H3C SecPath V100-S Installation guide

Brand: H3C

Model: SecPath V100-S

Type: Installation guide

H3C SecPath V100-S Security Gateway

Installation Manual

Hangzhou H3C Technologies Co., Ltd.

http://www.h3c.com

Manual Version: T2-08044F-20070430-C-1.02

No part of this manual may be reproduced or transmitted in any form or by any means

without prior written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

H3C, , Aolynk, , H

Care,

, TOP G, , IRF, NetPilot,

Neocean, NeoVTL, SecPro, SecPoint, SecEngine, SecPath, Comware, Secware,

Storware, NQA, VVG, V

G, V

G, PSPT, XGbus, N-Bus, TiGem, InnoVision and

HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd.

All other trademarks that may be mentioned in this manual are the property of their

respective owners.

Notice

The information in this document is subject to change without notice. Every effort has

been made in the preparation of this document to ensure accuracy of the contents, but

all statements, information, and recommendations in this document do not constitute

the warranty of any kind, express or implied.

To obtain the latest information, please access:

http://www. h3c.com

Technical Support

customer_service@h3c.com

http://www. h3c.com

About This Manual

Related Documentation

In addition to this manual, each H3C SecPath Series Security Products documentation

set includes the following:

Manual Description

H3C SecPath Series Security Products

Operation Manual

It introduces the functional features,

principles and guide to configuration and

operation for H3C SecPath Series

Security Gateways/Firewalls.

H3C SecPath Series Security Products

Command Manual

It discusses all commands available in

the configuration and operation on H3C

SecPath Series Security

Gateways/Firewalls. The details include

command name, complete command

form, parameter, operation view, usage

description and configuration example.

H3C SecPath Series Security Products

Web-Based Configuration Manual

It directs users to configure the H3C

SecPath Series Firewalls in Web mode.

Organization

H3C SecPath V100-S Series Security Gateways Installation Manual is organized as

follows:

Chapter Contents

1 Product Introduction

Profiles the system characteristics and applications.

Product appearance and system description are

also available in this chapter.

2 Installation Preparations

Focuses on environment requirements for system

installation, precautions before and during

installation. Installation tools are also listed in this

chapter.

3 Installing the SecPath

V100-S

Elaborates on mechanical installation, physical

connection of power cords, Console cables and

Ethernet cables.

4 Booting and Configuring

the SecPath V100-S

Presents fundamentals on system booting and

configuration, including booting the SecPath

V100-S, powering up the SecPath V100-S and

initializing the system file.

Chapter Contents

5 Software Maintenance

Discusses system software maintenance, including

software upgrade and configuration file loading.

6 Troubleshooting

Lists common system failures during installation

and specific locating methods.

Conventions

The manual uses the following conventions:

I. Command conventions

Convention Description

Boldface

The keywords of a command line are in Boldface.

italic

Command arguments are in italic.

[ ]

Items (keywords or arguments) in square brackets [ ] are

optional.

{ x | y | ... }

Alternative items are grouped in braces and separated by

vertical bars. One is selected.

[ x | y | ... ]

Optional alternative items are grouped in square brackets

and separated by vertical bars. One or none is selected.

{ x | y | ... } *

Alternative items are grouped in braces and separated by

vertical bars. A minimum of one or a maximum of all can be

selected.

[ x | y | ... ] *

Optional alternative items are grouped in square brackets

and separated by vertical bars. Many or none can be

selected.

&<1-n>

The argument(s) before the ampersand (&) sign can be

entered 1 to n times.

# A line starting with the # sign is comments.

II. GUI conventions

Convention Description

< >

Button names are inside angle brackets. For example, click

<OK>.

[ ]

Window names, menu items, data table and field names

are inside square brackets. For example, pop up the [New

User] window.

Multi-level menus are separated by forward slashes. For

example, [File/Create/Folder].

III. Symbols

Convention Description

Warning

Means reader be extremely careful. Improper operation

may cause bodily injury.

Caution

Means reader be careful. Improper operation may cause

data loss or damage to equipment.

 Note Means a complementary description.

Environmental Protection

This product has been designed to comply with the requirements on environmental

protection. For the proper storage, use and disposal of this product, national laws and

regulations must be observed.

Installation Manual

H3C SecPath V100-S Security Gateway Table of Contents

Table of Contents

Chapter 1 Product Introduction...................................................................................................1-1

1.1 Overview ............................................................................................................................ 1-1

1.2 Hardware Features ............................................................................................................ 1-3

1.2.1 Appearance............................................................................................................. 1-3

1.2.2 System Specifications ............................................................................................. 1-3

1.2.3 LEDs........................................................................................................................ 1-4

1.2.4 Fixed Interface Attributes ........................................................................................ 1-5

Chapter 2 Installation Preparations.............................................................................................2-1

2.1 General Site Requirements ............................................................................................... 2-1

2.1.1 Temperature and Humidity...................................................................................... 2-1

2.1.2 Cleanness ............................................................................................................... 2-1

2.1.3 ESD Prevention....................................................................................................... 2-2

2.1.4 Electromagnetic Compatibility................................................................................. 2-2

2.1.5 Lightning Protection ................................................................................................ 2-3

2.1.6 Checking the Rack .................................................................................................. 2-3

2.2 Safety Precautions............................................................................................................. 2-3

2.3 Unpacking Check............................................................................................................... 2-3

2.4 Installation Tools, Meters and Equipment ......................................................................... 2-4

Chapter 3 Installing the SecPath V100-S ....................................................................................3-1

3.1 Installation Flow ................................................................................................................. 3-1

3.2 Mounting the SecPath V100-S .......................................................................................... 3-2

3.2.1 Free-Standing.......................................................................................................... 3-2

3.2.2 Rack Mounting ........................................................................................................ 3-2

3.3 Connecting the Grounding Cable ...................................................................................... 3-3

3.4 Connecting to the Console Terminal ................................................................................. 3-4

3.5 Connecting to the Ethernet Interface................................................................................. 3-4

3.6 Connecting the Power Cord............................................................................................... 3-5

3.7 Verifying Installation........................................................................................................... 3-6

Chapter 4 Booting and Configuring the SecPath V100-S..........................................................4-1

4.1 Booting............................................................................................................................... 4-1

4.1.1 Setting Up a Configuration Environment................................................................. 4-1

4.1.2 Powering Up the SecPath V100-S.......................................................................... 4-4

4.1.3 Startup Process....................................................................................................... 4-4

4.2 Configuration Fundamentals.............................................................................................. 4-6

4.2.1 Basic Configuration Procedures.............................................................................. 4-6

4.2.2 Command Line Interface......................................................................................... 4-6

Installation Manual

H3C SecPath V100-S Security Gateway Table of Contents

Chapter 5 Software Maintenance................................................................................................. 5-1

5.1 Boot Menu.......................................................................................................................... 5-1

5.2 Upgrading Application and Boot ROM Using XModem..................................................... 5-3

5.3 Backing Up and Restoring the Extended Segment of the Boot ROM ............................... 5-6

5.4 Upgrading the Application Program Using TFTP .............................................................. 5-7

5.5 Uploading/Downloading Application/File Using FTP ......................................................... 5-8

5.6 Password Lost ................................................................................................................. 5-12

Chapter 6 Troubleshooting ..........................................................................................................6-1

6.1 Troubleshooting PSU......................................................................................................... 6-1

6.2 Troubleshooting Configuration System ............................................................................. 6-1

6.3 Troubleshooting Application Upgrading............................................................................. 6-2

Installation Manual

H3C SecPath V100-S Security Gateway List of Figures

iii

List of Figures

Figure 1-1 Front panel of the SecPath V100-S...................................................................... 1-3

Figure 1-2 Rear panel of the SecPath V100-S ...................................................................... 1-3

Figure 3-1 Installation flow ..................................................................................................... 3-1

Figure 3-2 Rack-mounting the SecPath V100-S.................................................................... 3-3

Figure 3-3 Console cable assembly....................................................................................... 3-4

Figure 3-4 Ethernet cable assembly ...................................................................................... 3-5

Figure 4-1 Local configuration through the console port ....................................................... 4-1

Figure 4-2 Setting up a new connection ................................................................................4-2

Figure 4-3 Setting the connection port................................................................................... 4-2

Figure 4-4 Setting communication parameters...................................................................... 4-3

Figure 4-5 Setting the terminal type....................................................................................... 4-3

Figure 5-1 The Send File dialog box...................................................................................... 5-4

Figure 5-2 The Sending File interface.................................................................................... 5-4

Figure 5-3 Setting up the local upload/download environment.............................................. 5-9

Figure 5-4 Setting up the local upload/download environment............................................ 5-10

Installation Manual

H3C SecPath V100-S Security Gateway List of Tables

List of Tables

Table 1-1 SecPath V100-S system specifications.................................................................. 1-3

Table 1-2 LEDs on the front panel of the SecPath V100-S.................................................... 1-4

Table 1-3 Attributes of the console port.................................................................................. 1-5

Table 1-4 Attributes of the console port.................................................................................. 1-5

Table 1-5 Attributes of the Ethernet interfaces ....................................................................... 1-6

Table 2-1 Temperature/humidity requirements in the equipment room.................................. 2-1

Table 2-2 Limits on the dust particles in the equipment room................................................ 2-1

Table 2-3 Harmful gas limits in the equipment room.............................................................. 2-2

Table 3-1 Dimensions of the SecPath V100-S ....................................................................... 3-2

Installation Manual

H3C SecPath V100-S Security Gateway Chapter 1 Product Introduction

1-1

Chapter 1 Product Introduction

1.1 Overview

H3C SecPath V100-S Security Gateway (referred to as the SecPath V100-S

throughout the manual) is new-generation network security device intended for

enterprise users. These enterprises have increasing demands for establishing secure,

reliable private networks which can meet specific QoS requirements over public

networks. The H3C SecPath V100-S can act as convergence and access gateways.

The SecPath V100-S provides one fixed Fast Ethernet (FE) interface (WAN interface)

and four 10/100 Mbps auto-sensing switched Ethernet interfaces (LAN interfaces), and

offers hardware encryption function.

The SecPath V100-S supports multiple VPN services, such as layer 2 tunneling

protocol (L2TP) VPN, IP security (IPsec) VPN, generic routing encapsulation (GRE)

VPN and dynamic VPN. It can connect to remote users through dial-up, leased line,

VLAN, or tunneling and set up Internet, intranet, and access VPNs. By integrating such

technologies as the firewall, authentication, authorization and accounting (AAA),

network address translation (NAT), and quality of service (QoS), the SecPath V100-S

can guarantee high security and reliability for private networks over the Internet.

The SecPath V100-S has the following features:

I. IP VPN solution

Networks benefit enterprises in many ways; company headquarters can send important

information to its branch offices quickly and conveniently. To interconnect the intranets

of a company over the Internet, however, you need VPN technologies. The SecPath

V100-S provides abundant IP VPN services: L2TP and GRE provide Layer 2 and Layer

3 tunneling respectively, and IPsec provides tunnels encapsulated with a security

protocol.

II. Data security and reliability

The security gateway supports:

z NAT. Besides the basic functions, the NAT can limit the number of concurrent

connections for an individual user. This eliminates the malicious resource seizures

without any negative impact on general network applications. In addition, its

enhanced NAT application layer gateway (ALG) function provides NAT traversal

for H.323, FTP, ICMP, and so on.

z NAT logging. By querying the NAT log, you can locate a specific access action

precisely, which can improve network security which has been degraded by

source IP address translation. NAT log can record streams of NAT data to allow

Installation Manual

H3C SecPath V100-S Security Gateway Chapter 1 Product Introduction

1-2

administrators to get information about the address information before NAT

translation, and query and track activities and operations on a network to improve

network availability and security.

z AAA and RADIUS user authentication protocols.

z Packet filtering and application specific packet filter (ASPF) to prevent attacks

from external networks.

z VPN (including GRE, L2TP, and MPLS) with the IPsec and IKE technologies to

guarantee the security of private networks over the Internet.

z Virtual router redundancy protocol (VRRP) to provide communication line or

equipment backup in case of failure. This effectively enhances network

robustness and reliability.

III. Online software upgrade

You can upgrade the application and Boot ROM programs online to add features and

extend functions.

IV. Network management

The SecPath V100-S supports the SNMPV3 network management and provides

powerful device management functions.

V. Regulatory compliance

Designed according to the standards dominant in China, North America, Europe,

Australia, and Japan, the SecPath V100-S complies with the requirements of these

countries and regions for EMC, safety standard, and network access.

Installation Manual

H3C SecPath V100-S Security Gateway Chapter 1 Product Introduction

1-3

1.2 Hardware Features

1.2.1 Appearance

(1)(2)(3)(4)(5)

(6)

(7)

(9)

(10)(11)(12)(13)(14)

(15)

(8)

(1) Reset button (RESET) (2) System LED (SYS)

(3) Console port (CONSOLE) (4) Auxiliary port (AUX)

(5) Three LEDs for the fixed WAN interface (6) Three LEDs for fixed LAN interface 3

(7) Three LEDs for fixed LAN interface 2 (8) Three LEDs for fixed LAN interface 1

(9) Three LEDs for fixed LAN interface 0 (10) Fixed WAN interface (WAN)

(11) Fixed LAN interface 3 (LAN 3) (12) Fixed LAN interface 2 (LAN 2)

(13) Fixed LAN interface 1 (LAN 1) (14) Fixed LAN interface 0 (LAN 0)

(15) Power LED (PWR)

Figure 1-1 Front panel of the SecPath V100-S

(1)

(2)

(1) Grounding screw (2) Power socket

Figure 1-2 Rear panel of the SecPath V100-S

1.2.2 System Specifications

Table 1-1 SecPath V100-S system specifications

Item Specification

Fixed interface

Four 10/100 Mbps Ethernet interfaces

One 10/100 Mbps WAN interface

One auxiliary port

One console port

Processor 79RC32365

Installation Manual

H3C SecPath V100-S Security Gateway Chapter 1 Product Introduction

1-4

Item Specification

Boot ROM 512 Kbps

SDRAM 128 Mbps

Flash 8 Mbps

Dimensions (W × D × H)

300 × 220 × 42 mm (11.8 × 8.7 × 1.7 in.)

(excluding rubber feet)

Weight 2 kg (4.4 lb.)

Power input

Rated voltage: 100 VAC to 240 VAC,

50Hz or 60 Hz

Rated current: 0.2 A

Max. power consumption 9 W

Operating temperature 0

C to 40

C (32

F to 104

Operating humidity (noncondensing) 10% to 90%

 Note:

Synchronous dynamic random access memory (SDRAM) stores the communication

data of the running system with the CPU.

Flash is the major file storing medium where application files, traps, and configuration

files are stored.

Boot read only memory (Boot ROM) stores the bootstrap program files.

1.2.3 LEDs

See Table 1-2 for the meaning of the LEDs on the front panel of SecPath V100-S.

Table 1-2 LEDs on the front panel of the SecPath V100-S

LED Meaning

PWR

Power supply unit (PSU) LED:

OFF means the PSU is not supplying power to the device. ON

means the PSU is supplying power to the device.

SYS

System operating status LED:

Blinking means the system is operating normally. OFF means the

system is operating abnormally.

LINK/ACT

OFF means no link is present. ON means a link is present. Blinking

means packets are being transmitted/received.

Installation Manual

H3C SecPath V100-S Security Gateway Chapter 1 Product Introduction

1-5

LED Meaning

100M

OFF means packets are being transmitted/received at 10 Mbps on

the interface. ON means packets are being transmitted/received at

100 Mbps on the interface.

FULL

OFF means the interface is operating in half-duplex mode. ON

means the interface is operating in full-duplex mode.

 Note:

The three LEDs corresponding to each Ethernet interface are (top-down order):

LINK/ACT LED, 100M LED, and FULL LED.

1.2.4 Fixed Interface Attributes

I. Console port (CONSOLE)

Table 1-3 Attributes of the console port

Attribute Description

Connector RJ45

Interface standard RS232

Baud rate 9600 bps (default) to 115200 bps

Function

Connection to an ASCII terminal

Connection to a serial port on a local PC to run terminal

emulation program on the PC

Command line interface

II. Auxiliary port (AUX)

Table 1-4 Attributes of the console port

Attribute Description

Connector RJ45

Interface standard RS232

Baud rate 1200 to 115200 bps

Function

Modem dial-up

Backup

Installation Manual

H3C SecPath V100-S Security Gateway Chapter 1 Product Introduction

1-6

III. Ethernet interface

The SecPath V100-S provides five 10/100 Mbps auto-sensing FE interfaces. The

following table lists their attributes.

Table 1-5 Attributes of the Ethernet interfaces

Attribute Description

Connector RJ45

Interface standard

All Ethernet interfaces on the SecPath V100-S support

MDI/MDIX autosensing.

Frame format

Ethernet_II

Ethernet_SNAP

Operating mode

10/100 Mbps auto-sensing

Full-duplex/Half-duplex

 Note:

Media-dependent interface (MDI) is often used on general network adapters;

media-dependent interface cross-over (MDIX), is usually used on Hubs or LAN

switches.

Installation Manual

H3C SecPath V100-S Security Gateway Chapter 2 Installation Preparations

2-1

Chapter 2 Installation Preparations

2.1 General Site Requirements

The SecPath V100-S must be used indoors. To guarantee normal operation and

longevity of your device, its installation site should meet the requirements described in

this chapter.

2.1.1 Temperature and Humidity

The equipment room must maintain proper humidity to prevent poor insulation,

electricity creepage and corrosion accompanying high humidity, or washer contraction

and electrostatic discharge accompanying low humidity. In dry environments where the

relative humidity is very low, electrostatic discharge (ESD) is more likely to happen

causing the complementary metal-oxide-semiconductor (CMOS) circuitry to fail.

The following table lists the temperature and humidity requirements.

Table 2-1 Temperature/humidity requirements in the equipment room

Temperature Relative humidity

0°C to 40°C (32

F to 104

10% to 90% (noncondensing)

2.1.2 Cleanness

Dust is hazardous to the operating safety of your device. Dust buildup on the chassis

may result in static absorption, causing poor contact of metal components or points.

When indoor humidity is extremely low, this is more likely to happen to shorten the

useful life of the device and cause communication failures.

The equipment room must be free of explosion hazards and the electrical and magnetic

conductible dust as well. The following table lists the limits on dust particles:

Table 2-2 Limits on the dust particles in the equipment room

Mechanical active

material

Unit Content

Dust particle particle/m³

≤3 x 10

(No visible dust on desk in

three days)

Note: Dust particles’ diameter ≥ 5µm

Installation Manual

H3C SecPath V100-S Security Gateway Chapter 2 Installation Preparations

2-2

Besides, the equipment room should meet the rigorous limits on salt, acid and sulfide to

eliminate corrosion and premature aging of some parts, as shown in the following table.

Table 2-3 Harmful gas limits in the equipment room

Gas Maximum (mg/m

)

0.2

S 0.006

0.05

0.01

2.1.3 ESD Prevention

By design, the SecPath V100-S is ESD preventative; but excessive buildup of static

electricity can still damage the card circuitry and even the entire device.

On the communication network connected to the SecPath V100-S, static electricity is

primarily introduced from the outside electrical fields, such as the outdoor high-voltage

power cabling and lightning, and from the inside system, such as indoor environment,

floor material and the equipment frame. To avoid damage, ensure that:

z The equipment is well connected to earth.

z The equipment room is dust-proof.

z Maintain adequate temperature and humidity.

z Wear an ESD-preventive wrist strap and clothes when contacting the circuit board.

z Place the removed circuit board upward on the ESD-preventive workbench, or into

a static shielded bag.

z Hold the circuit board by its edge when observing or moving it, avoiding direct

contact with the elements on it.

2.1.4 Electromagnetic Compatibility

All interference sources, from the outside or from the inside of the device/application

system, adversely affect the SecPath V100-S in the conduction patterns of capacitance

coupling, inductance coupling, electromagnetic wave radiation, and common

impedance (including grounding system) coupling. To prevent the interference, do the

following:

z Take effective measures against interference from the power grid.

z Use a grounding system or lightning protection grounding different from that for the

power supply equipment and keep them as far as possible.

z Keep the device far away from strong power wireless launchers, radar launchers

and high frequency and high-current equipment.

z Use electromagnetic shielding when necessary.

Installation Manual

H3C SecPath V100-S Security Gateway Chapter 2 Installation Preparations

2-3

2.1.5 Lightning Protection

By design, the SecPath V100-S is lightning protective; but excessive lightning may still

damage the device. To protect the device better, you are recommended to:

z Ensure the PGND of the chassis is securely connected to the earth ground.

z Ensure the earth point of the power socket is securely connected to the earth

ground.

z Add a lightning arrester onto the front end of the power input to better protect the

power supply from lightning strikes.

2.1.6 Checking the Rack

When installing the SecPath V100-S, observe the following:

z Reserve adequate clearance at the air intake exhausting vents for adequate

ventilation inside the chassis.

z Make sure that the rack has a good ventilation system.

z Make sure that the rack is stable enough to support the weight of the device and

the installation accessories.

z Make sure that the rack is well-grounded.

2.2 Safety Precautions

When reading this manual, pay adequate attention to the following.

Warning appears in operation procedures that, if performed incorrectly, might

cause bodily injury to the operators or damage the device.

Caution appears throughout this manual in procedures that, if performed

incorrectly, might affect the operation of the device.

When installing or working on the SecPath V100-S, you are recommended to:

z Keep the SecPath V100-S far away from the heat sources and water/liquid.

z Make sure that the SecPath V100-S has been correctly grounded.

z Wear an ESD-preventive wrist strap in installation and maintenance, making sure

that the strap has good skin contact.

z Do not hot swap the console cable or AUX cable.

z Adopt uninterrupted power supply (UPS).

2.3 Unpacking Check

Check the arrived shipment contents against the packing list, making sure all the items

are included and in good condition. Contact your agent for shortage or wrong delivery.

Installation Manual

H3C SecPath V100-S Security Gateway Chapter 2 Installation Preparations

2-4

2.4 Installation Tools, Meters and Equipment

I. Tools

z Phillips screwdriver

z ESD-preventive wrist strap

z Static shielding bag

II. Cables

z Grounding wire and power cord

z Console cable

z Optional cables

III. Meters and other equipment

z Hub or LAN switch

z Console terminal (it could be a PC)

z Multimeter

 Note:

The SecPath V100-S was not shipped with any installation tools, meters, or other

equipment. You must make sure that they are available.

Installation Manual

H3C SecPath V100-S Security Gateway Chapter 3 Installing the SecPath V100-S

3-1

Chapter 3 Installing the SecPath V100-S

3.1 Installation Flow

Start

Install the rack (optional)

Mount the security

gateway

Connect the PGND

Connect the power cord

Connect the security gate-

way to the console terminal

Verify the installation

Power up the security gateway

Troubleshooting

Power down the

security gateway

Verify the installation

Connect the power

cord and power up

Install MIMs (optional)

Turn off the power switch

and remove the power cord

Connect the security gateway

to the Ethernet interface

End

OK?

YES

Figure 3-1 Installation flow

Page is loading ...

H3C SecPath V100-S Installation guide

H3C SecPath V100-S Installation guide

H3C SecPath V100-S Installation guide

Related papers

Other documents