Forum Sentry Quick Start Guide | 7
•
Once the device is provisioned, access the WebAdmin interface via browser using
https://mgmt_IP:5050. The page will prompt for a license. Send all of that information to
to receive a license.
•
The WebAdmin interface is where you will build all runtime policies in Forum Sentry.
4. Forum Sentry Hardware Appliance Installation Procedures
The Forum Sentry appliances run the FIPS certified ForumOS™ operating system. Each appliance will need
to be racked and configured for network access. The user interfaces to the Sentry appliances are the CLI
(command line interface) accessible via SSH (network) or Serial console (physical) and the WebAdmin
interface available via HTTPS. There is no monitor, keyboard, or mouse access.
Each appliance has 3 network interfaces:
MGMT
for management traffic
WAN
for external traffic
LAN
for bridging to the internal network.
These interfaces can have IP addresses and Ports bound to them for various functions. Routing across the
interfaces is based on standard routing rules. The interfaces do not operate as a Network Switch, but rather
the interfaces will always consult the routing table to determine how to route packets. Be sure to plan your
IP addresses, netmask definitions, and static routes accordingly.
It is also important to determine how the network interfaces are to be used. The management port can be
set to any of the 3 interfaces, but is bound to the physical MGMT interface by default. If you choose to use
the dedicated MGMT interface for the management port, be sure that the MGMT network is properly
segmented and that no machines that can access the MGMT network can access the WAN or LAN
networks, otherwise you will be creating a network loop and can experience network issues.
The steps below provide a quick outline of installation procedure. For detailed instructions and for more
details on the networking options, please see the
Sentry Hardware Installation Guide
, and if you have a
Sentry HSM enabled appliance, please review the
Sentry HSM Quick Start Guide
.
1. Unpack and install the Sentry appliance into a rack unit.
2. Power on device and connect to the Serial port using the supplied null modem Serial cable.
3. Access the CLI via Serial console. The configuration wizard will appear.
4. If you are using an HSM enabled Sentry system, the configuration wizard will first request
initialization of the HSM Security World. Otherwise, skip to step 5. Connect the admin card
reader and prepare the Admin card set to initialize to the security world (or you can use an
already initialized admin card). It is recommended that you use at least 5 admin cards to
initialize a security world to ensure redundancy. The wizard will request passwords for each of
the admin cards. The admin card is only required when creating the security world. Each new
Sentry HSM hardware device can be initialized into an existing Security World to allow secure
storage of keying information only within the defined Security World.
5. Complete the initial configuration wizard by providing the administration user, the enable mode
password, and the topology mode. The most common topology mode used is
INLINE / 2 IP
INLINE / 2 IP
a) Connect the WAN port to your data network.
b) Connect the LAN port the other side of your data network.
c) Connect the MGMT port to your private management network
or
