H3C SecPath F50X0 Series Manual Download

Page: 1 / 41

H3C SecPath

Quick Deployment Guide

Document version: 6W100-20230724

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New
H3C Technologies Co., Ltd.

Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document
are the property of their respective owners.

The information in this document is subject to change without notice.

Summary of Contents for SecPath F50X0 Series

Page 1: ...anual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co Ltd Except for the trademarks of New H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners The information in this document is subject to change without notice ...

Page 2: ...ernet access through a specific IP address 12 Internet access through DHCP 16 Internet access through PPPoE 19 Internet access in transparent mode 23 Configuring signature library upgrade 24 Configuring automatic signature library upgrade 25 Triggering a signature library upgrade 28 Performing a manual signature library upgrade 32 Activating and installing a license for the first time 32 Configuri...

Page 3: ...the F100 C A1 device as an example The configuration interfaces and configurations might differ depending on the hardware model or software version This guide applies to the following models and versions F5000 series F5000 series Model F50X0 series F5010 F5020 F5040 F5030 F5030 6GW F5030 6GW G F5060 F5080 F5000 M F5000 A F5000 C F5000 S F5000 AI series F5000 AI 15 F5000 AI 20 F5000 AI 40 F1000 ser...

Page 4: ...he following ports on the front panel Two 1000BASE X Ethernet fiber ports Five 10 100 1000BASE T autosensing Ethernet copper ports including one management Ethernet port One USB port One console port One Micro SD card slot Figure 1 Front panel 1 10 100 1000BASE T copper ports 2 1000BASE X fiber ports 3 Console port 4 USB port host mode Type A 5 Micro SD card slot 6 Reset button 7 DC input power re...

Page 5: ...needed protecting one network against attacks and intrusions from another network You can configure the firewall to permit valid traffic and deny invalid traffic A firewall controls network traffic mainly based on security zones and security policies Interfaces and security zones As shown in Figure 3 you can configure security zones to implement security zone based security management A security z...

Page 6: ...ace to configure the device from a PC Trust Refers to the trusted security zone You can assign the interface connected to the internal network to security zone Trust and configure a security policy to perform threat detection on incoming packets from other security zones In this way you can protect internal hosts and strictly control outgoing packets destined for other security zones to prevent da...

Page 7: ...cy Configuring basic firewall settings Obtaining the factory default settings Table 1 shows the factory default settings of the device You can also obtain the default username and password of the device through the nameplate on the device Table 1 Factory default settings of the device Item Default Remarks Username admin N A Password admin N A Login type Device login from the Web interface Device l...

Page 8: ... zone to connect the carrier network for external communication To configure the device from the CLI use the console cable to connect the serial port on the management PC to the console port on the device for first login Figure 5 Connecting cables Logging in to the Web interface Restrictions and guidelines As a best practice using the following browsers Chrome 40 and higher Firefox 19 and higher I...

Page 9: ...ing or JavaScript depending on the Web browser If you are using an Internet Explorer browser you must enable the following security settings Script ActiveX controls marked safe for scripting Run ActiveX controls and plug ins To ensure correct display of webpage contents after software upgrade or downgrade clear data cached by the browser before you log in Procedure ...

Page 10: ...8 ...

Page 11: ...9 ...

Page 12: ...10 ...

Page 13: ...11 ...

Page 14: ...ides the following methods to fast access the Internet Specified IP address Obtains a fixed public network IP address from the carrier Users in the internal network must use this public network IP address to access the Internet DHCP The device dynamically obtains a public network IP address through the DHCP service provided by the carrier to access the Internet PPPoE The user can access the Intern...

Page 15: ...13 ...

Page 16: ...14 ...

Page 17: ...15 ...

Page 18: ...6 Internet access through DHCP The device dynamically obtains a public network IP address through the DHCP service provided by the carrier to access the Internet The configuration procedure is as follows ...

Page 19: ...17 ...

Page 20: ...18 ...

Page 21: ...19 Internet access through PPPoE The user can access the Internet through a PPPoE access authentication account obtained from the carrier The configuration procedure is as follows ...

Page 22: ...20 ...

Page 23: ...21 ...

Page 24: ...22 ...

Page 25: ...2 mode In this mode the device is typically deployed on the inner side of enterprise gateway The device is not directly connected to the Internet but is capable of monitoring and controlling network traffic for security purposes This mode does not require routing or NAT configuration and can implement fast device deployment and security service onboarding without changing the network structure The...

Page 26: ...t cannot upgrade the signature library The following methods are available for upgrading the signature library for a service module Automatic upgrade The device automatically downloads the most up to date signature file to upgrade its local signature library periodically Online upgrade The device downloads the most up to date signature file to upgrade its local signature library immediately after ...

Page 27: ...n the device cannot obtain the signature file automatically You must manually download the most up to date signature file and then use the file to upgrade the signature library on the device Configuring automatic signature library upgrade ...

Page 28: ...26 ...

Page 29: ...27 ...

Page 30: ...28 Triggering a signature library upgrade ...

Page 31: ...29 ...

Page 32: ...30 ...

Page 33: ...31 ...

Page 34: ...signature library upgrade Activating and installing a license for the first time Some features require a license to run on the device You must activate and install a license to use such a feature Configuring a security policy ...

Page 35: ...33 ...

Page 36: ...34 Restoring the factory defaults IMPORTANT Use this feature with caution This feature delete all configurations and files except bin files and license files ...

Page 37: ...35 ...

Page 38: ...36 Upgrading software Performing maintenance and diagnostics ...

Page 39: ...se this feature in routing mode In the initial configuration the quick wizard in routing mode automatically generates a NAT policy to ensure internal to external access You can directly use the NAT policy or configure different NAT policies based on the network requirements Figure 6 Network diagram for NAT For more information see the configuration guide for the product Device Trust Untrust Intern...

Page 40: ...establish a secure connection to an SSL VPN gateway through an SSL enabled browser to access protected resources behind the gateway Figure 8 Network diagram for SSL VPN For more information see the configuration guide for the product Hot backup Hot backup is a device level high availability HA solution It enables two devices to back up each other dynamically to ensure user service continuity upon ...

Page 41: ...ndby group VRID 4 Backup VRRP Active group VRID 3 Master VRRP GE1 0 2 10 1 1 2 24 Active group VRID 4 Master VRRP Standby group VRID 3 Backup VRRP Switch B Router Switch A Internet Untrust Trust VRID 3 10 1 1 3 24 VRID 4 10 1 1 4 24 VRID 2 2 1 1 4 24 VRID 1 2 1 1 3 24 GE1 0 7 2 1 1 15 24 GE1 0 3 10 2 1 2 24 GE1 0 3 10 2 1 1 24 Host 1 IP 10 1 1 100 24 Gateway 10 1 1 3 24 Host 3 IP 10 1 1 200 24 Gat...

Search results

Summary of Contents for SecPath F50X0 Series

Reviews:

Related manuals for SecPath F50X0 Series

Brands by name

Popular brands

H3C SecPath F50X0 Series, Manual

Search results

Summary of Contents for SecPath F50X0 Series

Reviews:

Related manuals for SecPath F50X0 Series

Brands by name

Popular brands