H3C H3C SECPATH F1000-S страница 12 Скачать руководство пользователя | Manualshive

Страница: 12 / 78

background image

Installation Manual
H3C SecPath F1000-S Firewall

Chapter 1 Product Overview

1-1

Chapter 1 Product Overview

1.1 Brief Introduction

H3C SecPath F1000-S Firewall is a new-generation firewall intended for enterprise
users. It can act as the egress firewall for small and medium businesses and internal
firewall for large and medium enterprises.

H3C SecPath F1000-S Firewall provides four fixed 10/100/1000 Mbps auto-sensing
interfaces (with two electrical interfaces and two applicable to both optical and electrical
modes). It provides two multifunctional interface module (MIM) expansion slots, which
currently can accommodate 1FE/2FE/4FE/1GBE/2GBE/1GEF/2GEF/SSL module. It
adopts power redundancy solutions (AC+AC), provides inside-chassis temperature
detection, and supports network management and Web configuration to meet the
carrier-class reliability requirements.

It supports multiple attack prevention approaches, TCP proxy, internal network security,
traffic policing, URL filtering, Web page filtering, and email filtering, to effectively
safeguard your network.

It adopts the application specific packet filtering (ASPF) technology to monitor
connection process and malicious commands and works together with access control
lists (ACLs) to implement dynamic packet filtering.

It provides various intelligent analysis and management methods, supports email
alarming and multiple sorts of logs, and provides network management monitoring to
help network administrators perform network security management.

It supports authentication, authorization, accounting (AAA), network address
translation (NAT) , hybrid mode, and object oriented management to ensure security
and guaranteed services for the private networks constructed on the open Internet.

It supports multiple virtual private network (VPN) services, such as Layer 2 tunneling
protocol (L2TP) VPN, IP security (IPsec) VPN, generic routing encapsulation (GRE)
VPN, dynamic VPN, and multi-protocol label switching (MPLS) VPN, as well as
hardware encryption, and allows users to build various VPNs, like Internet, Intranet,
and remote access VPNs using customized remote-user access approaches, such as
ADSL dial-up, virtual LAN (VLAN), and tunneling.

It provides basic routing features, including routing information protocol (RIP), open
shortest path first (OSPF), border gateway protocol (BGP), routing policy and policy
routing, and also provides abundant QoS (quality of service) features, such as traffic
policing, traffic shaping and queue scheduling.

It supports deeper application recognition (DAR) to recognize and classify packets
more deeply, enhancing the control over data flows.

«
...
10
11
12
13
14
...
»

Содержание H3C SECPATH F1000-S

Страница 1: ...H3C SecPath F1000 S Firewall Installation Manual Hangzhou H3C Technologies Co Ltd http www h3c com Manual Version T2 08044J 20070622 C 1 03...

Страница 2: ...InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information i...

Страница 3: ...ption and configuration example H3C SecPath Series Security Products Web Based Configuration Manual It directs users to configure the H3C SecPath Series Firewalls in Web mode Organization H3C SecPath...

Страница 4: ...conventions Convention Description Boldface The keywords of a command line are in Boldface italic Command arguments are in italic Items keywords or arguments in square brackets are optional x y Alter...

Страница 5: ...Create Folder III Symbols Convention Description Warning Means reader be extremely careful Improper operation may cause bodily injury Caution Means reader be careful Improper operation may cause data...

Страница 6: ...unting Rack 2 3 2 2 Safety Precautions 2 3 2 3 Unpacking and Inspection 2 4 2 4 Tools Meters and Devices 2 4 Chapter 3 Hardware Installation 3 1 3 1 Installation Procedure 3 1 3 2 Mounting the Device...

Страница 7: ...SDRAMs on the Mainboard 6 4 6 3 2 Removing a DDR SDRAM 6 5 6 3 3 Installing a DDR SDRAM 6 6 6 4 Closing the Chassis Cover 6 6 6 5 Replacing an MIM 6 7 Chapter 7 Troubleshooting 7 1 7 1 Troubleshooting...

Страница 8: ...pearance 8 12 8 6 3 Interface Attributes 8 13 8 6 4 Panel and Interface LEDs 8 13 8 6 5 Interface Fiber Cable 8 14 8 6 6 Connecting the Interface Fiber Cable 8 15 8 7 SSL Module 8 15 8 7 1 Introductio...

Страница 9: ...e 4 3 Select serial interface 4 2 Figure 4 4 Set port parameters 4 3 Figure 4 5 Select emulation type 4 4 Figure 5 1 Send File dialog box 5 3 Figure 5 2 Sending File interface 5 4 Figure 5 3 Set up an...

Страница 10: ...9 Figure 8 12 2GBE module 8 9 Figure 8 13 1GBE module panel 8 10 Figure 8 14 2GBE module panel 8 10 Figure 8 15 Ethernet cable 8 11 Figure 8 16 Category 5 twisted pair cable 8 11 Figure 8 17 1GEF modu...

Страница 11: ...nt room 2 1 Table 2 2 Dust limit in the equipment room 2 2 Table 2 3 Limit of harmful gases in the equipment room 2 2 Table 3 1 Dimensions of the H3C SecPath F1000 S firewall 3 2 Table 6 1 Memory spec...

Страница 12: ...her with access control lists ACLs to implement dynamic packet filtering It provides various intelligent analysis and management methods supports email alarming and multiple sorts of logs and provides...

Страница 13: ...device management functions With the national and international standards dominant in China North America Europe Australia and Japan taken into consideration in its design the firewall complies with...

Страница 14: ...s dynamic random access memory DSRAM stores the communication data with the CPU and running system Flash memory stores application files exceptional information and configuration files Boot read only...

Страница 15: ...being transmitted received on the interface OFF means no packets are being transmitted received on the interface 1 2 4 Attributes of the Fixed Interfaces I Console port CON Table 1 3 Attributes of th...

Страница 16: ...long haul 1550 nm z Single mode ultra long haul 1550 nm They all provide LC interfaces and are hot swappable Table 1 5 shows the Ethernet interface attributes of the H3C SecPath F1000 S firewall Table...

Страница 17: ...have been approved by our company z Before performing switchover between electrical optical interfaces you need to first disable the rate and duplex mode configurations in the current mode electrical...

Страница 18: ...tallation Manual H3C SecPath F1000 S Firewall Chapter 1 Product Overview 1 7 z Security socket layer encryption module SSL For more information on the MIMs see Chapter 8 Multifunctional Interface Modu...

Страница 19: ...the CMOS circuit of the product The higher the temperature is the greater the damage to your device Long lasting high temperature can speed up the aging of the insulation materials greatly lower the d...

Страница 20: ...s present On the communication network connected to your device the static electricity mainly comes from the outside electric fields such as outdoor high voltage power cables and lightning and from th...

Страница 21: ...nd point of the power socket is well connected to the earth ground z Add a lightning arrester onto the front end of the power input to better protect the power supply from lightning strikes 2 1 6 Moun...

Страница 22: ...for the firewall 2 3 Unpacking and Inspection Check the arrived shipment against the packing list making sure all the items are included and in good condition Contact your agent for shortage or wrong...

Страница 23: ...Connect the power cord Connect the console terminal to device Verify the installation Power up the device Troubleshooting Power down the device Verify the installation Install MIM optional Power down...

Страница 24: ...o not place any heavy stuff on the device 3 2 2 Rack Mounting the Device The H3C SecPath Series Firewall can be placed in a standard 19 inch rack Table 3 1 shows its dimensions Table 3 1 Dimensions of...

Страница 25: ...es Caution When installing or using your firewall properly connect the grounding wire for lightning protection and anti interference The H3C SecPath Series Firewall provides a grounding screw which mu...

Страница 26: ...ng protection make sure that the firewall has a good ground connection when it is operating 3 5 Connecting to the Console Terminal I Console port On the H3C SecPath Series Firewall one RS 232 asynchro...

Страница 27: ...n and power up the devices The console terminal shows the startup information of the firewall if the connection is correct For details see Chapter 4 Booting and Configuration 3 6 Connecting the Ethern...

Страница 28: ...nectors All the optical transceivers are hot swappable Note A fiber connector as defined by the International Telecommunications Union ITU is a passive component that connects two or more fiber cable...

Страница 29: ...Connect the Ethernet electric port Caution Read the mark above the port carefully making sure it is the correct port Step 1 Connect one end of the Ethernet cable to the electric port of the 10 100 10...

Страница 30: ...the firewall and the Rx port on the peer device Step 2 Power up the firewall and check the state of the LINK LED of the Ethernet 0 1 interface On means the Rx link is present OFF means no Rx link is...

Страница 31: ...other end to the AC site power Step 3 Repeat Step 2 to connect the PWR1 Skip this step if you use only one PSU Step 4 Place the PWR0 switch to the ON position Step 5 Place the PWR1 switch to the ON po...

Страница 32: ...o the console port on the firewall and the DB9 connector to the serial interface on the console terminal as shown in Figure 4 1 RS 232 serial interface PC H3C SecPath F1000 S Console port Console cabl...

Страница 33: ...2 Set the terminal parameters Set the HyperTerminal parameters of Windows98 as follows 1 Select serial interface Select the serial interface to be used from the Connect Using drop down list as shown i...

Страница 34: ...serial interface parameters as follows z Bits per second 9600 z Data bits 8 z Parity None z Stop bits 1 z Flow control None Click OK and the HyperTerminal window appears Figure 4 4 Set port parameter...

Страница 35: ...rewall check that z Both the power cord and the grounding wire are correctly connected z Proper power supply is used z The console cable is correctly connected z The console terminal or PC has been st...

Страница 36: ...ation on LED state z The console terminal display is correct After powering up the firewall you can see the startup interface on the console terminal see section 4 1 3 Booting Process After the system...

Страница 37: ...t the firewall enters user view and is ready for your configuration 4 2 Configuration Fundamentals 4 2 1 Basic Configuration Procedure Following are the basic steps that you can follow to configure th...

Страница 38: ...as tracert and ping z Have detailed debugging information for network troubleshooting z Enter a command by only entering the conflict free keyword portion because the CLI interpreter supports fuzzy ke...

Страница 39: ...boot the firewall Press Ctrl B when the system prompts Press Ctrl B to enter Boot Menu The system displays this message Please input Boot ROM password Caution z Press Ctrl B within three seconds afte...

Страница 40: ...all You can select 7 in the Boot menu to enter the Boot ROM submenu as follows Boot ROM Operation Menu 1 Download Boot ROM with XModem 2 Download Extended Segment of Boot ROM with XModem 3 Restore Ext...

Страница 41: ...115200 bps by entering 5 The following message appears Download speed is 115200 bps Change the terminal s speed to 115200 bps and select XModem protocol Press ENTER key when ready Step 3 Change your...

Страница 42: ...downloading XModem download completed Packet length 8790321 bytes System file length 7868992 bytes http zip file length 921329 bytes Writing file flash system to FLASH Please wait it may take a long t...

Страница 43: ...oot ROM operation menu to upgrade the extended segment of the Boot ROM using XModem Several speed options are available for you The subsequent steps are the same as those described in section 5 1 2 I...

Страница 44: ...M Please wait Restoring Boot ROM program successed Step 3 When the Boot submenu appears again select 5 to exit and reboot the firewall 5 1 4 Upgrading an Application Program Using TFTP Upgrading an ap...

Страница 45: ...f the gateway 10 110 95 117 Caution z The upgrade should be performed through interface ETH0 1 on the firewall z The item IP address of the server 192 168 1 10 must be set to the IP address of the TFT...

Страница 46: ...ewall can update configuration files or upgrade application Boot ROM programs using FTP A user can upload download configuration files and application programs after passing the authentication The fol...

