Clavister NetWall 100 Series, Getting Started Manual

Page 1: ...Clavister NetWall 100 Series Getting Started Guide...

Page 2: ...nties of merchantability or fitness for a particular purpose Clavister reserves the right to revise this publication and to make changes from time to time in the content hereof without any obligation...

Page 3: ...at Surface Installation 24 3 3 Management Computer Connection 25 3 4 Local Console Port Connection 28 3 5 Connecting Power 30 4 cOS Core Configuration 32 4 1 The NetWall 100 Series Default Configurati...

Page 4: ...ll 100 Series Interfaces and Ports 10 1 3 NetWall 100 Series Interface Ports 11 1 4 NetWall 100 Series Status Panel View 12 3 1 The NetWall 100 Series Local Console Port 28 3 2 NetWall 100 Series Powe...

Page 5: ...ft hand side of the page followed by a short paragraph in italicized text There are the following types of such sections Note This indicates some piece of information that is an addition to the preced...

Page 6: ...ample http www clavister com Trademarks Certain names in this publication are the trademarks of their respective owners cOS Core is the trademark of Clavister AB Windows Windows XP Windows Vista Windo...

Page 7: ...orted The NetWall 100 Series hardware product can run any cOS Core version from 14 00 00 onwards Earlier versions are not supported and a downgrade should not be attempted 1 1 Unpacking Figure 1 1 An...

Page 8: ...original unit in case of failure with the ability to quickly reassign the original cOS Core license to the standby unit When the faulty unit is returned to Clavister a new cold standby unit is immedia...

Page 9: ...s should be given to an appropriate service that deals with the disposal of such specialist materials WARNING REPLACE ANY INTERNAL BATTERIES CORRECTLY THERE IS A RISK OF EXPLOSION IF AN INTERNAL BATTE...

Page 10: ...n IPv4 DHCP server enabled on it so it will automatically hand out IP addresses belonging to the default management network to a connecting client In addition both the WAN1 and WAN2 interfaces have an...

Page 11: ...ure 1 3 NetWall 100 Series Interface Ports The full connection capabilities of all the NetWall 100 Series Ethernet interfaces are listed at the end of Appendix A NetWall 100 Series Specifications RJ45...

Page 12: ...100 Series status Upper Green LED This shows power is supplied to the unit Lower Blue LED cOS Core has started and is running The three rows of twin LEDs marked WAN1 WAN2 LAN1 and LAN2 mirror the stat...

Page 13: ...r This might require an upgrade of the factory installed cOS Core version The cOS Core configuration is in its factory default state Following an upgrade to a version that supports zero touch or any c...

Page 14: ...replacement hardware is connected to the Internet InControl can automatically install the correct license as well as the correct cOS Core version In addition InControl will upload its copy of the cOS...

Page 15: ...the cOS Core management interfaces In addition log message alerts can be automatically generated if a sensor reaches a value outside of its normal operational range Configuring this feature as well a...

Page 16: ...Chapter 1 NetWall 100 Series Overview 16...

Page 17: ...the wizard will provide a link to the registration page so it can be done while the wizard is running Registration of a NetWall 100 Series Hardware Unit This is mandatory for every hardware unit befo...

Page 18: ...k 3 The registration page is now presented The required information should be filled in In the example below a user called John Smith is registering 4 When the registration details are accepted an ema...

Page 19: ...tion has been successful and logging in is now possible 7 After logging in the customer name is displayed with menu options for changing settings and logging out Note also that multi factor authentica...

Page 20: ...up If the unit does not have Internet access then manual registration is required and this is done using the following steps 8 Now log into the MyClavister website and select the Register License menu...

Page 21: ...download and installation from Clavister servers This installation can be done automatically through the cOS Core Setup Wizard which is described in Section 4 2 Web Interface and Wizard Setup If the N...

Page 22: ...ance to connect it to the power source Using Other Power Cords If your installation requires a different power cord than the one supplied with the appliance be sure to use a cord displaying the mark o...

Page 23: ...That is to say the temperature most commonly found in a modern office and in which humans feel comfortable This is usually considered to be between 20 and 25 degrees Celsius 68 to 77 degrees Fahrenhe...

Page 24: ...be wall mounted by sliding the two brackets on the underside of the unit onto suitably located mounting screws Important Always leave space around the appliance Always ensure there is adequate space a...

Page 25: ...standalone management computer sometimes referred to as the management workstation can be used to access the cOS Core Web Interface This provides an intuitive graphical interface for cOS Core managem...

Page 26: ...for Internet Access For access to the public Internet another 100 Series Ethernet interface should be selected for connection to an ISP In this guide it will be assumed that the interface WAN1 will be...

Page 27: ...y enables a DHCP server on the firewall s LAN1 interface and this will allocate the relevant IP address to the management computer using DHCP If the management computer is configured manually the foll...

Page 28: ...J45 RS 232 port on the far right hand side of the NetWall 100 Series s front panel Figure 3 1 The NetWall 100 Series Local Console Port Requirements for NetWall 100 Series Local Console Connection To...

Page 29: ...access via the management Ethernet interface Username admin Password admin It is recommended to change the password for this user during initial cOS Core configuration Remote Console Connection Using...

Page 30: ...ess of the boot up can be seen on a CLI console connected to the local console port 4 After a brief period of time cOS Core will be fully initialized and the NetWall 100 Series is then ready for confi...

Page 31: ...Chapter 3 Installation 31...

Page 32: ...Configuration This section described the predefined entries in the default cOS Core configuration that are unique to the NetWall 100 Series Ethernet Interface DHCP settings The NetWall 100 Series appl...

Page 33: ...nternet through WAN1 or alternatively WAN2 if WAN1 is not available The Predefined all nets Routes There is a predefined all nets route for both the WAN1 and WAN2 interfaces The WAN1 route has a lower...

Page 34: ...tion window as shown in the example below Note HTTP access is disabled HTTP management access is disabled in the default cOS Core configuration and HTTPS must be used Unencrypted HTTP access can be en...

Page 35: ...itial login dialog page as shown below The available Web Interface language options are selectable at the bottom of this dialog This defaults to the language set for the browser if cOS Core supports t...

Page 36: ...nterfaces is Already Enabled It should be noted that the following will already be configured The LAN1 interface has a DHCP server enabled so a management computer or clients on the connected network...

Page 37: ...is recommended to leave this option enabled which means that the default admin password must be changed to a conforming strong password before the wizard can move on to the next step Note that restori...

Page 38: ...ally set up transparent mode interfaces in the startup wizard is only available with cOS Core version 11 04 or later Also the available interface list shown above will vary according to the platform o...

Page 39: ...ry DNS server field 5B DHCP automatic configuration All required IP addresses will automatically be retrieved from the ISP s DHCP server with this option No further configuration is required for this...

Page 40: ...on with PPTP Wizard step 6 DHCP server settings If the Clavister Next Generation Firewall is to function as a DHCP server it can be enabled here in the wizard on a particular interface or configured l...

Page 41: ...twork Time Protocol servers keep the system date and time accurate Syslog servers can be used to receive and store log messages sent by cOS Core By selecting the Clavister option the current time will...

Page 42: ...registration has not been previously been done a link is provided to open a browser window to complete registration After registration come back to this step Alternatively this step can be skipped and...

Page 43: ...nterface To describe manual Internet setup it is assumed here that the LAN2 interface will be used for connection to a protected internal client network and the WAN2 interface will be used for connect...

Page 44: ...et correctly To do this select System Device Date and Time The current system time is displayed and this can be changed by selecting the date and time fields then manually entering the desired figures...

Page 45: ...current and active configuration Doing this is discussed next Activating Configuration Changes To activate any cOS Core configuration changes made so far select the Save and Activate option from the...

Page 46: ...eave changes uncommitted for long periods of time such as overnight since any system outage will result in the pending changes being lost Automatic Logout If there is no activity through the Web Inter...

Page 47: ...and will contain a number of predefined objects automatically created by cOS Core after it scans the interfaces for the first time The screenshot below shows the initial address book for the NetWall...

Page 48: ...h will connect to the ISP s gateway Lastly set the IP4 Address object WAN2_net to be 203 0 113 0 24 Both the address objects and wan_gw must belong to the same network in order for the interface to co...

Page 49: ...defined in a cOS Core routing table which specifies on which interface cOS Core can find the traffic s destination IP address If multiple matching routes are found cOS Core uses the route that has th...

Page 50: ...n for clarity By using NAT cOS Core will use the destination interface s IP address as the source IP This means that external hosts will send their responses back to the interface IP and cOS Core will...

Page 51: ...ing up the required IP4 Address objects Note Disabling automatic route generation Automatic route generation is enabled and disabled with the setting Automatically add a default route for this interfa...

Page 52: ...is information For cOS Core to know on which interface to find the public Internet a route has to be added to the main cOS Core routing table which specifies that the network all nets can be found on...

Page 53: ...source interface to flow to the destination network all nets and the destination interface Here the destination interface is the PPPoE tunnel that has been defined D PPTP setup For PPTP connections a...

Page 54: ...s interface is to have a DHCP server enabled on it first create an IP4 Address object which defines the address range to be handed out Here it is assumed that this has the name dhcp_range It is also a...

Page 55: ...dialog will appear Specify a name for example my_syslog and specify the address as the syslog_ip object Tip Address book object naming The cOS Core address book is organized alphabetically so when cho...

Page 56: ...uch traffic as well as generate a log message when it is triggered In order to gain more control over dropped traffic and its logging it is recommended to create an explicit drop all IP policy as the...

Page 57: ...icense should be installed to remove the cOS Core 2 hour demo mode limitation Without a license installed cOS Core will have full functionality during the 2 hour period following startup but after tha...

Page 58: ...nce connection is made to the CLI pressing the Enter key will cause cOS Core to respond The response will be a normal CLI prompt if connecting directly through the local console port and a username pa...

Page 59: ...an only be changed after initial startup All cOS Core interfaces are logically equal for cOS Core and although their physical capabilities may be different any interface can perform any logical functi...

Page 60: ...ally creates and fills the InterfaceAddresses folder in the cOS Core address book with Ethernet interface related IPv4 address objects Note that when an IP address object which is located in a folder...

Page 61: ...e manually created to allow Internet access for clients on LAN2 via interface WAN2 The following command will add an IP policy called lan_to_wan to allow HTTP and HTTPS traffic through to the public I...

Page 62: ...from the ISP s DHCP server by enabling DHCP on the interface connected to the ISP Note that the 100 Series DHCP is already enabled on the WAN1 interface by default If DHCP needs to be enabled on any o...

Page 63: ...PPTP connection first define the PPTP tunnel interface The following command will create a PPTP tunnel object called wan_pptp with the remote endpoint 203 0 113 1 Device add Interface L2TPClient wan_p...

Page 64: ...hat if activation fails because of a weak password the old admin password must be reset anyway even if the new value is the same as the old DHCP Server Setup Any interface on the NetWall 100 Series ca...

Page 65: ...send logs to an external Syslog server a log receiver object must be configured For example the following command will send logs to a Syslog server at the IP address 192 0 2 10 Device add LogReceiver...

Page 66: ...urce and destination interface set to any The service would be set to all_services in order to trigger on all traffic types The following command defines an explicit drop all policy with logging disab...

Page 67: ...Mbps Installation Methods The following methods can be used for installing the first cOS Core license in the 100 Series unit Automatically through the Setup Wizard As described in Section 4 2 Web Int...

Page 68: ...ough the Web Interface or when using the startup wizard the options to restart or reconfigure are presented to the administrator With the CLI and SCP these options are not presented and restart must b...

Page 69: ...product which is used for managing cOS Core configurations This method can also be used to install the first license Licenses and license installation are described further in the separate cOS Core Ad...

Page 70: ...ss of the management computer is not configured correctly 4 Is the management interface properly connected Check the link indicator lights on the management interface If they are dark then there may b...

Page 71: ...the command Device arpsnoop none 7 Check the management access rules for a network connection If connecting to the default management interface using the Web Interface or an SSH client check that the...

Page 72: ...Chapter 4 cOS Core Configuration 72...

Page 73: ...The current cOS Core configuration will be lost but can be restored if a backup is available With the NetWall 100 Series a reset can be done in one of the following ways Using the Web Interface A fact...

Page 74: ...tedly pressing the Esc key while cOS Core is starting up The resetting of Ethernet interface IP addresses will not affect the local console connection The complete procedure is performed with the foll...

Page 75: ...roduct or any other misuse Any replacement Hardware will be warranted for the remainder of the original warranty period or thirty days whichever is longer Note that the term Start Date means the earli...

Page 76: ...ndling charge in addition to mailing and or shipping costs Note that the procedures for swapping any NetWall hardware model with an identical or different model type are described in the separate NetW...

Page 77: ...user serviceable parts inside these products Only service trained personnel can perform any adjustment maintenance or repair S kerhetsf reskrifter Dessa produkter r s kerhetsklassade enligt klass I oc...

Page 78: ...elle zu den Ger teingabeterminals den Netzkabeln oder dem mit Strom belieferten Netzkabelsatz voraus Sobald Grund zur Annahme besteht dass der Schutz beeintr chtigt worden ist das Netzkabel aus der Wa...

Page 79: ...rna de puesta a tierra Es preciso que exista una puesta a tierra continua desde la toma de alimentac on el ctrica hasta las bornas de los cables de entrada del aparato el cable de alimentaci n hasta h...

Page 80: ...torage Humidity 0 to 95 non condensing Operating Temperature 5 to 35 C Vibration shock 10 500 Hz 2G 10min 1 cycle period for 60min each along X Y Z Power Specifications Power Supply AC 100 240 VAC 50...

Page 81: ...Clavister AB Sj gatan 6J SE 89160 rnsk ldsvik SWEDEN Head office Sales 46 0 660 299200 Customer support 46 0 660 297755 www clavister com...