manualshive.com logo in svg

H3C H3C SECPATH F1000-S, Installation Manual

The H3C H3C SECPATH F1000-S is a cutting-edge network security product designed to protect your system from cyber threats. Ensure seamless installation and setup by downloading the free Installation Manual from manualshive.com. This comprehensive manual will guide you through the process effortlessly. Get your copy today!

Share
Download
background image

 

 

 

 

H3C SecPath F1000-S Firewall

Installation Manual

Hangzhou H3C Technologies Co., Ltd.

 

 

http://www.h3c.com 

 

Manual Version:

 

T2-08044J-20070622-C-1.03 

 

 

Summary of Contents for H3C SECPATH F1000-S

Page 1: ...H3C SecPath F1000 S Firewall Installation Manual Hangzhou H3C Technologies Co Ltd http www h3c com Manual Version T2 08044J 20070622 C 1 03...

Page 2: ...InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information i...

Page 3: ...ption and configuration example H3C SecPath Series Security Products Web Based Configuration Manual It directs users to configure the H3C SecPath Series Firewalls in Web mode Organization H3C SecPath...

Page 4: ...conventions Convention Description Boldface The keywords of a command line are in Boldface italic Command arguments are in italic Items keywords or arguments in square brackets are optional x y Alter...

Page 5: ...Create Folder III Symbols Convention Description Warning Means reader be extremely careful Improper operation may cause bodily injury Caution Means reader be careful Improper operation may cause data...

Page 6: ...unting Rack 2 3 2 2 Safety Precautions 2 3 2 3 Unpacking and Inspection 2 4 2 4 Tools Meters and Devices 2 4 Chapter 3 Hardware Installation 3 1 3 1 Installation Procedure 3 1 3 2 Mounting the Device...

Page 7: ...SDRAMs on the Mainboard 6 4 6 3 2 Removing a DDR SDRAM 6 5 6 3 3 Installing a DDR SDRAM 6 6 6 4 Closing the Chassis Cover 6 6 6 5 Replacing an MIM 6 7 Chapter 7 Troubleshooting 7 1 7 1 Troubleshooting...

Page 8: ...pearance 8 12 8 6 3 Interface Attributes 8 13 8 6 4 Panel and Interface LEDs 8 13 8 6 5 Interface Fiber Cable 8 14 8 6 6 Connecting the Interface Fiber Cable 8 15 8 7 SSL Module 8 15 8 7 1 Introductio...

Page 9: ...e 4 3 Select serial interface 4 2 Figure 4 4 Set port parameters 4 3 Figure 4 5 Select emulation type 4 4 Figure 5 1 Send File dialog box 5 3 Figure 5 2 Sending File interface 5 4 Figure 5 3 Set up an...

Page 10: ...9 Figure 8 12 2GBE module 8 9 Figure 8 13 1GBE module panel 8 10 Figure 8 14 2GBE module panel 8 10 Figure 8 15 Ethernet cable 8 11 Figure 8 16 Category 5 twisted pair cable 8 11 Figure 8 17 1GEF modu...

Page 11: ...nt room 2 1 Table 2 2 Dust limit in the equipment room 2 2 Table 2 3 Limit of harmful gases in the equipment room 2 2 Table 3 1 Dimensions of the H3C SecPath F1000 S firewall 3 2 Table 6 1 Memory spec...

Page 12: ...her with access control lists ACLs to implement dynamic packet filtering It provides various intelligent analysis and management methods supports email alarming and multiple sorts of logs and provides...

Page 13: ...device management functions With the national and international standards dominant in China North America Europe Australia and Japan taken into consideration in its design the firewall complies with...

Page 14: ...s dynamic random access memory DSRAM stores the communication data with the CPU and running system Flash memory stores application files exceptional information and configuration files Boot read only...

Page 15: ...being transmitted received on the interface OFF means no packets are being transmitted received on the interface 1 2 4 Attributes of the Fixed Interfaces I Console port CON Table 1 3 Attributes of th...

Page 16: ...long haul 1550 nm z Single mode ultra long haul 1550 nm They all provide LC interfaces and are hot swappable Table 1 5 shows the Ethernet interface attributes of the H3C SecPath F1000 S firewall Table...

Page 17: ...have been approved by our company z Before performing switchover between electrical optical interfaces you need to first disable the rate and duplex mode configurations in the current mode electrical...

Page 18: ...tallation Manual H3C SecPath F1000 S Firewall Chapter 1 Product Overview 1 7 z Security socket layer encryption module SSL For more information on the MIMs see Chapter 8 Multifunctional Interface Modu...

Page 19: ...the CMOS circuit of the product The higher the temperature is the greater the damage to your device Long lasting high temperature can speed up the aging of the insulation materials greatly lower the d...

Page 20: ...s present On the communication network connected to your device the static electricity mainly comes from the outside electric fields such as outdoor high voltage power cables and lightning and from th...

Page 21: ...nd point of the power socket is well connected to the earth ground z Add a lightning arrester onto the front end of the power input to better protect the power supply from lightning strikes 2 1 6 Moun...

Page 22: ...for the firewall 2 3 Unpacking and Inspection Check the arrived shipment against the packing list making sure all the items are included and in good condition Contact your agent for shortage or wrong...

Page 23: ...Connect the power cord Connect the console terminal to device Verify the installation Power up the device Troubleshooting Power down the device Verify the installation Install MIM optional Power down...

Page 24: ...o not place any heavy stuff on the device 3 2 2 Rack Mounting the Device The H3C SecPath Series Firewall can be placed in a standard 19 inch rack Table 3 1 shows its dimensions Table 3 1 Dimensions of...

Page 25: ...es Caution When installing or using your firewall properly connect the grounding wire for lightning protection and anti interference The H3C SecPath Series Firewall provides a grounding screw which mu...

Page 26: ...ng protection make sure that the firewall has a good ground connection when it is operating 3 5 Connecting to the Console Terminal I Console port On the H3C SecPath Series Firewall one RS 232 asynchro...

Page 27: ...n and power up the devices The console terminal shows the startup information of the firewall if the connection is correct For details see Chapter 4 Booting and Configuration 3 6 Connecting the Ethern...

Page 28: ...nectors All the optical transceivers are hot swappable Note A fiber connector as defined by the International Telecommunications Union ITU is a passive component that connects two or more fiber cable...

Page 29: ...Connect the Ethernet electric port Caution Read the mark above the port carefully making sure it is the correct port Step 1 Connect one end of the Ethernet cable to the electric port of the 10 100 10...

Page 30: ...the firewall and the Rx port on the peer device Step 2 Power up the firewall and check the state of the LINK LED of the Ethernet 0 1 interface On means the Rx link is present OFF means no Rx link is...

Page 31: ...other end to the AC site power Step 3 Repeat Step 2 to connect the PWR1 Skip this step if you use only one PSU Step 4 Place the PWR0 switch to the ON position Step 5 Place the PWR1 switch to the ON po...

Page 32: ...o the console port on the firewall and the DB9 connector to the serial interface on the console terminal as shown in Figure 4 1 RS 232 serial interface PC H3C SecPath F1000 S Console port Console cabl...

Page 33: ...2 Set the terminal parameters Set the HyperTerminal parameters of Windows98 as follows 1 Select serial interface Select the serial interface to be used from the Connect Using drop down list as shown i...

Page 34: ...serial interface parameters as follows z Bits per second 9600 z Data bits 8 z Parity None z Stop bits 1 z Flow control None Click OK and the HyperTerminal window appears Figure 4 4 Set port parameter...

Page 35: ...rewall check that z Both the power cord and the grounding wire are correctly connected z Proper power supply is used z The console cable is correctly connected z The console terminal or PC has been st...

Page 36: ...ation on LED state z The console terminal display is correct After powering up the firewall you can see the startup interface on the console terminal see section 4 1 3 Booting Process After the system...

Page 37: ...t the firewall enters user view and is ready for your configuration 4 2 Configuration Fundamentals 4 2 1 Basic Configuration Procedure Following are the basic steps that you can follow to configure th...

Page 38: ...as tracert and ping z Have detailed debugging information for network troubleshooting z Enter a command by only entering the conflict free keyword portion because the CLI interpreter supports fuzzy ke...

Page 39: ...boot the firewall Press Ctrl B when the system prompts Press Ctrl B to enter Boot Menu The system displays this message Please input Boot ROM password Caution z Press Ctrl B within three seconds afte...

Page 40: ...all You can select 7 in the Boot menu to enter the Boot ROM submenu as follows Boot ROM Operation Menu 1 Download Boot ROM with XModem 2 Download Extended Segment of Boot ROM with XModem 3 Restore Ext...

Page 41: ...115200 bps by entering 5 The following message appears Download speed is 115200 bps Change the terminal s speed to 115200 bps and select XModem protocol Press ENTER key when ready Step 3 Change your...

Page 42: ...downloading XModem download completed Packet length 8790321 bytes System file length 7868992 bytes http zip file length 921329 bytes Writing file flash system to FLASH Please wait it may take a long t...

Page 43: ...oot ROM operation menu to upgrade the extended segment of the Boot ROM using XModem Several speed options are available for you The subsequent steps are the same as those described in section 5 1 2 I...

Page 44: ...M Please wait Restoring Boot ROM program successed Step 3 When the Boot submenu appears again select 5 to exit and reboot the firewall 5 1 4 Upgrading an Application Program Using TFTP Upgrading an ap...

Page 45: ...f the gateway 10 110 95 117 Caution z The upgrade should be performed through interface ETH0 1 on the firewall z The item IP address of the server 192 168 1 10 must be set to the IP address of the TFT...

Page 46: ...ewall can update configuration files or upgrade application Boot ROM programs using FTP A user can upload download configuration files and application programs after passing the authentication The fol...

Page 47: ...ding environment using FTP H3C SecPath F100 Ethernet interface 10 110 10 10 24 0 S FTP Server WAN PC 10 110 20 13 24 FTP Client Router Ethernet interface 10 110 10 10 24 H3C SecPath F1000 S FTP Server...

Page 48: ...erver enable After the FTP server is enabled and the user is added onto the firewall any FTP client program can use the username and password to log onto the FTP server III Uploading Downloading an ap...

Page 49: ...e that the firewall has enough flash memory If the memory is not enough you need to use the delete unreserved command to permanently delete old version files or other files to save the memory space ot...

Page 50: ...ives the corresponding prompt The Web file name defaults to http zip 5 1 6 Modifying Boot ROM Password You can use the Boot menu of the firewall to change the Boot ROM password Start the firewall When...

Page 51: ...ment of Boot ROM This option is used for backward compatibility of version upgrade When the software version is correctly adopted for software upgrade but you still cannot operate successfully the sys...

Page 52: ...s Step 2 Remove the interface cables from the front of the chassis except for the grounding wire Step 3 Place the firewall on a flat table with the rear panel facing you Use a Phillips screwdriver to...

Page 53: ...hassis The company is not liable for any damage or consequence resulted from users operation without permission z Ensure that the firewall has no electricity before servicing the device to avoid bodil...

Page 54: ...mainboard component that you can expand and replace as needed Generally you need to expand a DDR SDRAM for z Upgrading the application program z Providing an adequate memory size for retaining a large...

Page 55: ...ank 6 3 1 Locating the DDR SDRAMs on the Mainboard When removing installing a DDR SDRAM make sure to identify the type of mainboard and the exact position of the DDR SDRAM See Table 6 1 for the types...

Page 56: ...AM into a memory bank press the positioning recess into the pin in the bank 6 3 2 Removing a DDR SDRAM Step 1 Locate the DDR SDRAM to be replaced on the mainboard Step 2 Press the clips at both sides...

Page 57: ...3 Step 2 Hold the DDR SDRAM by its non conductive top edge and place it in the desired memory bank Step 3 Exercise adequate pressure on the DDR SDRAM to press it into the bank Press the clips at both...

Page 58: ...ction 2 Install the six screws at these places Figure 6 5 Close the chassis cove Step 5 Tighten the six captive screws that are removed in steps 3 and 4 described in section 6 2 Opening the Chassis Co...

Page 59: ...ll is operating normally after it is powered up it displays the start up information on the console terminal If the configuration system has failed it displays illegible characters or nothing at all I...

Page 60: ...ad From Net 3 Exit to Main Menu Enter your choice 1 3 2 Starting the TFTP download Failed to connect the tftp server Please check the network setting Solution Check that z The TFTP server program is s...

Page 61: ...e Net Port Download Menu 1 Change Net Parameter 2 Download From Net 3 Exit to Main Menu Enter your choice 1 3 2 Starting the TFTP download The downloaded software is not a valid version Please downloa...

Page 62: ...port 1000Base LX 1000Base SX optical interface module 1GEF z 2 port 1000Base LX 1000Base SX optical interface module 2GEF z Security socket layer encryption module SSL 8 2 Installing and Removing an M...

Page 63: ...IM Step 5 Power up the firewall and check the state of the ACT LED for the slot on the firewall Blinking means the MIM is installed correctly Figure 8 1 Install the MIM I Figure 8 2 Install the MIM II...

Page 64: ...terface cables are used z The interfaces are working well by reading the interface LEDs z The configurations on the MIM are validated by executing the display command 8 4 1FE 2FE 4FE Module 8 4 1 Intr...

Page 65: ...ll Chapter 8 Multifunctional Interface Modules 8 4 Figure 8 3 1FE module II Appearance of the 2FE module Figure 8 4 shows the 2FE module Figure 8 4 2FE module III Appearance of the 4FE module Figure 8...

Page 66: ...tes 1FE module 2FE module 4FE module Connector RJ 45 Number of connectors 1 2 4 Cable type Straight through Ethernet cable Operating mode Full half duplex 10 100 Mbps auto sensing Frame format Etherne...

Page 67: ...8 4 5 Interface Cable I Ethernet cable The FE modules use category 5 twisted pair cables with RJ 45 connectors see Figure 8 9 Pins 1 and 2 of the connectors are for transmitting data and Pins 3 and 6...

Page 68: ...cabl Table 8 3 Straight through cable pinout RJ 45 Signal Category 5 twisted pair cable Direction of signal RJ 45 1 Tx White orange 1 2 Tx Orange 2 3 Rx White green 3 4 Blue 4 5 White blue 5 6 Rx Gree...

Page 69: ...connects a terminal device PC or router to another terminal device You make crossover cables by yourself Note In making network cables shielded cables are preferred for the sake of electromagnetic co...

Page 70: ...category 5 twisted pair cable z Three operating rates 1000 Mbps 100 Mbps and 10 Mbps with auto sensing z Full duplex mode 8 5 2 Appearance Figure 8 11 and Figure 8 12 show respectively the 1GBE and 2G...

Page 71: ...le 8 6 describes the LEDs on the 1GBE 2GBE module panel and how to read their state Table 8 6 LEDs on the 1GBE 2GBE module LED Description LINK OFF means no link is present ON means a link is present...

Page 72: ...ed pair cabl Ethernet cables are divided into two categories straight through and crossover z Straight through cable The sequences of the twisted pairs crimped in the RJ 45 connectors at both ends are...

Page 73: ...is present check the line for the cause 8 6 1GEF 2GEF Module 8 6 1 Introduction 1 2 port 1000Base LX 1000Base SX Ethernet optical interface module 1GEF 2GEF can provide the communications between the...

Page 74: ...ra long haul 1550 nm Min 9 5 dBm 9 dBm 2 dBm 4 dBm 4 dBm Trans mitter optical power Max 0 dBm 3 dBm 5 dBm 1 dBm 2 dBm Receiver sensitivity 17 dBm 20 dBm 23 dBm 21 dBm 22 dBm Central wavelength 850 nm...

Page 75: ...eans no packets are being transmitted received on the interface blinking means packets are being transmitted received on the interface 8 6 5 Interface Fiber Cable You can select the fiber cable with L...

Page 76: ...port on the module and the other end into the Tx port on the peer device Plug one end of another fiber cable into the Tx port on the module and the other end into the Rx port on the peer device Step...

Page 77: ...1 8 7 4 Panel and Module LEDs Figure 8 22 shows the panel of the SSL module Figure 8 22 SSL module panel Table 8 10 LEDs on the SSL module LED Description STATUS ON means module is not powered normal...

Page 78: ...uring the booting of the firewall Solution The ACTIVE LED should blink for two seconds and then become OFF during the booting of the firewall Solid OFF means that the module initialization fails The p...

Reviews:

No comments

Related manuals for H3C SECPATH F1000-S

NETGEAR FVG318v1 - ProSafe 802.11g Wireless VPN Firewall Switch Network Setup Manual preview
FVG318v1 - ProSafe 802.11g Wireless VPN Firewall Switch
Brand: NETGEAR Pages: 8
PaloAlto Networks PA-220R Hardware Reference Manual preview
PA-220R
Brand: PaloAlto Networks Pages: 40
PaloAlto Networks PA-5200 Series Hardware Reference Manual preview
PA-5200 Series
Brand: PaloAlto Networks Pages: 8
PaloAlto Networks VM-100 Deployment Manual preview
VM-100
Brand: PaloAlto Networks Pages: 72
PaloAlto Networks PA-5000 Series Hardware Reference Manual preview
PA-5000 Series
Brand: PaloAlto Networks Pages: 34
Smoothwall S10 Appliance Getting Started Manual preview
S10 Appliance
Brand: Smoothwall Pages: 17

Brands by name

Popular brands

Load more brands