Страница 47: ...ding environment using FTP H3C SecPath F100 Ethernet interface 10 110 10 10 24 0 S FTP Server WAN PC 10 110 20 13 24 FTP Client Router Ethernet interface 10 110 10 10 24 H3C SecPath F1000 S FTP Server...

Страница 48: ...erver enable After the FTP server is enabled and the user is added onto the firewall any FTP client program can use the username and password to log onto the FTP server III Uploading Downloading an ap...

Страница 49: ...e that the firewall has enough flash memory If the memory is not enough you need to use the delete unreserved command to permanently delete old version files or other files to save the memory space ot...

Страница 50: ...ives the corresponding prompt The Web file name defaults to http zip 5 1 6 Modifying Boot ROM Password You can use the Boot menu of the firewall to change the Boot ROM password Start the firewall When...

Страница 51: ...ment of Boot ROM This option is used for backward compatibility of version upgrade When the software version is correctly adopted for software upgrade but you still cannot operate successfully the sys...

Страница 52: ...s Step 2 Remove the interface cables from the front of the chassis except for the grounding wire Step 3 Place the firewall on a flat table with the rear panel facing you Use a Phillips screwdriver to...

Страница 53: ...hassis The company is not liable for any damage or consequence resulted from users operation without permission z Ensure that the firewall has no electricity before servicing the device to avoid bodil...

Страница 54: ...mainboard component that you can expand and replace as needed Generally you need to expand a DDR SDRAM for z Upgrading the application program z Providing an adequate memory size for retaining a large...

Страница 55: ...ank 6 3 1 Locating the DDR SDRAMs on the Mainboard When removing installing a DDR SDRAM make sure to identify the type of mainboard and the exact position of the DDR SDRAM See Table 6 1 for the types...

Страница 56: ...AM into a memory bank press the positioning recess into the pin in the bank 6 3 2 Removing a DDR SDRAM Step 1 Locate the DDR SDRAM to be replaced on the mainboard Step 2 Press the clips at both sides...

Страница 57: ...3 Step 2 Hold the DDR SDRAM by its non conductive top edge and place it in the desired memory bank Step 3 Exercise adequate pressure on the DDR SDRAM to press it into the bank Press the clips at both...

Страница 58: ...ction 2 Install the six screws at these places Figure 6 5 Close the chassis cove Step 5 Tighten the six captive screws that are removed in steps 3 and 4 described in section 6 2 Opening the Chassis Co...

Страница 59: ...ll is operating normally after it is powered up it displays the start up information on the console terminal If the configuration system has failed it displays illegible characters or nothing at all I...

Страница 60: ...ad From Net 3 Exit to Main Menu Enter your choice 1 3 2 Starting the TFTP download Failed to connect the tftp server Please check the network setting Solution Check that z The TFTP server program is s...

Страница 61: ...e Net Port Download Menu 1 Change Net Parameter 2 Download From Net 3 Exit to Main Menu Enter your choice 1 3 2 Starting the TFTP download The downloaded software is not a valid version Please downloa...

Страница 62: ...port 1000Base LX 1000Base SX optical interface module 1GEF z 2 port 1000Base LX 1000Base SX optical interface module 2GEF z Security socket layer encryption module SSL 8 2 Installing and Removing an M...

Страница 63: ...IM Step 5 Power up the firewall and check the state of the ACT LED for the slot on the firewall Blinking means the MIM is installed correctly Figure 8 1 Install the MIM I Figure 8 2 Install the MIM II...

Страница 64: ...terface cables are used z The interfaces are working well by reading the interface LEDs z The configurations on the MIM are validated by executing the display command 8 4 1FE 2FE 4FE Module 8 4 1 Intr...

Страница 65: ...ll Chapter 8 Multifunctional Interface Modules 8 4 Figure 8 3 1FE module II Appearance of the 2FE module Figure 8 4 shows the 2FE module Figure 8 4 2FE module III Appearance of the 4FE module Figure 8...

Страница 66: ...tes 1FE module 2FE module 4FE module Connector RJ 45 Number of connectors 1 2 4 Cable type Straight through Ethernet cable Operating mode Full half duplex 10 100 Mbps auto sensing Frame format Etherne...

Страница 67: ...8 4 5 Interface Cable I Ethernet cable The FE modules use category 5 twisted pair cables with RJ 45 connectors see Figure 8 9 Pins 1 and 2 of the connectors are for transmitting data and Pins 3 and 6...

Страница 68: ...cabl Table 8 3 Straight through cable pinout RJ 45 Signal Category 5 twisted pair cable Direction of signal RJ 45 1 Tx White orange 1 2 Tx Orange 2 3 Rx White green 3 4 Blue 4 5 White blue 5 6 Rx Gree...

Страница 69: ...connects a terminal device PC or router to another terminal device You make crossover cables by yourself Note In making network cables shielded cables are preferred for the sake of electromagnetic co...

Страница 70: ...category 5 twisted pair cable z Three operating rates 1000 Mbps 100 Mbps and 10 Mbps with auto sensing z Full duplex mode 8 5 2 Appearance Figure 8 11 and Figure 8 12 show respectively the 1GBE and 2G...

Страница 71: ...le 8 6 describes the LEDs on the 1GBE 2GBE module panel and how to read their state Table 8 6 LEDs on the 1GBE 2GBE module LED Description LINK OFF means no link is present ON means a link is present...

Страница 72: ...ed pair cabl Ethernet cables are divided into two categories straight through and crossover z Straight through cable The sequences of the twisted pairs crimped in the RJ 45 connectors at both ends are...

Страница 73: ...is present check the line for the cause 8 6 1GEF 2GEF Module 8 6 1 Introduction 1 2 port 1000Base LX 1000Base SX Ethernet optical interface module 1GEF 2GEF can provide the communications between the...

Страница 74: ...ra long haul 1550 nm Min 9 5 dBm 9 dBm 2 dBm 4 dBm 4 dBm Trans mitter optical power Max 0 dBm 3 dBm 5 dBm 1 dBm 2 dBm Receiver sensitivity 17 dBm 20 dBm 23 dBm 21 dBm 22 dBm Central wavelength 850 nm...

Страница 75: ...eans no packets are being transmitted received on the interface blinking means packets are being transmitted received on the interface 8 6 5 Interface Fiber Cable You can select the fiber cable with L...

Страница 76: ...port on the module and the other end into the Tx port on the peer device Plug one end of another fiber cable into the Tx port on the module and the other end into the Rx port on the peer device Step...

Страница 77: ...1 8 7 4 Panel and Module LEDs Figure 8 22 shows the panel of the SSL module Figure 8 22 SSL module panel Table 8 10 LEDs on the SSL module LED Description STATUS ON means module is not powered normal...

Страница 78: ...uring the booting of the firewall Solution The ACTIVE LED should blink for two seconds and then become OFF during the booting of the firewall Solid OFF means that the module initialization fails The p...

Отзывы:

Нет отзывов

Похожие инструкции для H3C SECPATH F1000-S

Бренд: Clavister Страницы: 76

Бренд: Watchguard Страницы: 11

Бренд: ETIC Страницы: 38

Бренд: 3Com Страницы: 64

Бренд: Fortinet Страницы: 54

Бренд: Cisco Страницы: 18

Firepower 2100 Series

Бренд: Cisco Страницы: 12

Бренд: Cisco Страницы: 34

Бренд: Cisco Страницы: 12

PIX 520 - PIX Firewall 520

Бренд: Cisco Страницы: 58

Бренд: Cisco Страницы: 62

Бренд: Cisco Страницы: 30

Бренд: Cisco Страницы: 12

Бренд: Cisco Страницы: 46

Бренд: Cisco Страницы: 18

Бренд: Cisco Страницы: 14

Firepower 1100 Series

Бренд: Cisco Страницы: 44

Бренд: Cisco Страницы: 14

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды