Symantec 5000 Series Installation guide

Brand: Symantec

Model: 5000 Series

Category: Networking

Type: Installation guide

Symantec™ Gateway Security 5000

Series v3.0.1

Installation Guide

Supported hardware platforms:

Symantec Gateway Security 5600 Series, Symantec Gateway Security 5400 Series,

and Symantec Clientless VPN Gateway 4400 Series

Symantec™ Gateway Security 5000 Series v.3.0.1

Installation Guide

The software described in this book is furnished under a license agreement and may be used only in

accordance with the terms of the agreement.

Documentation version 1.0

March 17, 2006

Any technical documentation that is made available by Symantec Corporation is the copyrighted work

of Symantec Corporation and is owned by Symantec Corporation.

NO WARRANTY. The technical documentation is being delivered to you AS-IS and Symantec

Corporation makes no warranty as to its accuracy or use. Any use of the technical documentation or

the information contained therein is at the risk of the user. Documentation may include technical or

other inaccuracies or typographical errors. Symantec reserves the right to make changes without prior

notice.

No part of this publication may be copied without the express written permission of Symantec

Corporation, 20330 Stevens Creek Blvd., Cupertino, CA 95014.

Trademarks

Symantec, the Symantec logo, and Norton AntiVirus are U.S. registered trademarks of Symantec

Corporation. LiveUpdate, LiveUpdate Administration Utility, Symantec AntiVirus, and Symantec

Security Response are trademarks of Symantec Corporation.

Other brands and product names mentioned in this manual may be trademarks or registered

trademarks of their respective companies and are hereby acknowledged.

Printed in the United States of America.

10987654321

Technical support

As part of Symantec Security Response, the Symantec global Technical Support group maintains

support centers throughout the world. The Technical Support group’s primary role is to respond to

specific questions on product feature/function, installation, and configuration, as well as to author

content for our Web-accessible Knowledge Base. The Technical Support group works collaboratively

with the other functional areas within Symantec to answer your questions in a timely fashion. For

example, the Technical Support group works with Product Engineering as well as Symantec Security

Response to provide Alerting Services and Virus Definition Updates for virus outbreaks and security

alerts.

Symantec technical support offerings include:

■ A range of support options that give you the flexibility to select the right amount of service for any

size organization

■ Telephone and Web support components that provide rapid response and up-to-the-minute

information

■ Upgrade insurance that delivers automatic software upgrade protection

■ Content Updates for virus definitions and security signatures that ensure the highest level of

protection

■ Global support from Symantec Security Response experts, which is available 24 hours a day, 7 days

a week worldwide in a variety of languages for those customers enrolled in the Platinum Support

program

■ Advanced features, such as the Symantec Alerting Service and Technical Account Manager role,

offer enhanced response and proactive security support

Please visit our Web site for current information on Support Programs. The specific features available

may vary based on the level of support purchased and the specific product that you are using.

Licensing and registration

This product requires a license file. The fastest and easiest way to register your service is to access the

Symantec licensing and registration site at https://licensing.symantec.com.

Contacting Technical Support

Customers with a current maintenance agreement may contact the Technical Support group by phone

or online at www.symantec.com/techsupp.

Customers with Platinum support agreements may contact Platinum Technical Support by the

Platinum Web site at https://www-secure.symantec.com/platinum. When contacting the Technical

Support group, please have the following:

■ Product release level

■ Hardware information

■ Available memory, disk space, NIC information

■ Operating system

■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description

■ Error messages/log files

■ Troubleshooting performed prior to contacting Symantec

■ Recent software configuration changes and/or network changes

Customer Service

To contact Enterprise Customer Service online, go to www.symantec.com/techsupp, select the

appropriate Global Site for your country, then select the enterprise Continue link. Customer Service is

available to assist with the following types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information on product updates and upgrades

