Trend Micro TippingPoint Series, Hardware Installation And Safety Manual

Page 1: ...N Platform Hardware Installation and Safety Guide 5900 2851 April 2016 ...

Page 2: ...rvices are set forth in the express warranty statements accompanying such products and services Nothing herein should be construed as constituting an additional warranty Trend Micro shall not be liable for technical or editorial errors or omissions contained herein TippingPoint the TippingPoint logo and Digital Vaccine are registered trademarks of Trend Micro All other company and product names ma...

Page 3: ...hitecture 4 Security Management System SMS 5 SMS server 5 SMS client 6 Intrusion Prevention System devices 7 IPS local clients 7 Core Controller 8 High availability 8 Threat Suppression Engine 9 Threat Management Center 9 Hardware safety and compliance 11 Safety and compliance requirements 11 Safety guidelines and warnings 11 Cautions 12 Warnings 12 Installation warnings 12 Parts warnings 13 ...

Page 4: ...hassis features 21 Power switch 21 Ports 21 LEDs 21 Model requirements 22 Power requirements 22 Cabling requirements 23 Technical specifications 23 Hardware and interface specifications 23 Software specifications 24 Hardware installation and configuration 25 TippingPoint 660N TippingPoint 1400N chassis 25 Determine total rack space 25 Attach the device to the rack 25 Connect the power supply 26 At...

Page 5: ...Power requirements 33 Cabling requirements 33 Technical specifications 33 Hardware and interface specifications 34 Software specifications 35 Hardware installation and configuration 35 TippingPoint 2500N 5100N 6100N chassis 35 Determine total rack space 36 Attach the device to the rack 36 Connect the power supply 36 Attach cables 37 To attach the Console port connection 37 To attach the Management...

Page 6: ...ion bracket 43 Removing the bracket 44 Using the LCD panel 45 Features of the LCD keypad 45 Configuring the TippingPoint IPS with the LCD panel 45 Other LCD panel tasks 46 Using the external storage card 48 About the external storage card 48 External storage card commands 48 Managing the N Platform CompactFlash card in the LCD panel 49 Unmounting and ejecting the CompactFlash card 49 Inserting a C...

Page 7: ...ng concepts and the following standards and protocols TCP IP UDP ICMP Ethernet Simple Network Time Protocol SNTP Simple Mail Transport Protocol SMTP Simple Network management Protocol SNMP Related documentation A complete set of product documentation for the TippingPoint Intrusion Prevention Systems is available online The product document set generally includes conceptual and deployment informati...

Page 8: ...utput Code Text typed at the command line Monospace italic font Code variables Command line variables Monospace bold font Emphasis of file and directory names system output code and text typed at the command line Messages Messages are special text that is emphasized by font format and icons Warning Alerts you to potential danger of bodily harm or other potential harmful consequences Caution Provid...

Page 9: ... Assistance Center TAC by using any of the following options Note Have the following information about your product available Serial number and or software version for your product System logs or event logs if available for your product Online support Go to the TippingPoint Threat Management Center TMC at https tmc tippingpoint com TMC Phone support North America 1 866 681 8324 International see h...

Page 10: ...s of a single integrated highly adaptive security system that includes powerful hardware and an intuitive management interface This topic includes the following information TippingPoint architecture on page 4 TippingPoint architecture The TippingPoint System uses a flexible architecture that consists of a Java based SMS client SMS Management Server IPS device s and Local Clients including the Loca...

Page 11: ...date filter packages for protecting your network Managed Devices TippingPoint IPS or Core Controller devices that are installed in your network SMS server The SMS Server is an enterprise class management platform that provides centralized administration configuration monitoring and reporting for well over a hundred TippingPoint IPS devices The SMS provides the following functionality Enterprise wi...

Page 12: ... can monitor the entire TippingPoint system through the SMS client on a computer with the following requirements One of the following operating systems Windows 98 2nd edition Windows NT Service Pack 5 or later Windows 2000 Service Pack 3 or later Windows XP Windows 7 Apple OS X Red Hat Linux One of the following browsers Microsoft Internet Explorer version 6 0 or higher Firefox Safari The SMS feat...

Page 13: ...of system failure TippingPoint Intrusion Prevention Systems are optimized to provide high resiliency and high availability security for remote branch offices small to medium and large enterprises and collocation facilities Each IPS can protect network segments from both external and internal attacks Multiple TippingPoint devices can be deployed to extend this unsurpassed protection to hundreds of ...

Page 14: ...atform and NX Platform devices High availability TippingPoint devices are designed to guarantee that your network traffic always flows at wire speeds in the event of internal device failure The TippingPoint System provides Network High Availability settings for Intrinsic Network HA INHA and Transparent Network HA TNHA These options enact manually or automatically according to settings you enter us...

Page 15: ... content The instant the engine detects malicious traffic it blocks all current and all subsequent packets pertaining to the traffic flow The blocking of the traffic and packets ensures that the attack never reaches its destination The combination of high speed network processors and custom chips provides the basis for IPS technology These highly specialized traffic classification engines enable t...

Page 16: ...tect and block classic Intrusion Detection System IDS infiltration Infrastructure Protection Protect network bandwidth and network infrastructure elements such as routers and firewalls from attack using a combination of filter types Advanced DDoS filters Available on the 2400E and 5000E Detect and block denial of service and flood requests such as SYN Requests that can overwhelm a system Network E...

Page 17: ...information refer to the TippingPoint Hardware Safety and Compliance Guide available on the TMC and included with your product Safety guidelines and warnings Provides important information and safety warnings Before you start the installation procedures read this entire section for important information and safety warnings The warnings in this section have been localized to 28 languages in the Tip...

Page 18: ...installed according to the manufacturer s instructions You must also consider the weight of any other device installed in the rack Make sure that the chassis cooling fans run continuously while the system is powered Caution Make sure all cards are completely connected to the backplane Improper connections can disrupt system operation Caution When using a DC power supply be sure to replace the plas...

Page 19: ...t requires short circuit overcurrent protection to be provided as part of the building installation Install only in accordance with national and local wiring regulations Warning Do not work on the system or connect or disconnect cables during periods of lightning activity Warning To prevent the unit from overheating do not operate it in an area that exceeds the maximum recommended ambient temperat...

Page 20: ...trong magnets or magnetic fields Warning Keep all liquids and dust away from the product Warning All optical interfaces and sources connected to this product and its modules must only use Class 1 lasers Using any other Laser Class source can create hazardous conditions to the user Warning This product can contain Class 1 lasers Do not stare into the laser beam or view it directly with optical inst...

Page 21: ...rack load the rack from the bottom to the top with the heaviest component at the bottom of the rack Ensure that the unit is positioned properly on the rack There should be three inches clearance at the ventilation openings When mounting this unit in an enclosed or multi rack assembly the operating ambient temperature of the rack may be greater than the room ambient temperature Ensure that the maxi...

Page 22: ...mage from Electromagnetic Static Discharge ESD can occur when electronic components are improperly handled Its results can be complete or intermittent system failures Proper ESD protection is required whenever you handle equipment It is not necessary to open the product chassis to add or remove any components The following general grounding guidelines apply in the event that a power supply module ...

Page 23: ...rd with the black levers Unpack the product Describes how to unpack the product Each chassis is securely packaged in a shipping box Caution ESD can damage the product if you do not take necessary precautions Installation and maintenance personnel should be properly grounded using ground straps to eliminate the risk of ESD damage to the equipment All cards and modules are subject to ESD damage when...

Page 24: ... damage If you think any equipment might be damaged contact your freight provider for how to lodge a damage claim Also contact your TippingPoint sales or field representative for instructions Note The shipping materials are recyclable Please save for later use or dispose of them appropriately ...

Page 25: ...talling the components complete the TippingPoint Setup Wizard as part of the installation and configuration procedures This topic includes the following information Device overview on page 19 Model requirements on page 22 Technical specifications on page 23 Hardware installation and configuration on page 25 Device overview Provides images and an overview of the TippingPoint 660N and 1400N IPS devi...

Page 26: ...1 1GbE Segments Fiber 2 1GbE Segments Copper 3 LCD Screen 4 ZPHA Port 5 LCD Keypad 6 Compact Flash 7 Management Port 8 Power Button Figure 3 TippingPoint 660N TippingPoint 1400N back panel 1 Power Supplies 2 Power Supply Reset Button 3 Power Cord Bracket ...

Page 27: ...d on operating normally Yellow Device is powered off and power cables are still attached Ports Describes the ports of the N Platform IPS The TippingPoint 660N TippingPoint 1400N front panel includes the following ports 10 1GbE copper ports paired into 5 1GbE segments 10 1GbE fiber ports paired into 5 1GbE segments 1 1GbE copper management port 1 RJ 45 console port Interface for external ZPHA devic...

Page 28: ...pics that describe power and cabling requirements The following topics describe power and cabling requirements for the TippingPoint 660N TippingPoint 1400N Power requirements on page 22 Cabling requirements on page 23 Power requirements Describes the power requirements of the TippingPoint 660N TippingPoint 1400N devices The TippingPoint 660N TippingPoint 1400N requires one input of Alternating Cur...

Page 29: ...e device You can use this cable for connecting power to the device in cases where you might not have enough room for a straight power connection cable This cable helps in situations when you need to install a device in a tight rack with a door The 90 degree bend in the female end of the cable prevents the cord from being pinched between the device and the door Technical specifications Provides lin...

Page 30: ...n condensing External interfaces 10x1GbE copper ports paired into 5x1GbE segments 10x1GbE fiber ports paired into 5x1GbE segments 1x1GbE copper management port 1x1 RJ 45 console port 1 interface for external ZPHA device 1 Compact Flash drive Note The fiber ports do not include SFP modules Software specifications Provides software specification considerations To connect to and configure the Tipping...

Page 31: ...through the OBE Setup Wizard as part of the installation and configuration procedures This topic includes the following information TippingPoint 660N TippingPoint 1400N chassis on page 25 Attach cables on page 26 Check LEDs on page 27 Setup wizard on page 28 TippingPoint 660N TippingPoint 1400N chassis Provides the task topics that describe how to install the IPS device To install the TippingPoint...

Page 32: ...ability of the rack Connect the power supply After you have bolted the TippingPoint 660N TippingPoint 1400N to the rack you need to attach the power supply AC connections To turn the power on use the power switch located on the front panel of the device The TippingPoint 660N TippingPoint 1400N comes with a power cord retention bracket and a cable management assembly For instructions on installing ...

Page 33: ...gment 3 Connect the cables to the appropriate ports on your network router Note If you are using a TippingPoint Core Controller to distribute network traffic attach the cables to the Core Controller 1GbE segment ports Refer to the Core Controller documentation for more information For more information about TippingPoint 660N TippingPoint 1400N configuration and network connections refer to the Loc...

Page 34: ...TippingPoint Setup wizard is displayed on your COM port terminal The wizard prompts you to perform basic configuration tasks and periodically input information You can also use the LCD keypad to perform these tasks After you run the setup you can further configure your system using subsequent setup commands through the Command Line Interface CLI See the IPS Command Line Interface Reference for det...

Page 35: ...installation you should also obtain the IPS Command Line Interface Reference After installing the components complete the TippingPoint Setup Wizard as part of the installation and configuration procedures This topic includes the following information Device overview on page 29 Model requirements on page 32 Technical specifications on page 33 Hardware installation and configuration on page 35 Devic...

Page 36: ...to 8 Gbps The TippingPoint 2500N 5100N 6100N chassis is rack mountable on a 19 or 23 inch rack 1 ZPHA Module Bay 2 LCD Screen 3 LCD Keypad 4 10GbE Segment Ports 5 1GbE Segments Fiber 6 1GbE Segments Copper 7 Compact Flash 8 ZPHA Port 9 Console Port and Management Port 10 Power Button Figure 4 TippingPoint 2500N 5100N 6100N back panel ...

Page 37: ...ower switch on page 31 Ports on page 31 LEDs on page 32 Power switch The power switch is located on the front panel The power switch light indicates its current status No light Device is powered off and no power cables are attached Green Device is powered on operating normally Yellow Device is powered off and power cables are still attached Ports Describes the ports of the TippingPoint 2500N 5100N...

Page 38: ...n only be used with TippingPoint ZPHA devices It cannot be used with other USB devices LEDs The following table describes each LED state Port Type LED Color Description Link Green Link is active Copper Activity Blinking amber Data traffic passing Link Green Link is active Fiber Activity Amber Data traffic passing Link Green Link is active Management Port Activity Blinking amber Data traffic passin...

Page 39: ...s Cabling requirements Describes the cable requirements of the TippingPoint 2500N 5100N 6100N devices The TippingPoint 2500N 5100N 6100N ships with the following cables Two AC power cables one for each hot swappable power supply Null modem cable for the serial console management port DB 9 to RJ 45 You can also receive a Right Angle IEC Receptacle power cord for the device You can use this cable fo...

Page 40: ...16 84 in x 23 46 in 8 67 cm x 42 78 cm x 59 59 cm Weight 32 5 lbs 14 74 kg Power Requirements 100 240 VAC 7 5 amperes 50 60 Hertz Maximum power consumption 520W Service Provider operating requirements Temperature 32 to 104 F 0 40 C Operating 4 to 158 F 20 to 70 C Storage Altitude No degradation up to 13 000 feet 3962 4 m Humidity 5 to 95 non condensing External interfaces 10x1GbE copper ports pair...

Page 41: ...stalled on your network and you must have the TippingPoint SMS client software V 3 6 installed on an appropriate client computer Refer to the SMS documentation for more information Hardware installation and configuration After you have completed preparation procedures and unpacked your IPS you can install and configure the components Prior to installation you should also obtain the IPS Command Lin...

Page 42: ...you are bolting the IPS to the rack follow these guidelines Warning To prevent bodily injury when mounting or servicing this unit in a rack you must take special precautions to ensure that the system remains stable If the rack comes with stabilizing devices install the stabilizers before mounting or servicing the unit in the rack If the rack is partially filled load the rack from the bottom to the...

Page 43: ...n the unit 2 Connect the other end of your cable standard sized female DB 9 connector to your VT100 compatible terminal or your computer Use the following terminal settings for the Console port Baud rate 115 2 Kbps Character size 8 bits Parity None Stop Bits One Flow Control None To attach the Management Processor connection Describes how to attach the management processor connection 1 Connect one...

Page 44: ...his device The TippingPoint 2500N 5100N 6100N can also use the Smart ZPHA module with the 10GbE segment Refer to the TippingPoint SmartZPHA Module Installation and Safety Guide for more information about this module Check LEDs When you connect power to your IPS the system completes a series of component checks It then displays LEDs to show the status of each component Refer to LEDs on page 32 for ...

Page 45: ...ve more than one power supply source All power sources must be removed to de energize the unit Note This product has serviceable modules and hot swappable power supplies It has no other serviceable parts inside N Platform AC power supply Describes how to install the AC power supply The TippingPoint N Platform includes two AC power modules by default The following diagram shows the rear interface o...

Page 46: ...e device with the button on the front of the chassis N Platform DC power supply Describes how to install the DC power supply DC power supplies are available for the TippingPoint N Platform Consult your TippingPoint account contact for more information if you require a DC power supply Warning When installing the product always make the ground connection before applying power to the unit This equipm...

Page 47: ...ire to the chassis 10 ground screw The wire should be crimped with a ring lug 3 Locate power input terminal block on the back of the module 4 Attach the 12 or 14 AWG DC power wires to the power input terminal block labeled 48V and RTN The power wires should be crimped with lug spades to ensure a secure connection 5 Connect the other side of the power cable to the SELV power source The power source...

Page 48: ...acket on page 42 Removing the bracket on page 44 Power cord retention bracket Provides a description and image of the power cord retention bracket The power cord retention bracket part number 5066 1202 helps reduce strain on the power cord and power supply outlets Figure 7 Power Cord retention bracket Installing and using the bracket Shows an N Platform IPS with the power cord retention bracket in...

Page 49: ...es how to install the bracket Use the following procedure to install the power cord retention bracket 1 Orient the bracket against the back surface of the chassis 2 Slide the bracket over the two shoulder rivets on the back of the chassis The spring loaded plunger in the center of the bracket slides into place Using the power cord retention bracket Describes how to attach the power cord to the ret...

Page 50: ...eet metal tabs 3 Secure the folded cable loop under the sheet metal tabs and attach the power cable to the power supply Removing the bracket Describes how to remove a bracket If you need to remove one of the brackets pull the spring loaded plunger in the middle of the bracket and slide the bracket up and off the shoulder rivets ...

Page 51: ...e left and right keys move the cursor Note Currently you cannot enter IPv6 addresses with the LCD panel If you require IPv6 connectivity use the CLI OBE Configuring the TippingPoint IPS with the LCD panel Describes how to configure the TippingPoint IPS with the LCD panel The following steps describe the use of the LCD panel to perform the initial configuration tasks on the TippingPoint IPS device ...

Page 52: ...ep 3 Note When the LCD OBE wizard is in process the console connected to the device displays a message stating that Initial Setup is currently in process via the LCD Panel After you have completed the initial setup wizard you can use the Local Security Manager GUI to perform monitoring and configuration tasks or use the setup command in the CLI to perform additional configuration tasks Refer to th...

Page 53: ...HA State Query Displays the current High Availability state and settings Contrast Set Set the display contrast for the LCD panel Backlight Set Set the backlight level for the LCD panel Eject CF See Unmounting and ejecting the CompactFlash card on page 49 ...

Page 54: ...ommand line interface CLI The device will continue to perform correctly if an external storage card is not available However if you attempt to take a system snapshot the operation fails and an error is recorded in the system log All N Platform devices come with a pre formatted 1 GB CompactFlash card External storage card commands Lists the commands used to manage the external storage card The foll...

Page 55: ...a menu option that performs the same function as the compact flash unmount command in the CLI Note There is no LCD panel on NX Platform devices The external storage card for these devices must be managed by the command line interface Unmounting and ejecting the CompactFlash card Describes how to unmount and eject the CompactFlash card 1 On the LCD panel use the Up or Down arrow buttons to navigate...

Page 56: ...When you insert a CompactFlash card the LCD display indicates when the card has been successfully mounted on the device If the device has been set to require authentication for CompactFlash cards you must complete the mounting process manually using the CLI compact flash mount command ...

Page 57: ... console on page 51 RJ 45 Ethernet connectors on page 52 Pluggable transceivers on page 53 RJ 45 COM console Describes and provides an image of the RJ 45 connector The following figure displays the RJ 45 connector The following table shows the RJ 45 console connector pinouts Pin number Signal name 1 Request to Send RTS 2 Data Terminal Ready DTR 3 Transmit Data TxD 4 Ground GND 5 Ground GND 6 Recei...

Page 58: ... 10Mbps 100Mbps mode Pin number Signal name 1 Transmit positive Tx 2 Transmit negative Tx 3 Receive positive Rx 4 Ground GND 5 Ground GND 6 Receive negative Rx 7 Ground GND 8 Ground GND Note These ports can auto negotiate their mode and can automatically detect whether they should operate in straight through or cross over mode Use the following pinout information when your RJ 45 device is operatin...

Page 59: ...bE Small Form Factor Pluggable transceivers Note Only optical transceiver modules including SFP XFP SFP and QSFP available from TippingPoint have been validated to achieve optimal performance with TippingPoint products Other vendor devices are not supported Using other vendor devices could be detrimental to proper operation of the TippingPoint system For a list of transceivers supported on N Platf...