background image

 

6-6 

 

z

 

To enter the extended BootWare menu, press 

Ctrl+B

 within four seconds after the system displays 

“Press Ctrl+B to enter extended boot menu”. Otherwise, the system reads and decompresses the 

main application file.  

z

 

If you want to enter the extended BootWare menu after the system starts main application file 

decompression, you need to restart the firewall.  

z

 

For convenience, the extended BootWare menu is referred to as the main BootWare menu unless 

otherwise specified.  

 

Press 

Ctrl +

 

B

 when “Press Ctrl+B to enter extended boot menu...” appears, and then the system 

displays: 

Please input BootWare password: 

After you type the correct BootWare password, the system will display the BootWare menu, which 

provides:  

z

 

The name of the operating device.  

z

 

A Storage Device Operation option for you to select the storage device from which you are going to 

loading the application file.  

Note that:  

z

 

The initial BootWare password is null.  

z

 

You have three chances to enter the correct BootWare password. If you fail to enter the correct 

password for three times, the system will be halted and you need to restart the firewall to enter the 

correct password.  

z

 

You can enter the main menu only after you enter the correct BootWare password.  

Note: The current operating device is cfa0 

Enter < Storage Device Operation > to select device. 

========================<EXTEND-BOOTWARE MENU>======================== 

|<1> Boot System                                                     | 

|<2> Enter Serial SubMenu                                            | 

|<3> Enter Ethernet SubMenu                                          | 

|<4> File Control                                                    | 

|<5> Modify BootWare Password                                        | 

|<6> Skip Current System Configuration                               | 

|<7> BootWare Operation Menu                                         | 

|<8> Clear Super Password                                            | 

|<9> Storage Device Operation                                        | 

|<0> Reboot                                                          | 

====================================================================== 

Enter your choice(0-9): 

Table 6-1 gives a detailed description of the menu.  

Summary of Contents for H3C SECPATH F5000-A5 ADVANCED VPN FIREWALL 12-PORT GIGABIT ETHERNET MODULE

Page 1: ...H3C SecPath F5000 A5 Firewall Installation Manual Hangzhou H3C Technologies Co Ltd http www h3c com Manual Version 5PW101 20090424 ...

Page 2: ... V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensure accuracy of the contents but all statement...

Page 3: ...and initialization of system files and so on 6 Maintaining Software Introduces how to maintain the software of the F5000 A5 including upgrading the software and configuration files 7 Maintaining Hardware Introduces how to maintain the hardware of the F5000 A5 8 Troubleshooting Describes some problems that may occur during installation and startup of the firewall and how to solve them 9 Appendix Pr...

Page 4: ...older Symbols Convention Description Means reader be extremely careful Improper operation may cause bodily injury Means reader be careful Improper operation may cause data loss or damage to equipment Means an action or information that needs special attention to ensure successful configuration or good performance Means a complementary description Means techniques helpful for you to make configurat...

Page 5: ...al Documents Provides several categories of product documentation such as installation configuration and maintenance Technical Support Document Software Download Provides the documentation released with the software version Documentation Feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments Environmental Protection This product has been desig...

Page 6: ...U NSQ1GT8C40 1 7 LPU NSQ1XP20 1 9 Dimensions and Weight 1 10 Voltage and Current 1 10 Fan Tray 1 11 Operating Environment 1 11 Components 1 11 MPU NSQ1MPUA0 1 11 LPU NSQ1GT8C40 1 17 LPU NSQ1XP20 1 22 Power Supply Module 1 23 Port Lightning Arrester Optional 1 25 Power Lightning Arrester Optional 1 25 Signal Lightning Arrester Optional 1 26 System Software 1 26 ...

Page 7: ...sed to expand the process capability at the data plane z In addition to traditional firewall functions the F5000 A5 supports virtual firewall attack defense and content filtering thus delivering more effective network protection z Uses the application specific packet filter ASPF status detection technology to monitor connection processes detect illegal operations and implement dynamic packet filte...

Page 8: ...e 5 Weight bearing warning label 50 kg 110 2 lb 6 Fan tray 7 AC power module PWR1 8 Blank panel for PoE PSU reserved PoE slot 9 Blank panel for DC power module PWR2 10 ESD socket and silkscreen 11 Blank panel for LPU Slot 4 12 Blank panel for LPU Slot 3 13 Blank panel for LPU Slot 2 14 Blank panel for LPU Slot 1 15 Cable management bracket Currently the device does not support power over Ethernet ...

Page 9: ...filter optional 5 Lower slide rail for the air filter optional 6 Chassis handle 7 Weight bearing warning label 50 kg 110 2 lb 8 Grounding screw and sign 9 Vents Do not hold the handle indicated by 2 in Figure 1 2 on the rear chassis panel to move the chassis because it is designed for the convenience of the rear chassis panel removal but not for bearing the chassis weight ...

Page 10: ...RESET 12 USB interface 1 LED USB1 13 USB interface 1 1 14 USB interface 0 0 15 AUX port AUX 16 Console port CONSOLE 17 HA port 10 100 1000BASE T HA 18 Management Ethernet port 10 100 1000BASE T MANAGEMENT 19 Ejector lever 20 Captive screw Currently the device supports only one MPU and the MPU must be inserted in Slot 0 Technical specifications Table 1 1 Technical specifications of the MPU Item Spe...

Page 11: ...ot file the BootWare program z The memory is used for storing system data during operation and caching data in data forwarding z A CF card is used for storing the software system and configuration files of the device LEDs Figure 1 4 LEDs on the MPU 1 2 3 4 5 9 6 7 8 1 Link status LED of the management Ethernet port LINK 2 Data reception transmission LED of the management Ethernet port ACT 3 Link s...

Page 12: ...tely ALM red Fast blinking 8 Hz A critical fault has occurred to the system In this state handle the fault immediately 2 Management Ethernet port HA port LEDs Table 1 3 Description of the management Ethernet port HA port LEDs LED Status Description OFF No link is present on the port LINK green ON A link is present on the port OFF No data is being transmitted or received on the port ACT yellow ON D...

Page 13: ...bo interfaces delivering high speed service process capabilities Note that z An NSQ1GT8C40 LPU can be inserted in slot 1 2 3 or 4 of the F5000 A5 z An F5000 A5 needs to be equipped with an MPU and at least one LPU to work normally Figure 1 5 Front view of NSQ1GT8C40 1 GE interface 1 2 GE interface 3 3 GE interface 5 4 GE interface 7 5 GE interface 9 6 SFP interface 9 7 SFP interface 9 LED SFP9 8 S...

Page 14: ...fault operating interface is the electrical interface z For a Combo interface either the electrical interface or the optical interface can operate at one time You can use the combo enable copper fiber command in interface view to switch between the electrical and optical interfaces For details about the combo enable copper fiber command refer to H3C SecPath Series Security Products User Manual LED...

Page 15: ...oduction An NSQ1XP20 provides two Ten gigabit small form factor pluggable XFP interfaces delivering high speed service process capabilities The front panel of the LPU provides one LED for each interface Currently this LPU supports only the LAN PHY mode but not the WAN PHY mode Note that z NSQ1XP20 can be inserted in slot 1 2 3 or 4 of the F5000 A5 z The F5000 A5 needs to be equipped with an MPU an...