■ Information on upgrade insurance and maintenance contracts

■ Information on Symantec Value License Program

■ Advice on Symantec’s technical support options

■ Nontechnical presales questions

■ Missing or defective CD-ROMs or manuals

Contents

Chapter 1 Installing the appliance

About the Symantec Gateway Security 5000 Series ..............................................................................................9

Optional and replaceable parts .......................................................................................................................... 9

Hard drives .........................................................................................................................................................10

Intended audience .............................................................................................................................................10

Planning for installation ..........................................................................................................................................10

Installing the Symantec Gateway Security 5600 Series appliance ....................................................................11

Installing a free-standing appliance ...............................................................................................................11

Installing a rack-mounted appliance ..............................................................................................................11

Installing a slide rack-mounted appliance .....................................................................................................12

Front panel layout .....................................................................................................................................................13

Front panel status indicators ...........................................................................................................................13

Using the LCD system menu ....................................................................................................................................14

Using front panel controls ...............................................................................................................................14

Using the system menu ....................................................................................................................................16

Locking front LCD panel controls ...................................................................................................................16

Unlocking the front LCD panel controls ........................................................................................................16

Viewing system information on the LCD ...............................................................................................................16

RAID status messages .......................................................................................................................................17

Symantec Gateway Security 5600 Series back panel features ...........................................................................18

Model 5620 back panel features ..............................................................................................................................18

Connecting model 5620 to the network .........................................................................................................19

Connecting the power cord to model 5620 ....................................................................................................19

Turning on the power for model 5620 ............................................................................................................20

Model 5640 back panel features ..............................................................................................................................20

Model 5660 back panel features ..............................................................................................................................21

Connecting models 5640 and 5660 to the network ......................................................................................23

Connecting the power cord to models 5640 and 5660 ................................................................................23

Connecting an Uninterruptible Power Supply (UPS) ...........................................................................................23

Updating or restoring the appliance firmware with the

Symantec Gateway Security 5000 Series Software and Restore Image Version 3.0.1 CD-ROM ...........24

Chapter 2 Setting up the appliance and configuring the system

Installing and setting up the appliance ..................................................................................................................27

5620 back panel layout .....................................................................................................................................27

5640 back panel layout .....................................................................................................................................28

5660 back panel layout .....................................................................................................................................28

Shutting down the appliance ...................................................................................................................................31

Configuring the appliance with the System Setup Wizard .................................................................................31

Logging on to the SGMI for the first time .....................................................................................................31

Running the System Setup Wizard .................................................................................................................31

Running application LiveUpdate during initial logon .................................................................................37

Integrating the SGMI to the desktop ..............................................................................................................37

Chapter 3 Upgrading appliance software and migrating configurations

About upgrading or updating to Symantec Gateway Security 5000 Series v3.0.1 ..........................................39

Upgrade and update methods ..........................................................................................................................40

6 Contents

Upgrade and update requirements .................................................................................................................41

Requirements for the local upgrade and update ..................................................................................41

Requirements for remote upgrade or update ........................................................................................42

Patches and hotfixes .................................................................................................................................42

Upgrade and update preparation ............................................................................................................................42

General planning for on site upgrades and updates ....................................................................................42

Planning for remote upgrades or updates .....................................................................................................43

Remote access to the appliance .......................................................................................................................43

Licensing your Symantec Gateway Security 5000 Series v3.0.1 software ................................................44

Backing up your Symantec Gateway Security 5000 Series license files ...................................................44

Backing up security gateway configurations and data files .......................................................................45

Backing up Symantec Gateway Security 5000 Series v3.0 configurations .......................................45

Backing up Symantec Gateway Security 5000 Series v2.0.1 configurations ....................................46

Backing up Symantec Clientless VPN Gateway 4400 Series v5.0 configurations and data files ...46

Manual backups .................................................................................................................................................47

Backing up cluster information .......................................................................................................................49

Performing remote upgrades and updates ............................................................................................................49

Uploading the Symantec Gateway Security 5000 Series Software Update Version 3.0.1 CD-ROM

to an FTP server .........................................................................................................................................49

Downloading the upgrade or update files to the Symantec Gateway Security 5000 Series v2.0.1

or Symantec Gateway Security 5000 Series v3.0 appliance ................................................................50

Verify the amount of free disk space on the appliance ........................................................................50

Downloading the entire or split kit .........................................................................................................50

Running the upgrade or update .......................................................................................................................51

Post-upgrade or update restoration .......................................................................................................................52

SGMI access after upgrading or updating .....................................................................................................52

Factory reset .......................................................................................................................................................53

Restoring configurations ..................................................................................................................................53

Restoring license files .......................................................................................................................................54

About Symantec Gateway Security 5000 Series v2.0.1 upgrade reports ..................................................55

Post-upgrade tasks for upgraded Symantec Gateway Security 5000 Series v2.0.1 configurations .............55

LiveUpdate ..........................................................................................................................................................55

Authentication methods ...................................................................................................................................56

Authentication sequences ................................................................................................................................56

Dynamic authentication sequences ........................................................................................................56

Dynamic authentication group names ...................................................................................................56

Authentication using multiple servers ...................................................................................................56

Bellcore S/Key authentication .........................................................................................................................57

gwpassword authentication .............................................................................................................................57

PassGo Defender authentication .....................................................................................................................57

SecurID authentication .....................................................................................................................................58

Entrust authentication .....................................................................................................................................58

TACACS authentication ....................................................................................................................................58

External LDAP ....................................................................................................................................................58

IDS ........................................................................................................................................................................58

Content security .................................................................................................................................................59

Antivirus comforting ........................................................................................................................................59

Antivirus scanning off-box ..............................................................................................................................59

Antivirus response messages ...........................................................................................................................59

Antivirus X-Virus header .................................................................................................................................60

Antispam mail sender (bad senders list) ........................................................................................................60

Content filtering ................................................................................................................................................60

URL whitelist/blacklist .............................................................................................................................62

MIME types whitelist/blacklist ................................................................................................................63

File Extensions whitelist/blacklist ..........................................................................................................63

7Contents

Dynamic Document Review .............................................................................................................................63

Log files ...............................................................................................................................................................63

loglevel.cf ............................................................................................................................................................63

SYN flood protection settings ..........................................................................................................................64

Network interfaces ............................................................................................................................................64

SRL .......................................................................................................................................................................64

Cron jobs ..............................................................................................................................................................64

RemPass ..............................................................................................................................................................64

Post-upgrade tasks for upgraded Symantec Clientless VPN Gateway 4400 Series v5.0 configurations .....64

Access control ....................................................................................................................................................64

SecurID authentication .....................................................................................................................................65

Windows NT Domain authentication .............................................................................................................65

Logging ................................................................................................................................................................65

Service redirect IP address conflicts ..............................................................................................................65

Object name modification ................................................................................................................................65

Network interfaces ............................................................................................................................................66

Reserved object names ......................................................................................................................................66

Migrating configurations from Symantec Enterprise Firewall ..........................................................................68

Migrating Symantec Enterprise Firewall v8.0 configurations to

Symantec Gateway Security 5000 Series v3.01 ....................................................................................68

Mismatched Symantec Enterprise Firewall v8.0 network interfaces ................................................68

Migrating Symantec Enterprise Firewall v7.0.4 configurations to

Symantec Gateway Security 5000 Series v3.0.1 ...................................................................................68

Backing up Symantec Enterprise Firewall v8.0 configurations .................................................................69

Assigning network interfaces ..........................................................................................................................69

Migrating Symantec Enterprise Firewall v8.0 configuration files ............................................................69

Chapter 4 Obtaining and installing licenses

Getting started with your 30-day grace period .....................................................................................................71

Preparing to obtain license files ..............................................................................................................................72

Gather your serial number certificates ..........................................................................................................72

Sort your license serial numbers for each appliance ...................................................................................72

Collect product and contact information .......................................................................................................73

The Symantec System ID ..........................................................................................................................73

Appliance serial number ...........................................................................................................................74

License serial number ...............................................................................................................................74

Contact Information ..................................................................................................................................74

Complete the license file organization worksheet .......................................................................................74

Obtaining license files ...............................................................................................................................................76

Preparing to install license files ..............................................................................................................................76

Valid license combinations ......................................................................................................................................76

Installing license files ...............................................................................................................................................77

Viewing licensed features .........................................................................................................................................78

Removing all license files .........................................................................................................................................78

Appendix A Developing a security plan

Defining your security policy ..................................................................................................................................79

Before writing your security plan ...................................................................................................................79

Becoming security-conscious ...........................................................................................................................80

Formulate goals ..........................................................................................................................................80

Review issues ..............................................................................................................................................80

Educating users ..........................................................................................................................................................80

Involving the user community ........................................................................................................................80

Notifying affected users ............................................................................................................................80

8 Contents

Taking a pro-active stance .......................................................................................................................81

Security policy worksheets ......................................................................................................................................81

Defining your organization ..............................................................................................................................81

Collecting hardware information ....................................................................................................................83

Collecting your TCP/IP address .......................................................................................................................84

Defining your allowed TCP/IP services ..........................................................................................................85

Collecting email information for security gateway notifications ..............................................................86

Defining your Web services .............................................................................................................................87

Access lists ..................................................................................................................................................88

Defining your network architecture ...............................................................................................................89

Chapter

Installing the appliance

This chapter includes the following topics:

■ About the Symantec Gateway Security 5000 Series

■ Planning for installation

■ Installing the Symantec Gateway Security 5600 Series appliance

■ Front panel layout

■ Model 5620 back panel features

■ Model 5640 back panel features

■ Model 5660 back panel features

■ Connecting an Uninterruptible Power Supply (UPS)

■ Updating or restoring the appliance firmware with the Symantec Gateway Security 5000 Series

Software and Restore Image Version 3.0.1 CD-ROM

About the Symantec Gateway Security 5000 Series

The Symantec™ Gateway Security 5000 Series is a comprehensive network security device that

integrates firewall, VPN, antivirus, intrusion detection and prevention, content filtering, and high

availability/load balancing components into an appliance that protects networks at the gateway to the

Internet or subnets of larger WANs and LANs.

See the Symantec™ Gateway Security 5000 Series Getting Started Guide, Safety and System

Specifications section for more information about the Symantec™ Gateway Security 5600 Series

appliances.

Optional and replaceable parts

Field replaceable units (FRUs) are parts of the appliance that can be quickly and easily removed and

replaced by users or by a technician without having to send the entire appliance to a repair facility.

Symantec Gateway Security 5600 Series models 5640 and 5660 appliances have the following FRUs

and optional components:

■ Power Supply

■ Disk Assembly

■ Fan Assembly

■ Small Formfactor Pluggable - SX and LX Fiber

Small Formfactor Pluggables (SFPs) are plug-in devices that vary the physical network with which

a single NIC can communicate (copper or fiber: SX fiber, CX fiber, and TX copper).

■ Small Formfactor Pluggable - TX Copper

10 Installing the appliance

Planning for installation

■ Bezel Assembly

■ Rack Mount Slide Assembly

■ Cable Management Bracket

■ Mounting Brackets

All components for the Symantec Gateway Security 5600 Series model 5620 are fixed components.

See the

Symantec™ Gateway Security 5600 Series Field Replaceable Units Guide for more

information on optional and replaceable parts. See the

Symantec™ Gateway Security 5000 Series v3.0

Getting Started Guide

for more information on software features.

Hard drives

Symantec Gateway Security 5600 Series models with two hard drives installed run Redundant Array of

Inexpensive Disks software (RAID). Table 1-1 describes the Symantec Gateway Security 5000 Series

hard disk configurations.

Intended audience

This manual is intended for system managers or system administrators responsible for installing and

administering the Symantec Gateway Security 5000 Series.

Warning: This is an electrically powered device. You must adhere to warnings and cautions when

installing or working with the Symantec Gateway Security 5600 Series appliance. Read the installation

instructions and heed all warnings before connecting the appliance to its power source.

See the Symantec™ Gateway Security 5600 Series Safety and System Specifications for all warning

information about the Symantec Gateway Security 5600 Series appliances.

Planning for installation

Before you install and activate your Symantec Gateway Security 5600 Series appliance you should

review your security plan. See “Developing a security plan” on page 79.

Table 1-1 5000 series hard disk configurations

5000 models Hard disk configurations

5620 Comes with one hard drive. Does not have a slot for a

second hard drive and never runs RAID.

5640 Comes with one hard drive and a slot for adding a second

optional, hard disk with RAID. Runs RAID automatically

when the second hard disk is installed.

5660 Comes with two disks installed already running RAID.

All upgraded 5400

series models

Come with one hard drive. Does not have a slot for a second

hard drive and never runs RAID.

Upgraded 4400

appliance

Comes with one hard drive. Does not have a slot for a

second hard drive and never runs RAID.

11Installing the appliance

Installing the Symantec Gateway Security 5600 Series appliance

You can install the Symantec Gateway Security 5600 Series appliance as a free-standing unit, or as a

rack-mounted unit using mounting brackets or slides. When preparing to install your appliance, refer

to the following guidelines:

■ Smooth and level surface

Place the appliance on a smooth and level surface, such as the top of a computer table or in a rack.

Make sure that the area is clear of dust and debris.

■ Plenty of ventilation

The installation site must meet minimum environmental specifications. Ensure that there is

adequate space (at least 1 inch) on all sides of the appliance to allow air circulation to cool the

machine.

Caution: Never place objects or paper on top of the appliance.

■ Proper power source

Install the appliance near a power source that is adequate and near enough to the appliance so

that the power cord is not strained, stretched, or in danger of coming unplugged.

Caution: Do not use an extension cord to supply power to this unit.

■ Appliance and cables away from high-traffic areas

Install the appliance in an area that is out of the way of foot traffic.

■ Access to this area only by authorized security personnel.

Installing the Symantec Gateway Security 5600 Series

appliance

You can install the Symantec Gateway Security 5600 Series appliance as a free-standing unit or in a

rack-mounted, or slide rack-mounted configuration.

Installing a free-standing appliance

The Symantec Gateway Security 5600 Series can be installed as a free-standing appliance. Install the

Symantec Gateway Security 5600 Series appliance at a location that meets the pre-installation

requirements.

See “Planning for installation” on page 10.

Installing a rack-mounted appliance

The following rack-mounting instructions apply to all appliance models. Because rack hardware can

differ between sites, rack-mounting screws are not shipped with the unit. Before installing your

appliance, obtain the proper size screws for mounting the appliance in your specific rack.

This section describes how to install the appliance in a standard 19-inch equipment rack.

12 Installing the appliance

Installing the Symantec Gateway Security 5600 Series appliance

To install a rack-mounted appliance

1 Connect the mounting brackets to the sides of the appliance using the supplied bracket screws.

2 Secure the mounting brackets to the equipment rack.

Installing a slide rack-mounted appliance

The Symantec Gateway Security 5600 Series has mounting holes on the chassis for use with rack

mount slides. The Symantec Gateway Security 5600 Series model 5660 comes with a rack mount slide

kit.

13Installing the appliance

Front panel layout

The Symantec Gateway Security 5600 Series front panel, shown in Figure 1-1, contains six data entry

and navigation buttons, a two-line by 16 character liquid crystal display (LCD) area, and status

indicators. The front panel looks the same on all models, except the model 5620 which has a narrower

profile.

The initial setup of the Symantec Gateway Security 5600 Series takes place at the appliance front

panel, where you enter and modify parameters, such as system and network IP addresses.

See “Installing and setting up the appliance” on page 27.

Figure 1-1 Symantec Gateway Security 5600 Series front panel

Table 1-2 describes the elements of the front panel and how they work.

Front panel status indicators

The front panel status indicators are the same on all models. Use these indicators for a quick visual

status of the appliance.

Table 1-2 Front panel descriptions

Location Feature Description

1Status

indicators

Display a status of the basic appliance condition.

See “Front panel status indicators” on page 13.

2 LCD Displays the Symantec Gateway Security 5600 Series software version number, the

System ID and system monitoring information.

You can monitor appliance status, modify interface parameters, and reinitialize the

appliance. The options you can access on the LCD screen include:

■ System startup self-tests

■ Performance monitoring

■ System menu

See “Using the LCD system menu” on page 14.

3Front

panel

controls

Let you enter network information directly into the appliance.

See “Using the LCD system menu” on page 14.

14 Installing the appliance

Using the LCD system menu

Figure 1-2 Front panel status indicators

Table 1-3 Front panel status indicators

Using the LCD system menu

When your appliance is running, you can access the LCD system menu by pressing any button on the

appliance’s front panel. You can then select the system menu by pressing the menu button. By using

the arrow buttons, you can view the various system menu options. The LCD can be locked to prevent

unauthorized access. See “Locking front LCD panel controls” on page 16.

Using front panel controls

The front panel controls are the same on all models. The front panel controls perform dual functions.

These functions depend upon whether the Symantec Gateway Security 5600 Series is in initial setup

mode or if you are using the system menu to change setup information. The front panel controls

Location Feature Description

1 Power Glows green steadily to indicate the power is on.

2 Disk activity Blinks green when there is activity on the hard disk drive.

3 Attention Glows orange when the appliance needs attention. Check log messages for more

information. Also glows orange during the power on process. There is also an

attention status indicator on the back panel of the appliance.

4 Network activity Blinks green when there is network traffic.

5 Temperature Glows red to indicate high temperature status. A log message is sent to the

appliance log file.

15Installing the appliance

Using the LCD system menu

consist of four navigation buttons, a menu button, and an enter button. Figure 1-3 shows the front

panel controls.

Figure 1-3 Front panel controls

Table 1-4 describes the function of the front panel controls. Use these controls to enter your system

information. The up, down, left, and right buttons do not physically have arrows on the buttons: these

symbols are used here to describe how the buttons work.

Table 1-4 Front panel controls

Button Name Function

Up Increase the current number displayed on the LCD or move to the previous menu item.

Pressing and holding the up button will rapidly increase the value displayed.

Down Decrease the current number displayed on the LCD or move the next menu item.

Pressing and holding the down button will rapidly decrease the value displayed.

Left Move to the left fields on the LCD to enter IP addresses or to move to the previous menu

item.

Right Move to the right fields on the LCD to enter IP addresses or to move to the next menu

item.

Menu Launch the System Menu when the appliance is in monitoring mode. Also use this button

to cancel the current option without completing it.

On upgraded Symantec Gateway Security 5400 Series or Symantec Clientless VPN

Gateway 4400 Series appliances use the S (Select) button.

Enter Accept the current value displayed in the LCD when entering information.

On upgraded Symantec Gateway Security 5400 Series or Symantec Clientless VPN

Gateway 4400 Series appliances use the E (Enter) button.

16 Installing the appliance

Viewing system information on the LCD

Using the system menu

The system menu provides five options that you perform from the front panel. See “System Menu

options” on page 16. For descriptions of the buttons on the appliance front panel and the functions

they perform see “Using the LCD system menu” on page 14.

Locking front LCD panel controls

You can lock the appliance front LCD panel controls to provide additional security against personnel

who should not have access privileges using the System Setup Wizard. For more information about

locking the front LCD panel controls, see the

Symantec Gateway Security 5000 Series v3.0 Getting

Started Guide

or the Symantec Gateway Security 5000 Series v3.0 Administration Guide.

Unlocking the front LCD panel controls

You can unlock the LCD panel and associated navigation buttons with your appliance password, but it

relocks after 60 seconds of inactivity. To unlock the front LCD panel controls for a longer period of

time, you must rerun the System Setup Wizard to uncheck the box that you checked to lock the front

panel. Running the System Setup Wizard requires you to reboot your appliance. See the

Symantec

Gateway Security 5000 Series v3.0 Getting Started Guide

or the Symantec Gateway Security 5000

Series v3.0 Administration Guide

for more information about locking the front LCD panel controls.

Viewing system information on the LCD

Once you complete the initial network appliance setup and restart the appliance, the LCD screen enters

a monitoring mode that it remains in during normal system operations. When the appliance is

running, the LCD displays four different parameters of information about the status of the appliance.

The system updates approximately every second. Each parameter is displayed in one of four individual

fields on the LCD.

Table 1-5 System Menu options

Option Description

1. Network Setup The system prompts you to reenter or change network settings configured during the

initial setup process. To continue to the next system menu entry, press either the down

button or the right button.

2. Reboot The system prompts you to select [OK] or [Cancel]. [Cancel] is selected by default. To

reboot, use the right or left button to move the cursor to [OK] and press the Enter button.

3. Shutdown The system prompts you to confirm system shutdown. Select [OK] or [Cancel]. Press the

Enter button again to enter your selection.

4. System ID Displays the appliance’s Symantec System ID. The Symantec System ID is required to

obtain the appliance’s product license.

Press the Enter button to return to the system menu once the Symantec System ID is

displayed on the LCD screen. Press either the down button or the right button to move to

the next menu item.

5. Factory reset If you select this menu item, you are prompted to confirm with [OK] or [Cancel].

Note: If you select [OK], the appliance returns to its default state and loses any software

patches that have been applied. This is the state (Symantec Gateway Security 5000

Series v3.0.1) it was in when you first received the appliance. All network information

and configuration data you have entered is lost. Only licensing information, if entered, is

retained.

17Installing the appliance

Viewing system information on the LCD

Table 1-6 describes the system fields on the LCD screen. The system fields on your LCD screen appear

as follows:

RAID status messages

Symantec Gateway Security 5600 Series models with two hard drives installed run Redundant Array of

Inexpensive Disks software (RAID). The LCD displays messages about the RAID status of the

appliance’s hard drives. RAID software maintains mirrored images on both hard drives to provide

uninterrupted operation in the event of disk failure on one of the hard drives. The appliance continues

to operate normally as long as one of the hard disks is working.

Table 1-7 describes the RAID messages displayed on the LCD.

CPU XX% RAID: XXX

log XX% xxx Mb/s

Table 1-6 LCD system fields

Field Description

CPU XX% Shows the percentage of CPU usage.

RAID XXX Displays status of the hard drives.

See “RAID status messages” on page 17.

log XX% Shows the Log file size as compared with the free disk space.

xxxxMb/s Shows the throughput rate for the security gateway (Mbps).

When the security gateway is stopped, this field alternates between the throughput rate and the

LCD indicator (stopped).

Table 1-7 RAID status messages

Message Description

OK Both hard drives are mirrored and working correctly.

XX% Displays when mirroring is taking place. Shows the current percentage of completion of the

mirroring process.

RDY A model 5640 is ready for addition of a second hard drive or a model 5660 is ready for a

replacement of a missing second hard drive.

N/A RAID does not run on the appliance.

Applies only to the following:

■ Symantec Gateway Security model 5620

■ Upgraded Symantec Gateway Security 5400 series models

■ Upgraded Symantec Clientless VPN Gateway 4400 appliances.

F 2

F 1

One or both of the hard drives has failed:

■ 2 is the top hard drive

■ 1 is the bottom hard drive

If one of your hard drives has failed, see the SGMI Event logs for more information.

M 2

M 1

One of the hard drives is missing from a previously mirrored system:

■ 2 is the top hard drive

■ 1 is the bottom hard drive

18 Installing the appliance

Symantec Gateway Security 5600 Series back panel features

The back panels of the model 5640 and 5660 are different from model 5620 due to the larger size of the

appliance and additional Ethernet ports.

All models of the Symantec Gateway Security 5600 Series appliances have ethernet ports which can

connect to 10/100/1000Base-T network networks. Some of the Symantec Gateway Security 5600 Series

Ethernet ports have higher transmission rates than the normal Ethernet ports. For information about

Ethernet port transmission rates see Table 1-8.

We recommend that you connect your high throughput network segments to the faster ethernet ports

and your less busy network segments to the normal ports. The total throughput depends on the model

of the appliance that you are using and the types of traffic scanning that are enabled using the SGMI.

Model 5620 back panel features

This section describes the back panel features of the Symantec Gateway Security model 5620. Model

5620 offers six 10/100/1000 Fast Ethernet ports.

Figure 1-4 and Table 1-9 describe the back panel features for the model 5620.

Figure 1-4 Model 5620 back panel

Table 1-8 Ethernet port transmission rates

Model Higher transmission rate ports Normal transmission rate

5620 eth0 and eth1 eth2, eth3, eth4 and eth5

5640 eth0, eth1 and eth6 eth2, eth3, eth4, eth5, eth7

5660 All ports none

Table 1-9 Model 5620 back panel features

Location Feature Description

1 Cooling fan Maintains proper operating temperature. Ensure that the ventilation holes

in the front and back are not blocked.

2 Power socket Connection for AC power cord.

3 Master power

switch

Turns the power to the power supply on or off.

4 Serial console port Provides a connection for a terminal emulator to access the appliance’s Linux

operating system locally. Only make changes using the serial console port

when instructed by Symantec Technical Support. Making changes to the

operating system is not supported.

5 Attention indicator Glows solid red if the appliance needs attention. Check log messages for

more information about why the appliance needs attention.

6 Power button Turns the power to the appliance on or off.

19Installing the appliance

Model 5620 back panel features

Connecting model 5620 to the network

The Symantec Gateway Security 5600 Series model 5620 back panel provides a total of six 10/100/

1000 Base-T network connections. Your network connection requirements are based on your site’s

network configuration. As you connect model 5620 to the network, see the location numbers from

Figure 1-4 to refer to the back panel features mentioned in each step.

To connect model 5620 to the network

1 Plug the RJ-45 connector from the Internet or router into the interface (8 through 13) you want to

configure as the outside interface.

2 Plug the RJ-45 connectors from any other networks (if present) into any of the remaining network

connections.

Connecting the power cord to model 5620

Use the location numbers from Figure 1-4 to refer to the back panel features mentioned in each of the

following steps.

To connect the power cord to model 5620

1 Plug the power cord into the power socket on the rear panel (2).

2 Connect the power supply cord from the appliance to an electrical outlet or UPS supply unit.

See “Connecting an Uninterruptible Power Supply (UPS)” on page 23.

7USB ports■ Provides a modem connection for dialing pager phone numbers for

delivering notifications. Supports (but does not include) USB modems

that use standard AT command set for notifications. Complies with the

USB CDC ACM specification.

■ Lets you connect an Uninterruptible Power Supply (UPS) to the USB

port for smart UPS support.

See “Connecting an Uninterruptible Power Supply (UPS)” on page 23.

Note: Any USB port can be used for either task.

8 eth4 Normal transmission rate port. Accepts a 10/100/1000 Base-T network cable,