HP A-F1000-E User Manual Download

Page: 1 / 75

HP A-F1000-E VPN Firewall

Installation Guide

Part number: 5998-1412
Document version: 6PW101-20110909

Summary of Contents for A-F1000-E

Page 1: ...HP A F1000 E VPN Firewall Installation Guide Part number 5998 1412 Document version 6PW101 20110909 ...

Page 2: ... MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Hewlett Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing performance or use of this material The only warranties for HP products and services are set forth in the express warranty statements accompa...

Page 3: ... load bearing screws to the firewall 11 Installing the firewall to the rack 12 Grounding the firewall 13 Installing interface modules 13 Installing a CF card 14 Connecting Ethernet cables 15 Connecting a copper Ethernet cable 15 Connecting an optical fiber 15 Connecting an AC power cord 17 Connecting an RPS DC power cord 18 Logging in to the firewall and configuring basic settings 19 Logging in to...

Page 4: ...wall 36 Saving the running configuration of the firewall 36 Rebooting the firewall 37 Replacement procedures 39 Safety recommendations 39 Replacing an interface module 39 Replacing a CF card 40 Replacing a transceiver module 41 Troubleshooting 43 Power supply system failure 43 Fan failure 43 Configuration terminal problems 44 No terminal display 44 Garbled terminal display 44 Using the AUX port as...

Page 5: ... 60 10A AC power cables used in different countries or regions 60 16A AC power cables used in different countries or regions 63 Support and other resources 66 Contacting HP 66 Subscription service 66 Related information 66 Documents 66 Websites 66 Conventions 67 Index 69 ...

Page 6: ...5 1 AC input power receptacle 100 VAC to 240 VAC 50 or 60 Hz at 2 5 A 2 AC power switch ON OFF 3 RPS DC input power receptacle RPS 4 CF card slot CF CARD 5 CF card LED CF 6 SYS LED SYS 7 Interface module slot 2 LED SLOT2 8 Interface module slot 1 LED SLOT1 9 RPS status LED RPS 10 AC power supply status LED PWR 11 USB port 1 LED USB 12 USB port 1 1 13 USB port 0 0 14 Console port CONSOLE 15 Auxilia...

Page 7: ... Figure 2 Rear panel view 1 Grounding screw and grounding sign 2 1000 Mbps fiber port LED 3 10 100 1000 Mbps copper port LED 4 Combo copper port 5 Combo SFP fiber port 6 Interface module slot 1 7 Interface module slot 2 ...

Page 8: ... means an alert that calls attention to important information that if not understood or followed can result in personal injury CAUTION means an alert that calls attention to important information that if not understood or followed can result in data loss data corruption or damage to hardware or software General safety recommendations Keep the chassis and installation tools away from walk areas Mak...

Page 9: ...revention EMI Lightning protection Rack mounting Temperature and humidity You must maintain a proper temperature and humidity in the equipment room Long term high humidity may lead to bad insulation electricity leakage mechanical property changes and metal corrosion However if the humidity is too low captive screws may become loose as the result of contraction of insulation washers and static elec...

Page 10: ...ause communication failure Table 4 Dust concentration limit in the equipment room Substance Concentration limit particles cu m Dust particles 3 x 104 No visible dust on desk in three days NOTE Dust particle diameter 5 μm The equipment room must also meet strict limits on salts acids and sulfides to eliminate corrosion and premature aging of components as shown in Table 5 Table 5 Harmful gas limits...

Page 11: ... put it into an antistatic bag Touch only the edges instead of electronic components when observing or moving a removed CF card or interface module To use the ESD preventive wrist strap perform the following steps Step1 Wear the wrist strap on your wrist Step2 Lock the wrist strap tight around your wrist to keep good contact with the skin Step3 Attach the ESD preventive wrist strap to the rack wit...

Page 12: ...e chassis is well grounded Make sure the grounding terminal of the AC power receptacle is well grounded Install a lightning arrester at the input end of the power supply to enhance the lightning protection capability of the power supply Rack mounting Before mounting the firewall in a standard 19 inch rack adhere to the following requirements The rack is sturdy enough to support the firewall and in...

Page 13: ...icles m3 ESD prevention The equipment and floor are well grounded The equipment room is dust proof The humidity and temperature are at a proper level respectively Wear an ESD preventive wrist strap and uniform when touching a circuit board Place the removed CF card or interface module on an antistatic workbench with the face upward or put it into an antistatic bag Touch only the edges instead of e...

Page 14: ...ing Rack mounting requirements The rack is sturdy enough to support the weight of the firewall and installation accessories The size of the cabinet is appropriate for the firewall The front and rear of the cabinet are at least 0 8 m 31 50 in away from walls or other devices Safety precautions The firewall is far away from any moist area and heat source The emergency power switch in the equipment r...

Page 15: ...d Connecting Ethernet cables Connecting an AC power cord Connecting an RPS DC power cord Installation flow Figure 5 HP A F1000 E firewall installation flow Installing the firewall in a 19 inch rack Installing cage nuts and rear mounting brackets to the rack Step1 As shown in Figure 6 install the cage nuts to proper positions on the rack posts The cage nuts are used to fix the mounting brackets ...

Page 16: ...ting brackets to the rear rack posts Figure 7 Install rear mounting brackets to the rack Installing front mounting brackets and load bearing screws to the firewall Before installing the firewall to a rack install the front mounting brackets and load bearing screws to the firewall ...

Page 17: ...all Installing the firewall to the rack Follow these steps to install the firewall to the rack Step1 Supporting the firewall bottom with one hand push the firewall into the rack horizontally and make sure that the upper edges of the rear mounting brackets make close contact with the load bearing screws on the firewall Step2 Fix the firewall horizontally by fastening the front mounting brackets at ...

Page 18: ...r end of the grounding cable as shown in Figure 10 by connecting the other end of the grounding cable to the grounding terminal of the rack Figure 10 Connect the grounding cable 1 1 OT terminal Installing interface modules Follow these steps to install an interface module Step1 Select the slot to install the interface module and remove the two filler panels on the slot use a Phillips screwdriver t...

Page 19: ...s the interface module has failed the power on self test POST NOTE Keep the removed filler panel and screws for future use Installing a CF card Follow these steps to install a CF card Step1 Push the CF card eject button all the way into the slot and make sure that the button does not project from the panel Step2 Insert the CF card into the slot following the direction shown in Figure 12 and make s...

Page 20: ...hat the link is connected For more information about the LED status see the chapter Appendix B LEDs Connecting an optical fiber Before connecting the firewall to the network you must install a transceiver module to the firewall and then insert the fiber connector to the transceiver module The A F1000 E Firewall supports LC connectors only WARNING When connecting an optical fiber note the following...

Page 21: ...4 Figure 14 Install the transceiver module Step3 Remove the dust cap from the transceiver module and the protective caps from the fibers Step4 Plug the LC connectors on one end of the fiber cable into the Rx and Tx ports and plug the LC connectors on the other end to the Tx and Rx ports on the peer device as shown in Figure 15 ...

Page 22: ...r command in interface view to change the working port For more information about the command see the command references for the firewall Connecting an AC power cord To connect an AC power cord follow these steps Step1 Make sure the firewall is well grounded and the power switch on the firewall is in the OFF position Step2 Connect one end of the AC power cord to the AC receptacle on the firewall a...

Page 23: ...from the firewall as shown in Figure 17 Figure 17 Remove the protection cover Step4 Insert the RPS plug in the RPS DC receptacle of the firewall Step5 Fix the two fastening screws on the RPS plug to secure the plug to the RPS DC receptacle of the firewall Step6 Connect the other end of the RPS power cord to the RPS power source Figure 18 Connect an RPS DC power cord 1 RPS 2 Plug connecting to the ...

Page 24: ...re firewall login methods such as login through SSH and NMS see the configuration guides for the firewall Logging in to the firewall through the console port Connecting the firewall to a configuration terminal through a console cable Follow these steps to connect a configuration terminal to the firewall by using the console cable Step1 Select a configuration terminal which can be a character termi...

Page 25: ...powered on firewall disconnect the DB 9 connector of the console cable from the PC after disconnecting the RJ 45 connector from the firewall Setting terminal parameters Follow these steps to set terminal parameters on a terminal for example Windows XP HyperTerminal Step1 Select Start All Programs Accessories Communications HyperTerminal to enter the HyperTerminal window The Connection Description ...

