Dell PowerConnect J-SRX100S, Getting Started Manual

Page 1: ...Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide ...

Page 2: ...es instructions for basic installation and configuration of the Dell PowerConnect J Series J SRX100S SU Services Gateway Document Contents 1 Getting Started with the Dell PowerConnect J Series J SRX100S SU Services Gateway 3 2 Setting Up Your Network 6 3 Performing Advanced Network Configuration 19 4 Enabling Security Services 25 5 Powering Off the Device 40 6 Support and Training Options 41 ...

Page 3: ... Web filtering IP Security IPsec and virtual private network VPN services for small sized and medium sized companies The services gateway can be connected directly to traditional private networks such as leased lines Frame Relay or MPLS or to the public Internet The services gateway runs the Junos operating system Junos OS This chapter provides the Dell PowerConnect J Series J SRX100S SU Services ...

Page 4: ...onnec on to Junos Command line interface ALARM minor major alarm POWER device is powered on STATUS device is func oning HA device is part of chassis clustering For use with Dell supported USB storage devices On I and Off o power Restore the device to the factory default configura on fe 0 0 0 DHCP Client 10 100 Ethernet Lock For holding the power cord on the power supply Grounding Point Cable Tie H...

Page 5: ...rted Guide Safety and Environmental Regulation Information SERI End User License Agreement EULA Registration and Software Updates information Warranty and support Information WSI Open Source Code Notice 1 3 1 Any Items Missing If any items are missing from your package contact Dell customer support at www support dell com NOTE If you have purchased a UTM subscription the license authorization code...

Page 6: ...tanding the Default Configuration Settings 11 2 5 Verifying the System Requirements 11 2 6 Accessing the J Web Interface 11 2 7 Configuring the Basic Settings 13 2 8 Verifying the Configuration 17 This chapter provides preconfiguration and configuration instructions for connecting your Dell PowerConnect J Series J SRX100S SU Services Gateway Review this chapter to set up your services gateway 2 Se...

Page 7: ...Unified Threat Management UTM Intrusion Detection and Prevention IDP licenses on the device Serial Number Record the serial number found on the bottom of the chassis of your Dell PowerConnect J Series J SRX100S SU Services Gateway Authorization Code Record the authorization code provided by Dell NOTE Use the authorization code only if you have purchased subscription licenses for UTM and IDP 2 1 2 ...

Page 8: ...formation if your ISP uses Dynamic Host Configuration Protocol DHCP IF YOU CONNECT USING PLEASE RECORD DHCP No information is usually required although some providers may require a hostname Hostname IF YOU CONNECT USING PLEASE RECORD Static IP IP Address Subnet Mask Default Gateway Primary DNS DNS 2 optional DNS 3 optional 2 2 Connecting the Device This section covers the following tasks 2 2 1 Con...

Page 9: ... This is not a panic condition however NOTE Initially if the rescue configuration has not been set a steadily amber ALARM LED indicates a minor alarm condition and a steadily red ALARM LED indicates that a major alarm condition on the services gateway NOTE You must allow the device between 5 and 7 minutes to boot fully after you have powered it on Wait until the STATUS LED is steadily green before...

Page 10: ...P server that resides in your ISP network provides the necessary settings such as default route DNS and so on to the services gateway to connect to the Internet NOTE If you are using a static IP address to connect to the provider s network do not perform 2 3 Verifying Internet Connectivity To access the Internet from your management device workstation or laptop you need to first configure the stat...

Page 11: ...ON For Security Policies trust untrust permit trust trust permit untrust trust deny For NAT Rule trust untrust source NAT to untrust zone interface 2 5 Verifying the System Requirements Before you begin the setup process verify that you have one of the following supported browsers ICON ACCEPTED BROWSER BROWSER VERSION NUMBER Internet Explorer 7 0 and later Mozilla Firefox 3 0 and later 2 6 Accessi...

Page 12: ...ess to configure an IP address on your services gateway ensure that you make the following J Web modifications a Clear the Enable DHCP on fe 0 0 0 0 check box b Enter the manual IP address provided by your ISP in the fe 0 0 0 0 address box The IP address must be entered in the a b c d xx format where xx is the subnet mask c Enter the IP address of the gateway in the Default Gateway box Your ISP pr...

Page 13: ...2 7 2 Setting the Date and Time 2 7 3 Creating a User Account 2 7 4 Assigning a Static IP Address to the WAN Facing Interface 2 7 5 Creating a Default Route to the WAN Interface 2 7 6 Applying the Basic Configuration Settings 2 7 1 Setting the System Hostname Domain Name Server and Root Authentication If you have not configured the hostname and DNS settings in the J Web Initial Setup page to set o...

Page 14: ...onize the Dell PowerConnect J Series J SRX100S SU Services Gateway clock using three options Manual management device clock or NTP Server To set the date and time 1 Click the Configure tab at the top of the page and navigate to System Properties Date Time 2 Click Edit at the top right corner of the page and then select your required time zone from the list 3 Select the set time options in Set time...

Page 15: ...t Enable address configuration and then select the IPv4 Address check box NOTE The IPv4 Address check box must be selected before the Add button is automatically enabled 2 7 3 Creating a User Account To configure a user other than an administrative account and to set different permissions while accessing the Dell PowerConnect J Series J SRX100S SU Services Gateway 1 Click the Configure tab at the ...

Page 16: ... to the WAN Interface NOTE Creating a default route is required only if you have used a static IP address To create a default route to the WAN interface 1 Click the Configure tab at the top of the page and navigate to Routing Static Routing 2 Click Add 3 Enter the IP address as 0 0 0 0 and the Subnet mask as 0 0 0 0 NOTE While adding the next hop the field is separated by tabs instead of dots ...

Page 17: ...ct Commit Options on the top right corner of the page and click Commit NOTE You can commit your configuration settings at the end of each task or you can commit all the configuration settings at one time 2 8 Verifying the Configuration To verify the basic configuration access any external website for example www dell com to ensure that you are connected to the Internet If you are unable to connect...

Page 18: ...e services gateway has the default route 0 0 0 0 when you are using DHCP a Click the Monitor tab and navigate to Routing Route Information b Select inet 0 from the Route Table list and then click Generate Report c Save the report on your local disk Contact Dell customer support at www support dell com ...

Page 19: ...PowerConnect J Series J SRX100S SU Services Gateway Section 3 Contents 3 1 Zones and Interfaces Overview 20 3 2 Creating a New Security Zone and Adding an Interface to the New Zone 20 3 3 Configuring Security Policies 22 3 4 Enabling Remote Access to the Dell PowerConnect J Series J SRX100S SU Services Gateway 23 3 5 Enabling System Services 23 3 6 Allowing Host Inbound Traffic 24 3 7 Applying the...

Page 20: ...the trusted local network resources The security features and settings that zones carry are enforced by binding one or more physical interfaces fe 0 0 1 through fe 0 0 7 on services gateway to a zone 3 2 Creating a New Security Zone and Adding an Interface to the New Zone This example shows how to create a new zone DMZ and assign interface fe 0 0 2 to it This example also shows how to make fe 0 0 ...

Page 21: ...lect the required services and protocols and move them to Selected and click OK 6 To modify the fe 0 0 2 interface to be an L3 interface by default it is Layer 2 a Click the Configure tab at the top of the page and navigate to Interfaces b Expand fe 0 0 2 select the logical interface fe 0 0 2 0 and then click Edit c Clear the Ethernet switching check box and select the IPv4 Address check box d Sel...

Page 22: ...the Policy tab enter the policy name and select the Policy Action as permit from the list 3 In the Policy tab select untrust from the list for From Zone and DMZ from the list for To Zone 4 In the Source Address and Destination Address areas move any to Matched NOTE For any specific source or destination address select Add new destination address 5 In Applications move junos https and junos ssh to ...

Page 23: ... must enable system services like HTTP Telnet SSH allow host inbound traffic at the zone or specific interface level in this case zone is untrust and interface is fe 0 0 0 3 5 Enabling System Services To enable system services like HTTP Telnet and SSH 1 Click the Configure tab at the top of the page navigate to System Properties Management Access The Management Access Configuration page appears 2 ...

Page 24: ...e navigate to Security Zones Screens 2 Click the security zone that you want to modify for example untrust 3 In the Main tab ensure fe 0 0 0 interface is in the Selected column 4 Click the Host inbound traffic Zone tab 5 Select the required services and protocols and move them to Selected 6 Optionally to allow host inbound traffic at interface level instead of allowing to the entire zone a Click t...

Page 25: ... this chapter This chapter provides the Unified Threat Management UTM and Intrusion Detection and Prevention IDP policy configuration and installation instructions for accessing your Dell PowerConnect J Series J SRX100S SU Services Gateway Section 4 Contents 4 1 Activating Licenses on the Device 26 4 2 Installing and Verifying a License 26 4 3 Unified Threat Management 26 4 4 Intrusion Detection a...

Page 26: ...t J Series J SRX100S SU Services Gateway after registering ensure that you are connected to the Internet and that DNS is configured To install and verify the installed license 1 Click the Maintain tab at the top of the page and navigate to Licenses 2 Click Download Keys to download the licenses automatically 3 In the Feature Summary check that all the licenses are installed 4 3 Unified Threat Mana...

Page 27: ... Profile to a UTM Policy 4 3 1 2 Applying the UTM Policy to a Firewall Policy 4 3 1 3 Creating an Anti Virus Profile 4 3 1 1 Applying an Anti Virus Profile to a UTM Policy To apply an anti virus profile to a UTM policy NOTE You can either create a new UTM policy or use an existing UTM policy if any exits to add Anti Virus to it If you want to create a new anti virus profile see 4 3 1 3 Creating an...

Page 28: ... firewall policy 1 Click the Configure tab and choose Security Policy FW Policies 2 Click Edit to edit an existing policy 3 Click the Application Services tab 4 In UTM Policy select custom utm policy from the list 5 Click OK 4 3 1 3 Creating an Anti Virus Profile This task is optional and can be performed if you want to configure a new anti virus profile To create an anti virus profile 1 Click the...

Page 29: ... yes b Enter the Content size Limit c Enter the Decompress layer limit In the Scan mode select Scan all files Click OK 4 3 2 Enabling Web Filtering This section provides an example for configuring the Web filtering feature using the default junos wf cps default Web filtering profile To enable Web filtering you must perform the following configuration tasks 4 3 2 1 Applying a Web Filtering Profile ...

Page 30: ...cpa default from the list 6 Click OK NOTE If you want to create a new Web filtering profile see 4 3 2 3 Creating a Web Filtering Profile 4 3 2 2 Applying a UTM Policy to a Firewall Policy To inspect transit traffic and evaluate it against the Web filtering profile you must apply the UTM policy to a firewall policy To apply a UTM policy to a firewall policy 1 Click the Configure tab and choose Secu...

Page 31: ... the value for Cache time out and Cache size 5 Click OK 6 Click Add on the top right corner 7 In the Main tab do the following a Enter the Profile name For example custom web filtering profile b Select Permit in default action c Enter the timeout value Click OK 4 3 3 Enabling Anti Spam This section provides an example for configuring the anti spam feature using the default junos as defaults anti s...

Page 32: ...he configuration delivery status is fail click Details for more information If you want to create a new anti spam profile see 4 3 3 3 Creating an Anti Spam Profile 4 3 3 2 Applying a UTM Policy to a Firewall Policy To inspect transit traffic and evaluate it against the anti spam profile you must apply the UTM policy to a firewall policy To apply a UTM policy to a firewall policy 1 Click the Config...

Page 33: ...the Default action is Block email 4 Click OK The download successful message appears 5 Click OK NOTE If the configuration delivery status is Fail click Details for more information 4 3 4 Applying the UTM Configuration Settings To save the UTM configuration settings select Commit Options at the top right corner of the page and click Commit 4 3 5 Verifying the UTM Configuration Settings To verify th...

Page 34: ...r tab 2 Choose Security UTM Anti Virus NOTE Click the plus sign to view the UTM anti virus statistics If you want to clear the data click Clear Anti Virus Statistics 4 3 5 2 Verifying a Web Filtering Configuration To verify a Web filtering configuration 1 Click the Monitor tab 2 Choose Security UTM Web Filtering NOTE If you want to clear the data click Clear Web Filtering Statistics ...

Page 35: ...IDP Series policy to secure the network 4 4 1 Downloading and Installing the Latest Security Package 4 4 2 Downloading and Installing the IDP Security Policy Templates 4 4 3 Loading the Policy Templates File 4 4 4 Configuring an Active IDP Policy 4 4 5 Enabling IDP Series Detection on the Existing Firewall Security Policy 4 4 6 Applying the IDP Configuration Settings 4 4 7 Verifying the IDP Config...

Page 36: ...he progress of download by clicking Check Status Download Status 4 Click OK 5 Click the Install tab in the Security IDP Signature Configuration page 6 Click Install NOTE The request will be processed in asynchronous mode It will take a few minutes to install You can verify the progress of an installation by clicking Check Status Install Status 7 Click OK The installation successful message appears...

Page 37: ...ect Install Template 5 Click OK NOTE You can verify the progress of a download or installation by clicking Check Status Download Status or Check Status Install Status 4 4 3 Loading the Policy Templates File To view all the pre defined IDP templates available on the Dell PowerConnect J Series J SRX100S SU Services Gateway you must load the policy templates file To load the policy templates file 1 C...

Page 38: ...lates See 4 4 3 Loading the Policy Templates File To configure an active IDP policy 1 Click the Configure tab and choose Security Policy IDP Policies 2 Click the Recommended policy link and then click Activate at the top right corner of the page 4 4 5 Enabling IDP Series Detection on the Existing Firewall Security Policy To enable IDP series detection on the existing firewall security policy from ...

Page 39: ...lect Enable IDP 4 Click OK 4 4 6 Applying the IDP Configuration Settings To save the IDP configuration settings select Commit Options at the top right corner of the page and click Commit 4 4 7 Verifying the IDP Configuration Settings To verify the IDP configuration settings 1 Click the Monitor tab 2 Choose Security IDP Status ...

Page 40: ...he following ways Graceful shutdown Press and immediately release the Power button The device begins gracefully shutting down the operating system Forced shutdown Press the Power button and hold it for 10 seconds The device immediately shuts down Press the Power button again to power on the device NOTE You can reboot or halt the system in J Web by selecting Maintain Reboot ...

Page 41: ...Guide 41 6 Support and Training Options This chapter provides a link to customer support and technical documentation information for the Dell PowerConnect J Series J SRX100S SU Services Gateway device Section 6 Contents 6 1 Customer Support 42 6 2 Technical Documentation 42 ...

Page 42: ...uide 6 1 Customer Support If there are any technical issues while setting up Dell PowerConnect J Series J SRX100S SU Services Gateway contact Dell customer support www support dell com 6 2 Technical Documentation For Technical documentation refer to www support dell com manuals ...

Page 43: ...Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 43 ...

Page 44: ...perty of their respective owners Juniper Networks assumes no responsibil ity for any inaccuracies in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this publication without notice Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks ...