manualshive.com logo in svg

Clavister Eagle E7, Quick Start Manual

The Clavister Eagle E7 is a high-performance network security appliance designed to protect your data and network infrastructure. Ensure a quick and easy setup with the included Quick Start Manual. For more detailed information, download the free manual from manualshive.com to unleash the full potential of your Clavister Eagle E7.

Share
Download
background image

EthernetDevice:

0:G2

1:<empty>

AutoSwitchRoute:

No

AutoInterfaceNetworkRoute:

Yes

AutoDefaultGatewayRoute:

Yes

ReceiveMulticastTraffic:

Auto

MemberOfRoutingTable:

All

Comments:

<empty>

Setting the default gateway on the interface has the additional effect that cOS Core
automatically creates a route in the default

main

routing table that has the network

all-nets

routed on the interface. This means that we do not need to explicitly create this route.

Even though an

all-nets

route is automatically added, no traffic can flow without the addition of

an

IP rule

which explicitly allows traffic to flow. Let us assume we want to allow web browsing

from the protected network

G3_net

on the interface G3. A simple rule to do this would have the

rule's

Action

property set to the value

Allow

and is defined with the following command:

The IP rule set

main

always exists by default and is a top level CLI context. Add an IP rule called

lan_to_wan

to allow the traffic through to the public Internet:

Device:/> add IPRule name=lan_to_wan

Action=Allow
SourceInterface=G3
SourceNetwork=InterfaceAddresses/G3_net
DestinationInterface=G2
DestinationNetwork=all-nets
Service=http-all

This IP rule would be correct if the internal network hosts have public IPv4 addresses but in most
scenarios this will not be true and internal hosts will have private IPv4 addresses. In that case, we
must use NAT to send out traffic so that the apparent source IP address is the IP of the interface
connected to the ISP. To do this we simply change the

Action

property in the above command

from a value of

Allow

to a value of

NAT

:

Device:/main> add IPRule name=lan_to_wan

Action=NAT
SourceInterface=G3
SourceNetwork=InterfaceAddresses/G3_net
DestinationInterface=G2
DestinationNetwork=all-nets
Service=http-all

The service used in the IP rule is

http-all

which will allow most web browsing but does not

include the DNS protocol to resolve URLs into IP addresses. To solve this problem, a custom
service could be used in the above rule which combines

http-all

with the

dns-all

service.

However, the recommended method which provides the most clarity to a configuration is to
create a separate IP rule for DNS:

Device:/main> add IPRule name=lan_to_wan_dns

Action=NAT
SourceInterface=G3
SourceNetwork=InterfaceAddresses/G3_net
DestinationInterface=G2
DestinationNetwork=all-nets
Service=dns-all

It is recommended that at least one DNS server is also defined in cOS Core. This DSN server or
servers (a maximum of three can be configured) will be used when cOS Core itself needs to
resolve URLs which will be the case when a URL is specified in a configuration instead of an IP
address. If we assume an IP address object called

dns1_address

has already been defined for the

first DNS server, the command to specify the first DNS server is:

Chapter 3: cOS Core Configuration

54

Summary of Contents for Eagle E7

Page 1: ...Clavister Eagle E7 Getting Started Guide Clavister AB Sj gatan 6J SE 89160 rnsk ldsvik SWEDEN Phone 46 660 299200 www clavister com Published 2013 05 29 Copyright 2013 Clavister AB...

Page 2: ...avister reserves the right to revise this publication and to make changes from time to time in the content hereof without any obligation to notify any person or parties of such revision or changes Lim...

Page 3: ...ion 19 2 5 Connecting Power 21 2 6 Resetting to Factory Defaults 22 3 cOS Core Configuration 24 3 1 Management Workstation Connection 24 3 2 Web Interface and Wizard Setup 27 3 3 Manual Web Interface...

Page 4: ...List of Figures 1 1 An Unpacked Clavister E7 Appliance 7 1 2 Clavister E7 Connection Ports 9 1 3 The E7 Ethernet Interface Ports 9 2 1 The E7 Console Port 19 2 2 E7 Power Inlet Connector 21 4...

Page 5: ...subsections are shown in the table of contents at the beginning of the document Notes to the main text Special sections of text which the reader should pay special attention to are indicated by icons...

Page 6: ...oubleshooting Web links Web links included in the document are clickable For example http www clavister com Trademarks Certain names in this publication are the trademarks of their respective owners c...

Page 7: ...y unpack the contents The delivered product packaging should contain the following The Clavister E7 appliance RS232 null modem cable or micro USB console cable depending on version RJ45 Ethernet cable...

Page 8: ...nt WEEE directive symbol which is shown below The product and any of its parts should not be discarded of by means of regular refuse disposal At end of life the product and parts should be given to an...

Page 9: ...connected by a switch fabric There are two versions of the E7 appliance The first generation version provides console connection through an RS232 RJ45 connector port the second generation uses a micr...

Page 10: ...ace Status LEDs On the E7 there are indicator lights at the top left and top right of each interface which illuminate according to link status and activity The conditions shown are The top left flashe...

Page 11: ...Chapter 1 Product Overview 11...

Page 12: ...ower Make sure that the power source circuits are properly grounded and then use the power cord supplied with the appliance to connect it to the power source Using Other Power Cords If your installati...

Page 13: ...that airflow around the appliance is not restricted Dust Do not expose the appliance to environments with elevated dust levels Note The specifications appendix provide details Detailed information co...

Page 14: ...rack mounting with PSU mounting space including 2 fitted hex screws 1 x plastic cable tie for securing the PSU to the rack mount The kit is attached to the sides of the E7 unit prior to mounting in t...

Page 15: ...from the power inlet in the same way This is also secured by screwing the 2 preinstalled screws into the corners of the vents 5 Take the external power supply and place it into the space provided on...

Page 16: ...g the PSU power cord into the E7 power inlet The E7 with the attached mounting bracket is now ready to be mounted in a rack Following mounting a power cable can be plugged into the E7 PSU Chapter 2 In...

Page 17: ...Core setup as well as for ongoing system administration The RS 232 console port need not be used if setup is done through a web browser as described in Section 3 2 Web Interface and Wizard Setup If th...

Page 18: ...232 cable directly to the console port on the E7 3 Connect the other end of the cable to a console terminal or to the serial connector of a computer running console emulation software Connection Usin...

Page 19: ...Connection Steps To connect a PC to the console port follow these steps 1 Connect a micro USB connector directly to the console port on the E7 2 Connect the other end of the cable to a USB port on a...

Page 20: ...nt Workstation Connection Note Setting a console password is recommended A console password need not be set If it is not anyone with physical access to the console has full administrator rights Unless...

Page 21: ...the appliance is ready for configuration from a management workstation using either the Web Interface or the Command Line Interface CLI as the management interface Initial configuration is discussed i...

Page 22: ...ot sequence begins on the console output the boot menu is entered by typing any key on the console keyboard A complete description of the boot menu and its options can be found in the separate cOS Cor...

Page 23: ...Chapter 2 Installation 23...

Page 24: ...ity operating system is preloaded on the E7 and will automatically boot up after power is applied An external management computer workstation can now be used to configure cOS Core The Default Manageme...

Page 25: ...CLI allows step by step control of setup and should be used by administrators who fully understand both the CLI and setup process CLI access is possible in one of two ways i CLI access can be remote a...

Page 26: ...though it could be any other unused interface Using Crossover Cables Connection to the management interface from the workstation can be done directly without a switch This is usually done by using a c...

Page 27: ...rn off popup blocking Make sure the web browser doesn t have a proxy server configured Any popup blocking in the browser should also be temporarily turned off to allow the setup wizard to run If there...

Page 28: ...After login the Web Interface will appear and the cOS Core setup wizard should begin automatically The first wizard dialog is the wizard welcome screen which should appear as shown below Cancelling t...

Page 29: ...steps that the wizard goes through after the welcome screen are listed next Wizard step 1 Enter a new username and password You will be prompted to enter a new administration username and password as...

Page 30: ...hat will be used to connect to an ISP for Internet access Wizard step 4 Select the WAN interface settings This step selects how the WAN connection to the Internet will function It can be one of Manual...

Page 31: ...ry DNS server field 4B DHCP automatic configuration All required IP addresses will automatically be retrieved from the ISP s DHCP server with this option No further configuration is required for this...

Page 32: ...ly after connection with PPTP Wizard step 5 DHCP server settings If the Clavister Security Gateway is to function as a DHCP server it can be enabled here in the wizard on a particular interface or con...

Page 33: ...Core For the default gateway it is recommended to specify the IPv4 address assigned to the internal network interface In this setup this corresponds to 192 168 1 1 The DNS server specified should be...

Page 34: ...link is provided to open a browser window to complete registration Alternatively this step can be skipped and license installation can be done later in which case cOS Core will run in demonstration m...

Page 35: ...although their physical capabilities may be different any interface can perform any logical function With the E7 the GESW interface is the default management interface The other interfaces can be use...

Page 36: ...Configuration Changes To activate any cOS Core configuration changes made so far select the Save and Activate option from the Configuration menu this procedure is also referred to as deploying a conf...

Page 37: ...since any system outage will result in these edits being lost Automatic Logout If there is no activity through the Web Interface for a period of time the default is 15 minutes cOS Core will automatica...

Page 38: ...rnet access Now add the gateway IP4 Address object using the address book name wan_gw and assign it the IPv4 address 10 5 4 1 The ISP s gateway is the first router hop towards the public Internet from...

Page 39: ...nd provide a convenient way to group together related IP address objects The folder name can be chosen to indicate the folder s contents Now click the Add button at the top left of the list and choose...

Page 40: ...plained in more detail later specifying the Default Gateway also has the additional effect of automatically adding a route for the gateway in the cOS Core routing table At this point the connection to...

Page 41: ...any traffic controlled by a NAT rule will be controlled by the cOS Core state engine This means that the rule will allow connections that originate from the source network destination and also implic...

Page 42: ...erface where the network all nets in other words any network will be found If the default main routing table is opened by going to Network Routing Routing Tables main the route needed should appear as...

Page 43: ...m the ISP via DHCP and cOS Core automatically sets the relevant address objects in the address book with this information For cOS Core to know on which interface to find the public Internet a route ha...

Page 44: ...Routing Tables main we can see this route If the PPPoE tunnel object is deleted this route is also automatically deleted At this point no traffic can flow through the tunnel since there is no IP rule...

Page 45: ...leted At this point no traffic can flow through the tunnel since there is no IP rule defined that allows it As was done in option A above we must define an IP rule that will allow traffic from a desig...

Page 46: ...dns1_address Syslog Server Setup Although logging may be enabled no log messages are captured unless at least one log server is set up to receive them and this is configured in cOS Core Syslog is one...

Page 47: ...the cOS Core will drop any traffic unless an IP rule explicitly allows it Let us suppose that we wish to allow the pinging of external hosts with the ICMP protocol by computers on the internal G3_net...

Page 48: ...is found for a new connection then the default rule is triggered This rule is hidden and cannot be changed and its action is to drop all such traffic as well as generate a log message for the drop In...

Page 49: ...nfiguration during editing then these deletes are indicated by a line scored through the list entry while the configuration is still not yet activated The deleted entry only disappears completely when...

Page 50: ...limitation Doing this is described in Section 3 5 Installing a License Chapter 3 cOS Core Configuration 50...

Page 51: ...normal CLI prompt if connecting directly through the local console port and a username password combination will not be required a password for this console can be set later Device If connecting remo...

Page 52: ...can only be changed after initial startup All cOS Core interfaces are logically equal for cOS Core and although their physical capabilities may be different any interface can perform any logical funct...

Page 53: ...ualifying the names of IP objects in folders On initial startup of the E7 cOS Core automatically creates and fills the InterfaceAddresses folder in the cOS Core address book with the interface related...

Page 54: ...ill have private IPv4 addresses In that case we must use NAT to send out traffic so that the apparent source IP address is the IP of the interface connected to the ISP To do this we simply change the...

Page 55: ...c can flow to or from the Internet since there is no IP rule defined that allows it As was done in the previous option A above we must therefore manually define an IP rule that will allow traffic from...

Page 56: ...ote Network specified for the tunnel and for the public Internet this should be all nets As with all automatically added routes if the PPTP tunnel object is deleted then this route is also automatical...

Page 57: ...NTP Server Setup Network Time Protocol NTP servers can optionally be configured to maintain the accuracy of the system date and time The command below sets up synchronization with the two NTP servers...

Page 58: ...w connection then the default rule is triggered This rule is hidden and cannot be changed and its action is to drop all such traffic as well as generate a log message for the drop In order to gain con...

Page 59: ...e iv The license file is uploaded to the security gateway through the cOS Core Web Interface by going to Status Maintenance License and pressing the Upload button to select the license file Following...

Page 60: ...arameters may come into effect although this does not disrupt traffic When installing a license through the Web Interface or when using the startup wizard the option to reboot or reconfigure are prese...

Page 61: ...rrectly 4 Is the management interface properly connected Check the link indicator lights on the management interface If they are dark then there may be a cable problem 5 Check the cable type connected...

Page 62: ...ts being received on the different interfaces and confirm that the correct cables are connected to the correct interfaces To look at the ARP activity only a particular interface follow the command wit...

Page 63: ...needs to be defined before traffic can traverse the Clavister Security Gateway An alternative to IP Rule objects is to use IP Policy objects These have essentially the same function but simplify the...

Page 64: ...ions A CLI overview is also provided as part of the cOS Core Administrators Guide cOS Core Education Courses For details about classroom and online cOS Core education as well as cOS Core certification...

Page 65: ...Chapter 3 cOS Core Configuration 65...

Page 66: ...ted for the remainder of the original warranty period or thirty days whichever is longer Note that the term Start Date means the earlier of the product registration date OR ninety 90 days following th...

Page 67: ...tegrated with any product returned to Clavister pursuant to this warranty Contacting Clavister Should there be a problem with the online form then Clavister support can be contacted by email at suppor...

Page 68: ...viceable parts inside these products Only service trained personnel can perform any adjustment maintenance or repair S kerhetsf reskrifter Dessa produkter r s kerhetsklassade enligt klass I och har an...

Page 69: ...elle zu den Ger teingabeterminals den Netzkabeln oder dem mit Strom belieferten Netzkabelsatz voraus Sobald Grund zur Annahme besteht dass der Schutz beeintr chtigt worden ist das Netzkabel aus der Wa...

Page 70: ...rna de puesta a tierra Es preciso que exista una puesta a tierra continua desde la toma de alimentac on el ctrica hasta las bornas de los cables de entrada del aparato el cable de alimentaci n hasta h...

Page 71: ...mounting kit Regulatory and Safety Standards Safety UL CE EMC CE class A Environmental Humidity 5 to 95 noncondensing Operational Temperature 0 to 35 C Vibration 0 41 Grms2 3 500 Hz Shock 30 G Power...

Page 72: ...Appendix B Declarations of Conformity 72...

Page 73: ...Appendix B Declarations of Conformity 73...

Page 74: ...re connected via a common switch fabric For example the 8 GESW interfaces could be divided so that the first 2 GESW interfaces could be on one VLAN the next 3 interfaces could be on a second VLAN and...

Page 75: ...e E7 Port Based VLAN Issues There some issues which the adminstrator should be aware of when setting up port based VLAN s Port Based VLANs Cannot be Mixed with VLAN Trunks When the port based VLAN fea...

Page 76: ...Clavister AB Sj gatan 6J SE 89160 rnsk ldsvik SWEDEN Phone 46 660 299200 www clavister com...

Reviews:

No comments

Related manuals for Eagle E7

Cigent Technology RECON SENTINEL User Manual preview
RECON SENTINEL
Brand: Cigent Technology Pages: 50
Motorola SURFboard SVG2500 (Spanish) Guía Del Usuario preview
SURFboard SVG2500
Brand: Motorola Pages: 185
H3C SecPath F1000-AI-5 Series Installation Manual preview
SecPath F1000-AI-5 Series
Brand: H3C Pages: 70
BaseWall Dual WAN VPN Firewall VPN 2000 User Manual preview
Dual WAN VPN Firewall VPN 2000
Brand: BaseWall Pages: 76
Watchguard Firebox T20 Quick Start Manual preview
Firebox T20
Brand: Watchguard Pages: 2
Draytek Vigor 2862 Series Quick Start Manual preview
Vigor 2862 Series
Brand: Draytek Pages: 18
Draytek V2862-K Quick Start Manual preview
V2862-K
Brand: Draytek Pages: 21
Draytek VIGOR2820 series User Manual preview
VIGOR2820 series
Brand: Draytek Pages: 269
Draytek Vigor IPPBX 2820n User Manual preview
Vigor IPPBX 2820n
Brand: Draytek Pages: 378

Brands by name

Popular brands

Load more brands