanta Security...

Page 46: ...ialog box you can configure the following Restrict Transfer of password protected Zip files Disables the transfer of password protected ZIP files over any enabled protocol This option only functions on protocols that are enabled for inspection Restrict Transfer of MS Office type files containing macros VBA 5 and above Disables the transfers of any MS Office files that contain VBA macros Restrict T...

Page 47: ... scanning 9 When finished in the Add GAV Range dialog box click OK 10 In the Gateway AV Config View window click OK 11 In the Security Services Gateway Anti Virus page click Accept Enabling Intrusion Prevention Services To enable Intrusion Prevention Services 1 Navigate to the Security Services Intrusion Prevention page Select the Enable Intrusion Prevention checkbox 2 In the Signature Groups tabl...

Page 48: ...window select Enable IPS Exclusion List and then click Add to define a range of IP addresses whose traffic will be excluded from ADTRAN IPS scanning 6 When finished in the Add IPS Range dialog box click OK 7 In the IPS Config View window click OK 8 In the Security Services Intrusion Prevention page click Accept Enabling Anti Spyware To enable Anti Spyware 1 Navigate to the Security Services Anti S...

Page 49: ... Enable Anti Spyware Exclusion List and then click Add to define a range of IP addresses whose traffic will be excluded from ADTRAN Anti Spyware scanning 8 When finished in the Add Anti Spyware Range dialog box click OK 9 In the Anti Spyware Config View window click OK 10 Select the Enable Inbound Inspection checkboxes for the protocols to inspect By default ADTRAN GAV inspects all inbound HTTP FT...

Page 50: ...istrator checkbox 2 Click Accept Enabling and Adding to the CFS Exclusion List To enable the CFS Exclusion List and add a range of IP addresses to it perform the following steps 1 Select the Enable CFS Exclusion List checkbox 2 Click Add The Add CFS Range Entry window is displayed 3 Enter the first IP address in the excluded range into the IP Address From field and the last address into the IP Add...

Page 51: ...tically applied to the LAN and WAN network zones To protect other zones such as the DMZ you must apply the security services to the network zones To apply services to network zones 1 Navigate to the Network Zones page 2 In the Zone Settings table click the Configure icon for the zone where you want to apply security services 3 In the Edit Zone dialog box on the General tab select the checkboxes fo...

Page 52: ...your deployment This section also contains several diagnostic tools and a deployment configuration reference checklist Manually Configuring WWAN Failover page 48 Configuring Additional Interfaces page 48 Configuring PortShield Interfaces page 51 Creating Network Access Rules page 51 Creating a NAT Policy page 54 Upgrading Firmware on Your ADTRAN page 56 Troubleshooting Diagnostic Tools page 59 pag...

Page 53: ...hernet with WWAN Failover Note If you WWAN service plan is bandwidth time limited enable Configure Data Usage Limiting to stay within your plan s limitations Configuring Additional Interfaces The Web based management interface allows you to configure two ports as WAN interfaces Port X1 is preconfigured as the WAN You have the option of choosing another port X2 X8 to configure as a second WAN inter...

Page 54: ...ng follow the steps below 1 On the Network WAN Failover LB page select Enable Load Balancing 2 If there are multiple possible secondary WAN interfaces select an interface from the Secondary WAN Ethernet Interface 3 Select a load balancing method By default the appliance will select Basic Active Passive Failover as a method but there are four load balancing methods available ...

Page 55: ...rface 4 Click Accept WAN Probe Monitoring Enabling probe monitoring on the Network WAN Failover Load Balancing page instructs the ADTRAN security appliance to perform logical checks of upstream targets to ensure that the line is indeed usable eliminating this potential problem as well as continue to do physical monitoring Under the default probe monitoring configuration the appliance performs an I...

Page 56: ...tinue This will prompt a configuration summary to appear Verify the ports assigned are correct 3 Click Apply to change port assignments Note If you select WAN DMZ LAN Switch the X3 X8 ports will all be in a single PortShield group Navigate to Network Interfaces to enable or disable PortShield on each port Creating Network Access Rules A Zone is a logical grouping of one or more interfaces designed...

Page 57: ... specific at the top to the least specific at the bottom of the table At the bottom of the table is the Any rule Note The default firewall rules are set in this way for ease of initial configuration but do not reflect best practice installations Firewall rules should only allow the required traffic and deny all other traffic 2 In the Add Rule page in the General tab select Allow or Deny or Discard...

Page 58: ...hedule from the Schedule drop down list The default schedule is Always on Enter any comments to help identify the access rule in the Comments field 3 Click on the Advanced tab In the TCP Connection Inactivity Timeout minutes field set the length of TCP inactivity after which the access rule will time out The default value is 15 minutes In the UDP Connection Inactivity Timeout minutes field set the...

Page 59: ...ailable for use wherever applicable throughout the management interface For example consider an internal Web server with an IP address of 67 115 118 80 Rather than repeatedly typing in the IP address when constructing Access Rules or NAT Policies you can create an Address Object to store the Web server s IP address This Address Object My Web Server can then be used in any configuration screen that...

Page 60: ...list 5 Select Host Range Network MAC or FQDN from the Type menu For Host enter the IP address in the IP Address field For Range enter the starting and ending IP addresses in the Starting IP Address and Ending IP Address fields For Network enter the network IP address and netmask in the Network and Netmask fields For MAC enter the MAC address in the MAC Address field For FQDN enter the domain name ...

Page 61: ...ation select Create new address object and create a new address object using WAN for Zone Assignment and Host for Type 6 For Original Service select HTTP 7 For Translated Service select Original 8 For Inbound Interface select X0 9 For Outbound Interface select Any 10 For Comment enter a short description 11 Select the Enable NAT Policy checkbox 12 Select the Create a reflexive policy checkbox if y...

Page 62: ...up Your configuration preferences are saved The System Backup entry is displayed in the Firmware Management table 2 To export your settings to a local file click Export Settings A popup window displays the name of the saved file Upgrading the Firmware with Current Settings Perform the following steps to upload new firmware to your ADTRAN appliance and use your current configuration settings upon s...

Page 63: ...ing when the ADTRAN security appliance has rebooted into SafeMode 3 Point the Web browser on your computer to 192 168 168 168 The SafeMode management interface displays 4 If you have made any configuration changes to the security appliance select the Create Backup On Next Boot checkbox to make a backup copy of your current settings Your settings will be saved when the appliance restarts 5 Click Up...

Page 64: ...2 Using Packet Capture Packet Capture allows you to capture and examine the contents of individual data packets that traverse your ADTRAN firewall appliance The captured packets contain both data and addressing information The System Packet Capture page provides a way to configure the capture criteria display settings and file export settings and displays the captured packets The Packet Capture sc...

Page 65: ...e capture Once the configuration is complete click Start to begin capturing packets The settings available in the five main areas of configuration are summarized below General number of bytes to capture wrap capture buffer Capture Filter interfaces packet types source destination Display Filter interfaces packet types source destination Logging automatic transfer of buffer to FTP server Advanced g...

Page 66: ...hen the problem lies with the ISP connection Using the Active Connections Monitor The Active Connections Monitor displays real time exportable plain text or CSV filterable views of all connections to and through the ADTRAN security appliance This tool is available on the Systems Diagnostics page You can filter the results to display only connections matching certain criteria You can filter by Sour...

Page 67: ...dress for convenience and archiving The log is displayed in a table and can be sorted by column You can filter the results to display only event logs matching certain criteria You can filter by Priority Category Source IP or Interface and Destination IP or Interface The fields you enter values into are combined into a search string with a logical AND Select the Group Filters box next to any two or...

Page 68: ...regulatory trademark and copyright information Safety and Regulatory Information page 64 Safety and Regulatory Information in German page 65 FCC Part 15 Class B Notice page 66 Copyright Notice page 67 Trademarks page 67 Note Safety and Regulatory compliance in this section is based on SonicWALL Inc regulatory model type as shown 8 ...

Page 69: ... wiring Appropriate consideration of equipment nameplate ratings must be used when addressing this concern Lithium Battery Warning The Lithium Battery used in the ecurity appliance may not be replaced by the user Return the security appliance to an authorized service center for replacement with the same or equivalent type recommended by the manufacturer If for any reason the battery or security ap...

Page 70: ...ck befestigt ist Hinweis zur Lithiumbatterie Die in der Internet Security Appliance von verwendete Lithiumbatterie darf nicht vom Benutzer ausgetauscht werden Zum Austauschen der Batterie muss die in ein von autorisiertes Service Center gebracht werden Dort wird die Batterie durch denselben oder entsprechenden vom Hersteller empfohlenen Batterietyp ersetzt Beachten Sie bei einer Entsorgung der Bat...

Page 71: ... the separation between the equipment and the receiver Connect the equipment into an outlet on a circuit different from the receiver connection Consult ADTRAN 1 888 4 ADTRAN for assistance Complies with EN55022 Class B and CISPR22 Class B Refer to the label on the bottom of the unit for device information including Class A or Class B FCC information Canadian Radio Frequency Emissions Statement Thi...

Page 72: ...e law copying includes translating into another language or format Specifications and descriptions subject to change without notice Trademarks ADTRAN is a registered trademark of ADTRAN Microsoft Windows 98 Windows Vista Windows 2000 Windows XP Windows Server 2003 Internet Explorer and Active Directory are trademarks or registered trademarks of Microsoft Corporation Netscape is a registered tradem...

Page 73: ...ADTRAN NetVanta 2730 Getting Started Guide Page 68 Notes ...

Page 74: ......