Page 16: ... interface XFP0 green Blinking Data is being transmitted or received on the interface OFF No link is present on the interface ON A link is present on the interface XFP1 green Blinking Data is being transmitted or received on the interface Dimensions and Weight Table 1 10 Dimensions and weight of the F5000 A5 Item Description Dimensions without feet and mounting brackets H W D 308 436 476 mm 12 13 ...

Page 17: ...speed adjustment but not hot swapping of the fan tray Operating Environment Table 1 14 Operating environment specifications Item Description Operating temperature 0 C to 45 C 32 F to 113 F Operating humidity 10 to 95 noncondensing Altitude 60 m to 4 km 196 85 ft to 2 49 miles Components MPU NSQ1MPUA0 Processor The NSQ1MPUA0 is an MPU that uses an RMI XLR732 1 GHz processor as the route processing ...

Page 18: ...nfiguration files The F5000 A5 is equipped with a 256 MB built in CF card which is identified with cfa0 In addition the device provides an external CF card slot to extend the local storage space A CF card inserted into the CF card slot is identified with cfb0 The CF cards supported by the device are available in three sizes z 256 MB z 512 MB z 1 GB Use CF cards provided by H3C only The device may ...

Page 19: ...S232 Baud rate 9600 bps to 115200 bps 9600 bps by default Maximum transmission distance 15 m 49 21 ft Services z Connection to an ASCII terminal z Connection to the serial interface of a local PC to run the terminal emulation program z Command line interface CLI 3 Console cable The console cable is an 8 core shielded cable The RJ 45 connector at one end of the cable is connected to the console por...

Page 20: ...sole port is faulty the AUX port can be connected to a terminal as a backup port of the console port For details refer to Chapter 8 Troubleshooting 2 Technical specifications Table 1 17 Technical specifications of the AUX port Item Description Connector type RJ 45 Compliant standard RS232 Baud rate 9600 bps to 115200 bps 9600 bps by default Service Connection to the serial interface of a remote PC...

Page 21: ... Ethernet port is a 10Base T 100Base TX 1000Base T RJ 45 auto sensing interface It allows you to upgrade software and manage the device through a network management server without using any service interface of the device The management Ethernet port is only for managing the device and has no service processing capabilities such as data forwarding The high availability HA feature is mainly deliver...

Page 22: ... is used to reset the current MPU The RUN LED goes off when the MPU is reset flashes fast at 8 Hz when BootWare is running and flashes slowly at 1 Hz after the system is booted and operates normally z If you perform no save operation before resetting the device the current system configuration will not be saved z Never press the RESET button when the device boots up with the RUN LED blinking fast ...

Page 23: ...Interface speed and duplex mode of electrical interfaces Interface speed Duplex mode 10 Mbps auto sensing Half full duplex 100 Mbps auto sensing Half full duplex 1000 Mbps auto sensing Full duplex The electrical interface LEDs are above the RJ 45 ports The LEDs in triangle and inverted triangle indicate the status of the lower and upper electrical Ethernet interfaces respectively For the descripti...

Page 24: ...terface the electrical Ethernet interface operates in the auto negotiation mode z No matter whether an electrical Ethernet interface operates in the forced or auto negotiation mode it supports automatic MDI MDIX z Technical specifications for optical Ethernet interfaces Table 1 22 Technical specifications for GE optical interfaces Item Description Connector type SFP LC Compliant standards 802 3 80...

Page 25: ...he RJ 45 connector Figure 1 10 RJ 45 connector LC connector Optical fiber connectors are indispensable passive components in optical fiber communication system Their application enables the removable connection between optical channels which makes the optical system debugging and maintenance more convenient and the transit dispatching of the system more flexible Some optical fiber connecter types ...

Page 26: ...andard cable Also known as straight through cable At both ends of a standard cable wires are crimped in the RJ 45 connectors in the same sequence A straight through cable is used for connecting a terminal for example a PC or router to a hub or LAN switch The cables delivered with the firewall are straight through cables z Crossover cable At both ends of a crossover cable wires are crimped in the R...

Page 27: ...hielded cables preferentially for electromagnetic compatibility Fiber connecting optical Ethernet interfaces You can use a single mode or multimode fiber to connect a 1000 Mbps optical Ethernet interface and select proper fibers for the installed 1000Base X SFP optical modules GE SFP transceivers for short Because the optical interfaces on these SFP transceivers use LC optical connectors you must ...

Page 28: ...ul multimode Medium haul single mode Long haul single mode Min 7 3 dBm 8 2 dBm 1 dBm Optical transmit power Max 1 08 dBm 0 5 dBm 2 dBm Receiving sensitivity 7 5 dBm 10 3 dBm 11 3 dBm Central wavelength 850 nm 850 nm 1310 nm Maximum transmission distance 300 m 984 25 ft 300 m 984 25 ft 10 km 6 21 miles Fiber type 62 5 125 μm multimode fiber 9 125 μm single mode fiber 9 125 μm single mode fiber Cabl...

Page 29: ... A5 supports both AC and DC power input You can select an AC power module or a DC power module However never install the two types of power PSUs in the same device The F5000 A5 needs only one PSU for normal operation of the system But the device provides two slots for 1 1 redundancy The PSUs are hot swappable Online insertion and removal of a PSU refers to first switching off the power module and ...

Page 30: ...sent Solid green The power module is working normally Solid red The power module is faulty Figure 1 14 AC power module 1 2 3 4 5 6 1 Captive screw 2 Bail latch 3 Power socket 4 Power switch 5 Power LED 6 PSU handle DC power module Table 1 28 lists the specifications for the DC power module of the device Table 1 28 DC power module specifications Item Specification Rated voltage range 48 VDC to 60 V...

Page 31: ...okes The following port lightning arrester can be installed on the F5000 A5 The specifications for the port lightning arrester are as follows Port protective unit single port maximum discharge current 8 20μs waveform 5 kA output voltage 10 700μs waveform core core 40 V core ground 600 V For the installation of a port lightning arrester refer to Chapter 4 Installing the Firewall Power Lightning Arr...

Page 32: ...um discharge current 2 5KA protection voltage 25V SMB 75J SMB 75J 1W 10Mbps z Voltage limiting protection parts signal lightning arrester maximum discharge current 2 5KA protection voltage 25V BNC 75K BNC 75K 10Mbps z Voltage limiting protection parts single lightning arrester U port maximum discharge current 3KA comman mode 400 V differential mode 170V RJ11 For the installation of a signal lightn...

Page 33: ... Table of Contents 2 Arranging Slots ands Numbering Interfaces 2 1 Slot Arrangement 2 1 Numbering Interfaces 2 1 Examples 2 2 Numbers of interfaces on NSQ1GT8C40 2 2 Numbers of interfaces on NSQ1XP20 2 2 ...

Page 34: ...s Except for user interfaces such as the Console port and AUX port interfaces on the F5000 A5 are numbered in the form of interface type X Y where z interface type Type of the interface such as GigabitEthernet z X Number of the slot where the LPU resides in the range of 1 to 4 z Y Sequence number of the interface on the LPU depending on the LPU model Note that z Interfaces on the same LPU have the...

Page 35: ...led in Slot 3 GigabitEthernet interfaces on the LPU are numbered as follows z GigabitEthernet 3 0 z GigabitEthernet 3 1 z GigabitEthernet 3 2 z GigabitEthernet 3 3 z GigabitEthernet 3 4 z GigabitEthernet 3 5 z GigabitEthernet 3 6 z GigabitEthernet 3 7 z GigabitEthernet 3 8 z GigabitEthernet 3 9 z GigabitEthernet 3 10 z GigabitEthernet 3 11 Numbers of interfaces on NSQ1XP20 1 If the LPU is installe...

Page 36: ...3 1 Ventilation Requirements 3 2 Electrostatic Discharge Prevention 3 2 Electromagnetic Interference Prevention 3 4 Lightning Protection 3 4 Cabinet Mounting Requirements 3 5 Safety Precautions 3 5 Safety Signs 3 5 General Safety Recommendations 3 5 Electricity Safety 3 5 Installation Tools Meters and Devices 3 6 Checklist Before Installation 3 7 ...

Page 37: ...3 1 Temperature and humidity requirements in the equipment room Temperature Relative humidity 0 C to 45 C 32 F to 113 F 10 to 95 noncondensing Cleanness Requirements Concentration limit of dust Dust is harmful to the safe operation of the device Dust on the chassis may result in static adsorption which causes poor contact between metal connectors or joints The poor contact not only shortens the se...

Page 38: ...ipation of the device chassis A ventilation system is available at the installation site Electrostatic Discharge Prevention Generation and damage of static electricity In the communication network to which the device is connected static induction mainly results from External electrical fields such as outdoor high voltage power line or lightning Indoor environment flooring materials and the device ...

Page 39: ...ic bag Touch only the edges instead of electronic components when observing or moving a removed MPU LPU memory module or CF card Wearing an ESD preventive wrist strap Follow these steps to wear an ESD preventive wrist strap Step1 Put on the ESD preventive wrist strap making sure that the strap makes good skin contact Step2 Plug the ESD preventive wrist strap connector into the ESD socket on the ch...

Page 40: ...rate the protection ground of the device from the grounding device or lightning protection grounding device of the common power supply equipments as far as possible Keep the device far from heavy duty radio transmitters radar transmitters and high frequency devices Adopt electromagnetic shielding measures when necessary Lightning Protection Although many measures have been taken to protect the dev...

Page 41: ...turdy enough to support the weight of the firewall and installation accessories Make sure that the size of the cabinet is appropriate for the firewall and that there is enough clearance around the left and right panels of the device for heat dissipation For heat dissipation and device maintenance it is recommended that the front and rear of the cabinet should be at least 0 8 m 31 5 in away from wa...

Page 42: ...n accessories supplied with the firewall Power cable Console cable PGND cable Mounting brackets Cable management brackets Blank panels ESD preventive wrist strap User supplied tools Philips screwdriver P1 100 mm P2 150 mm and P3 250 mm Flat blade screwdriver P4 75 mm Screws with various specifications Various meters and devices such as configuration terminal and multimeter Optional cables Referenc...

Page 43: ... protection grounding device as far as possible Keep the router far away from heavy duty radio transmitters radar transmitters and high frequency devices Adopt electromagnetic shielding measures when necessary Lightning prevention The PGND cable of the chassis is well grounded The grounding terminal of the AC power socket is well grounded A power lightning arrester is installed Optional A port lig...

Page 44: ...3 8 Item Requirements Installation tools Installation accessories supplied with the firewall User supplied tools Reference Documents shipped with the firewall Electronic documents ...

Page 45: ...ort Lightning Arrester Optional 4 6 Tools 4 7 Installation Procedures 4 7 Precautions 4 8 Installing an AC Power Lightning Arrester Lightning Protection Busbar Optional 4 8 Selecting and Installing a Signal Lightning Arrester Optional 4 9 Connecting the Power Cables 4 10 Power Supply Interface and PGND Terminal 4 10 Connecting the AC Power Cord 4 10 Connecting the DC Power Cord 4 11 Connecting Int...

Page 46: ...5000 A5 Start Install the firewall to the specified position Connect the PGND cable Connect the power cables Connect the firewall to a configuration terminal Verify the installation Turn on the power switch Troubleshoot Turn off the power switch Is the power supply normal Connect the firewall to an Ethernet network Connect the firewall to a WAN Verify the installation End No Yes Select and install...

Page 47: ...irewall is to be installed in a rack other than N68 rack Installing Mounting Brackets onto the Firewall Before installing the firewall in a rack you need to install the cable management bracket to the left mounting bracket and fix the left and right mounting brackets to the left and right sides of the firewall respectively 1 Install the cable management bracket Before installing the mounting brack...

Page 48: ...stall the mounting brackets Figure 4 4 Install mounting brackets to the firewall Install the Firewall in a Rack Follow these steps to install the firewall in a rack Step1 Check the grounding and stability of the rack Step2 Install a support tray on the rack for the firewall Skip this step if a support tray is already installed Step3 Install the mounting brackets to the left and right sides of the ...

Page 49: ...s onto the rack posts with pan head screws The size of pan head screws should satisfy the installation requirements maximally M6 and the surface of the screws should be anti rust treated Figure 4 5 Install the firewall in a rack Installing Generic Modules Generic modules include RPU LPU AC DC power module fan memory module and CF card For their installation procedures refer to Chapter 7 Maintainin...

Page 50: ...induced current and leakage current to the ground and reduce the electromagnetic susceptibility EMS of the firewall The PGND cable can also protect the firewall against high lightning voltage resulting from external network lines Connecting the PGND Cable The grounding screw of the device is located on the lower right corner of the rear chassis panel and is marked with a grounding sign as shown in...

Page 51: ...7 Connect the PGND cable to the grounding bar 1 A hex nut 2 PGND cable 3 Naked part of the PGND cable 4 Grounding post 5 Grounding bar z The resistance between the firewall chassis and the ground must be less than 5 ohms z Use the PGND cable provided with the firewall to connect the grounding bar in the equipment room Otherwise the firewall may not be effectively grounded which easily causes damag...

Page 52: ...le of the port lightning arrester according to its distance to the grounding screw Fix the grounding cable to the grounding screw of the firewall Step3 Use a multimeter to check the connection between the grounding cable of the port lightning arrester and the grounding screw of the chassis Step4 Follow the instructions to connect the port lightning arrester with a transit cable Note that the exter...

Page 53: ...ghtning protection busbar at the AC power input end to protect the device against lightning strokes You can use cable ties and screws to fasten the lightning protection busbar on the cabinet the workbench or the wall in the equipment room With a lightning protection busbar the AC current flows through the lightning protection busbar before reaching the device Figure 4 9 Power lightning arrester Gr...

Page 54: ...lting from lightning strokes and other interferences Because the signal lightning arrester is serially connected to a signal cable the signal lightning arrester must satisfy the requirements of network performance indexes such as data transmission bandwidth as well as the lightning protection performance requirement Therefore when selecting a signal lightning arrester you need to consider such per...

Page 55: ... the grounding terminal refer to PGND Cable Connection on page 4 5 Connecting the AC Power Cord AC power supply Rated voltage range 100 VAC to 240 VAC 50 Hz 60 Hz AC power socket Figure 4 10 illustrates an AC power module Figure 4 10 AC power module 1 2 3 4 5 6 1 Captive screw 2 Bail latch holder 3 AC power socket 4 Power switch 5 Power LED 6 Power module handle Before connecting the power supply ...

Page 56: ...ord in position Step6 Move the power switch to the ON position Step7 Check the status of the power LED PWR on the front panel of the firewall For the status of the power LED see Table 4 3 Table 4 3 Description of power LED status Status Description OFF No power is input Solid green The power module works normally Solid red The power module is faulty Figure 4 11 Connect the AC power cord 1 2 3 4 5 ...

Page 57: ... label 6 Heat shrink tube 7 Power cable 600 V UL10455 5 3 mm 2 10AWG blue 45 A 8 Label 2 9 Common terminal conductor cross section 6mm 2 20mm 30 A insertion depth 12 mm black Formula for calculating the cross section area of a DC power cable S 2 I L 57 U Where I Current in amperes L Length of the power cable in meters V Voltage drop on the power cable from the power distribution frame PDF to the f...

Page 58: ...connecting DC power cables pay attention to the labels on the power cable to avoid incorrect connection Connecting Interface Cables Connecting Console Cable Follow these steps to connect the Console cable Step1 Select a configuration terminal A configuration terminal can be a standard ASCII terminal with an RS232 serial interface or a common PC Step2 Connect the Console cable Disconnect the power ...

Page 59: ... AUX port is usually used for remote configuration or dial backup You need to connect the local modem to the remote modem through PSTN and then to the remote device Follow these steps to connect the AUX cable Step1 Connect the RJ 45 connecter of the AUX cable to the AUX port on the firewall Step2 Plug the DB 25 male or DB 9 female connector of the AUX cable into the serial interface on the analog ...

Page 60: ...ties such as data forwarding With support for automatic MDI MDIX the management Ethernet port and HA port use either a straight through cable or a crossover cable for connection to a configuration terminal Follow these steps to connect the management Ethernet port or the HA port to the configuration terminal take the management Ethernet port for example Step1 Turn off the power switches on all pow...

Page 61: ...ce on NSQ1GT8C40 and the other end to the Ethernet interface on the peer device Because a 10Base T 100Base TX 1000Base T electrical Ethernet interface supports automatic MDI MDIX it can use either a straight through cable or crossover cable for connection Step2 Check the LED of the electrical Ethernet interface after power on For the status of the LED refer to the table describing the behaviors of...

Page 62: ...ert an optical transceiver Step3 Identify the Rx and Tx ports on the SFP transceiver module Plug the two LC connectors at one end of the fiber cable into the Rx and Tx ports of the local SFP transceiver and the two LC connectors at the other end to the Rx and Tx ports of the peer SFP transceiver Note that the two LC connectors at each end of the fiber cable should be inserted into a Tx port and Rx...

Page 63: ... 9 in z Ensure that the Tx and Rx of the SFP XFP transceiver module are connected correctly z Keep the end faces of optical fiber cables clean z Do not look directly into an open optical Ethernet interface because invisible rays emitted from the optical Ethernet interface may hurt your eyes z Cover the dust cover if no optical transceiver is connected to the optical Ethernet interface Verifying In...

Page 64: ...onnected to other devices such as the configuration terminal It is very important to verify the installation because instability and poor grounding of the firewall and an unmatched power supply will affect the operation of the firewall ...

Page 65: ...on Terminal 5 1 Setting the Parameters for the Configuration Terminal 5 1 Firewall Power on 5 4 Checklist for Firewall Power on 5 4 Powering on the Firewall 5 5 Checklist Operations after Power on 5 5 Startup Process 5 5 Configuration Fundamentals 5 6 Command Line Interface 5 7 Features of the Command Line Interface 5 7 Command Line Interface 5 7 ...

Page 66: ...ter 4 Installing the Firewall Setting the Parameters for the Configuration Terminal Step1 Create a HyperTerminal connection Select Start Programs Accessories Communications HyperTerminal and enter a connection name in the Connection Description dialog box as shown in Figure 5 1 Figure 5 1 Create a connection Step2 Select a connection port Select a serial port from the Connect using drop down list ...

Page 67: ...2 Select a port for local configuration connection Step3 Set serial port parameters Figure 5 3 Set serial port parameters Set the properties of the serial port in the COM1 Properties dialog box as shown in Table 5 1 ...

Page 68: ...ing or only illegible characters To use the default settings click Restore Defaults Step4 Click OK after setting the serial port parameters to enter the HyperTerminal window as shown in Figure 5 4 Figure 5 4 HyperTerminal window Step5 Set HyperTerminal properties In the HyperTerminal window select File Properties from the menu and select the Settings tab to enter the properties setting dialog box ...

Page 69: ...er source conforms to voltage requirements of the firewall z The console cable is correctly connected The configuration terminal or PC is powered on and the emulation program is properly configured z If an external CF card is needed to store applications the CF card is properly installed Before powering on the firewall locate the power switch so that you can disconnect the power supply in time in ...

Page 70: ...Process on page 5 5 4 After completing the power on self test POST the system prompts you to press Enter When the command line prompt appears you can proceed to configure the firewall Startup Process After power on the firewall initializes its memory and then runs the extended BootWare The following information appears on the terminal screen System start booting Booting Normal Extend BootWare H3C ...

Page 71: ...s Enter and the system displays H3C This prompt indicates that the firewall has entered user view and is ready for configuration Configuration Fundamentals In general the configuration steps are as follows Step1 Before configuring the firewall you should summarize the networking requirements including the networking objective role of the firewall in the network division of subnets WAN type and tra...

Page 72: ...tic tools such as Tracert and Ping for quick diagnosis of network connectivity z Provides all kinds of detailed debugging information to help diagnose network faults z Supports the auto complete function If you enter a conflict free part of a command the command will be interpreted For example you just need to enter dis for display z Supports the suggest function For example if you type dis and pr...

Page 73: ...BootWare and Applications Using TFTP 6 16 Upgrading an Application Using TFTP on the BootWare Menu 6 17 Upgrading and Backing Up an Application Using TFTP at the CLI 6 20 Upgrading BootWare and Applications Using FTP 6 22 Upgrading an Application Using FTP on the BootWare Menu 6 22 Upgrading and Backing Up an Application Using FTP at the CLI 6 24 Maintaining Application and Configuration Files 6 2...

Page 74: ...on file with the attribute of M z Backup application file with the attribute of B z Secure application file with the attribute of S These three types of application files are stored in a CF card By default they are written into the built in CF card before delivery If you have uploaded all the three types of application files into the built in CF card the system will boot using these three files in...

Page 75: ...iles are mainly used as follows z When the main configuration file is damaged or lost the backup configuration file is used to load the configuration information This double protection mechanism enhances the security and reliability of the file system z When saving the current configuration file you can specify its attribute as main or backup If no attribute is specified N A is used for the config...

Page 76: ...ters z At BootWare boot the names of the configuration files will be displayed but the types will still be displayed as N A z For details about the startup saved configuration cfgfile command refer to H3C SecPath Series Security Products User Manual Software Maintenance Methods You can maintain the firewall software in the following two ways z Upgrade BootWare and application programs using the Xm...

Page 77: ...rogram z When a service card is started up it automatically checks the current BootWare version If the BootWare version bound to the Comware application program is different from the current BootWare version the system upgrades the current BootWare version automatically z To use correct files for upgrading check the current versions of the BootWare and Comware application programs For associations...

Page 78: ...nologies Co Ltd Compiled Date May 06 2008 CPU Type XLR732 CPU L1 Cache 32KB CPU Clock Speed 1000MHz Memory Type DDR2 SDRAM Memory Size 2048MB Memory Speed 533MHz BootWare Size 1536KB Flash Size 4MB cfa0 Size 247MB CPLD Version 131 0 PCB Version Ver A BootWare Validating Press Ctrl B to enter extended boot menu Starting to get the main application file cfa0 main bin The main application file is sel...

Page 79: ... of the operating device z A Storage Device Operation option for you to select the storage device from which you are going to loading the application file Note that z The initial BootWare password is null z You have three chances to enter the correct BootWare password If you fail to enter the correct password for three times the system will be halted and you need to restart the firewall to enter t...

Page 80: ...d description of this submenu refer to BootWare Operation Submenu on page 6 9 8 Clear Super Password Clear the super password The super password is used in user level switching No super password is set by default This setting is valid for the first reboot of the firewall only The super password will be restored after a second reboot 9 Storage Device Operation Enter the storage device operation men...

Page 81: ...tion file 5 Modify Serial Interface Parameter Modify serial port parameters 0 Exit To Main Menu Return to the main menu Ethernet Submenu Select 3 on the main menu to enter the Ethernet submenu where you can upgrade application files and the BootWare program through FTP or TFTP The system displays Enter Ethernet SubMenu Note the operating device is cfa0 1 Download Application Program To SDRAM And R...

Page 82: ...Set Application File type 3 Delete File 0 Exit To Main Menu Enter your choice 0 3 Items on this submenu are described in Table 6 4 Table 6 4 File control submenu Menu item Description 1 Display All File s Display all files 2 Set Application File type Set the application file type 3 Delete File Delete a file 0 Exit To Main Menu Return to the main menu BootWare Operation Submenu Select 7 on the main...

Page 83: ...efault Boot Device Configure the default boot device 0 Exit To Main Menu Return to the main menu Upgrading BootWare and Applications Through a Serial Port Introduction to Xmodem Xmodem is used for upgrading BootWare and applications through a serial port Xmodem is a file transfer protocol that is widely used due to its simplicity and high performance Xmodem transfers files through a serial port It...

Page 84: ... Accordingly Baudrate Available 1 9600 Default 2 19200 3 38400 4 57600 5 115200 0 Exit Enter your Choice 0 5 Step2 Select a proper baud rate For example select 5 for a baud rate of 115200 bps and the system displays Baudrate has been changed to 115200 bps Please change the terminal s baudrate to 115200 bps press ENTER when ready At this time the baud rate of the serial port of the firewall is 1152...

Page 85: ... Enter on the console terminal The system displays the current baud rate and returns to the previous menu The system displays The current baudrate is 115200 bps After downloading files with a changed baud rate you need to restore the baud rate on the HyperTerminal to 9600 bps to ensure normal display on the console screen when the system boots or reboots ...

Page 86: ...etails refer to Modifying Serial Port Parameters on page 6 11 Step2 Select 2 on the serial submenu The system displays Please Start To Transfer File Press Ctrl C To Exit Waiting CCCCCCCCCCCCCCCCCCCC Step3 Select Transfer Send file in the terminal window The following dialog appears Figure 6 5 Send file dialog box Step4 Click Browse to select the application file to be downloaded select Xmodem from...

Page 87: ...ation The system uses the new application file at next system reboot z Enter N and the system displays Cancel to overwrite the file Failed As a result the existing application file is not overwritten and the upgrading operation fails The size of an application is often over 10 MB Even if the baud rate is 115200 bps it takes about 30 minutes to upgrade the application through a serial port Therefor...

Page 88: ...erial port For the modification of the terminal baud rate refer to Modifying Serial Port Parameters on page 6 11 Step5 After setting the baud rate return to the BootWare operation submenu and select 1 The system displays the following Waiting CCCCCCCCCCCCCCCCCCCCCCCCC Step6 Select Transfer Send file in the terminal window The following dialog appears Figure 6 7 Send file dialog box Step7 Click Bro...

Page 89: ...y upgraded z The BootWare program is upgraded together with the Comware application You do not need to upgrade the BootWare separately After the Comware is upgraded to the latest version the system automatically upgrades the BootWare when the system reboots z When a service card is started up it automatically checks the current BootWare version If the BootWare version bound to the Comware applicat...

Page 90: ...e BootWare Menu 1 Set up a TFTP upgrading environment Figure 6 9 Set up a TFTP upgrading environment z The firewall serves as the TFTP client and the PC serves as the TFTP server z Connect the management Ethernet port on the firewall to the PC using a crossover Ethernet cable Ensure the firewall and the PC are reachable to each other Configure the IP address of the management Ethernet port as 192 ...

Page 91: ...ss FTP User Name FTP User Password Table 6 7 Command output description for setting Ethernet port parameters Item Description Clear field Shortcut key is to clear the current input Go to previous field Shortcut key is to return to the previous field Ctrl D Quit Shortcut key Ctrl D is to quit the parameter setting page Protocol FTP or TFTP Choose to upgrade applications using FTP or TFTP Load File ...

Page 92: ... after the colon press Enter directly z If the Ethernet port parameter CRC appears faulty the system modifies the parameters to the default settings and displays Check net params crc error use the default value 3 After the configuration the system automatically returns to the Ethernet submenu where you can select 2 to upgrade the main application file Loading done 14092032 bytes downloaded Updatin...

Page 93: ...space To prepare for upgrading application files use the dir command on the terminal to view the files stored in the current file system and the available space of the storage device H3C dir Directory of cfa0 0 drw Oct 28 2000 04 09 30 logfile 1 rw 24802996 Oct 21 2007 17 03 26 main bin 2 rw 1355 Oct 04 2007 17 22 12 startup cfg 3 rw 24802996 Sep 13 2037 13 21 20 backup bin 505480 KB total 456576 ...

Page 94: ... You can modify a configuration file and then download the modified configuration file to the firewall to finish upgrading the configuration file The modification takes effect after the firewall reboots 4 Backup an application file Using TFTP you can backup an application file by uploading it from the firewall to the PC Upload file main bin on the firewall to the PC and save it as main bin H3C tft...

Page 95: ...p of the file is successfully completed Upgrading BootWare and Applications Using FTP If the application file is large you can use FTP to download it for upgrade to reduce maintenance time As an application layer protocol the File Transfer Protocol FTP is mainly used to provide data transfer between hosts FTP provides reliable and connection oriented data transfer service over TCP Compared with TF...

Page 96: ...of the management Ethernet port as 192 168 80 10 while that of the PC as 192 168 80 200 z Enable FTP server on the PC and set the path where the application file is stored Set the FTP username and password z The TFTP Server is not provided with the device You need to purchase and install it z You can upgrade applications of the device through the console port or the management Ethernet port For st...

Page 97: ...word 230 User logged in ftp After you log into the server you can update and backup an application file using the CLI Table 6 10 Command output description for logging into the FTP server Field Description ftp 192 168 80 200 Log into the FTP server and enter FTP client view User 192 168 80 200 none Input the username configured on the FTP server 331 User name ok need password Input the password 23...

Page 98: ...sing existing data connection 226 Closing data connection File transfer successful FTP 14092032 byte s sent in 14 400 second s 1722 00Kbyte s sec ftp quit 221 Service closing control connection z When you backup an application file if the file name already exists on the server the system overwrites the existing file without any prompt z For details about the put command refer to H3C SecPath Series...

Page 99: ...C FTP Client z Connect the management Ethernet interface on the firewall to the PC using a crossover Ethernet cable z Configure the IP addresses of the server and the PC to be on the same network segment Ensure the connectivity between the router and the PC In this example the IP address of the management Ethernet port is 192 168 80 10 and that of the PC is 192 168 80 200 z You can use the ping co...

Page 100: ...erver are configured The FTP server supports multi client access A remote FTP client sends a request to the FTP server The FTP server executes an action accordingly and returns the execution result to the client z After you configure FTP server authentication and authorization you need to set the user level to 3 Otherwise when you store the backed up file to the firewall the system will display Yo...

Page 101: ... put main bin main bin 200 Port command okay 150 Opening BINARY mode data connection for main bin 226 Transfer complete z When you upgrade an application file if the file name already exists on the server the system overwrites the existing file without any prompt z For details about the put command refer to H3C SecPath Series Security Products User Manual z You can upgrade a configuration file in ...

Page 102: ...rom the firewall to the PC Maintaining Application and Configuration Files You can modify the file type and display files on the file control submenu Select 4 on the main menu to enter the file control submenu The system displays File CONTROL Note the operating device is cfa0 1 Display All File s 2 Set Application File type 3 Delete File 0 Exit To Main Menu Enter your choice 0 3 Displaying All Fil...

Page 103: ...ries Security Products User Manual Setting Application Files Attributes Setting application file attributes on the BootWare menu You can modify the attributes of the application files on the BootWare menu or using commands however you cannot modify the attribute of the secure application file For details about application file attributes refer to Application Files on page 6 1 To set the attributes...

Page 104: ... This command will set the boot file of the specified board Continue Y N The specified file will be used as the main boot file at the next reboot Now the attribute of the file main bin has changed from B to M B and the file will be used as the main application file at the next boot while the attribute of another existing file main_bak bin has automatically changed from the M to N A You can verify ...

Page 105: ...4 in this example The following information appears The file you selected is cfa0 startup cfg Delete it Y N Step3 Enter Y If the file is deleted successfully the system displays Deleting Done Deleting a file at the CLI You can delete a file using the delete unreserved file url command in user view z unreserved Deletes a file permanently z file url Specifies the file to be deleted Delete the file t...

Page 106: ... system displays please input old password Step2 Enter the old password please input old password z If the old password is incorrect the system will display Wrong password Please input password again z You have three chances to enter the correct old BootWare password If you fail to enter the correct password for three times the system will be halted and display Wrong password system halt After you...

Page 107: ...et a new password in system view after system reboot H3C system view H3C user interface console 0 H3C ui console0 authentication mode password H3C ui console0 set authentication password simple 123456 The above information indicates that password authentication is adopted on the console interface and the password is set to 123456 and stored in plain text z After rebooted the system runs with the i...

Page 108: ... System Configuration 7 BootWare Operation Menu 8 Clear Super Password 9 Storage Device Operation 0 Reboot Enter your choice 0 9 8 The system displays the following information indicating that you have successfully cleared the super password Clear Application Password Success z After you clear the super password quit the menu and reboot the firewall you can enter system view directly z This settin...

Page 109: ...e extended segment is finished Both the basic and extended segments of the BootWare are backed up to the Flash Restoring the Entire BootWare Step1 Select 2 on the BootWare operation submenu to overwrite the BootWare in the system with the BootWare stored on the flash To restore the entire BootWare you need to first restore the basic segment and then the extended segment of the BootWare Will you re...

Page 110: ... a Power Module 7 12 Power Module Structure 7 12 Installing a Power Module 7 13 Removing a Power Module 7 13 Installing and Removing a Fan Tray 7 15 Fan Tray Structure 7 15 Installing a Fan Tray 7 15 Removing a Fan Tray 7 16 Inserting and Removing a CF Card 7 18 CF Card and Slot 7 18 Installing a CF Card 7 18 Removing a CF Card 7 18 Installing and Removing a Memory Module 7 19 When to Replace a Me...

Page 111: ... firewall z Always wear an ESD preventive wrist strap or ESD preventive gloves when maintaining the firewall hardware For more information refer to the section talking about electrostatic discharge prevention in Chapter 3 Preparing for Installation z When installing or removing a demountable module such as an MPU an LPU a memory module or a CF card ensure good alignment with the slot and use unifo...

Page 112: ...Weight bearing warning label 50 kg 110 2 lb 6 Fan tray 7 AC power module PWR1 8 Blank panel for PoE power module reserved PoE slot 9 Blank panel for DC power module PWR2 10 ESD socket and silkscreen 11 Blank panel for LPU Slot 4 12 Blank panel for LPU Slot 3 13 Blank panel for LPU Slot 2 14 Blank panel for LPU Slot 1 15 Cable management bracket ...

Page 113: ... CONSOLE 21 HA port link state LED LINK 22 Data reception transmission LED of the HA port ACT 23 HA port HA 10 100 1000BASE T 24 Ethernet link state of the management Ethernet port LINK 25 Data reception transmission LED of the management Ethernet port ACT 26 Management Ethernet port MANAGEMENT 10 100 1000BASE T 27 Ejector lever 28 Captive screw Installing an MPU Step1 Face the front panel of the ...

Page 114: ...owered on the RUN LED green flashes fast 8 Hz It flashes slowly 1 Hz after the MPU application is loaded This means that the MPU runs normally z The MPU of the firewall is not hot swappable z For more information about the MPU LED refer to Chapter 1 Firewall Overview Removing an MPU To remove an MPU reverse the installation procedure Step1 Face the front panel of the firewall Step2 Loosen the capt...

Page 115: ...MPU z To protect the removed MPU place it in an antistatic bag z If you do not install a new MPU in the slot install the blank panel to prevent dust from entering the chassis For how to install a blank panel refer to Installing and Removing a Blank Panel on page 7 9 Installing and Removing an LPU Structure of LPUs Figure 7 7 and Figure 7 8 illustrate the structure of NSQ1GT8C40 and NSQ1XP20 respec...

Page 116: ...nterface 8 SFP8 18 SFP interface 9 19 SFP interface 8 20 GE interface 9 21 GE interface 8 22 GE interface 7 23 GE interface 6 24 GE interface 5 25 GE interface 4 26 GE interface 3 27 GE interface 2 28 GE interface 1 29 GE interface 0 30 Ejector lever 31 Captive screw Figure 7 8 NSQ1XPs20 1 CPU heatsink 2 Positioning hole 3 Left release latch 4 Memory module and slot 5 Bus connector 6 Right release...

Page 117: ...y push the LPU into the slot along the slide rails until the positioning pin is seated in the positioning hole on the backplane and then push the ejector levers inward to lock the board in position Figure 7 9 Insert the LPU Step4 Fasten the captive screws on the LPU by turning them clockwise with a Philips screwdriver Figure 7 10 Fasten the captive screws Step5 Turn on the power switch of the fire...

Page 118: ...n the sequence of slot 1 slot 2 slot 3 and slot 4 with RUN LEDs lighting up in turn z For more information of the LPU LEDs refer to Chapter 1 Firewall Overview Removing an LPU Follow these steps to remove an LPU Step1 Face the front panel of the firewall Step2 Locate the LPU to be removed The figures below illustrate how to remove the LPU in slot 2 Step3 Loosen the captive screws on the LPU by tur...

Page 119: ...he chassis For how to install a blank panel refer to Installing and Removing a Blank Panel on page 7 9 Installing and Removing a Blank Panel Blank Panel Structure Installed in empty slots on the device blank panels can prevent dust from entering the firewall chassis Two types of blank panels are available in the device z Blank panel for an MPU LPU slot z Blank panel for a power module slot ...

Page 120: ...EMI gasket The MPU and LPU slots use the same type of blank panels Figure 7 14 Blank panel for a power module slot 1 Front view 2 Side view 3 Oblique rear view 4 EMI gasket Removing a Blank Panel The blank panel for an LPU slot is taken as an example here Follow these steps to remove a blank panel ...

Page 121: ...blank panels in all the empty slots to ensure the normal ventilation in the firewall Installing a Blank Panel After an LPU is removed from the firewall it is recommended to install a blank panel if you do not install a new LPU in the slot To install a blank panel reverse the removal procedure Step1 Face the front panel of the firewall Step2 Locate the slot where you will install a blank panel cove...

Page 122: ...Module The device supports both AC and DC power modules This section describes how to install and remove an AC power module Power Module Structure Figure 7 17 AC power module 1 Captive screw 2 Bail latch 3 Power socket 4 Power switch 5 Power LED 6 Handle Figure 7 18 DC power module 1 Captive screw 2 Power input terminals 3 Power switch 4 Power LED 5 Handle ...

Page 123: ...m clockwise with a Philips screwdriver Figure 7 20 Fasten the captive screws Step4 Turn on the power switch of the firewall if the firewall is powered off The power LED green lights up indicating the power module runs normally z The device supports online insertion and removal OIR of a power module z The device does not support intermixing of AC and DC power modules When two power modules are inst...

Page 124: ... 7 21 Loosen the captive screws Step3 Gently pull the power module out along the slide rails Figure 7 22 Pull out the power module z To protect the removed power module place it in an antistatic bag z If you do not install a new power module in the slot install a blank panel to prevent dust from entering the chassis For how to install a blank panel refer to Installing and Removing a Blank Panel on...

Page 125: ... screw Installing a Fan Tray Follow these steps to install a fan tray Step1 Face the front panel of the firewall Step2 Make sure that the texts on the fan tray panel are not upside down otherwise the fan tray cannot be inserted into the fan tray slot Step3 Gently push the fan tray into the slot along the slide rails Figure 7 24 Push the fan tray into the slot ...

Page 126: ...fans run normally z The device supports automatic fan speed adjustment z For the description of the fan tray LEDs refer to Chapter 1 Firewall Overview Removing a Fan Tray Keep your hands away from the spinning fan blades when removing the fan tray To remove a fan tray reverse the installation procedure Step1 Face the front panel of the firewall Step2 Loosen the captive screws on the fan tray by tu...

Page 127: ... fan tray out along the slide rails Figure 7 27 Take out the fan tray z Do not keep the firewall working without a fan tray for a long time because poor ventilation may result in damage to the firewall z To protect the removed fan tray place it in an antistatic bag ...

Page 128: ...tep3 Insert the CF card into the slot and push it all the way in until it is firmly seated Figure 7 29 Insert a CF card into the slot If the application program for booting the firewall is stored in an external CF card make sure that the right CF card has been correctly installed in the slot otherwise the firewall will fail to boot Removing a CF Card Follow these steps to remove a CF card Step1 Ch...

Page 129: ...g to avoid hardware damage z To protect the removed CF card place it in an antistatic bag Installing and Removing a Memory Module z The MPU and LPUs of the firewall are equipped with memory modules z Before installing or removing a memory module remove the MPU or LPU from the chassis first For details about how to remove an MPU or LPU refer to Installing and Removing an MPU and Installing and Remo...

Page 130: ...angzhou H3C Technologies Co Ltd only Otherwise anomalies might occur to the device z For specific specifications of memory modules supported by the device refer to the section talking about memory modules in Chapter 1 Firewall Overview Figure 7 32 presents the procedure of replacing a memory module Figure 7 32 Memory module replacement flowchart Start Prepare tools Remove the memory module Install...

Page 131: ...ot 3 Right release latch Removing a Memory Module Follow these steps to remove a memory module Step1 Locate the card MPU or LPU to which you will install a memory module and put the card on a flat worktable Step2 Pull the release latches away from the memory module at both ends so that the memory module is lifted from the memory module slot Step3 Remove the memory module by holding its non conduct...

Page 132: ...g Installing a Memory Module Follow these steps to install a memory module Step1 Locate the card MPU or LPU to which you will install a memory module and put the card on a flat worktable Step2 Align the polarization notch of the memory module with the key in the connector Step3 Insert the memory module into the slot Step4 Carefully and firmly press the memory module at both ends until you hear a c...

Page 133: ...ps to install an air filter Step1 Face the left side of the chassis where the air filter is to be installed Step2 Position the upper slide rail horizontally near the top of the left side of the chassis as shown in Figure 7 37 Align the screw holes on the slide rail with those on the chassis Step3 Fasten the fastening screws one by one by turning them clockwise with a Philips screwdriver Step4 Posi...

Page 134: ...e air filter slide rails Step6 Gently push the air filter along the slide rails until it is seated in position Figure 7 38 Insert the air filter Step7 Fasten the captive screws by turning them clockwise with a Philips screwdriver ...

Page 135: ...e installation procedure Step1 Face the left side of the chassis where the air filter is to be removed Step2 Loosen the captive screws one by one by turning them counterclockwise with a Philips screwdriver Figure 7 40 Loosen the captive screws Step3 Gently pull out the air filter along the slide rails ...

Page 136: ... 41 Pull out the air filter z Keep the removed air filter and fastening screws in a safe place for future use z You can clean the air filter with water but wait until it is completely dry before installing it again ...

Page 137: ... 8 4 Troubleshooting the Configuration System 8 4 No Display on the Terminal Screen 8 4 Illegible Characters on the Terminal Screen 8 4 Serial Port Response Failure 8 5 Using the AUX Port as Backup Console Port 8 5 Password Loss 8 6 Troubleshooting the Cooling System 8 6 Troubleshooting Application Upgrade 8 7 Response Failure of the MPU Serial Port 8 7 Troubleshooting TFTP Upgrading 8 7 Troublesh...

Page 138: ... 0 z The power supply of the firewall is operating properly The power LED is green when the power supply works normally If the cause cannot be located in the steps above and the problem persists contact your local sales agent Symptom 2 Symptom Five minutes after the firewall is powered on or the MPU is inserted with power supply on the RUN LED still fast flashes at 8 Hz which indicates that the MP...

Page 139: ...irewall is powered off or the LPU is faulty Solution Check that z The firewall is powered on z The LPU is properly inserted into an LPU slot slot 1 through slot 4 If the LPU is faulty the following prompt will be displayed after you enter the display version command Slot3 The Board is present state is unknown If the cause cannot be located in the steps above and the problem persists contact your l...

Page 140: ...The power LED on the front panel is red Solution Check that z The power module is firmly in place z The power source meets the requirement of the firewall If the cause cannot be located in the steps above and the problem persists contact your local sales agent Troubleshooting Fans Symptom 1 Symptom After the firewall is booted the following information appears Jul 5 14 47 20 618 2007 H3C DEV 4 FAN...

Page 141: ...l If the configuration system is faulty the terminal screen may display nothing or illegible characters No Display on the Terminal Screen Symptom After the firewall is powered on the configuration terminal displays nothing Solution Check that z The power supply is normal z The console cable is properly connected If the cause cannot be located in the steps above the possible reasons are as follows ...

Page 142: ...parameters in Chapter 6 Maintaining Software Using the AUX Port as Backup Console Port When the console port is faulty you can use the AUX port as the backup console port to complete firewall configuration as follows 1 Make sure that the work mode of the AUX port is flow 2 Power off the firewall connect the RJ 45 connector of the console cable to the AUX port and then connect the DB 9 female conne...

Page 143: ...s down below 75 C 167 F the following information appears on the configuration terminal screen May 14 22 25 17 804 2000 H3C DRVMSG 3 TempHOK Environment temperature recovered from OT in Slot 0 index is 2 May 14 22 25 18 713 2000 H3C DEV 1 BOARD TEMPERATURE NORMAL Trap 1 3 6 1 4 1 2011 2 23 1 12 1 17 hwBoaardTemperatureFormHigherToNormal fr ameIndex is 0 slotIndex 0 0 May 14 22 25 18 713 2000 H3C D...

Page 144: ...tion talking about modifying serial interface parameters in Chapter 6 Maintaining Software Troubleshooting TFTP Upgrading Symptom During application file upgrading through TFTP the following problems are encountered z Symptom 1 The CF card does not have enough space The following information appears File will be transferred in binary mode Downloading file from remote TFTP server please wait Failed...

Page 145: ...68 1 10 10 204 150 xxx file ready to send xxx bytes in ASCII mode FTP Error Writing Local File Screen z Symptom 2 The file to be downloaded is not found The following information appears 227 Entering Passive Mode 192 168 1 10 10 203 550 Error File xxx does not exist FTP Error Writing Local File Screen z Symptom 3 The configuration of the network port is incorrect The following information appears ...

Page 146: ...s not exist cfa0 main bin Starting to get the backup application file cfa0 backup bin The backup application file does not exist cfa0 backup bin Starting to get the secure application file cfa0 secure bin The secure application file does not exist cfa0 secure bin Booting App fails The names of the main backup and secure application files vary with different user settings Solution A possible cause ...

Page 147: ...fornia Code of Regulations A 4 Canada regulatory compliance A 4 ICES 003 A 4 Japan regulatory compliance A 4 VCCI A 4 CISPR 22 compliance A 4 Appendix B Safety Information Sicherheits informationen安全信息 B 1 Overview Überblick 概述 B 1 Conventions Used Symbole Erläuterung应用惯例 B 2 General Requirements Allgemeine Anforderungen通用要求 B 3 Electricity Safety Elektrische Sicherheit 用电安全 B 4 High Voltage Hochs...

Page 148: ...R 22 CLASS A EN 55022 CLASS A AS NZS CISPR22 CLASS A CISPR 24 EN 55024 EN 61000 3 2 EN 61000 3 3 EN 61000 6 1 ETSI EN 300 386 EN 301 489 1 Safety UL 60950 1 CAN CSA C22 2 No 60950 1 IEC 60950 1 EN 60950 1 A11 AS NZS 60950 EN 60825 1 EN 60825 2 FDA 21 CFR Subchapter J GB 4943 European Directives compliance LVD EMC Directive This product complies with the European Low Voltage Directive 2006 95 EC an...

Page 149: ...uter ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999 5 ΕΚ Français French Par la présente H3C Corporation déclare que l appareil Router est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999 5 CE Italiano Italian Con la presente H3C Corporation dichiara che questo Router è conforme ai requisiti essenziali e...

Page 150: ...r kröfur sem gerðar eru í tilskipun 1999 5 EC Norsk Norwegian H3C Corporation erklærer herved at utstyret Router er i samsvar med de grunnleggende krav og øvrige relevante krav i direktiv 1999 5 EF A copy of the signed Declaration of Conformity can be downloaded from http www h3c com portal Technical_Documents WEEE Directive 2002 96 EC The products this manual refers to are covered by the Waste El...

Page 151: ...21 CFR Subchapter J California Code of Regulations California Code of Regulations Title 22 Chapter 33 Best Management Practices for Perchlorate Materials Canada regulatory compliance ICES 003 This Class A digital apparatus complies with Canadian ICES 003 Cet appareil numérique de la classe A est conforme à la norme NMB 003 du Canada Japan regulatory compliance VCCI This product complies with the r...

Page 152: ...er manuals do not cover all safety precautions that should be followed They are only the supplements to the safety precautions for operations as a whole Therefore the personnel in charge of the installation and maintenance of the products are required to understand these basics of safety operation In performing various operations please follow the local safety regulations The safety precautions in...

Page 153: ... Sicherheitshinweise genau zu beachten Das für die Installation und Instandhaltung der Produkte verantwortliche Pesonal muss geschult werden um alle Sicherheitsvorschriften zu kennen und die richtigen Arbeitsmethoden anwenden zu können Nur geschultes und qualifiziertes Personal kann die Installation und Instandhaltung in korrekter Weise durchführen 为了避免可能发生的事故 请在进行任何操作前 仔细阅读设备操作手册和本章节的安全规范 手册中 出 现...

Page 154: ...ungen sorgfältig durch bevor Sie mit dem Arbeiten beginnen z 在进行操作前仔细阅读手册内容 z Das System muss in einem Raum installiert werden der unbefugten Personen keinen Zutritt gestattet z 设备必须安装在指定位置 z Beachten Sie dass bei der Installation des Systems stets zuerst die Erdverbindung angebracht wird und das die Erdverbindung stets als letztes getrennt wird z 进行设备安装时 必须确保接地连接是最先连接和最后断开 z Do not block ventilat...

Page 155: ... Unfällen führen 高压电源为设备运行提供电能 直接或是间接 通过潮湿的物体 接触高压和 AC 交流电源输入 都会 导致致命危险 z During the installation of AC power supply facility the local safety regulations must be followed The personnel who install the AC facility must be qualified for high voltage and AC operations z Bei der Installation der Wechselstromversorgung sind die örtlichen Sicherheitsbestimmungen zu beachten Das Personal muss besonders ...

Page 156: ...ions should be qualified for high voltage and AC operations Die Nichtbeachtung der Sicherheitsvorschriften bei der Arbeit mit Hochspannung kann zu Feuer und elektrischem Schlag führen Deshalb muss die Verlegung von Leitungen und Verbindungen den örtlichen Anforderungen und Sicherheitsvorschriften entsprechen Arbeiten mit Hochspannung dürfen nur von qualifiziertem Fachpersonal durchgeführt werden 不...

Page 157: ...请切断电源 z Before the power cable is connected it must be confirmed that the power cable and label comply with the requirements of the actual installation z Überprüfen Sie vor dem Anbringen der Zuleitung immer ob das von Ihnen verwendete Kabel den Anforderungen entspricht z 在进行线缆连接前 请确认线缆和线缆的标识与实际安装要求是一致的 For DC power supplied equipment please use 2 5 mm2 minimum power supply cord For AC power suppli...

Page 158: ...equipment from being damaged by lightning proper grounding is required Arbeiten mit Hochspannung und Wechselstrom oder Arbeiten auf Stahltürmen und masten während eines Gewitters sind verboten Um die Ausrüstung vor Beschädigung durch Blitzschlag zu schützen ist eine ordnungsgemäße Erdung erforderlich 禁止在雷雨天进行高压电源和 AC 交流电源安装操作 对金属架和天线的操作也是不允许的 为保护设 备免遭雷击破坏 设备应可靠接地 ...

Reviews: