Clavister SG4500 Series Скачать руководство пользователя | Manualshive

Страница: 51 / 87

background image

3.4. CLI Setup

This chapter describes the setup steps using CLI commands instead of the setup wizard.

The CLI is accessible in two ways:

•

Across the local network at default IP address

192.168.1.1

using an SSH (Secure Shell) client.

The network connection setup is the same as that described in

Section 3.2, “Web Interface and

Wizard Setup”

as is the way the workstation interface's static IP address must be set up so it is

on the same network as the Clavister Security Gateway's interface.

If there is a problem with workstation connection, a help checklist can be found in

“Troubleshooting Setup”

•

Using a terminal or computer running a console emulator connected directly to the local
RS-232 console port on the SG4500 Series. Performing console port connection is described
in the hardware installation manual for each Clavister hardware model.

The CLI commands listed below are grouped so that they mirror the options available in the
setup wizard.

Confirming the Connection

Once connection is made to the CLI, pressing the Enter key will cause CorePlus to respond. The
response will be a normal CLI prompt if connecting locally through the RS-232 console port and
a username/password combination will not be required (a password for this console can be set
later).

Device:/>

If

connecting

remotely

through

an

SSH

(Secure

Shell)

client,

an

administration

username/password must first be entered and the initial default values for these are username

admin

and password

admin

. When these are accepted by CorePlus, a normal CLI prompt will

appear and CLI commands can be entered.

Changing the Password

To change the administration username or password, use the

set

command to change the

current CLI object category (sometimes referred to as the

object context

) to be the

LocalUserDatabase

called

AdminUsers

.

Device:/> cc LocalUserDatabase AdminUsers
Device:/AdminUsers>

Tip: Using tab completion with the CLI

The tab key can be pressed at any time so that CorePlus gives a list of possible options in
a command.

Now set the username/password, which are case sensitive, to be the new chosen values for the
user called

admin

. In the example below, we change to the username

new_name

and password

new_pass

.

Device:/AdminUsers> set User Admin Name=new_name Password=new_pass

Chapter 3: CorePlus Configuration

51

«
...
49
50
51
52
53
...
»

Содержание SG4500 Series

Страница 1: ...lavister SG4500 Series Getting Started Guide Clavister AB Sj gatan 6J SE 89160 rnsk ldsvik SWEDEN Phone 46 660 299200 Fax 46 660 12250 www clavister com Published 2011 03 24 Copyright 2011 Clavister A...

Страница 2: ...Clavister reserves the right to revise this publication and to make changes from time to time in the content hereof without any obligation to notify any person or parties of such revision or changes...

Страница 3: ...Configuration 24 3 1 Management Workstation Connection 24 3 2 Web Interface and Wizard Setup 29 3 3 Manual Web Interface Setup 36 3 4 CLI Setup 51 3 5 Downgrading to 8 nn 59 3 6 Troubleshooting Setup...

Страница 4: ...ies Keypad and Display 11 2 1 A Typical SFP SFP Module 17 2 2 An Example of an SFP 1000 Base TX Module 17 2 3 Installing an SFP SFP Module 17 2 4 The SG4500 Series RS 232 Console Port 19 2 5 Rear View...

Страница 5: ...hand side of the page followed by a short paragraph in italicized text There are the following types of such sections Note This indicates some piece of information that is an addition to the preceding...

Страница 6: ...le For example http www clavister com Trademarks Certain names in this publication are the trademarks of their respective owners CorePlus is the trademark of Clavister AB Windows Windows XP Windows Vi...

Страница 7: ...pliance Open the packaging box used for shipping and carefully unpack the contents The delivered product packaging should contain the following 1 The Clavister SG4500 Series appliance 2 A mounting kit...

Страница 8: ...he SG4500 Series appliance is marked with the European Waste Electrical and Electronic Equipment WEEE directive symbol which is shown below The product and any of its parts should not be discarded of...

Страница 9: ...ical interface in the CorePlus software configuration Going from left to right the Ethernet interfaces are A set of 4 interfaces consisting of i 2 x Small Form Pluggable Plus SFP Ethernet interfaces w...

Страница 10: ...the link speed and has the following states Not lit dark if the link is 10 Mb Green if the link is 100 Mb Yellow if the link is 1 Gb USB Ports Next to the RS 232 port are 2 USB ports These ports are...

Страница 11: ...monstration mode then this is indicated along with how much time is left before timeout If CorePlus is in lockdown mode then this is shown CPU and Connections This shows the CPU load and the total num...

Страница 12: ...cal Ethernet interface present The information displayed for each interface is i The logical CorePlus interface name ii The current linkspeed iii If the link is full duplex FD or half duplex HD This i...

Страница 13: ...Chapter 1 Product Overview 13...

Страница 14: ...nstallation requires a different power cord than the one supplied with the appliance be sure to use a cord displaying the mark of the safety agency that defines the regulations for power cords in your...

Страница 15: ...evated dust levels can significantly reduce the operating lifetime of fans Note Detailed information concerning power supply range operating temperature range etc can be found at the end of this publi...

Страница 16: ...nces at the rear Important Use rear brackets for rack mounting It is strongly recommended that the rear brackets included with the SG4500 Series are fitted and used to support the appliance from the b...

Страница 17: ...d they must be purchased separately Figure 2 1 A Typical SFP SFP Module Figure 2 2 An Example of an SFP 1000 Base TX Module Installation of the different types of modules is usually done in a similar...

Страница 18: ...P support Important Cover unused SFP and SFP interfaces with dust caps The SG4500 Series SFP and SFP interfaces are covered with dust caps when the product is unpacked These prevent dust entering thei...

Страница 19: ...s done through a web browser as described in Section 3 2 Web Interface and Wizard Setup If the RS 232 port is used for setup no password is initially needed and the CLI commands required are described...

Страница 20: ...Connection Steps To connect a terminal to the console port follow these steps 1 Check that the console connection settings are configured as described above 2 Connect one of the connectors on the RS 2...

Страница 21: ...not fitted then the second PSU slot must be filled with a special PSU Filler Module component The filler module is necessary to prevent the alarm sounding because the hardware will detect only one act...

Страница 22: ...itial configuration is discussed in detail in Section 3 1 Management Workstation Connection Important Protecting Against Power Surges It is strongly recommended that the purchase and use of a separate...

Страница 23: ...Chapter 2 Installation 23...

Страница 24: ...rs in this manual before continuing Clavister s CorePlus network security operating system is preloaded on the hardware and will automatically boot up after power is supplied The Default Management In...

Страница 25: ...ace Alternatively CLI access can be through a console connected directly to the local RS 232 port on the SG4500 Series hardware Direct console connection is described in Section 2 3 Console Port Conne...

Страница 26: ...are on the same IP network This means the workstation interface should be first assigned the following static IP addresses IP address 192 168 1 30 Subnet mask 255 255 255 0 Default gateway 192 168 1...

Страница 27: ...be entered later To browse the Internet from the management workstation via the security gateway then it is possible to go back to the last step s properties dialog later and enter DNS server IP addr...

Страница 28: ...Platforms The following appendixes describe management workstation IP setup for other platforms Appendix C Vista IP Setup Appendix D Windows 7 IP Setup Appendix E Apple Mac IP Setup Chapter 3 CorePlus...

Страница 29: ...mporarily turned off to allow the setup wizard to run If there is no response from CorePlus and the reason is not clear refer to the help checklist in Section 3 6 Troubleshooting Setup The CorePlus Se...

Страница 30: ...ate screen and run again by choosing the Setup Wizard option from the Web Interface toolbar Once any configuration changes have been made and activated either through the wizard Web Interface or CLI t...

Страница 31: ...d as shown below It is recommended that this is always done and the new username password is remembered if these are forgotten restoring to factory defaults will restore the original admin admin combi...

Страница 32: ...ould be entered in the next wizard screen All fields need to be entered except for the Secondary DNS server field 4B DHCP automatic configuration All required IP addresses will automatically be retrie...

Страница 33: ...ically after connection with PPTP Wizard step 5 DHCP server settings If the Clavister Security Gateway is to function as a DHCP server it can be enabled here in the wizard on a particular interface or...

Страница 34: ...ce In this setup this corresponds to 192 168 1 1 The DNS server specified should be the DNS supplied by your ISP When specifying a hostname as a server instead of an IP address the hostname should be...

Страница 35: ...er Registration Key to register the key also referred to as the License Number For the SG4500 Series this key can be found written on a label on the underside or back of the appliance The license cent...

Страница 36: ...capabilities may be different any interface can perform any logical function With the SG4500 Series the ge1 interface is the default management interface The other interfaces can be used as required F...

Страница 37: ...dns Once the values are set correctly we can press the OK button to save the values while we move on to more steps in CorePlus configuration Although changed values like this are saved by CorePlus th...

Страница 38: ...s It is up to the administrator to decide how many changes to make before activating a new configuration Sometimes activating configuration changes in small batches can be appropriate in order to chec...

Страница 39: ...both belong is 10 5 4 0 24 Note Private IP addresses are used for example only Each installation s IP addresses will be different from these IP addresses but they are used here only to illustrate how...

Страница 40: ...IP address objects The folder name can be chosen to indicate the folder s contents Now click the Add button at the top left of the list and choose the IP4 Address option to add a new address to the f...

Страница 41: ...inimum of the following two CorePlus configuration objects to exist before it can flow through the Clavister Security Gateway An IP rule defined in a CorePlus IP rule set that explicitly allows traffi...

Страница 42: ...make the service in an IP rule as restrictive as possible to provide the best security possible Custom service objects can be created and new service objects can be created which are combinations of...

Страница 43: ...d earlier after setting up the required IP4 Address objects Note Disabling automatic route generation Automatic route generation is enabled and disabled with the setting Automatically add a default ro...

Страница 44: ...oute has to be added to the main CorePlus routing table which specifies that the network all nets can be found on the interface connected to the ISP and this route must also have the correct Default G...

Страница 45: ...el since there is no IP rule defined that allows it As was done in option A above we must define an IP rule that will allow traffic from a designated source interface and source network in this exampl...

Страница 46: ...lso automatically deleted At this point no traffic can flow through the tunnel since there is no IP rule defined that allows it As was done in option A above we must define an IP rule that will allow...

Страница 47: ...m and this is configured in CorePlus Syslog is one of the most common server types First we create an IP4 Address object called for example syslog_ip which is set to the IP address of the server We th...

Страница 48: ...ppear and we can add a rule in this case called allow_ping_outbound The IP rule again has the NAT action and this is necessary if the protected local hosts have private IP addresses The ICMP requests...

Страница 49: ...gging box All log messages generated by this rule will be given the selected severity and which will appear in the text of the log messages It is up to the administrator to choose the severity and dep...

Страница 50: ...ay To do this download a license as described in the last part of Section 3 2 Web Interface and Wizard Setup This license can then be uploaded directly to CorePlus by selecting the License option from...

Страница 51: ...l cause CorePlus to respond The response will be a normal CLI prompt if connecting locally through the RS 232 console port and a username password combination will not be required a password for this...

Страница 52: ...logically equal for CorePlus and although their physical capabilities may be different any interface can perform any logical function With the SG4500 Series the ge1 interface is the default managemen...

Страница 53: ...nitial startup of the SG4500 Series CorePlus automatically creates and fills the InterfaceAddresses folder in the CorePlus address book with the interface related IP address objects When we specify an...

Страница 54: ...lic Internet Device main add IPRule name lan_to_wan Action Allow SourceInterface ge3 SourceNetwork InterfaceAddresses ge3_net DestinationInterface ge2 DestinationNetwork all nets Service http all This...

Страница 55: ...t Gateway IP address specified This all nets route is added automatically by CorePlus during the DHCP address retrieval process Automatic route generation is a setting for each interface that can be m...

Страница 56: ...ute with the PPTP tunnel to allow traffic to flow through it and this is automatically created in the main routing table when the tunnel is defined The destination network for this route is the Remote...

Страница 57: ...s case ge3_ip NTP Server Setup Network Time Protocol NTP servers can optionally be configured to maintain the accuracy of the system date and time The command below sets up synchronization with the tw...

Страница 58: ...er to gain control over the logging of dropped traffic it is recommended to create a drop all rule as the last rule in the main IP rule set This rule has an Action of Drop with the source and destinat...

Страница 59: ...Downgrading to 8 nn The SG4500 Series comes preinstalled with a 9 nn CorePlus version and this cannot be downgraded since the hardware does not support 8 nn versions Chapter 3 CorePlus Configuration...

Страница 60: ...correctly 4 Is the management interface properly connected Check the link indicator lights on the management interface If they are dark then there may be a cable problem 5 Check the cable type connec...

Страница 61: ...using the console command Device arpsnoop all This will show the ARP packets being received on the different interfaces and confirm that the correct cables are connected to the correct interfaces Cha...

Страница 62: ...h combinations of the source destination interface network combined with protocol type By default no IP rules are defined so all traffic is dropped At least one IP rule needs to be defined before traf...

Страница 63: ...n Courses For details about classroom and online CorePlus education as well as CorePlus certification visit the Clavister company website at http www clavister com or contact your local sales represen...

Страница 64: ...Chapter 3 CorePlus Configuration 64...

Страница 65: ...n The SG4500 Series does not need both PSUs fitted The appliance can operate correctly with just one PSU fitted If this is the case the second PSU slot should be filled with a special PSU Filler Modul...

Страница 66: ...ower cord is inserted and external power is applied Important Dusty environments reduce PSU fan lifetimes SG4500 Series PSU fans are designed to work in environments with reasonable air quality Elevat...

Страница 67: ...e 4 3 The PSU Status LED Swapping a PSU To swap a failed PSU 1 Switch off the power source to the faulty PSU This may be done by simply unplugging the power cable from a wall socket 2 Remove the power...

Страница 68: ...er cord into a wall socket 8 The new PSU s green light will illuminate indicating normal operation and the audible alarm will stop if it hasn t already been switched off Tip Having spare PSUs onsite H...

Страница 69: ...es fans are designed to work in environments with reasonable air quality Elevated dust levels in the surrounding air can substantially reduce the operating lifetimes of fan modules Identifying Failure...

Страница 70: ...fans modules 3 The fans are secured in place by a simple spring mechanism on each module s left and right side and this will release the module if sufficient outward even force is applied Each module...

Страница 71: ...he fan will begin to spin immediately 6 Replace the metal grill by locating its two tabs into the locating holes on the left and secure it by screwing back the retaining screw by hand The retaining sc...

Страница 72: ...Chapter 4 Product Maintenance 72...

Страница 73: ...eplacement Hardware will be warranted for the remainder of the original warranty period or thirty days whichever is longer Note that the term Start Date means the earlier of the product registration d...

Страница 74: ...r memory data contained in stored on or integrated with any product returned to Clavister pursuant to this warranty Contacting Clavister Should there be a problem with the online form then Clavister s...

Страница 75: ...er serviceable parts inside these products Only service trained personnel can perform any adjustment maintenance or repair S kerhetsf reskrifter Dessa produkter r s kerhetsklassade enligt klass I och...

Страница 76: ...elle zu den Ger teingabeterminals den Netzkabeln oder dem mit Strom belieferten Netzkabelsatz voraus Sobald Grund zur Annahme besteht dass der Schutz beeintr chtigt worden ist das Netzkabel aus der Wa...

Страница 77: ...rna de puesta a tierra Es preciso que exista una puesta a tierra continua desde la toma de alimentac on el ctrica hasta las bornas de los cables de entrada del aparato el cable de alimentaci n hasta h...

Страница 78: ...491 hours Regulatory and Safety Standards Safety UL CE EMC FCC class A CE class A VCCI class A Environmental Humidity 20 to 95 noncondensing Operational Temperature 0 to 45 C Vibration 0 41 Grms2 3 50...

Страница 79: ...Appendix B Declarations of Conformity 79...

Страница 80: ...Appendix B Declarations of Conformity 80...

Страница 81: ...ateway s address of 192 168 1 1 The IP address 192 168 1 30 will be used for this purpose and the steps to set this up with Vista are as follows 1 Press the Windows Start button 2 Select the Control P...

Страница 82: ...se the following IP address and enter the following values IP Address 192 168 1 30 Subnet mask 255 255 255 0 Default gateway 192 168 1 1 DNS addresses can be entered later once Internet access is esta...

Страница 83: ...ay s address of 192 168 1 1 The IP address 192 168 1 30 will be used for this purpose and the steps to set this up with Windows 7 are as follows 1 Press the Windows Start button 2 Select the Control P...

Страница 84: ...the following IP address and enter the following values IP Address 192 168 1 30 Subnet mask 255 255 255 0 Default gateway 192 168 1 1 DNS addresses can be entered later once Internet access is establ...

Страница 85: ...ity Gateway To do this a selected Ethernet interface on the Mac must be configured correctly with a static IP The setup steps for this with Mac OS X are 1 Go to the Apple Menu and select System Prefer...

Страница 86: ...5 Now set the following values IP Address 192 168 1 30 Subnet Mask 255 255 255 0 Router 192 168 1 1 6 Click Apply to complete the static IP setup Appendix E Apple Mac IP Setup 86...

Страница 87: ...Clavister AB Sj gatan 6J SE 89160 rnsk ldsvik SWEDEN Phone 46 660 299200 Fax 46 660 12250 www clavister com...

Отзывы:

Нет отзывов

Похожие инструкции для SG4500 Series

Бренд: Qualys Страницы: 2

Бренд: TC Electronic Страницы: 55

Бренд: TC Electronic Страницы: 174

Finalizer Express

Бренд: TC Electronic Страницы: 33

EK-FC1080 GTX Ti TF6

Бренд: ekwb Страницы: 2

Бренд: WHOOP Страницы: 26

InterReach Fusion SingleStar

Бренд: LGC wireless Страницы: 154

DesignCore RVP-TDA3 Series

Бренд: D3 Страницы: 34

Бренд: MC Страницы: 21

Бренд: National Instruments Страницы: 130

3C8567 - SuperStack II NETBuilder SI 567...

Бренд: 3Com Страницы: 6

Бренд: Abit Страницы: 22

Suzie-Q 541.35.520

Бренд: Hafele Страницы: 12

LinkStation 500

Бренд: Buffalo Страницы: 139

Бренд: Idis Страницы: 40

Gen3 Ethernet Module

Бренд: NCD Страницы: 18

Бренд: 3Com Страницы: 63

Бренд: ZALMAN Страницы: 12

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды