Stonesoft StoneGate FW-1020, Appliance Installation Manual

Page 1: ...Appliance Installation Guide StoneGate FW 1020 1050 1200 IPS SMC SSL VPN FW VPN ...

Page 2: ...roducts described in these materials are protected by one or more of the following European and US patents European Patent Nos 1065844 1189410 1231538 1259028 1271283 1289183 1289202 1313290 1326393 1379046 1330095 131711 1317937 and 1443729 and US Patent Nos 6 650 621 6 856 621 6 885 633 6 912 200 6 996 573 7 099 284 7 127 739 7 130 266 7 130 305 7 146 421 7 162 737 7 234 166 7 260 843 7 280 540 ...

Page 3: ...the appliance s operational The system architecture is explained on the next page See the StoneGate Management Center Installation Guide for instructions on how to install the Management Center Contents Getting Started 4 Safety Precautions 6 Front Panel 8 Unpacking the Appliance 10 Rack Mounting 10 Connecting the Cables 18 Initial Configuration 19 Command Line Management 28 Maintenance Operations ...

Page 4: ...talled simultaneously on the same machine with the Management Server 3 At least one Management Client that you use to connect to the Management Server to change settings and monitor the system 4 The Firewall Engines that handle the actual traffic processing in this case the FW 1020 FW 1050 or FW 1200 appliance 5 Licenses for each component except the Management Client s Generate appliance licenses...

Page 5: ...s The Management Center Installation Guide and the Firewall VPN Installation Guide explain how to install the Management Center and how to configure your firewalls basic settings The online help of the Management Client contains the step by step instructions for the daily configuration and management of your system The Administrator s Guide contains the same information as the online help but in P...

Page 6: ...ly one hand when working with powered on electrical equipment This is to avoid making a complete circuit which will cause electrical shock Use extreme caution when using metal tools which can easily damage any electrical components or circuit boards they come into contact with Do not use mats designed to decrease electrostatic discharge as protection from electrical shock Instead use rubber mats t...

Page 7: ...hat the cover is in place when the appliance is operating to ensure proper cooling If this rule is not strictly followed the warranty may become void Do not open the power supply casing Power supplies can only be accessed and serviced by a qualified technician of the manufacturer Operating and Storage Temperatures The allowed operating temperature of the appliance is 10 35ºC The allowed storage te...

Page 8: ...rs They provide you with critical information related to different parts of the system Table 1 presents the indicators from left to right Table 1 Front Panel Indicators Indicator Explanation Indicates power is being supplied to the system s power supply unit This LED is illuminated when the system is operating normally Indicates hard drive activity when flashing Power button Connectors for system ...

Page 9: ... the corresponding LED in the port Indicates traffic on eth 1 identically to the corresponding LED in the port Indicates an overheat condition in the appliance This may be caused by cables obstructing the airflow in the system or the ambient room temperature being too warm Table 1 Front Panel Indicators Continued Indicator Explanation ...

Page 10: ...ackets Caution Read the sections below before you begin the installation Choosing a Setup Location Decide on a suitable location for the rack unit that will hold the appliance The appliance must be situated in a clean dust free area that is well ventilated Avoid areas where heat electrical noise and electromagnetic fields are generated Leave enough clearance in front of the rack to enable you to o...

Page 11: ...ct the appliance from power surges voltage spikes and to keep your system operating in case of a power failure Always keep the rack s front door and all panels and components on the appliances closed when not servicing to maintain proper cooling Before Installing the Appliance Into a Rack 1 Make sure that the rack is securely anchored onto an unmovable surface or structure before installing the ap...

Page 12: ...of the Rack Rails You have received two rack rail assemblies with the appliance Each of these assemblies consist of three sections an inner fixed rail that secures to the appliance and an outer fixed rack rail that secures directly to the rack itself A sliding rail guide sandwiched between the two should remain attached to the fixed rack rail See Illustration 3 The inner and outer rails must be de...

Page 13: ... rails are left right specific Illustration 4 Attaching the Inner Rail to the Appliance 2 Screw the rail securely to the side of the appliance with the supplied screws 3 Repeat the procedure for the other side of the appliance 4 When installing to a four post Telco rack attach the rail brackets If you are installing the appliance into a two post Telco rack proceed to Installing the Appliance into ...

Page 14: ...d completely into the rack you should hear the locking tabs click 3 Finish by inserting and tightening the thumbscrews that hold the front of the appliance to the rack Proceed to Connecting the Cables on page 18 Installing the Appliance into a Two Post Telco Rack Once you have detached the inner rails from the rail assembly and attached them to the appliance you can continue installing the applian...

Page 15: ...ith two screws and two washers See Illustration 6 Illustration 6 Attaching Front Bracket to Two Post Telco Rack 4 Attach the rear long bracket to the rear end of the rack and secure it to the rack with two screws and two washers See Illustration 7 Illustration 7 Attaching Rear Bracket to Two Post Telco Rack ...

Page 16: ...Illustration 8 Illustration 8 Securing the Rails to the Appliance 3 Line up the rear of the inner rails with the front of the outer rails Note Do not install the appliance upside down 4 Slide the inner rails which are attached to the appliance into the outer rails on the rack Keep the pressure even on both sides you may have to depress the locking tabs when inserting When the appliance has been pu...

Page 17: ...7 Illustration 9 Installing the Appliance into the Two Post Telco Rack 5 Finish by inserting and tightening the thumbscrews that hold the front of the appliance to the rack Proceed to Connecting the Cables on page 18 ...

Page 18: ...choose which ethernet ports you connect to which network The ethernet ports are mapped to Interface IDs during the initial configuration The port number labels indicate the numbering of the ethernet ports on the appliance Connecting the Appliance to the Power Supply Plug the power cord into a grounded high quality power strip that offers protection from electrical noise and power surges We highly ...

Page 19: ... appliance must contact the Management Server before it can be operational Connecting to the Appliance You may not need to connect to the appliance at this point if you import a configuration from a USB stick as explained in Configuring the Engine Automatically on page 20 and you are not interested in the console messages that are displayed during this process In other cases you need a physical co...

Page 20: ...possible or desired you can use the engine configuration wizard see Configuring the Engine with the Configuration Wizard on page 21 Configuring the Engine Automatically The automatic configuration requires that you have a suitable configuration saved on a USB memory stick See the Firewall VPN Installation Guide or the online help of the Management Client for details If you want to check the config...

Page 21: ...s reachable from the engine and check the IP addresses you have defined in the Management Client If the configuration with the USB stick still does not succeed follow the instructions for the manual configuration see Configuring the Engine with the Configuration Wizard below Configuring the Engine with the Configuration Wizard You can use the engine configuration wizard with all Management Center ...

Page 22: ...r select US_English To import a saved configuration highlight Import using the arrow keys and press ENTER To skip the import highlight Next and press ENTER 1 Highlight the entry field for Keyboard Layout using the arrow keys and press ENTER The Select Keyboard Layout dialog opens 2 Highlight the correct layout and press ENTER Tip Type in the first letter to move forward more quickly ...

Page 23: ... settings 1 Highlight the entry field for Local Timezone using the arrow keys and press ENTER 2 Select the correct timezone in the dialog that opens 1 Type in the name of the firewall 2 Type in the password for the user root This is the only account for engine command line access 3 Highlight Enable SSH Daemon and press the spacebar on your keyboard to select the option and allow remote access to e...

Page 24: ...Control Interface for the corresponding Firewall element in the Management Center Highlight Next and press ENTER to continue Highlight Autodetect and press ENTER 1 Type in the IDs to define how physical interfaces are mapped to the Interface IDs you defined in the Firewall element Ethernet ports are detailed in Illustration 10 in Connecting the Cables on page 18 3 Highlight the Mgmt column and pre...

Page 25: ...guration The initial configuration contains a simple firewall policy that allows only administration related connections and blocks everything else In the second part of the configuration you define the information needed for establishing a trust relationship between the engine and the Management Server If you do not have a one time password for this firewall see the Firewall VPN Installation Guid...

Page 26: ...sure about the password If the engine is unable to contact the Management Server make sure there are no networking problems that all information defined in the Firewall element corresponds to what you entered in the configuration wizard and if NAT is in use that you have configured contact addresses for NAT as explained in the Firewall VPN Installation Guide 1 Highlight Contact Management Server a...

Page 27: ...the Management Client from Unknown to No Policy Installed and the connection state is Connected indicating that the Management Server can connect to the node The next step is creating a security policy and installing it on the engine See the Firewall VPN Installation Guide for basic instructions or the online help of the Management Client for detailed instructions Caution When using the command pr...

Page 28: ...activated If the appliance does not start up with the new version it automatically switches to the previous configuration at the next reboot You can also switch back to the previously installed software version manually as instructed here whenever necessary T To switch back to the previously active version 1 Connect the serial cable supplied with the appliance to the serial port on the appliance a...

Page 29: ...he Switch Firewall Node to Initial Configuration option Note Perform a factory reset only if you have a specific need to do so Consult Stonesoft Support before performing this operation if you are unsure of whether this operation is necessary or not T To reset to factory settings 1 Connect the serial cable supplied with the appliance to the serial port on the appliance and to a computer 2 On the c...

Page 30: ...e reset If you decide to cancel the operation type NO and press Enter Caution Do not unplug the power from the appliance or interrupt the reset in any way If the reset is interrupted the appliance may become unusable until serviced To use the appliance after a factory reset you must configure it as explained in Initial Configuration on page 19 ...

Page 31: ... Ports Table 2 Motherboard Indicators Indicator Status Explanation Link Unlit No link or link speed is 10 Mbps Link Green Link speed is 100 Mbps Link Amber Link speed is 1 Gbps Activity Green Link ok blinks on activity Table 3 Two Unlabeled Indicators per Copper Port All Models Indicator Status Explanation Left LED Blinking green Link ok activity Right LED Unlit Speed is 10 Mbps or no connection R...

Page 32: ... per Copper Port in FW 1050 or FW 1200 Indicator Status Explanation ACT LNK Blinking green Link ok activity ACT LNK Unlit No link 10 OFF Unlit Speed is 10 Mbps 100 GRN Green Speed is 100 Mbps 1000 OR Orange Speed is 1000 Mbps Table 6 Two Indicators per Copper Port in FW 1020 Indicator Status Explanation ACT LNK Blinking green Link ok activity ACT LNK Unlit No link 10 OFF Unlit Speed is 10 Mbps 100...

Page 33: ...Appendix Port Indicators 33 Table 7 One Indicator per Fiber Port in FW 1200 Indicator Status Explanation ACT LNK On Link ok ACT LNK Unlit No link ...

Page 34: ...ormation on how to prepare the Management Center for a new engine installation see the other available documentation See inside for further details All documentation and our technical knowledge base is available at www stonesoft com support Stonesoft Corporation Itälahdenkatu 22 A 0021O Helsinki Finland tel 358 9 4767 11 fax 358 9 4767 1234 Stonesoft Inc 1050 Crown Pointe Parkway Suite 900 Atlanta...