Alcatel-Lucent
VPN Firewall Brick
®
Model 1200 Security Appliance
User’sGuide
032360-00 REV A
Issue1
June2008
Alcatel-Lucent - Proprietary
This document contains proprietary information of Alcatel-Lucent and
is not to be disclosed or used except in accordance with applicable agreements.
Copyright © 2008 Alcatel-Lucent
Unpublished and Not for Publication
All Rights Reserved
See notice on first age
Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks
are the property of their respective owners.
The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for
inaccuracies contained herein.
Copyright © 2008 Alcatel-Lucent. All Rights Reserved.
Notice
Every effort was made to ensure that this information product was complete and accurate at the time of printing.
However, information is subject to change.
Conformance statements
Federal Communications Commission (FCC) Notification and Repair Information This equipment has been tested and
found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are
designed to provide reasonable protection against harmful interference when the equipment is operated in a
commercial environment. This equipment generates, uses, and can radiate radio frequency energy. If the equipment is
not installed and used in accordance with the guidelines in this document, the equipment may cause harmful
interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful
interference, in which case the user will be required to correct the interference at the expense of the user.
Alteration or modifications carried out without appropriate authorization may invalidate the user’s right to operate
the equipment.
Security statement
In rare instances, unauthorized individuals make connections to the telecommunications network through the use of
remote access features. In such an event, applicable tariffs require the customer to pay all network charges for
traffic. Lucent Technologies cannot be responsible for such charges and will not make any allowance or give any
credit for charges that result from unauthorized access.
Trademarks
VPN Firewall Brick is a registered trademark of Alcatel-Lucent.
Limited warranty
For terms and conditions of sale, contact your Alcatel-Lucent Account Team.
Ordering Information
The ordering number for this information product is 260-100-041
Thepartnumberforthisinformationproductis032360-00REVA
Technical Support
Alcatel-Lucent Customer Technical Support provides a technical assistance telephone number that is monitored 24
hours. For technical support (continental U.S.) call 1-866-582-3688 and select appropriate prompt. For international
support, please call +1 630-224-4672.
See notice on first age
Contents
Overview ................................................................................................................................................................... 11
Structure of hazard statements
......................................................................................................................... 22
Introduction
.............................................................................................................................................................. 44
To Install a Model 1200 Brick Device
......................................................................................................... 99
To Change the SFP Module for a Model 1200 Brick Device Gigabit Only Port
................... 1212
Illustrations
............................................................................................................................................................. 1515
Specifications
........................................................................................................................................................ 1818
Safety Instructions
............................................................................................................................................... 2121
Laser Safety Guidelines
.................................................................................................................................... 2424
Maintenance
........................................................................................................................................................... 2828
Air Filter
................................................................................................................................................................. 2929
To Perform a Hot Swap of a Power Module
.......................................................................................... 3030
To Replace the Chassis Fan Filter
............................................................................................................... 3232
To Perform a Hot Swap of a Fan Unit
...................................................................................................... 3434
Index
39
...................................................................
iii
List of figures
Rack Mounting Brackets 10
SFP Module (Top, Bottom, Side, and Front Views) 13
Front View of 1200 Brick and 1200 HS Brick Devices 15
Rear View of 1200 Brick Device (AC version) 15
Rear View of 1200 HS Brick Device (AC version) 15
Rear View of 1200 HS Brick Device (DC version) 16
Rear Port View of 1200 Brick Device (AC version) 16
Rear Port View of 1200 HS Brick Device (AC and DC versions) 17
Hot Swap Power Module 31
Fan Filter Replacement 33
Brick Fan Units (Front View) 34
Brick Fan Units (Rear View) 35
Using Fan Filter Cover Hooks to Remove Fan Unit 37
Inserting the Replacement Fan Unit 38
...................................................................
v
Overview
.........................................................................................................................................................................................
Purpose
This document provides a detailed description of the Alcatel-Lucent VPN Firewall Brick
®
Model 1200 Security Appliance, including:
• General information about the Brick device hardware and features
• Instructions on how to install the Brick device
• Illustrations of the Brick device hardware components and interfaces
• Detailed specifications
• Safety instructions
• Maintenance procedures
Contents
Structure of hazard statements 2
Introduction 4
To Install a Model 1200 Brick Device 9
To Change the SFP Module for a Model 1200 Brick Device
Gigabit Only Port
12
Illustrations 15
Specifications 18
Safety Instructions 21
Laser Safety Guidelines 24
Maintenance 28
Air Filter 29
To Perform a Hot Swap of a Power Module 30
To Replace the Chassis Fan Filter 32
To Perform a Hot Swap of a Fan Unit 34
...................................................................
1
Structure of hazard statements
.........................................................................................................................................................................................
Overview
Hazard statements describe the safety risks relevant while performing tasks on
Alcatel-Lucent products during deployment and/or use. Failure to avoid the hazards may
have serious consequences.
General structure
Hazard statements include the following structural elements:
Item Structure element Purpose
1 Personal-injury symbol Indicates the potential for personal injury
(optional)
2 Hazard-type symbol Indicates hazard type (optional)
3 Signal word Indicates the severity of the hazard
4 Hazard type Describes the source of the risk of damage or
injury
5 Damage statement Consequences if protective measures fail
6 Avoidance message Protective measures to take to avoid the hazard
7 Identifier The reference ID of the hazard statement
(optional)
...................................................................
2
Signal words
The signal words identify the hazard severity levels as follows:
Signal word Meaning
DANGER Indicates an imminently hazardous situation (high risk) which, if not
avoided, will result in death or serious injury.
WARNING Indicates a potentially hazardous situation (medium risk) which, if
not avoided, could result in death or serious injury.
CAUTION When used with the personal injury symbol:
Indicates a potentially hazardous situation (low risk) which, if not
avoided, may result in personal injury.
When used without the personal injury symbol:
Indicates a potentially hazardous situation (low risk) which, if not
avoided, may result in property damage, such as service interruption
or damage to equipment or other materials.
Structure of hazard statements
...................................................................
3
Introduction
.........................................................................................................................................................................................
General
A Model 1200 Brick device measures approximately 17″ (W)x19″ (D) x 3.5″(H) and is
intended to be installed on a standard 19-inch rack. It comes with two optional
rack-mounting brackets that can be attached to the sides to secure it to the rack.
There are two basic Brick 1200 models:
• The 1200 Brick (AC version only)
• The 1200 HS Brick (AC and DC versions)
Ports
The following table summarizes the number and type of ports that are supported on each
Brick 1200 model:
Port Type 1200 Brick Device 1200 HS Brick Device
10/100/1000BaseTX 8 14
Gigabit only interfaces
1
26
Notes:
1. The Gigabit only ports operate solely at the 1 Gigabit rate and are not 10/100/1000baseTX
auto-switchable. These ports are activated when the user inserts a Small Form-factor Pluggable
(SFP) module, which is ordered separately.
Power supply
The Model 1200 Brick device utilizes hot swappable mini-redundant power supplies for
both AC and DC versions.
Gigabit only interfaces
The Gigabit only ports on the Model 1200 Brick are configurable for copper/fiber
connections via Small Form-factor Pluggable (SFP) modules, which are sometimes referred
to as “mini-GBICs”.
The SFP module design is based on the GBIC interface, which is a standard for
transceivers that commonly use Gigabit copper Ethernet and fiber channels. The SFP is a
standard, hot swappable electrical interface that supports the full range of physical media,
from copper to optical fiber (multi mode or single mode) through the use of the appropriate
SFP module. These SFP modules can be easily interchanged, which allow networks to have
ports added or changed as the administrator wishes.
...................................................................
4
Hardware encryption
A hardware-based Encryption Accelerator (AES) Card is standard on the DC version and
AC version of the Model 1200 Brick.
Front view
The front of the Model 1200 Brick device has a chassis fan filter replacement panel on the
left side, with light-emitting diode (LED) activity lights, Power, Audible Cut-Off (ACO),
and Unit ID LEDs/buttons, and two USB ports on the right side.
The following table describes the function, label, color and operation of each LED activity
light/button on the front panel.
Function LED/Button Label Color Operation
Power LED/button
(front)
1
Pwr GRN Steady ON=unit is
powered
Power Module Status PS1 GRN Steady ON=module 1 is
operating
PS2 GRN Steady ON=module 2 is
operating
Hard Disk Activity FD Act GRN Flashing=HDD activity
Encrypt Active EA Act GRN Steady ON=encryption
card active.
Flashing=data passing
through encryption card
Failover active FO Act GRN Steady ON=unit is in
failover mode and active
Flashing=unit in standby
Fan Bank Failure Fan1 GRN Steady ON=fan in
bank1 has failed
Fan2 GRN Steady ON=fan in
bank2 has failed
Fault
2
Fault YEL Steady ON=unit is in
the alarm state
ACO Active LED/button
3
ACO Act GRN Steady ON=the ACO
switch has been pressed
during an alarm state.
Steady OFF=no alarm
state is present or the
ACO button has not
been pressed during an
alarm state. The ACO
LED self-clears when
the offending alarm is
removed.
Introduction
...................................................................
5
Function LED/Button Label Color Operation
Unit Indicator
LED/button
Unit ID BLU Steady ON=highlights a
particular unit in a rack
of equipment. LED
Indicator is on front
(button) and rear of
unit.
Notes:
1. The Power LED/button works like a momentary switch. To power up the Brick device, press the
button in and a steady green LED light indicates that the Brick is powered up. To power down
the Brick device, press and hold the button in again for at least 3 seconds.
2. If lit, there is an alarm fault in either the power supplies or fans. Observe the Fan1 and Fan2
LEDs to determine if it is a Fan alarm, or the PS1 and PS2 LEDs to determine if it is a power
supply alarm.
3. The Audible Cut Out (ACO) LED/button works like a momentary switch. Press the button in to
turn off an audible alarm and the ACO LED.
4. The Unit ID LED/button works like a momentary switch. Press and hold the button in to activate
the front and rear Unit ID LEDs. When pressed in for about 6 seconds, the Unit ID button starts
on-demand diagnostics (refer to the section “Hardware diagnostics” (p. 6)).
In addition to the activity lights described above, the DC version of the Model 1200 Brick
also has a Fault light, which is amber when power is lost to the A or B power connector.
Hardware diagnostics
When the Model 1200 Brick is powered on and boots up, it performs a Power On Self Test
(POST) diagnostics check of the motherboard, during which its memory, circuitry, and
peripherals are tested and configured. If the boot up of the motherboard is successful, the
motherboard LEDs, which are visible through four holes located in the rear of the chassis
near the bottom center of the Brick, flash green or red and then go out. If the boot up of
the motherboard is unsuccessful, each LED on the motherboard displays a steady green or
red. Should this occur, contact Alcatel-Lucent Customer Technical Support and indicate the
locked color status of each LED on the motherboard, from left to right, which can be used
to help determine the problem encountered during the POST diagnostics check.
The Model 1200 Brick also allows you to perform an on-demand diagnostics check of the
front panel alarms hardware (controlled by the Brick Alarm card installed in the front
chassis of the Brick), or to confirm a fault that might have occurred during normal
operations.
To perform an on-demand diagnostics check, do the following:
1. Confirm that the Brick is connected to an active power source.
2. Press and hold the Unit ID LED/button for five seconds.
...................................................................
6
The Brick’s front alarm card initially performs a program self-check. If this fails, all front
panel LEDs and the audible alarm buzzer cycle together through three blinks/audible alarms
and the on-demand diagnostics is terminated.
If the diagnostics program self-check passes, the Brick turns off all LEDs or audible alarms
that are active, then cycles through each alarm indicator on and off 3 times, one cycle per
second, sequentially.
The alarm indicators are activated in the following sequence:
1. PS1 LED
2. PS2 LED
3. FD Act
4. FO Act LED
5. Fan1 LED
6. Fan2 LED
7. Fault LED
8. ACO LED
9. Unit ID LED
10. Audible alarm (buzzer)
11. Remote Visual Alarm relay
12. Remove Audible Alarm relay
After the on-demand diagnostics run is completed, the front panel alarm indicators return to
their original state.
Rear view
The rear of the Model 1200 Brick device provides access to two hot swappable redundant
power supplies. There is an alarm interface terminal block with dry contact closures for
Visual and Audible alarms that can be connected to a local alarm system. There are two
10/100/1000baseTX interfaces on the motherboard. In addition, there are six
10/100/1000BaseTX interfaces on both versions of the Model 1200 Brick, with 1Gigabit
only ports (two on the Standard version and six on the HS version) where SFP modules
can be inserted. The rear also contains a keyboard port, a monitor port, the console port,
two USB ports, and the Unit ID LED light.
Important! For installation into networks that are subject to surges, a shielded Ethernet
cable and/or serial port cable may be needed for regulatory compliance.
Alcatel-Lucent Security Management Server (SMS) software
The Model 1200 Brick device is supported by a patch release of SMS Release 9.0 (and
later SMS releases). To upgrade SMS R9.0 with a software patch that incorporates the
Model 1200 Brick software, or to obtain the latest software patches for R9.0 in the future,
download the software patches from the VPN Firewall Product Registration and Support
website: (https://www.lucent-ipsec.com). On the VPN Firewall Product Registration and
Introduction
...................................................................
7
Support web page, enter your User Name and Password (which are established during the
product registration process).
If you are a registered customer, the VPN Firewall Registration web page is displayed.
Click on the link on the left side of the page labeled
Downloads to access the Downloads
page. The Downloads page has a series of buttons which allow you to select and download
the required software release/patch. For additional instructions on how to download and
install the required SMS software release/patch, refer to the SMS product Release Notes.
CAUTION:
CAUTION
Electric shock hazard
Risk of shock
Before connecting power on the DC version of the Model 1200 Brick device, the Brick
device chassis must be properly grounded. Two 10-32 threaded studs, spaced 0.625 inches
apart, are provided at the rear of the chassis for grounding purposes.
Alarm outputs
Visual and Audible Alarm outputs are available from the rear of the Model 1200 Brick
device. Each Form C relay provides NO (Normally Open), C (Common), and NC
(Normally Closed) contacts. The designations NO, C, and NC represent the powered
″good″ state of the Brick device.
All contacts are limited to ±60V and 0.75A.
Visual Alarm Output - indicates the Alarm state of the Brick device and remains until the
alarm is gone.
Audible Alarm Output - indicates the Alarm state of the Brick device but can be disabled
with the ACO (Audible Cut Out) and will not reactivate until the existing alarm has been
cleared and a new alarm has been generated.
Handling Brick device components
To prevent damage to components from electrostatic discharge, always follow the proper
guidelines for equipment handling and storage. Adapter cards and semiconductor devices in
general can be easily and permanently damaged due to electrostatic discharge during
installation and removal.
In order to reduce the static potential, the user should be properly grounded through the use
of an approved antistatic wrist strap when installing, removing or handling Brick devices.
...................................................................
8
To Install a Model 1200 Brick Device
.........................................................................................................................................................................................
When to use
Use this procedure to install a 1200 Brick device. It includes special handling instructions
for the AC and DC versions of the Model 1200 Brick device.
Task: installing a Model 1200 Brick device
Complete the following steps to install a Model 1200 Brick device.
.........................................................................................................................................................................
1
Remove the Brick device from the carton in which it was shipped.
.........................................................................................................................................................................
2
If additional support is needed (other than the two front brackets), use the additional side
mounted brackets. Slide the two adjustable rear mounting brackets into the mounting guide.
Depending on the rack mounting requirements, the rear brackets can be inserted in the
guide in either position shown in Figure 1, “ Rack Mounting Brackets” (p. 10).
The General Devices slide rails (part number C300-S-122) can be used for cabinet
mounting applications.
.........................................................................................................................................................................
3
Position the Brick device in the rack and fasten the Brick device to the rack using the front
brackets on either side of the device with two #2 Phillips head screws per bracket. If the
...................................................................
9
rear brackets are used, slide the bracket to the frame and fasten with two screws per
bracket.
.........................................................................................................................................................................
4
For AC models, take the two power cords that come with the unit and connect them to the
two power supply connectors on the back. See Figure 4, “Rear View of 1200 Brick Device
(AC version)” (p. 15)and Figure 5, “Rear View of 1200 HS Brick Device (AC version)”
(p. 15)for the location of the connectors.
.........................................................................................................................................................................
5
For DC models, make the following power connections (see Figure 6, “Rear View of 1200
HS Brick Device (DC version)” (p. 16) for the location of the connections):
-48VDC Power
Figure 1 Rack Mounting Brackets
...................................................................
10
Two 12 foot power cables are provided. These cables consist of a pair of 12 AWG wires
and Faston connectors, which fasten directly into a field wiring terminal block on the
power supply. The other end of the cable is pre-stripped (3/8″) for connection to a fuse
panel or other source of -48VDC power. Observe proper polarity when connecting to a fuse
panel. The BLACK wire is ground and the RED wire is -48VDC.
The battery return conductor is an Isolated DC Return (DC-1).
Primary Ground
The product has been designed to be installed in a Common Bonding Network (CBN). The
Brick device has a primary ground connection on the rear of the unit. The connection point
is identified with the earth connection point symbol. This connection utilizes two 10-32
studs on 0.625″ centers. Lock washers and nuts for fastening a terminal lug are provided.
The primary ground must be utilized and the wire and lug must be selected in accordance
with NEC, state, local and customer guidelines.
.........................................................................................................................................................................
6
Connect the SMS to one of the Ethernet interfaces on the back (refer to Figure 4, “Rear
View of 1200 Brick Device (AC version)” (p. 15) through Figure 8, “Rear Port View of
1200 HS Brick Device (AC and DC versions)” (p. 17)). The following explains the type of
Ethernet cable to use:
Direct connection
If you are connecting the SMS directly to the Brick device, use a crossover Ethernet cable.
Hub/Switch
If you are connecting the Brick device to the SMS by means of a hub or switch, use
regular Ethernet cables from the SMS to the hub/switch, and from the hub/switch to the
interface on the back.
.........................................................................................................................................................................
7
Connect the LANs to the Brick device. Insert the Ethernet cable from the LANs into the
remaining Ethernet interfaces (see Figures 4 through 9).
Keep a record of the interfaces to which the SMS and the various LANs are connected.
You will need this information later when you create security zones and assign them to
interfaces.
.........................................................................................................................................................................
8
Power up the Brick device. It is now ready to be configured using the SMS (refer to the
Configuring and Activating an Alcatel-Lucent VPN Firewall Brick® Security Appliance
chapter in the SMS Administration Guide for instructions).
E ND OF STEPS
.............................................................................................................................................................................................
To Install a Model 1200 Brick Device
...................................................................
11
To Change the SFP Module for a Model 1200 Brick Device
Gigabit Only Port
.........................................................................................................................................................................................
When to use
Use the following tasks to install an SFP module or to remove an SFP module for a
Gigabit only port on a Model 1200 Brick device.
Important! There are a variety of SFP modules that are commercially available.
However, Alcatel-Lucent only qualifies that the SFP modules that can be ordered from
Alcatel-Lucent will work properly. The user assumes all liability when using SFP
modules other than those available from Alcatel-Lucent. Contact your sales
representative for additional information.
Task: installing an SFP module
Complete the following steps to install an SFP module:
.........................................................................................................................................................................
1
Remove the SFP module from its protective packaging, and verify that the SFP module is
the correct model for your network configuration.
Note: you can identify SFP modules by the SFP module label, which also lists the SFP
model number and wavelength (if fiber).
Refer to Figure 2, “SFP Module (Top, Bottom, Side, and Front Views)” (p. 13) to
locate the SFP module label.
...................................................................
12
.........................................................................................................................................................................
2
Verify that the bale clasp on the front of the SFP module is closed before inserting the SFP
module (refer to Figure 2, “SFP Module (Top, Bottom, Side, and Front Views)” (p. 13)).
.........................................................................................................................................................................
3
CAUTION
Possible Equipment Damage
Do not remove the dust plugs from the optical bore of the SFP module or the dust caps
from the fiber-optic cable until you are ready to connect the cable. The plugs and caps
protect the SFP module optical ports and cable connectors from contamination.
Align the SFP module in front of the slot opening with its connection pins in the upward
position (the SFP module label will face in a downward position), and slide the SFP
Figure 2 SFP Module (Top, Bottom, Side, and Front Views)
To Change the SFP Module for a Model 1200 Brick Device Gigabit Only Port
...................................................................
13
module into the slot until you feel the connector on the module snap into place in the rear
of the slot.
Task: removing an SFP module
Complete the following steps to remove an SFP module from a Model 1200 Brick device:
.........................................................................................................................................................................
1
Disconnect the Ethernet or fiber-optic connector cable from the SFP module.
.........................................................................................................................................................................
2
Pivot the bale up to release the SFP module latching mechanism.
If the bale-clasp latch is obstructed and you cannot use your index finger to open it, use a
small, flat-blade screwdriver or other long, narrow instrument to open the bale-clasp latch.
.........................................................................................................................................................................
3
Grasp the SFP module between your thumb and index finger and carefully slide the module
out of the receptacle.
.........................................................................................................................................................................
4
Close the SFP bale clasp and insert the dust plug into the optical bores (if fiber).
.........................................................................................................................................................................
5
Place the SFP module in an antistatic bag or other protective environment.
E ND OF STEPS
.............................................................................................................................................................................................
...................................................................
14
E
ND OF STEPS
.........................................................................................................................................................................
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
Ask a question and I''ll find the answer in the document
Finding information in a document is now easier with AI
Related papers
-
Alcatel-Lucent Security Management Server (SMS) Release 9.4 Installation guide
-
-
Alcatel OS9000 User manual
-
-
-
-
-
-
-
Other documents
-
-
Lucent Technologies 1200 User manual
-
FläktGroup Recycling Installation guide
-
Maxell llexam User manual
-
TENMARS TM-904 User manual
-
-
Panasonic UJ30 User manual
-
Hitachi LM-C300S/P Quick Reference Manual
-
Nokia 7210 SAS-R12 Installation guide
-
Oracle Pillar Axiom 600 Hardware Installation Manual
