Page 39 /59
snengde_installation-product-SN-range v1.2 - Copyright Netasq 2015
PRESENTATION AND INSTALLATION GUIDE – SN RANGE
INITIAL CONNECTION TO THE PRODUCT
Starting up SN2000 and SN3000 models
Press once on the Power button then wait several minutes for
the 2 LEDs
Online
and
Power
to light up.
NOTE
When you hear 8 consecutive beeps, you will be
able to insert a USB key containing a configuration
if necessary. Console mode will display the
following message: “
Please insert your USB token
to continue
”.
Two consecutive beeps and the lighted up
Online
LED indicate the end of the product’s startup sequence.
Starting up SN6000 models
Press once on the Power button and the
Power
LED will light up.
Wait for a few minutes while the appliance starts.
NOTE
When you hear 8 consecutive beeps, you will be
able to insert a USB key containing a configuration if
necessary. Console mode will display the following
message: “
Please insert your USB token to
continue
”.
Two consecutive beeps indicate the end of the product’s startup sequence.
Initial connection to the appliance
A security procedure must be followed if the initial connection to the appliance takes place through an
untrusted network. This operation is not necessary if the administration workstation is plugged in directly to
the product.
Access to the administration portal is secured through the SSL/TLS protocol. This protection allows
authenticating the portal via a certificate, thereby assuring the administrator that he is indeed logged in to the
desired appliance. This certificate can either be the appliance’s default certificate or the certificate entered
during the configuration of the appliance (
Authentication
>
Captive portal
). The name (CN) of the appliance’s
default certificate is the appliance’s serial number and it is signed by the authority called “NETASQ - Secure
Internet Connectivity ("O") / NETASQ Firewall Certification Authority ("OU").
To confirm a secure access, the browser must trust the certificate authority that signed the certificate used,
which must belong to the browser’s list of trusted certificate authorities. Therefore to confirm the integrity of
an appliance, the NETASQ certificate authority must be added to the browser’s list of trusted certificate
authorities before the initial connection. This authority can be accessed at:
http://www.netasq.com/pki/netasq-firewall-ca.crt
.
If a certificate signed by another authority has been configured on the appliance, this authority will need to be
added instead of the NETASQ authority.
As a result, the initial connection to the appliance will no longer raise an alert in the browser regarding the
trusted authority. However, a message will continue to warn the user that the certificate is not valid. This is
because the certificate defines the Firewall by its serial number instead of its IP address. To stop this warning
from appearing, you will need to indicate to the DNS server that the serial number is associated with the IP
address of the Firewall.