Page 26: ...owing dialog box appears Select the serial port to be used from the Connect using drop down list Figure 21 Set the serial port used by the HyperTerminal connection Step3 Click OK after selecting a serial port and the following dialog box appears Set Bits per second to 9600 Data bits to 8 Parity to None Stop bits to 1 and Flow control to None ...

Page 27: ...etting the serial port parameters and the system enters the following interface Figure 23 HyperTerminal window Step5 Click Properties in the HyperTerminal window to enter the aaa Properties dialog box Click the Settings tab set the Emulation to VT100 and then click OK ...

Page 28: ...e system prompts you to press Enter When the command line prompt appears the firewall is ready to configure Logging in to the firewall through Telnet NOTE For more information about the Telnet login see the configuration guides for the firewall You can use the default information to log in to the A F1000 E firewall The default login information includes Username admin Password admin IP address of ...

Page 29: ...onfigure an IP address for the PC ensuring the PC and the A F1000 E can ping each other Set the IP address to any one but 192 168 0 1 within the range of 192 168 0 0 24 For example set the address to 192 168 0 2 Step3 Launch the web browser and input the login information Launch the web browser on the PC Type 192 168 0 1 in the address bar and press Enter The login dialog box appears as shown in F...

Page 30: ...the Basic Device Information hyperlink to enter the first page of the basic configuration page as shown in Figure 25 Figure 25 Basic configuration wizard 1 6 Configuring the system name and user password Click Next on the first page of the basic configuration wizard to enter the basic information configuration page as shown in Figure 26 ...

Page 31: ...ew Password Confirm Password Specify whether to modify the login password of the current user To modify the password of the current user set the new password and the confirm password and the two passwords must be identical By default the firewall login username and password are both admin Configuring service management Click Next on the basic information configuration page to enter the service man...

Page 32: ...on the device Disabled by default HTTP Specify whether to enable HTTP on the device and set the HTTP port number Enabled by default IMPORTANT If the current user has logged in to the web interface through HTTP disabling HTTP or modifying the HTTP port number will result in disconnection with the device therefore perform the operation with caution When you modify a port number ensure that the port ...

Page 33: ...service By default HTTPS uses the PKI domain default If this PKI domain does not exist the system will prompt you for it when the configuration wizard is completed however this will not affect the execution of other configurations Configuring the IP address for an interface Click Next on the service management configuration page to enter the interface IP address configuration page as shown in Figu...

Page 34: ...rface obtains an IP address automatically through the DHCP protocol Do not change The IP address of the interface does not change IP Address Mask If you select Stack Address as the approach for obtaining the IP address you need to set the interface IP address and network mask IMPORTANT Modification to the interface IP address will result in disconnection with the device so make changes with cautio...

Page 35: ...ting all protocols carried by the IP protocol Internal Server Specify whether to enable the internal server You can configure an internal server on the NAT device by mapping a public IP address and port number to the private IP address and port number of the internal server By default the internal server is disabled IMPORTANT Configuration of the internal server may result in disconnection with th...

Page 36: ...e which can be cfg or xml file for the next device boot when you submit the configurations This page lists all configurations you have made in the basic configuration wizard Confirm the configurations To modify your configuration click Prev to go back to the previous page if no modification is needed click Finish to execute all configurations ...

Page 37: ...aying operational statistics of the firewall Saving the running configuration of the firewall Rebooting the firewall NOTE The CLI and outputs may vary by the software version For more information about the commands used in this chapter see the Command References for the firewall Displaying detailed information about the firewall Use the display device verbose command to display detailed informatio...

Page 38: ...ersion 1 0 Basic BootWare Version 1 28 Extend BootWare Version 1 33 FIXED PORT CON Hardware Ver B Driver 1 0 Cpld 2 0 FIXED PORT AUX Hardware Ver B Driver 1 0 Cpld 2 0 FIXED PORT GE0 0 Hardware Ver B Driver 1 0 Cpld 2 0 FIXED PORT GE0 1 Hardware Ver B Driver 1 0 Cpld 2 0 FIXED PORT GE0 2 Hardware Ver B Driver 1 0 Cpld 2 0 FIXED PORT GE0 3 Hardware Ver B Driver 1 0 Cpld 2 0 SUBSLOT 1 The SubCard is...

Page 39: ... 5 minutes Average CPU usage in the last five minutes after the firewall boots the firewall calculates and records the average CPU usage at the interval of five minutes Displaying the memory usage of the firewall Use the display memory command to display the memory usage of a firewall Sysname display memory System Total Memory bytes 78303680 Total Used Memory bytes 400350220 Used Rate 16 Displayin...

Page 40: ...power module Use the display power command to display the operational status of a power module Sysname display power Power Information Power 1 Status Normal Power 2 Status Absent Table 14 Output description Field Description Power 1 Number of the power module Status The power module state Normal The power module is operating properly Absent The power module is not in position Fault The power modul...

Page 41: ...ds and so on Save the operational statistics of each functional module of the firewall Sysname display diagnostic information Save or display diagnostic information Y save N display Y N y Please input the file name diag cfa0 default diag aa diag Diagnostic information is outputting to cfa0 aa diag Please wait Save succeeded Execute the more aa diag command in user view and then press the Page Up a...

Page 42: ... the device reboots or the power supply fails In this case the device will boot with the factory defaults and after the device reboots you need to re specify a startup configuration file for the next system startup Rebooting the firewall To reboot a firewall use one of the following methods Use the reboot command to reboot a firewall Enable the scheduled reboot function at the CLI You can set a ti...

Page 43: ...e main host software file first and then reboot the firewall The precision of the rebooting timer is 1 minute One minute before the rebooting time the firewall prompts REBOOT IN ONE MINUTE and reboots in one minute If you are performing file operations when the firewall is to be rebooted the system does not execute the reboot command for security ...

Page 44: ...odule during installation or removal Before removing a module make sure that the captive screws are completely loosened Otherwise the panel of the module may be deformed Avoid touching any components on the PCB of a module when observing or moving the module Put a removed module on an antistatic workbench with the PCB side up or place it in an antistatic bag Replacing an interface module Follow th...

Page 45: ...nstalling the firewall Replacing a CF card Follow these steps to replace a CF card Step1 Make sure that the CF card LED is not blinking Step2 Press the CF card eject button so that the eject button projects from the panel Figure 32 Press the eject button Step3 Press the eject button again to eject the CF card part way out of the slot and then pull the CF card out of the slot ...

Page 46: ... fiber have the same wavelength WARNING Do not stare into the optical fibers When removing a transceiver module do not touch the golden finger of the transceiver module Follow these steps to replace a transceiver module Step1 Remove the optical fibers from the transceiver module Step2 Pivot the clasp downward to the horizontal position Step3 As shown in Figure 34 holding the handle of the transcei...

Page 47: ...42 Figure 34 Remove a transceiver module ...

Page 48: ...he chassis contact the local agent of HP for permission Otherwise HP shall not be liable for any consequence caused thereby Power supply system failure The firewall cannot be powered on The power LED on the front panel is off Follow these steps to troubleshoot the power supply system Step1 Turn off the power switch Step2 Check whether the power cord is properly firmly connected Step3 Check whether...

Page 49: ...None Stop bits to 1 Flow control to None and Terminal Emulation to VT100 The console cable is not in good condition Garbled terminal display If terminal display is garbled check that the Data bits field is set to 8 for the configuration terminal Using the AUX port as backup console port When the console port is faulty you can use the AUX port as the backup console port to complete firewall configu...

Page 50: ... 123456 and stored in plain text When you set the password by using the set authentication password cipher simple password command follow these guidelines If the cipher keyword is specified the password is stored in cipher text You cannot view the password by using the display current configuration command If the simple keyword is specified the password is stored in plain text You can use the disp...

Page 51: ...whether the fans are running properly Step2 Check whether the working environment of the firewall is well ventilated Step3 If the temperature inside the firewall exceeds 80 C 176 F the following information appears on the configuration terminal May 19 19 38 59 134 2011 HP DRVMSG 3 Temp2High Temperature Point 0 1 Too High May 19 19 39 03 227 2011 HP DEV 1 BOARD TEMPERATURE UPPER Trap 1 3 6 1 4 1 25...

Page 52: ...interface module cable is correctly selected Step2 Check whether the interface module cable is correctly connected Step3 Use the display command to check whether the interface has been correctly configured and is working properly ...

Page 53: ...on Flash 4 MB Memory type and capacity DDR2 SDRAM 4GB default Compact flash CF card 256 MB by default for the built in CF card 256 MB 512 MB or 1 GB for an optional external CF card Power consumption range Table 18 Power consumption range of the entire system Item Specification Power consumption range 64 W to 111 W AC power supply Table 19 AC power specifications Item Specification Rated voltage r...

Page 54: ...e hardware provided They are not supported by software Combo interfaces 4 copper ports GE0 to GE3 fiber ports SFP0 to SFP3 The default working port of a combo interface is the copper port Console port The A F1000 E firewall provides an RS 232 asynchronous serial console port that can be connected to a computer for system debugging configuration maintenance management and host software loading Tabl...

Page 55: ...nnection with the PC Combo interfaces 1 Technical specifications for copper Ethernet ports Table 24 Technical specifications for copper Ethernet ports Item Specification Connector RJ 45 Port Automatic MDI MDI X Frame format Ethernet_II Ethernet_SNAP 10 Mbps auto sensing Half full duplex auto negotiation 100 Mbps auto sensing Half full duplex auto negotiation Rate and duplex mode 1000 Mbps auto sen...

Page 56: ...tical module 1550 nm Min 9 5 dBm 9 dBm 2 dBm 4 dBm 4 dBm Optical transmit power Max 0 dBm 3 dBm 5 dBm 1 dBm 2 dBm Receiving sensitivity 17 dBm 20 dBm 23 dBm 21 dBm 22 dBm Central wavelength 850 nm 1310 nm 1310 nm 1550 nm 1550 nm Fiber type 62 5 125 μm multi mode fiber 9 125 μm single mode fiber 9 125 μm single mode fiber 9 125 μm single mode fiber 9 125 μm single mode fiber Maximum transmission di...

Page 57: ...tem is powered off or the board is faulty Slow flashing 1 Hz The firewall operates properly as configured System LED green Fast flashing 8 Hz Software is being loaded or the system does not start working yet Off No CF card is in position or the CF card cannot be identified On A CF card is in position and the host has detected the CF card You can remove the card in this state CF card LED green Flas...

Page 58: ...ved or transmitted at a rate of 10 100 Mbps Off No link is present Solid green A 1000 Mbps link is present Flashing green Data is being received or transmitted at a rate of 1000 Mbps Ethernet fiber port LED Solid yellow The system fails to detect the SFP port ...

Page 59: ...ce module from working and then unplugging the interface module and plugging an interface module without powering off the device 4GBE 8GBE Introduction A 4GBE 8GBE high speed Layer 3 Gigabit Ethernet interface module provides 4 8 copper ports Each port is provided with a bi color LED which indicates the running status of the port Front panel Figure 35 Front panel of 4GBE 1 Captive screw 2 GE inter...

Page 60: ...esent Flashing yellow Data is being received or transmitted at 10 100 Mbps Interface specifications Table 29 Interface specifications of 4GBE 8GBE Item Specification Connector type RJ 45 Number of interfaces 4 4GBE 8 8GBE MDI MDI X Autosensing An interface does not support MDI MDI X autosensing if forced to work in MDI or MDI X mode Supported frame format Ethernet_II Ethernet_SNAP 10 Mbps autosens...

Page 61: ...face 3 SFP interface status LED 4 Ejector lever LEDs Table 30 Description of LEDs on the front panel of 4GBP LED status Description Off No link is present Solid green A 1000 Mbps link is present Flashing green The port is receiving or sending data at 1000 Mbps Interface specifications Table 31 Interface specifications of 4GBP Item Specification Connector type SFP Interface standards 802 3 802 3u 8...

Page 62: ...s 40 km 24 86 miles 70 km 43 50 miles Interface speed 1000 Mbps Full duplex NOTE The SFP optical transceivers are optional to be separately ordered if needed Interface cables When using an SFP transceiver module a 4GBP module uses fibers with LC connectors For how to connect an optical fiber see Installing the firewall Figure 38 SFP transceiver module 1EXP Introduction A 1EXP 10 GE interface modul...

Page 63: ... 1EXP Item Specification Connector type XFP LC Supported frame format 10GBASE R W Interface speed LAN PHY mode 10 3125 Gbps WAN PHY mode 9 95328 Gbps Type Multi mode short haul Single mode medium haul Single mode long haul Min 7 3 dBm 8 2 dBm 1 dBm Optical transmit power Max 1 08 dBm 0 5 dBm 2 dBm Receiving sensitivity 7 5 dBm 10 3 dBm 11 3 dBm Central wavelength 850 nm 1310 nm 1550 nm Max transmi...

Page 64: ...59 Interface cables A 1EXP module must use an XFP transceiver module and fibers with LC connectors For how to connect an optical fiber see Installing the firewall Figure 40 XFP transceiver module ...

Page 65: ... Connector outline 2 Connect or type Code Length Countries or regions where the type of power cables conforms to local safety regulations and can be used legally Other countries or regions using this type of power cables Countries or regions seldom using this type of power cables B type 04020728 3 m i e 9 8 ft Canada and U S A Mexico Argentina Brazil Columbia Venezuela Thailand Peru Philippine and...

Page 66: ...nd Egypt Connector outline Power cable outline Connector outline 5 Connect or type Code Length Countries or regions where the type of power cables conforms to local safety regulations and can be used legally Other countries or regions using this type of power cables Countries or regions seldom using this type of power cables B type 04040887 3 m i e 9 8 ft Japan Connector outline Power cable outlin...

Page 67: ...ns where the type of power cables conforms to local safety regulations and can be used legally Other countries or regions using this type of power cables Countries or regions seldom using this type of power cables J type 04041119 3 m i e 9 8 ft Switzerland Connector outline Power cable outline Connector outline 9 Connect or type Code Length Countries or regions where the type of power cables confo...

Page 68: ...e Code Length Countries or regions where the type of power cables conforms to local safety regulations and can be used legally Other countries or regions using this type of power cables Countries or regions seldom using this type of power cables B type 0404A063 3 m i e 9 8 ft Canada and U S A Mexico Argentina Brazil Columbia Venezuela Thailand Peru Philippine and A6 countries or regions Connector ...

Page 69: ...a Singapore Hong Kong and Egypt Connector outline Power cable outline Connector outline 4 Connector type Code Length Countries or regions where the type of power cables conforms to local safety regulations and can be used legally Other countries or regions using this type of power cables Countries or regions seldom using this type of power cables B type 0404A062 3 m i e 9 8 ft Japan Connector outl...

Page 70: ...65 I type 0404A01A 3 m i e 9 8 ft Australia Connector outline Power cable outline Connector outline ...

Page 71: ... wwalerts After registering you will receive email notification of product enhancements new driver versions firmware updates and other product resources Related information Documents To find related documents browse to the Manuals page of the HP Business Support Center website http www hp com support manuals For related documentation navigate to the Networking section and select a networking categ...

Page 72: ...parated by vertical bars from which you select one choice multiple choices or none 1 n The argument or keyword and argument combination before the ampersand sign can be entered 1 to n times A line that starts with a pound sign is comments GUI conventions Convention Description Boldface Window names button names field names and menu items are in bold text For example the New User window appears cli...

Page 73: ...ing capable device such as a router or Layer 3 switch Represents a generic switch such as a Layer 2 or Layer 3 switch or a router that supports Layer 2 forwarding and other Layer 2 features Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device ...

Page 74: ...5 Displaying the temperature information of the firewall 35 E Examining the installation site 4 F Fan failure 43 Fixed ports specifications 49 Front panel LEDs 52 Front panel view 1 G Grounding the firewall 13 I Installation flow 10 Installation tools 7 Installing a CF card 14 Installing interface modules 13 Installing the firewall in a 19 inch rack 10 Interface module cable and connection failure...

Page 75: ...70 Storages 48 U Using the AUX port as backup console port 44 ...

Search results

Summary of Contents for A-F1000-E

Reviews:

Related manuals for A-F1000-E

Brands by name

Popular brands

HP A-F1000-E, Installation Manual

Search results

Summary of Contents for A-F1000-E

Reviews:

Related manuals for A-F1000-E

Brands by name

Popular brands