Use this Quickstart Guide to get the Cisco IronPort S-Series
appliance installed and running on your network, and refer to
the Deployment chapter in the
IronPort AsyncOS for Web
User Guide
for information about how to configure appliance
settings.
Before you start, make sure you have the following equipment:
Rack cabinet enclosure
•
RapidRails
•
TM
and adaptor kits
10/100/Gigabit BaseT TCP/IP local area network (LAN)
•
Check to make sure the following items are present in the Cisco
IronPort Web Security appliance system box:
Cisco IronPort S-Series appliance
•
Dual-head power cables (1)
•
Straight power cables (2)
•
Ethernet
•
TM
cable
Null Modem cable
•
Documentation CD
•
IronPort AsyncOS for Web User Guide
•
Safety and Compliance Guide
•
Terms and Conditions of Use
•
Release Notes
•
Note:
You can download the AsyncOS Release Notes from the IronPort
Customer Support Portal located at www.ironport.com/support
Cisco IronPort S670
Plan the installation within your network
The S-Series appliance is typically installed as an additional layer in the
network between clients and the Internet. Depending on how you deploy
the appliance, you may or may not need a Layer 4 (L4) switch or a WCCP
router to direct client traffic to the appliance. Deployment options include:
Transparent Proxy
•
– Web proxy with an L4 switch
Transparent Proxy
•
– Web proxy with a WCCP router
Explicit Forward Proxy
•
– Connected to a network switch
L4 Traffic Monitor
•
– Ethernet tap (simplex or duplex)
Simplex Mode:
–
Port T1 receives all outgoing traffic and port T2
receives all incoming traffic.
Duplex Mode:
–
Port T1 receives all incoming and outgoing traffic.
Install in Rack
Install the Cisco IronPort appliance into your rack cabinet. Ensure the
ambient temperature around the system is within the specified limits,
and ensure there is
sufficient airflow
around the unit.
Documentation
CD
Quickstart
Guide
Safety and
Compliance Guide
INSTALL
2
uNPACk
1
C ONNECT
3
Note:
The Networking Worksheet that is located toward the back of
this guide is a useful prerequisite to running the System Setup Wizard.
Ironport strongly recommends using the Networking Worksheet to plan
your deployment and record the information that you need to complete
the initial configuration.
Note:
To monitor true client IP addresses, the L4 Traffic Monitor should
always be configured inside the firewall and before NAT (Network
Address Translation).
Dual-Head
Power
Cables
(1)
Ethernet
Cable
Null Modem
Cable
Straight
Power
Cables
(2)
Management PC
L4 switch/
WCCP router
Ethernet tap
Simplex/Duplex
Firewall
Clients
Internet
Management
Configure your laptop’s network connection to use an IP address on the
same subnet as the S-Series appliance (192.168.42.xx).
Note:
The laptop can only connect to the S-Series appliance if the laptop
IP address and the appliance IP address are on the same subnet.
Connect your laptop to the
Management Port
using the Ethernet
cable included in the system box. The S-Series appliance uses the M1
Management Port only.
Cable
Cable the S-Series appliance.
Plug the Ethernet cables into the
appropriate ports on the back panel of the appliance.
The proxy ports are labeled P1 and P2.
•
P1 only enabled:
–
When only P1 is enabled, connect it to
the network for both incoming and outgoing traffic.
P1 and P2 enabled:
–
When both P1 and P2 are enabled, you
must connect P1 to the internal network and P2 to the Internet.
The Traffic Monitor ports are labeled T1 and T2.
•
–
Simplex tap:
Ports T1 and T2; one cable for all packets destined
for the Internet (T1), and one cable for all packets coming from the
Internet (T2).
Duplex tap:
–
Port T1; one cable for all incoming and outgoing traffic.
L4 switch/WCCP Router/
Network switch
Ethernet tap
Simplex/Duplex
Management PC
Management Port
POWER-uP
4
RuN ThE SySTEM SETuP WIz ARD
5
C ONFIguRE
6
Power
Plug the female end of the straight power cable, or the female ends of
•
the dual-head power cable into the redundant power supplies on the
back panel of the appliance.
Plug the male end(s) into an electrical outlet.
•
Turn on the system power
by pressing the On/Off switch on the front
panel of the appliance. You must
wait five minutes
for the system to
initialize each time you power up the system.
Access the Cisco IronPort S-Series appliance and run the System Setup
Wizard to configure basic settings and enable a set of system defaults.
To access the S-Series appliance, open a web browser and connect
•
to the Management interface:
http://192.168.42.42:8080 where 192.168.42.42 is the default IP
address, and 8080 is the default Admin port setting.
The host name parameter is assigned during system setup. Before
you can connect to the Management interface using a host name
(http://hostname:8080), you must add the appliance host name and
IP address to your DNS server database.
Login using the default user name
•
admin
, and the default
password
ironport
.
Run the System Setup Wizard.
•
Use the web interface to set up policies, enable features, and modify
settings as necessary to maintain your configuration.
Set Identities and Access Policies:
Use the Web Security Manager
> Identities page to identify groups of users on the network. Then use
the Web Access Policies page to control user access to the Internet by
configuring which objects and applications to allow or block, which URL
categories to monitor or block, and web reputation and anti-malware
settings.
Schedule Reports:
Use the Monitor > Reports page to schedule
interactive reports, and set up archive reporting to track trends and
activity over time.
Enable Features:
Use the System Administration > Feature Keys page
to enter valid keys for features that you enabled during setup.
Create WCCP Services:
If you connect the appliance to a WCCP v2
router, use the Network > Transparent Redirection page to create at least
one WCCP service.
Send Configuration File:
Send a copy of the current configuration file
to the system administrator. This file can be used to restore your initial
System Setup Wizard defaults if necessary.
For information about managing the Cisco IronPort S-Series appliance,
refer to the
IronPort AsyncOS for Web User Guide.
Dual-Head
Power Cable
Straight
Power Cable
OR
Cisc
o
Iron
Port
C37
0
50
95
F
C
35
10
SERIAL
MANAGEMENT
1
2
3
4
SERIAL
MANAGEMENT
1
2
3
4
SERIAL
MGMT DATA 1
2
3
3
4
SERIAL
MGMT DATA 1
2
3
3
4
MANAGEMENT
3
4
Cisc
o
Iron
Port
C37
0
Temperature Limits
Wait 5
minutes
Power
User Guide
