Symantec 10521146 - Network Security 7120 User manual

Category
Networking
Type
User manual

This manual is also suitable for

Symantec™ Network Security
In-line Bypass Unit User Guide
2
Symantec Network Security In-line Bypass Unit
User Guide
The device described in this book is furnished under a license agreement and may be used only in
accordance with the terms of the agreement.
PN: 10293105
Copyright Notice
Copyright © 2004 Symantec Corporation.
All Rights Reserved.
Any technical documentation that is made available by Symantec Corporation is the copyrighted work
of Symantec Corporation and is owned by Symantec Corporation.
NO WARRANTY. The technical documentation is being delivered to you AS-IS, and Symantec
Corporation makes no warranty as to its accuracy or use. Any use of the technical documentation or the
information contained therein is at the risk of the user. Documentation may include technical or other
inaccuracies or typographical errors. Symantec reserves the right to make changes without prior
notice.
No part of this publication may be copied without the express written permission of Symantec
Corporation, 20330 Stevens Creek Blvd., Cupertino, CA 95014.
Trademarks. Symantec and the Symantec logo are U.S. registered trademarks of Symantec
Corporation. Symantec Network Security is a trademark of Symantec Corporation.
Other brands and product names mentioned in this manual may be trademarks or registered
trademarks of their respective companies and are hereby acknowledged.
Windows is a registered trademark, and 95, 98, NT and 2002 are trademarks of Microsoft Corporation.
Pentium is a registered trademark of Intel Corporation. Sun is a registered trademark, and Java, Solaris,
Ultra, Enterprise, and SPARC are trademarks of Sun Microsystems. UNIX is a registered trademark of
UNIX System Laboratories, Inc. Cisco and Catalyst are registered trademarks of Cisco Systems, Inc.
Foundry is a registered trademark of Foundry Networks. Juniper is a registered trademark of Juniper
Networks, Inc. iButton is a trademark of Dallas Semiconductor Corp. Dell is a registered trademark of
Dell Computer Corporation. Check Point and OPSEC are trademarks and FireWall-1 is a registered
trademark of Check Point Software Technologies, Ltd. Tripwire is a registered trademark of Tripwire,
Inc.
Symantec Network Security software contains/includes the following Third Party Software from
external sources:
“bzip2” and associated library “libbzip2,” Copyright © 1996-1998, Julian R Seward. All rights reserved.
(http://sources.redhat.com/bzip2).
“Castor,”ExoLab Group, Copyright 1999-2001 © 199-2001 Intalio, Inc. All rights reserved.
(http://www.exolab.org
).
Printed in the United States of America. 10 9 8 7 6 5 4 3 2 1
3
Technical support
As part of Symantec Security Response, the Symantec global Technical Support
group maintains support centers throughout the world. The Technical Support
group’s primary role is to respond to specific questions on product
feature/function, installation, and configuration, as well as to author content for
our Web-accessible Knowledge Base. The Technical Support group works
collaboratively with the other functional areas within Symantec to answer your
questions in a timely fashion. For example, the Technical Support group works
with Product Engineering as well as Symantec Security Response to provide
Alerting Services and Virus Definition Updates for virus outbreaks and security
alerts.
Symantec technical support offerings include:
A range of support options that give you the flexibility to select the right
amount of service for any size organization
Telephone and Web support components that provide rapid response and
up-to-the-minute information
Upgrade insurance that delivers automatic software upgrade protection
Content Updates for virus definitions and security signatures that ensure
the highest level of protection
Global support from Symantec Security Response experts, which is
available 24 hours a day, 7 days a week worldwide in a variety of languages
Advanced features, such as the Symantec Alerting Service and Technical
Account Manager role, offer enhanced response and proactive security
support
Please visit our Web site for current information on Support Programs. The
specific features available may vary based on the level of support purchased and
the specific product that you are using.
Licensing and registration
If the product that you are implementing requires registration and/or a license
key, the fastest and easiest way to register your service is to access the
Symantec licensing and registration site at www.symantec.com/certificate.
Alternatively, you may go to www.symantec.com/techsupp/ent/enterprise.html,
select the product that you wish to register, and from the Product Home Page,
select the Licensing and Registration link.
Contacting Technical Support
Customers with a current support agreement may contact the Technical
Support group via phone or online at www.symantec.com/techsupp.
Customers with Platinum support agreements may contact Platinum Technical
Support via the Platinum Web site at www-secure.symantec.com/platinum/.
4
When contacting the Technical Support group, please have the following:
Product release level
Hardware information
Available memory, disk space, NIC information
Operating system
Version and patch level
Network topology
Router, gateway, and IP address information
Problem description
Error messages/log files
Troubleshooting performed prior to contacting Symantec
Recent software configuration changes and/or network changes
Customer Service
To contact Enterprise Customer Service online, go to www.symantec.com, select
the appropriate Global Site for your country, then choose Service and Support.
Customer Service is available to assist with the following types of issues:
Questions regarding product licensing or serialization
Product registration updates such as address or name changes
General product information (features, language availability, local dealers)
Latest information on product updates and upgrades
Information on upgrade insurance and maintenance contracts
Information on Symantec Value License Program
Advice on Symantec's technical support options
Nontechnical pre-sales questions
Missing or defective CD-ROMs or manuals
SYMANTEC NETWORK SECURITY
IN-LINE BYPASS UNIT WARRANTY AGREEMENT
SYMANTEC CORPORATION AND/OR ITS SUBSIDIARIES
(“SYMANTEC”) IS WILLING TO PROVIDE WARRANTIES AS
SET FORTH HEREIN ON THE IN-LINE BYPASS UNIT YOU
HAVE PURCHASED TO YOU AS AN INDIVIDUAL, THE
COMPANY, OR THE LEGAL ENTITY THAT WILL BE
UTILIZING THE IN-LINE BYPASS UNIT (REFERENCED BELOW
AS “YOU OR YOUR”) AND TO PROVIDE WARRANTIES ON
THE IN-LINE BYPASS UNIT ONLY ON THE CONDITION THAT
YOU ACCEPT ALL OF THE TERMS OF THIS WARRANTY
AGREEMENT. READ THE TERMS AND CONDITIONS OF THIS
WARRANTY AGREEMENT CAREFULLY BEFORE USING THE
IN-LINE BYPASS UNIT. THIS IS A LEGAL AND ENFORCEABLE
CONTRACT BETWEEN YOU AND SYMANTEC. BY OPENING
THIS PACKAGE, BREAKING THE SEAL, CLICKING ON THE
“AGREE” OR “YES” BUTTON OR OTHERWISE INDICATING
ASSENT ELECTRONICALLY, REQUESTING A LICENSE KEY OR
USING THE IN-LINE BYPASS UNIT, YOU AGREE TO THE
TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO
NOT AGREE TO THESE TERMS AND CONDITIONS, CLICK ON
THE “I DO NOT AGREE” OR “NO” BUTTON IF APPLICABLE
AND DO NOT USE THE IN-LINE BYPASS UNIT.
1. Limited Warranty:
Symantec warrants that the in-line bypass unit (“In-line
Bypass Unit”) You have purchased shall be free from defects in
material and workmanship under normal use and service and
substantially conform to the written documentation
accompanying the In-line Bypass Unit for a period of three
hundred sixty-five (365) days from the date of original
purchase. Your sole remedy in the event of a breach of this
warranty will be that Symantec will, at its option, repair or
replace any defective In-line Bypass Unit returned to Symantec
within the warranty period or refund the money You paid for
In-line Bypass Unit.
The warranties contained in this Agreement will not apply to
any In-line Bypass Unit which:
A. has been altered, supplemented, upgraded or modified in
any way;
B. has been repaired except by Symantec or its designee; or
C. has been inserted into, used or operated with any device for
which it is not intended as stated in the user documentation
accompanying the In-line Bypass Unit.
Additionally, the warranties contained in this Agreement do
not apply to repair or replacement caused or necessitated by:
(i) events occurring after risk of loss passes to You such as loss
or damage during shipment; (ii) acts of God including without
limitation natural acts such as fire, flood, wind earthquake,
lightning or similar disaster; (iii) improper use, environment,
installation or electrical supply, improper maintenance, or any
other misuse, abuse or mishandling; (iv) governmental actions
or inactions; (v) strikes or work stoppages; (vi) Your failure to
follow applicable use or operations instructions or manuals;
(vii) Your failure to implement, or to allow Symantec or its
designee to implement, any corrections or modifications to the
In-line Bypass Unit made available to You by Symantec; or (viii)
such other events outside Symantec’s reasonable control.
Upon discovery of any failure of the In-line Bypass Unit, or
component thereof, to conform to the applicable warranty
during the applicable warranty period, You are required to
contact us within ten (10) days after such failure and seek a
return material authorization (“RMA”) number. Symantec will
promptly issue the requested RMA as long as we determine
that You meet the conditions for warranty service. The
allegedly defective In-line Bypass Unit, or component thereof,
shall be returned to Symantec, securely and properly
packaged, freight and insurance prepaid, with the RMA
number prominently displayed on the exterior of the shipment
packaging and with the In-line Bypass Unit. Symantec will
have no obligation to accept any In-line Bypass Unit which is
returned without an RMA number.
Upon completion of repair or if Symantec decides, in
accordance with the warranty, to replace a defective In-line
Bypass Unit, Symantec will return such repaired or
replacement In-line Bypass Unit to You, freight and insurance
prepaid. In the event that Symantec, in its sole discretion,
determines that it is unable to replace or repair the In-line
Bypass Unit, Symantec will refund to You the F.O.B. price paid
by You for the defective In-line Bypass Unit. Defective In-line
Bypass Units returned to Symantec will become the property
of Symantec.
Symantec does not warrant that the In-line Bypass Unit will
meet Your requirements or that operation of the In-line Bypass
Unit will be uninterrupted or that the In-line Bypass Unit will
be error-free.
In order to exercise any of the warranty rights contained in
this Agreement, You must have available an original sales
receipt or bill of sale demonstrating proof of purchase with
Your warranty claim.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE
LAW, THE ABOVE WARRANTY IS EXCLUSIVE AND IN LIEU
OF ALL OTHER WARRANTIES, WHETHER EXPRESS OR
IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, AND NONINFRINGEMENT OF INTELLECTUAL
PROPERTY RIGHTS. THIS WARRANTY GIVES YOU
SPECIFIC LEGAL RIGHTS. YOU MAY HAVE OTHER
RIGHTS, WHICH VARY FROM STATE TO STATE AND
COUNTRY TO COUNTRY.
2. Disclaimer of Damages:
SOME STATES AND COUNTRIES, INCLUDING MEMBER
COUNTRIES OF THE EUROPEAN ECONOMIC AREA, DO NOT
ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR
INCIDENTAL OR CONSEQUENTIAL DAMAGES SO THE
BELOW LIMITATION OR EXCLUSION MAY NOT APPLY TO
YOU.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE
LAW AND REGARDLESS OF WHETHER ANY REMEDY SET
FORTH HEREIN FAILS OF ITS ESSENTIAL PURPOSE, IN NO
EVENT WILL SYMANTEC OR ITS LICENSORS BE LIABLE TO
YOU FOR ANY SPECIAL, CONSEQUENTIAL, INDIRECT OR
SIMILAR DAMAGES, INCLUDING ANY LOST PROFITS OR
LOST DATA ARISING OUT OF THE USE OR INABILITY TO
USE THE IN-LINE BYPASS UNIT EVEN IF SYMANTEC HAS
BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
IN NO CASE SHALL SYMANTEC'S OR ITS LICENSORS’
LIABILITY EXCEED THE PURCHASE PRICE FOR THE
IN-LINE BYPASS UNIT. The disclaimers and limitations set
forth above will apply regardless of whether You accept the
In-line Bypass Unit.
3. Export Regulation:
Certain Symantec products are subject to export controls by
the U.S. Department of Commerce (DOC), under the Export
Administration Regulations (EAR) (see www.bxa.doc.gov).
Violation of U.S. law is strictly prohibited. Licensee agrees to
comply with the requirements of the EAR and all applicable
international, national, state, regional and local laws, and
regulations, including any applicable import and use
restrictions. Symantec products are currently prohibited for
export or re-export to Cuba, North Korea, Iran, Iraq, Libya,
Syria and Sudan or to any country subject to applicable trade
sanctions. Licensee agrees not to export, or re-export, directly
or indirectly, any product to any country outlined in the EAR,
nor to any person or entity on the DOC Denied Persons,
Entities and Unverified Lists, the U.S. Department of State’s
Debarred List, or on the U.S. Department of Treasury's lists of
Specially Designated Nationals, Specially Designated Narcotics
Traffickers, or Specially Designated Terrorists. Furthermore,
Licensee agrees not to export, or re-export, Symantec products
to any military entity not approved under the EAR, or to any
other entity for any military purpose, nor will it sell any
Symantec product for use in connection with chemical,
biological, or nuclear weapons or missiles capable of delivering
such weapons.
4. General:
If You are located in North America or Latin America, this
Agreement will be governed by the laws of the State of
California, United States of America. Otherwise, this
Agreement will be governed by the laws of England. This
Agreement is the entire agreement between You and Symantec
relating to the In-line Bypass Unit and: (i) supersedes all prior
or contemporaneous oral or written communications,
proposals and representations with respect to its subject
matter; and (ii) prevails over any conflicting or additional
terms of any quote, order, acknowledgment or similar
communications between the parties. This Agreement may
only be modified by a written document which has been signed
by both You and Symantec. This Agreement shall terminate
upon Your breach of any term contained herein and You shall
cease use of and destroy the In-line Bypass Unit. The
disclaimers of warranties and damages and limitations on
liability shall survive termination. Should You have any
questions concerning this Agreement, or if You desire to
contact Symantec for any reason, please write: (i) Symantec
Customer Service, 555 International Way, Springfield, OR
97477, USA, or (ii) Symantec Customer Service Center, PO BOX
5689, Dublin 15, Ireland.
Contents
About the Symantec Network Security In-line Bypass unit ........................... 9
Verifying the contents of the box .....................................................................10
In-line Bypass unit features ............................................................................... 10
The 2 In-line Bypass unit ............................................................................ 11
The 4 In-line Bypass unit ............................................................................ 11
USB connection ............................................................................................ 12
Port groups ...................................................................................................12
Matching port groups to in-line pairs ......................................................14
Online and bypass modes ........................................................................... 15
Auto-negotiation on bypass unit interfaces ............................................ 16
Front panel LEDs on the bypass unit ........................................................16
Rear panel LEDs on the bypass unit ......................................................... 17
Setup overview ..................................................................................................... 18
Mounting onto a rack ..........................................................................................19
Cabling the 2 In-line Bypass unit to the 7120 .................................................20
Cabling port group 0 to the 7120 ...............................................................21
Cabling port group 1 to the 7120 ...............................................................22
Cabling the USB port to the 7120 ..............................................................22
Connecting the power on the 2 In-line Bypass unit ...............................22
Cabling the 4 In-line Bypass unit to the 7160 .................................................23
Cabling port group 0 to the 7160 ...............................................................25
Cabling port group 1 to the 7160 ...............................................................25
Cabling port group 2 to the 7160 ...............................................................25
Cabling port group 3 to the 7160 ...............................................................26
Cabling the USB port to the 7160 ..............................................................26
Connecting the power on the 4 In-line Bypass unit ...............................26
Product specifications ......................................................................................... 27
Product certifications ......................................................................................... 28
CE certification ............................................................................................. 28
Safety instructions .............................................................................................. 28
8 Contents
About the Symantec Network Security In-line
Bypass unit
The In-line Bypass unit is available in two models, the 2 In-line Bypass unit and
the 4 In-line Bypass unit. This user guide contains instructions for both.
The bypass unit provides fail-open capability for in-line installations of the
Symantec Network Security 7100 Series appliance. Fail-open is a configuration
that allows network traffic to continue even if the 7100 Series has a hardware or
software failure that affects one or more of its in-line interface pairs. While
connected to the network and the 7100 Series appliance, the bypass unit
monitors the appliance. If it senses an appliance failure, the bypass unit
provides direct network connectivity.
Both bypass unit models can connect to either 10/100 Base-T (Fast Ethernet) or
10/100/1000 Base-T (gigabit copper) ports. Neither model provides fail-open for
the gigabit fiber interfaces on the 7161 appliance.
Both bypass unit models operate at wire speeds and have no impact on
performance.
To begin using the bypass unit after physically installing it, use the Network
Security console to configure the corresponding in-line pairs.
For more information about using the In-line Bypass unit with your 7100 Series
appliance, see the Symantec Network Security 7100 Series Implementation Guide.
This user guide includes the following topics:
Verifying the contents of the box
In-line Bypass unit features
Setup overview
Mounting onto a rack
Cabling the 2 In-line Bypass unit to the 7120
Cabling the 4 In-line Bypass unit to the 7160
Product specifications
Product certifications
10
Verifying the contents of the box
Safety instructions
Verifying the contents of the box
Verify that the following materials are included with the In-line Bypass unit:
Two power cords
USB cable
Cat-5e Ethernet cables:
Four cables with a 2 In-line Bypass unit
Eight cables with a 4 In-line Bypass unit
Two L-brackets
Symantec Network Security In-line Bypass Unit User Guide
Note: Cables are provided to connect the In-line Bypass unit to your 7100 Series
appliance. However, you will need to provide cables to connect the bypass unit
to your network devices.
In-line Bypass unit features
This section contains information about the following topics:
The 2 In-line Bypass unit
The 4 In-line Bypass unit
USB connection
Port groups
Matching port groups to in-line pairs
Online and bypass modes
Auto-negotiation on bypass unit interfaces
Front panel LEDs on the bypass unit
Rear panel LEDs on the bypass unit
11
In-line Bypass unit features
Table 1-1 summarizes the features of the two bypass unit models.
The 2 In-line Bypass unit
The 2 In-line Bypass unit has two port groups. It can provide fail-open capability
for up to two in-line connections.
Note: The 2 In-line Bypass unit is supported only for use with the Symantec
Network Security 7120 appliance.
Figure 1-1 shows the rear panel of the 2 In-line Bypass unit.
Figure 1-1 2 In-line Bypass unit
The 4 In-line Bypass unit
The 4 In-line Bypass unit has four port groups. It can provide fail-open
capability for up to four in-line connections.
Table 1-1 In-line Bypass unit features
Feature 2 In-line Bypass unit 4 In-line Bypass unit
Supported appliance model 7120 7160
Supported number of in-line interface
pairs (equals number of port groups on
bypass unit)
24
10/100/1000 Base-TX (MDIX)
interfaces
24
10/100/1000 Base-T (MDI) interfaces 6 12
USB ports 1 1
1 - Serial port (unused)
2 - Mgmt USB
3 - Power supply 1
4 - Power supply 2
5 - Net A
6 - App A
7 - App B
8 - Net B
9 - Port group 1
10 - Port group 0
12
In-line Bypass unit features
Note: The 4 In-line Bypass unit is supported only for use with the Symantec
Network Security 7160 appliance.
Figure 1-2 shows the rear panel of the 4 In-line Bypass unit.
Figure 1-2 4 In-line Bypass unit
USB connection
The Symantec Network Security 7100 Series appliance communicates with the
In-line Bypass unit via the USB connection. The appliance sends commands to
the bypass unit and also sends a periodic keep-alive signal through the USB
connection.
Port groups
The 2 In-line Bypass unit contains two groups of four ports each, referred to as
port groups. The ports in the port group connect to the two network segments
and the two interfaces of the appliance in-line pair. The 4 In-line Bypass unit
contains four port groups.
Figure 1-3 Port group layout
1 - Serial port (unused)
2 - Mgmt USB
3 - Power supply 1
4 - Power supply 2
5 - Port group 0
6 - Port group 1
7 - Port group 2
8 - Port group 3
Each port group includes:
Net A, App A, App B, Net B
Net A App A App B Net B
13
In-line Bypass unit features
Each of the four ports has specific cabling requirements. The Net A and App A
ports in the port group, along with the even-numbered port of the 7100 Series
in-line pair, handle traffic on one side of the network connection. The Net B and
App B ports in the port group and the odd-numbered port of the appliance
in-line pair handle traffic on the other side of the network connection.
The Net A port of each port group on the bypass unit is implemented as
10/100/1000Base-TX. It is a Medium Dependent Interface, crossed (MDIX). You
may need a crossover cable to connect Net A to some devices. The Net B port of
each port group is implemented as 10/100/1000Base-T (MDI - not crossed).
Consult the documentation for your network devices to determine whether they
require crossover connections.
Figure 1-4 depicts a port group connected to an in-line pair and two network devices.
Net A Connects via a network device to one side of the network. Traffic
entering the bypass unit through Net A passes through App A to
one port of the 7100 Series in-line pair.
App A Connects to the 7100 Series port that handles traffic on the side of
the network connected to Net A.
App B Connects to the 7100 Series port that handles traffic on the side of
the network connected to Net B.
Net B Connects via a network device to the other side of the network.
Traffic entering the bypass unit through Net B passes through App
B to one port of the 7100 Series in-line pair.
14
In-line Bypass unit features
Figure 1-4 Connected port group
Matching port groups to in-line pairs
Each port group has a designated in-line pair on the 7100 Series.
Warning: Connect each port group to the specified in-line pair. Connecting a port
group to a different in-line pair is not supported.
Note: Do not connect the bypass unit to 7100 Series interfaces that are
configured in passive mode, or are part of an interface group.
0 - Port 0 (eth0)
1 - Port 1 (eth1)
2 - Port 2 (eth2)
3 - Port 3 (eth3)
2/3 - In-line pair 1
4 - Net A
5 - App A
6 - App B
7 - Net B
Network
Network
2 In-line Bypass unit
7120 appliance
Port group 1
Port group 0
15
In-line Bypass unit features
Table 1-2 defines the cabling matrix for both In-line Bypass unit models and the
two supported 7100 Series appliance models.
Online and bypass modes
The bypass unit can operate in two modes:
Online mode: Network traffic passes from the bypass unit to the 7100 Series
for analysis, then goes back to the bypass unit and out through the other
network interface.
Bypass mode: Network traffic entering the bypass unit passes directly from
one side of the network to the other, without going through the 7100 Series.
After connecting the bypass unit, each time you reboot the 7100 Series
appliance, all port groups on the bypass unit initially operate in bypass mode.
When a sensor process starts on an in-line pair connected to the bypass unit, the
corresponding port group changes to online mode.
See the Symantec Network Security 7100 Series Implementation Guide for
information about starting a sensor on an in-line pair.
While the keep-alive signal is active on the USB port, the bypass unit operates in
online mode, meaning that all network traffic passes through the 7100 Series
appliance. If the keep-alive signal stops, the bypass unit changes to bypass
Table 1-2 Cabling matrix
In-line Bypass unit
model
Bypass unit
port group
7120 in-line pair 7160 in-line pair
2 In-line Bypass unit 0 In-line pair 0
Ports 0/1
1 In-line pair 1
Ports 2/3
4 In-line Bypass unit 0 In-line pair 0
Ports 0/1
1 In-line pair 1
Ports 2/3
2 In-line pair 2
Ports 4/5
3 In-line pair 3
Ports 6/7
16
In-line Bypass unit features
mode, in which the two sides of the network are directly connected and the 7100
Series is bypassed.
Auto-negotiation on bypass unit interfaces
The interface link parameters, including speed and duplex mode, should be
auto-negotiated between Net A and App A, and Net B and App B. You should not
force the link speed or duplex mode to a specific setting on network devices that
connect to Net A or Net B. Forcing the link parameters to a certain value may
result in link speed or duplex mismatches which could cause degraded
performance or possible loss of connectivity.
After connecting the bypass unit to a 7100 Series appliance, you should verify
the link speed and duplex parameters for all interfaces in the port group. To
verify the link parameters for Net A and Net B, log on to the connected network
devices and display the status for the connected interfaces. Ensure that the
connected interfaces are configured for auto-negotiation of link parameters.
To verify the link parameters for App A and App B, use the Network Security
console. After starting a sensor on the corresponding in-line pair, you can view
the link parameters by clicking each interface object in the in-line pair.
The parameter values for all interfaces in a port group should be the same when
the bypass unit is in online mode. For a 2 In-line Bypass unit connected to a
7120, all port group interfaces should auto-negotiate to 100 Mbps in online
mode. However, in bypass mode, when Net A and Net B on a 2 In-line Bypass unit
are connected to gigabit interfaces on both network devices, auto-negotiation
allows the bypass unit to run at up to 1000 Mbps.
Front panel LEDs on the bypass unit
Both In-line Bypass unit models share a common front panel that contains a
number of status LEDs.
Figure 1-5 shows the bypass unit front panel LED configuration.
Figure 1-5 Bypass unit front panel LEDs
45
760123
17
In-line Bypass unit features
Table 1-3 describes the LEDs shown in the diagram.
Rear panel LEDs on the bypass unit
The rear panel status LEDs are located in the top left and top right corners of
each port in the port groups. On the bypass unit, the LEDs are labeled only for
the top ports, but the labels apply to the ports in the lower port group as well.
Figure 1-6 shows the bypass unit rear panel LED configuration.
Table 1-3 Bypass unit front panel LED descriptions
Diagram
location
LED label LED name Description
ONLINE
0 P0 Port group 0 The P0 LED glows when port group 0 is
operating in online mode.
1 P1 Port group 1 The P1 LED glows when port group 1 is
operating in online mode.
2 P2 Port group 2 The P2 LED glows when port group 2 is
operating in online mode.
3 P3 Port group 3 The P3 LED glows when port group 3 is
operating in online mode.
MGMT
4 TX Transmit data The TX LED blinks when the bypass unit is
transmitting data on the USB connection.
5 RX Receive data The RX LED blinks when the bypass unit is
receiving data on the USB connection.
PWR
6 PS1 Power supply 1 The PS1 LED glows when power supply 1 is
connected to a power source.
7 PS2 Power supply 2 The PS2 LED glows when power supply 2 is
connected to a power source.
18
Setup overview
Figure 1-6 Bypass unit rear panel LEDs
Table 1-4 describes the LEDs shown in the diagram.
Setup overview
You can set up the In-line Bypass unit in five basic steps.
To set up the In-line Bypass unit
1 Mount the bypass unit onto the rack.
See “Mounting onto a rack” on page 19.
Table 1-4 Bypass unit rear panel LED descriptions
LED label LED name LED color Description
LT Link test Green The LT LED glows green to indicate an active
link signal on the port.
ALM Alarm Red The ALM LED in the top right corner of the Net
A port glows red for an alarm condition such
as lack of a link signal on one or more ports in
the port group.
BYP Bypass Yellow The BYP LED in the top right corner of the App
A port glows yellow when the port group is
operating in bypass mode.
ON Online Green The ON LED in the top right corner of the App
B port glows green when the port group is
operating in online mode.
GIG Gigabit Green The GIG LED in the top right corner of the Net
B port glows green when the port group is
operating in gigabit mode (1000Mbps). It is off
when the port group is operating at 100 Mbps
or 10 Mbps.
19
Mounting onto a rack
2 Cable the bypass unit to one or more in-line interface pairs on the 7100
Series appliance.
See “Cabling the 2 In-line Bypass unit to the 7120” on page 20.
See “Cabling the 4 In-line Bypass unit to the 7160” on page 23.
3 Connect the power and turn on the bypass unit.
See “Connecting the power on the 2 In-line Bypass unit” on page 22.
See “Connecting the power on the 4 In-line Bypass unit” on page 26.
4 Boot up the 7100 Series appliance.
5 Start a sensor on each appliance in-line pair that is connected to the bypass
unit.
See the Symantec Network Security 7100 Series Implementation Guide.
Mounting onto a rack
The bypass unit rack mounting hardware includes two L-brackets. The In-line
Bypass unit includes four screws that are threaded into the cover sides. You can
use these screws to attach the L-brackets to the bypass unit.
To mount using L-brackets onto a two-post rack
1 Remove the four screws from the bypass unit cover. Position each L-bracket
against the bypass unit side panel toward the rear, as shown. Attach the
brackets securely using the same screws.
2 Lift the bypass unit into place so that the L-brackets press against the rack
posts.
20
Cabling the 2 In-line Bypass unit to the 7120
3 Using the screws supplied with your rack, securely attach the L-brackets to
the posts on both sides of the bypass unit, as shown in the following
diagram.
Cabling the 2 In-line Bypass unit to the 7120
You must connect the USB port, and you can connect one or both port groups
from the 2 In-line Bypass unit to the 7120.
See the sections:
Cabling port group 0 to the 7120
Cabling port group 1 to the 7120
Cabling the USB port to the 7120
Connecting the power on the 2 In-line Bypass unit
Warning: To prevent a possible electric shock, do not connect the power until all
other cabling is done.
Figure 1-7 shows the USB port connection and both port group connections to
the proper ports on the 7120.
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30

Symantec 10521146 - Network Security 7120 User manual

Category
Networking
Type
User manual
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI