H3C SecPath V100-S Installation guide

Type
Installation guide
H3C SecPath V100-S Security Gateway
Installation Manual
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Manual Version: T2-08044F-20070430-C-1.02
Copyright © 2006-2007, Hangzhou H3C Technologies Co., Ltd. and its licensors
All Rights Reserved
No part of this manual may be reproduced or transmitted in any form or by any means
without prior written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
H3C, , Aolynk, , H
3
Care,
, TOP G, , IRF, NetPilot,
Neocean, NeoVTL, SecPro, SecPoint, SecEngine, SecPath, Comware, Secware,
Storware, NQA, VVG, V
2
G, V
n
G, PSPT, XGbus, N-Bus, TiGem, InnoVision and
HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd.
All other trademarks that may be mentioned in this manual are the property of their
respective owners.
Notice
The information in this document is subject to change without notice. Every effort has
been made in the preparation of this document to ensure accuracy of the contents, but
all statements, information, and recommendations in this document do not constitute
the warranty of any kind, express or implied.
To obtain the latest information, please access:
http://www. h3c.com
Technical Support
customer_service@h3c.com
http://www. h3c.com
About This Manual
Related Documentation
In addition to this manual, each H3C SecPath Series Security Products documentation
set includes the following:
Manual Description
H3C SecPath Series Security Products
Operation Manual
It introduces the functional features,
principles and guide to configuration and
operation for H3C SecPath Series
Security Gateways/Firewalls.
H3C SecPath Series Security Products
Command Manual
It discusses all commands available in
the configuration and operation on H3C
SecPath Series Security
Gateways/Firewalls. The details include
command name, complete command
form, parameter, operation view, usage
description and configuration example.
H3C SecPath Series Security Products
Web-Based Configuration Manual
It directs users to configure the H3C
SecPath Series Firewalls in Web mode.
Organization
H3C SecPath V100-S Series Security Gateways Installation Manual is organized as
follows:
Chapter Contents
1 Product Introduction
Profiles the system characteristics and applications.
Product appearance and system description are
also available in this chapter.
2 Installation Preparations
Focuses on environment requirements for system
installation, precautions before and during
installation. Installation tools are also listed in this
chapter.
3 Installing the SecPath
V100-S
Elaborates on mechanical installation, physical
connection of power cords, Console cables and
Ethernet cables.
4 Booting and Configuring
the SecPath V100-S
Presents fundamentals on system booting and
configuration, including booting the SecPath
V100-S, powering up the SecPath V100-S and
initializing the system file.
Chapter Contents
5 Software Maintenance
Discusses system software maintenance, including
software upgrade and configuration file loading.
6 Troubleshooting
Lists common system failures during installation
and specific locating methods.
Conventions
The manual uses the following conventions:
I. Command conventions
Convention Description
Boldface
The keywords of a command line are in Boldface.
italic
Command arguments are in italic.
[ ]
Items (keywords or arguments) in square brackets [ ] are
optional.
{ x | y | ... }
Alternative items are grouped in braces and separated by
vertical bars. One is selected.
[ x | y | ... ]
Optional alternative items are grouped in square brackets
and separated by vertical bars. One or none is selected.
{ x | y | ... } *
Alternative items are grouped in braces and separated by
vertical bars. A minimum of one or a maximum of all can be
selected.
[ x | y | ... ] *
Optional alternative items are grouped in square brackets
and separated by vertical bars. Many or none can be
selected.
&<1-n>
The argument(s) before the ampersand (&) sign can be
entered 1 to n times.
# A line starting with the # sign is comments.
II. GUI conventions
Convention Description
< >
Button names are inside angle brackets. For example, click
<OK>.
[ ]
Window names, menu items, data table and field names
are inside square brackets. For example, pop up the [New
User] window.
/
Multi-level menus are separated by forward slashes. For
example, [File/Create/Folder].
III. Symbols
Convention Description
Warning
Means reader be extremely careful. Improper operation
may cause bodily injury.
Caution
Means reader be careful. Improper operation may cause
data loss or damage to equipment.
Note Means a complementary description.
Environmental Protection
This product has been designed to comply with the requirements on environmental
protection. For the proper storage, use and disposal of this product, national laws and
regulations must be observed.
Installation Manual
H3C SecPath V100-S Security Gateway Table of Contents
i
Table of Contents
Chapter 1 Product Introduction...................................................................................................1-1
1.1 Overview ............................................................................................................................ 1-1
1.2 Hardware Features ............................................................................................................ 1-3
1.2.1 Appearance............................................................................................................. 1-3
1.2.2 System Specifications ............................................................................................. 1-3
1.2.3 LEDs........................................................................................................................ 1-4
1.2.4 Fixed Interface Attributes ........................................................................................ 1-5
Chapter 2 Installation Preparations.............................................................................................2-1
2.1 General Site Requirements ............................................................................................... 2-1
2.1.1 Temperature and Humidity...................................................................................... 2-1
2.1.2 Cleanness ............................................................................................................... 2-1
2.1.3 ESD Prevention....................................................................................................... 2-2
2.1.4 Electromagnetic Compatibility................................................................................. 2-2
2.1.5 Lightning Protection ................................................................................................ 2-3
2.1.6 Checking the Rack .................................................................................................. 2-3
2.2 Safety Precautions............................................................................................................. 2-3
2.3 Unpacking Check............................................................................................................... 2-3
2.4 Installation Tools, Meters and Equipment ......................................................................... 2-4
Chapter 3 Installing the SecPath V100-S ....................................................................................3-1
3.1 Installation Flow ................................................................................................................. 3-1
3.2 Mounting the SecPath V100-S .......................................................................................... 3-2
3.2.1 Free-Standing.......................................................................................................... 3-2
3.2.2 Rack Mounting ........................................................................................................ 3-2
3.3 Connecting the Grounding Cable ...................................................................................... 3-3
3.4 Connecting to the Console Terminal ................................................................................. 3-4
3.5 Connecting to the Ethernet Interface................................................................................. 3-4
3.6 Connecting the Power Cord............................................................................................... 3-5
3.7 Verifying Installation........................................................................................................... 3-6
Chapter 4 Booting and Configuring the SecPath V100-S..........................................................4-1
4.1 Booting............................................................................................................................... 4-1
4.1.1 Setting Up a Configuration Environment................................................................. 4-1
4.1.2 Powering Up the SecPath V100-S.......................................................................... 4-4
4.1.3 Startup Process....................................................................................................... 4-4
4.2 Configuration Fundamentals.............................................................................................. 4-6
4.2.1 Basic Configuration Procedures.............................................................................. 4-6
4.2.2 Command Line Interface......................................................................................... 4-6
Installation Manual
H3C SecPath V100-S Security Gateway Table of Contents
ii
Chapter 5 Software Maintenance................................................................................................. 5-1
5.1 Boot Menu.......................................................................................................................... 5-1
5.2 Upgrading Application and Boot ROM Using XModem..................................................... 5-3
5.3 Backing Up and Restoring the Extended Segment of the Boot ROM ............................... 5-6
5.4 Upgrading the Application Program Using TFTP .............................................................. 5-7
5.5 Uploading/Downloading Application/File Using FTP ......................................................... 5-8
5.6 Password Lost ................................................................................................................. 5-12
Chapter 6 Troubleshooting ..........................................................................................................6-1
6.1 Troubleshooting PSU......................................................................................................... 6-1
6.2 Troubleshooting Configuration System ............................................................................. 6-1
6.3 Troubleshooting Application Upgrading............................................................................. 6-2
Installation Manual
H3C SecPath V100-S Security Gateway List of Figures
iii
List of Figures
Figure 1-1 Front panel of the SecPath V100-S...................................................................... 1-3
Figure 1-2 Rear panel of the SecPath V100-S ...................................................................... 1-3
Figure 3-1 Installation flow ..................................................................................................... 3-1
Figure 3-2 Rack-mounting the SecPath V100-S.................................................................... 3-3
Figure 3-3 Console cable assembly....................................................................................... 3-4
Figure 3-4 Ethernet cable assembly ...................................................................................... 3-5
Figure 4-1 Local configuration through the console port ....................................................... 4-1
Figure 4-2 Setting up a new connection ................................................................................4-2
Figure 4-3 Setting the connection port................................................................................... 4-2
Figure 4-4 Setting communication parameters...................................................................... 4-3
Figure 4-5 Setting the terminal type....................................................................................... 4-3
Figure 5-1 The Send File dialog box...................................................................................... 5-4
Figure 5-2 The Sending File interface.................................................................................... 5-4
Figure 5-3 Setting up the local upload/download environment.............................................. 5-9
Figure 5-4 Setting up the local upload/download environment............................................ 5-10
Installation Manual
H3C SecPath V100-S Security Gateway List of Tables
iv
List of Tables
Table 1-1 SecPath V100-S system specifications.................................................................. 1-3
Table 1-2 LEDs on the front panel of the SecPath V100-S.................................................... 1-4
Table 1-3 Attributes of the console port.................................................................................. 1-5
Table 1-4 Attributes of the console port.................................................................................. 1-5
Table 1-5 Attributes of the Ethernet interfaces ....................................................................... 1-6
Table 2-1 Temperature/humidity requirements in the equipment room.................................. 2-1
Table 2-2 Limits on the dust particles in the equipment room................................................ 2-1
Table 2-3 Harmful gas limits in the equipment room.............................................................. 2-2
Table 3-1 Dimensions of the SecPath V100-S ....................................................................... 3-2
Installation Manual
H3C SecPath V100-S Security Gateway Chapter 1 Product Introduction
1-1
Chapter 1 Product Introduction
1.1 Overview
H3C SecPath V100-S Security Gateway (referred to as the SecPath V100-S
throughout the manual) is new-generation network security device intended for
enterprise users. These enterprises have increasing demands for establishing secure,
reliable private networks which can meet specific QoS requirements over public
networks. The H3C SecPath V100-S can act as convergence and access gateways.
The SecPath V100-S provides one fixed Fast Ethernet (FE) interface (WAN interface)
and four 10/100 Mbps auto-sensing switched Ethernet interfaces (LAN interfaces), and
offers hardware encryption function.
The SecPath V100-S supports multiple VPN services, such as layer 2 tunneling
protocol (L2TP) VPN, IP security (IPsec) VPN, generic routing encapsulation (GRE)
VPN and dynamic VPN. It can connect to remote users through dial-up, leased line,
VLAN, or tunneling and set up Internet, intranet, and access VPNs. By integrating such
technologies as the firewall, authentication, authorization and accounting (AAA),
network address translation (NAT), and quality of service (QoS), the SecPath V100-S
can guarantee high security and reliability for private networks over the Internet.
The SecPath V100-S has the following features:
I. IP VPN solution
Networks benefit enterprises in many ways; company headquarters can send important
information to its branch offices quickly and conveniently. To interconnect the intranets
of a company over the Internet, however, you need VPN technologies. The SecPath
V100-S provides abundant IP VPN services: L2TP and GRE provide Layer 2 and Layer
3 tunneling respectively, and IPsec provides tunnels encapsulated with a security
protocol.
II. Data security and reliability
The security gateway supports:
z NAT. Besides the basic functions, the NAT can limit the number of concurrent
connections for an individual user. This eliminates the malicious resource seizures
without any negative impact on general network applications. In addition, its
enhanced NAT application layer gateway (ALG) function provides NAT traversal
for H.323, FTP, ICMP, and so on.
z NAT logging. By querying the NAT log, you can locate a specific access action
precisely, which can improve network security which has been degraded by
source IP address translation. NAT log can record streams of NAT data to allow
Installation Manual
H3C SecPath V100-S Security Gateway Chapter 1 Product Introduction
1-2
administrators to get information about the address information before NAT
translation, and query and track activities and operations on a network to improve
network availability and security.
z AAA and RADIUS user authentication protocols.
z Packet filtering and application specific packet filter (ASPF) to prevent attacks
from external networks.
z VPN (including GRE, L2TP, and MPLS) with the IPsec and IKE technologies to
guarantee the security of private networks over the Internet.
z Virtual router redundancy protocol (VRRP) to provide communication line or
equipment backup in case of failure. This effectively enhances network
robustness and reliability.
III. Online software upgrade
You can upgrade the application and Boot ROM programs online to add features and
extend functions.
IV. Network management
The SecPath V100-S supports the SNMPV3 network management and provides
powerful device management functions.
V. Regulatory compliance
Designed according to the standards dominant in China, North America, Europe,
Australia, and Japan, the SecPath V100-S complies with the requirements of these
countries and regions for EMC, safety standard, and network access.
Installation Manual
H3C SecPath V100-S Security Gateway Chapter 1 Product Introduction
1-3
1.2 Hardware Features
1.2.1 Appearance
(1)(2)(3)(4)(5)
(6)
(7)
(9)
(10)(11)(12)(13)(14)
(15)
(8)
(1) Reset button (RESET) (2) System LED (SYS)
(3) Console port (CONSOLE) (4) Auxiliary port (AUX)
(5) Three LEDs for the fixed WAN interface (6) Three LEDs for fixed LAN interface 3
(7) Three LEDs for fixed LAN interface 2 (8) Three LEDs for fixed LAN interface 1
(9) Three LEDs for fixed LAN interface 0 (10) Fixed WAN interface (WAN)
(11) Fixed LAN interface 3 (LAN 3) (12) Fixed LAN interface 2 (LAN 2)
(13) Fixed LAN interface 1 (LAN 1) (14) Fixed LAN interface 0 (LAN 0)
(15) Power LED (PWR)
Figure 1-1 Front panel of the SecPath V100-S
(1)
(2)
(1) Grounding screw (2) Power socket
Figure 1-2 Rear panel of the SecPath V100-S
1.2.2 System Specifications
Table 1-1 SecPath V100-S system specifications
Item Specification
Fixed interface
Four 10/100 Mbps Ethernet interfaces
One 10/100 Mbps WAN interface
One auxiliary port
One console port
Processor 79RC32365
Installation Manual
H3C SecPath V100-S Security Gateway Chapter 1 Product Introduction
1-4
Item Specification
Boot ROM 512 Kbps
SDRAM 128 Mbps
Flash 8 Mbps
Dimensions (W × D × H)
300 × 220 × 42 mm (11.8 × 8.7 × 1.7 in.)
(excluding rubber feet)
Weight 2 kg (4.4 lb.)
Power input
Rated voltage: 100 VAC to 240 VAC,
50Hz or 60 Hz
Rated current: 0.2 A
Max. power consumption 9 W
Operating temperature 0
o
C to 40
o
C (32
o
F to 104
o
F)
Operating humidity (noncondensing) 10% to 90%
Note:
Synchronous dynamic random access memory (SDRAM) stores the communication
data of the running system with the CPU.
Flash is the major file storing medium where application files, traps, and configuration
files are stored.
Boot read only memory (Boot ROM) stores the bootstrap program files.
1.2.3 LEDs
See Table 1-2 for the meaning of the LEDs on the front panel of SecPath V100-S.
Table 1-2 LEDs on the front panel of the SecPath V100-S
LED Meaning
PWR
Power supply unit (PSU) LED:
OFF means the PSU is not supplying power to the device. ON
means the PSU is supplying power to the device.
SYS
System operating status LED:
Blinking means the system is operating normally. OFF means the
system is operating abnormally.
LINK/ACT
OFF means no link is present. ON means a link is present. Blinking
means packets are being transmitted/received.
Installation Manual
H3C SecPath V100-S Security Gateway Chapter 1 Product Introduction
1-5
LED Meaning
100M
OFF means packets are being transmitted/received at 10 Mbps on
the interface. ON means packets are being transmitted/received at
100 Mbps on the interface.
FULL
OFF means the interface is operating in half-duplex mode. ON
means the interface is operating in full-duplex mode.
Note:
The three LEDs corresponding to each Ethernet interface are (top-down order):
LINK/ACT LED, 100M LED, and FULL LED.
1.2.4 Fixed Interface Attributes
I. Console port (CONSOLE)
Table 1-3 Attributes of the console port
Attribute Description
Connector RJ45
Interface standard RS232
Baud rate 9600 bps (default) to 115200 bps
Function
Connection to an ASCII terminal
Connection to a serial port on a local PC to run terminal
emulation program on the PC
Command line interface
II. Auxiliary port (AUX)
Table 1-4 Attributes of the console port
Attribute Description
Connector RJ45
Interface standard RS232
Baud rate 1200 to 115200 bps
Function
Modem dial-up
Backup
Installation Manual
H3C SecPath V100-S Security Gateway Chapter 1 Product Introduction
1-6
III. Ethernet interface
The SecPath V100-S provides five 10/100 Mbps auto-sensing FE interfaces. The
following table lists their attributes.
Table 1-5 Attributes of the Ethernet interfaces
Attribute Description
Connector RJ45
Interface standard
All Ethernet interfaces on the SecPath V100-S support
MDI/MDIX autosensing.
Frame format
Ethernet_II
Ethernet_SNAP
Operating mode
10/100 Mbps auto-sensing
Full-duplex/Half-duplex
Note:
Media-dependent interface (MDI) is often used on general network adapters;
media-dependent interface cross-over (MDIX), is usually used on Hubs or LAN
switches.
Installation Manual
H3C SecPath V100-S Security Gateway Chapter 2 Installation Preparations
2-1
Chapter 2 Installation Preparations
2.1 General Site Requirements
The SecPath V100-S must be used indoors. To guarantee normal operation and
longevity of your device, its installation site should meet the requirements described in
this chapter.
2.1.1 Temperature and Humidity
The equipment room must maintain proper humidity to prevent poor insulation,
electricity creepage and corrosion accompanying high humidity, or washer contraction
and electrostatic discharge accompanying low humidity. In dry environments where the
relative humidity is very low, electrostatic discharge (ESD) is more likely to happen
causing the complementary metal-oxide-semiconductor (CMOS) circuitry to fail.
The following table lists the temperature and humidity requirements.
Table 2-1 Temperature/humidity requirements in the equipment room
Temperature Relative humidity
0°C to 40°C (32
o
F to 104
o
F)
10% to 90% (noncondensing)
2.1.2 Cleanness
Dust is hazardous to the operating safety of your device. Dust buildup on the chassis
may result in static absorption, causing poor contact of metal components or points.
When indoor humidity is extremely low, this is more likely to happen to shorten the
useful life of the device and cause communication failures.
The equipment room must be free of explosion hazards and the electrical and magnetic
conductible dust as well. The following table lists the limits on dust particles:
Table 2-2 Limits on the dust particles in the equipment room
Mechanical active
material
Unit Content
Dust particle particle/m³
3 x 10
4
(No visible dust on desk in
three days)
Note: Dust particles’ diameter 5µm
Installation Manual
H3C SecPath V100-S Security Gateway Chapter 2 Installation Preparations
2-2
Besides, the equipment room should meet the rigorous limits on salt, acid and sulfide to
eliminate corrosion and premature aging of some parts, as shown in the following table.
Table 2-3 Harmful gas limits in the equipment room
Gas Maximum (mg/m
3
)
SO
2
0.2
H
2
S 0.006
NH
3
0.05
Cl
2
0.01
2.1.3 ESD Prevention
By design, the SecPath V100-S is ESD preventative; but excessive buildup of static
electricity can still damage the card circuitry and even the entire device.
On the communication network connected to the SecPath V100-S, static electricity is
primarily introduced from the outside electrical fields, such as the outdoor high-voltage
power cabling and lightning, and from the inside system, such as indoor environment,
floor material and the equipment frame. To avoid damage, ensure that:
z The equipment is well connected to earth.
z The equipment room is dust-proof.
z Maintain adequate temperature and humidity.
z Wear an ESD-preventive wrist strap and clothes when contacting the circuit board.
z Place the removed circuit board upward on the ESD-preventive workbench, or into
a static shielded bag.
z Hold the circuit board by its edge when observing or moving it, avoiding direct
contact with the elements on it.
2.1.4 Electromagnetic Compatibility
All interference sources, from the outside or from the inside of the device/application
system, adversely affect the SecPath V100-S in the conduction patterns of capacitance
coupling, inductance coupling, electromagnetic wave radiation, and common
impedance (including grounding system) coupling. To prevent the interference, do the
following:
z Take effective measures against interference from the power grid.
z Use a grounding system or lightning protection grounding different from that for the
power supply equipment and keep them as far as possible.
z Keep the device far away from strong power wireless launchers, radar launchers
and high frequency and high-current equipment.
z Use electromagnetic shielding when necessary.
Installation Manual
H3C SecPath V100-S Security Gateway Chapter 2 Installation Preparations
2-3
2.1.5 Lightning Protection
By design, the SecPath V100-S is lightning protective; but excessive lightning may still
damage the device. To protect the device better, you are recommended to:
z Ensure the PGND of the chassis is securely connected to the earth ground.
z Ensure the earth point of the power socket is securely connected to the earth
ground.
z Add a lightning arrester onto the front end of the power input to better protect the
power supply from lightning strikes.
2.1.6 Checking the Rack
When installing the SecPath V100-S, observe the following:
z Reserve adequate clearance at the air intake exhausting vents for adequate
ventilation inside the chassis.
z Make sure that the rack has a good ventilation system.
z Make sure that the rack is stable enough to support the weight of the device and
the installation accessories.
z Make sure that the rack is well-grounded.
2.2 Safety Precautions
When reading this manual, pay adequate attention to the following.
Warning appears in operation procedures that, if performed incorrectly, might
cause bodily injury to the operators or damage the device.
Caution appears throughout this manual in procedures that, if performed
incorrectly, might affect the operation of the device.
When installing or working on the SecPath V100-S, you are recommended to:
z Keep the SecPath V100-S far away from the heat sources and water/liquid.
z Make sure that the SecPath V100-S has been correctly grounded.
z Wear an ESD-preventive wrist strap in installation and maintenance, making sure
that the strap has good skin contact.
z Do not hot swap the console cable or AUX cable.
z Adopt uninterrupted power supply (UPS).
2.3 Unpacking Check
Check the arrived shipment contents against the packing list, making sure all the items
are included and in good condition. Contact your agent for shortage or wrong delivery.
Installation Manual
H3C SecPath V100-S Security Gateway Chapter 2 Installation Preparations
2-4
2.4 Installation Tools, Meters and Equipment
I. Tools
z Phillips screwdriver
z ESD-preventive wrist strap
z Static shielding bag
II. Cables
z Grounding wire and power cord
z Console cable
z Optional cables
III. Meters and other equipment
z Hub or LAN switch
z Console terminal (it could be a PC)
z Multimeter
Note:
The SecPath V100-S was not shipped with any installation tools, meters, or other
equipment. You must make sure that they are available.
Installation Manual
H3C SecPath V100-S Security Gateway Chapter 3 Installing the SecPath V100-S
3-1
Chapter 3 Installing the SecPath V100-S
3.1 Installation Flow
Start
Install the rack (optional)
Mount the security
gateway
Connect the PGND
Connect the power cord
Connect the security gate-
way to the console terminal
Verify the installation
Power up the security gateway
Troubleshooting
Power down the
security gateway
Verify the installation
Connect the power
cord and power up
Install MIMs (optional)
Turn off the power switch
and remove the power cord
Connect the security gateway
to the Ethernet interface
End
OK?
NO
YES
Figure 3-1 Installation flow
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48

H3C SecPath V100-S Installation guide

Type
Installation guide

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI