Page 1
01
Unpack the Appliance
Verify the contents of the shipping package for the ProxySG appliance.
SG S200
SG S400
SG S500
AC power cords (number included)
1
2
2
Grounding hardware
√
Null-modem serial cable
√
√
√
Two/four post slide-rail kit
Optional
√
√
Rack-mount ears
√
√
Safety and Regulatory Compliance Guide
√
√
√
Quick Start Guide
(this document)
√
√
√
Software License Agreement
√
√
√
Hardware Warranty
√
√
√
02
Connect Cables
Symantec recommends plugging in cables, verifying LEDs, and configuring and licensing
the appliance before rack-mounting. If you would rather rack-mount the appliance before
performing configuration tasks, skip to
Step 6—Rack-Mount the Appliance
.
The following procedure describes a typical in-line deployment for SG S200, SG S400, and
SG S500 appliances (as shown in the above illustration). For information on other deployments,
see the
First Steps WebGuide
at:
http://www.symantec.com/docs/DOC9779
Note:
Network cables are not included with the appliance. Make sure to use only straight-through
Ethernet cables. For 1000Base-T operation, Symantec recommends Category 5E cables or better
(Category 6 or 6A) for distances of 330 feet (100 meters).
To deploy the appliance and connect its cables:
a.
Disconnect the Ethernet cable (if there is one) between the LAN switch and WAN router.
b.
Connect the appliance to the LAN switch with a network cable:
o
For
SG S200
and
SG S400
appliances, connect the
2:1
port to the LAN switch.
o
For
SG S500
appliances, connect the
1:1
port to the LAN switch.
o
The appliance auto-negotiates 10/100/1000 Base-T speed and duplex settings.
c.
Connect the appliance to the WAN router with a network cable:
o
For
SG S200
and
SG S400
appliances, connect the
2:0
port to the WAN router.
o
For
SG S500
appliances, connect the
1:0
port to the WAN router.
d.
Connect the appliance’s
DB9 seria
l port to a serial terminal or workstation with terminal
emulation software. Use the included null-modem cable. The serial connection is used to
perform the appliance’s initial configuration.
e.
For
SG S500
appliances, attach the
lug-equipped end of the included
grounding wire (10 AWG) to both
grounding studs on the appliance,
securing it with the star washers
and M5 nuts. Attach the other end
of the grounding wire to a proper
earth-ground.
f.
Connect the included AC power cord to the appliance’s power inlet on the rear panel.
Connect the other end of the power cord to a power source. If the appliance has a second
(redundant) power supply, connect it as well.
03
Power on the Appliance and Verify LEDs
To verify the appliance is operational:
a.
Confirm the appliance’s power cords are securely connected to a power source.
b.
If the appliance does not automatically power on, press the rear soft power switch.
Note:
The state of the appliance’s soft power switch (on or off) is retained when power is
removed. This may necessitate pressing the power switch when reapplying power to the
appliance.
c.
As the appliance boots, verify the following:
o
The Power LED turns amber.
o
Near the end of the boot cycle, the Power LED alternates between amber and green,
indicating an unconfigured state.
o
Following the initial configuration (see
Step 4
), the Power LED turns green. In addition, the
LCD displays system statistics, which can be scrolled through with the Left/Right Arrows.
The front-panel LEDs indicate the following states:
:
o
Power LED
(
•
) Off: Powered off
(
•
) Amber: Booting
(
•
) Amber/green alternating: Unconfigured
(
•
) Green: Powered on and configured
o
Sys Status LED
(
•
) Off: No status
(
•
) Green: Healthy
(
•
) Amber: Warning
(
*
) Amber blinking: Critical (or not licensed)
04
Perform the Initial Configuration
You must have the following network information to initialize the appliance:
o
Appliance IP address
o
Link settings (speed and duplex)
o
Primary DNS server IP address
o
Admin ID and password
o
Default Gateway IP address
o
Director IP address (if using Director)
o
Subnet mask
To perform the initial configuration for the appliance:
a.
Confirm the appliance’s DB9 serial port is connected to a serial terminal or workstation with
terminal emulation software.
b.
Open a terminal emulation program such as Microsoft HyperTerminal®, PuTTY, Tera Term, or
ProComm™.
c.
Configure the terminal emulation software to use the following settings:
o
Baud rate:
9600 bps
o
Data bits:
1
o
Parity:
none
o
Stops bits:
8
o
Flow control:
none
d.
Power on the appliance (if it is not already powered on) and, when prompted, press
Enter
three times.
e.
Select how the appliance will be configured:
o
Manual Setup:
Configures the appliance with the Initial Configuration Wizard.
o
Director-Managed Setup:
Configures the application with Director. You will need the
Director IP address and registration password for this option. For more information, refer
to the manufacturer’s instructions included with Director.
f.
Select how the appliance will be licensed:
o
Caching Proxy:
The appliance will be deployed with a Mach5 license, which enables the
Sky Management Console, a simplified web interface that provides WAN acceleration and
reporting. This option requires that you specify one of the following deployments:
•
Physically in-path
•
Virtually in-path with WCCP
o
Forward Proxy:
Filters traffic inside the network, allowing users to browse the Internet
through the proxy.
o
Reverse Proxy:
Directs traffic to web application servers inside the network, while
protecting them from threats.
g.
When prompted, enter network configuration parameters. If the appliance is connected to
a network, the
Initial Configuration Wizard
attempts to verify the DNS server address and
auto-detect link settings.
Warning:
Symantec recommends assigning each administrator a unique user ID and password and
storing this information in a secure location. For more information, see the
SGOS Administration
Guide
https://support.symantec.com/en_US/Documentation.html
Note:
Following the initial configuration, the System Status LED blinks amber, indicating the
appliance has not yet been licensed (see
Step 5
).
05
License the Appliance
After the appliance is configured for network access, complete the installation by licensing the
appliance. The ProxySG appliance relies on a base license that includes the primary operating
components of the proxy, and add-on licenses that include optional components, such as
GeoLocation, Web Application Firewall, and WebFilter.
To license the appliance:
a.
Open a browser and enter the appliance’s IP address and port number. For example, an IP
address of 192.168.2.42 with a port number of 8082 (the default) translates to the URL:
https://192.168.2.42:8082
b.
When prompted, enter the administrator
User ID
and
Password
previously specified during
the initial configuration. The Management Console opens.
c.
Activate the base license:
o
In the Management Console, navigate to the
Maintenance > Licensing > Install
tab.
o
Click
Retrieve
. The appliance contacts the Symantec licensing server and the base
license is installed.
d.
Activate the add-on licenses, if any were purchased:
o
Go to
and log in with MySymantec credentials.
o
Choose
Licensing > Network Protection (Blue Coat) Licensing
.
o
Enter the
Activation Code
included in your e-fulfilment letter and click
Next
.
o
Enter the appliance’s serial number and click
Next
.
o
Follow the on-screen prompts to complete the activation.
o
Repeat these steps to install any additional add-on licenses.
e.
Download and install the updated license:
o
In the Management Console, navigate to the
Maintenance > Licensing > Install
tab.
o
Click
Retrieve
. The appliance contacts the Symantec licensing server and the updated
license is installed.
Quick Start Guide
ProxySG S200, S400, S500
Router
Switch
Main Site
LAN
ProxySG Appliance
