Netgate SG-2100 Скачать руководство пользователя страница 12

Страница: 12 / 70

Security Gateway Manual

SG-2100

Section 4

Shows the various menu headings. Each menu heading has drop-down options for a wide range of config-

uration choices.

3.2 Re-running the Setup Wizard

To re-run the Setup Wizard, navigate to

System > Setup Wizard

Fig. 2: Re-run the Setup Wizard

3.3 Backup and Restore

It is important to backup the firewall configuration prior to updating or making any configuration changes. From the
menu at the top of the page, browse to

Diagnostics > Backup/Restore

Click

Download configuration as XML

and save a copy of the firewall configuration to the computer con-

nected to the Netgate firewall.

This backup (or any backup) can be restored from the same screen by choosing the backed up file under

Restore

Configuration

Note:

Auto Config Backup is a built-in service located at

Services > Auto Config Backup

. This service will save

up to 100 encrypted backup files automatically, any time a change to the configuration has been made. Visit the

Auto

Config Backup

page for more information.

Содержание SG-2100

Страница 2: ...24 7 Connecting to the Console Port 27 8 Reinstalling pfSense Plus Software 36 9 Optional M 2 SATA Installation 40 10 Configuring the Switch Ports 44 11 Configuring an OPT interface as an additional...

Страница 3: ...Appliance It will provide the information needed to keep the appliance up and running Tip Before getting started a good practice is to download the PDF version of the Product Manual and the PDF versio...

Страница 4: ...nd Output Ports section of the Netgate appliance The other end of the same cable should be inserted into a LAN port on the ISP CPE device such as a cable or fiber modem If the CPE device provided by t...

Страница 5: ...WAN and LAN so if the default IP address on the ISP supplied modem is also 192 168 1 1 24 disconnect the WAN interface until the LAN interface on the firewall has been renumbered to a different subne...

Страница 6: ...nterface Open a web browser Google Chrome in this example and enter 192 168 1 1 in the address bar Press Enter Fig 1 Enter the Default LAN IP Address 2 A warning message may appear If this message or...

Страница 8: ...ddress Timezone Select the time zone for the location of the firewall For this guide the Timezone will be set to America Chicago for US Central time 5 The WAN interface is the Public IP address the ne...

Страница 10: ...seconds a message will indicate the Setup Wizard has completed To proceed to the pfSense Plus dashboard click Finish 10 A final notification screen will appear with the Copyright and Trademark Notice...

Страница 11: ...e Dashboard pfSense Plus software is highly configurable all of which can be done through the dashboard This orientation will help to navigate and further configure the firewall Fig 1 The pfSense Plus...

Страница 12: ...at the top of the page browse to Diagnostics Backup Restore Click Download configuration as XML and save a copy of the firewall configuration to the computer con nected to the Netgate firewall This ba...

Страница 14: ...e access has been locked out or the password has been lost or forgotten See also Connecting to the Console Port Cable is required Tip To learn more about getting the most out of a Netgate appliance si...

Страница 15: ...rnet and Other Ports 4 1 1 Routed Ethernet The WAN Combo Port is shared between an RJ 45 port and an SFP port Only one port can be used Interface Name Port Name WAN mvneta0 LED Pattern Description Lef...

Страница 16: ...ly green Left Flashes with 10Mb traffic solid with link Warning The LAN ports do not support the Spanning Tree Protocol STP Two or more ports connected to another Layer 2 switch or connected to 2 or m...

Страница 17: ...Cellular modems GPS units and storage devices Though the operating system also supports wired and wireless network devices these are not ideal and should be avoided 4 2 Front Side Fig 2 Front view of...

Страница 18: ...alified service technician 3 This equipment is provided with a detachable power cord which has an integral safety ground wire intended for connection to a grounded safety outlet a Do not substitute th...

Страница 19: ...B Canada 5 5 Australia and New Zealand This is a AMC Compliance level 2 product This product is suitable for domestic environments 5 6 CE Marking CE marking on this product represents the product is...

Страница 20: ...ida y eliminaci n de residuos de su zona o pregunte en la tienda donde adquiri el producto 5 7 4 Fran ais La directive europ enne 2002 96 CE exige que l quipement sur lequel est appos ce symbole sur l...

Страница 21: ...declares that this NETGATE device is in compliance with the essential requirements and other relevant provisions of Directive 1999 5 EC 5 8 5 Eesti Estonian K esolevaga kinnitab NETGATE seadme NETGATE...

Страница 22: ...ni pertinenti stabilite dalla direttiva 1999 5 CE 5 8 12 Latviski Latvian Ar o NETGATE deklar ka NETGATE device atbilst Direkt vas 1999 5 EK b tiskaj m pras b m un citiem ar to saist tajiem noteikumie...

Страница 23: ...s da Directiva 1999 5 CE 5 8 21 Rom na Romanian Prin prezenta NETGATE declara ca acest dispozitiv NETGATE este n conformitate cu cerint ele esent iale s i alte prevederi relevante ale Directivei 1999...

Страница 24: ...tor may be enforced by the courts located in Austin Texas or any other court having jurisdiction over you 5 11 Site Policies Modification and Severability Please review our other policies such as our...

Страница 25: ...ITNESS FOR A PAR TICULAR PURPOSE RCL AND ESF DO NOT WARRANT THAT THE PRODUCTS SERVICES INFORMA TION CONTENT MATERIALS PRODUCTS INCLUDING SOFTWARE OR OTHER SERVICES INCLUDED ON OR OTHERWISE MADE AVAILA...

Страница 26: ...PTER SIX NETGATE 2100 WALL MOUNT The Netgate 2100 has built in wall mount keyholes on the bottom of the appliance This page provides an overview and a PDF template for attaching the system to the wall...

Страница 27: ...the weight of the cables on the ports Click on the button below to download the Wall Mount Template Print the template out at 100 Scale for it to be accurate Note The 100 Scale setting varies by prin...

Страница 29: ...workstation used to connect with the device Windows There are drivers available for Windows available for download macOS There are drivers available for macOS available for download For macOS choose...

Страница 30: ...tter to wait until the terminal is open before connecting power so the client can view the entire boot output 7 4 Locate the Console Port Device The appropriate console port device that the workstatio...

Страница 31: ...ciated with the system console is likely to show up as dev ttyUSB0 Look for messages about the device attaching in the system log files or by running dmesg Note If the device does not appear in dev se...

Страница 32: ...BSD For FreeBSD the best practice is to run GNU screen or cu An example of how to configure GNU screen is below 7 5 1 Client Specific Examples PuTTY in Windows Open PuTTY and select Session under Cate...

Страница 34: ...le port 115200 Note The sudo command will prompt for the local workstation password of the current account If portions of the text are unreadable but appear to be properly formatted the most likely cu...

Страница 35: ...Missing With a USB serial console there are a few reasons why the serial port may not be present in the client operating system including No Power Some models require power before the client can conne...

Страница 36: ...e proper console e g ttyS1 in Linux Consult the various operating install guides on this site for further information 7 7 3 PuTTY has issues with line drawing PuTTY generally handles most cases OK but...

Страница 37: ...See No Serial Output Device OS Serial Console Settings Ensure the installed operating system is configured to activate the serial console and that it is configured for the proper console e g ttyS1 in...

Страница 38: ...USB memstick is covered in detail under Writing Flash Drives 3 Connect to the console port of the Netgate device 4 Insert the memstick into the USB port and boot the system Tip The best practice is t...

Страница 41: ...wer to complete the installation Remove the power cable from the Netgate SG 2100 and plug it back in See also For information on restoring from a previously saved configuration go to Backup and Restor...

Страница 42: ...overed by the hardware warranty Note pfSense Plus software must be reinstalled on the M 2 SATA drive By default the M 2 SATA drive will then be the first drive recognized by pfSense Plus software Note...

Страница 43: ...scratched Identify where the M 2 SATA drive slot is located and remove the screw from the standoff Note If the standoff turns while attempting to remove the screw hold the standoff with a fine pair o...

Страница 44: ...ff 5 Place the cover back on and turn the Netgate 2100 over Replace the four 4 T10 Torx case screws Be careful not to crossthread the screws or overtighten them 6 Reinstall the pfSense Plus software o...

Страница 46: ...d to suit other requirements SG 2100 Ethernet Port LAN4 IP Address Assignment 192 168 100 1 24 VLAN Tag 4084 VLAN tags should be 4081 4084 for LAN Ports 1 4 Note When connecting to the GUI do NOT conn...

Страница 47: ...the Description Click Save Note This guide uses 4084 as an example The value for the tags must be unique for each VLAN and must be between 1 and 4094 Avoid using values that are already in use Best p...

Страница 48: ...Interface that matches the new VLAN being created 10 Check the Enable Interface check box 11 Change the IPv4 Configuration Type from None to Static IPv4 12 Scroll down and make the IPv4 Address 192 1...

Страница 49: ...14 Click Apply Changes 15 Go to Interfaces Switches 16 Go to the VLANs tab Click in the Enable 802 1q VLAN mode check box and click Save The table will change to reflect the new mode 17 Click Add Tag...

Страница 50: ...N Tag and 4 for Member s This represents LAN4 port 4 and tagged should be unchecked 19 Click Add Member to add the LAN Uplink 5 This member should be tagged as shown 20 Click Save 21 Click on beside V...

Страница 51: ...the new VLAN ID 26 Click Save This completes the configuration of a discrete port on the Netgate SG 2100 By default all traffic is blocked Create the appropriate firewall rules to allow the traffic Go...

Страница 52: ...rview This guide configures an OPT port as an additional WAN type interface These interfaces connect to upstream networks providing connectivity to the Internet or other remote destinations See also M...

Страница 53: ...er corresponding to the internal interface designation For example if there are no current OPT interfaces the new interface will be OPT1 The next will be OPT2 and so on Note As this guide does not kno...

Страница 54: ...ll rules on WAN type interfaces get reply to added to ensure traffic entering a WAN exits the same WAN and traffic exiting the interface is nudged toward its gateway The DNS Resolver will not accept q...

Страница 55: ...a case by case basis Warning Do not add any blanket allow all style rules on any WAN 11 6 Gateway Groups Gateway Groups do not control traffic directly but can be used in other places such as firewal...

Страница 56: ...ays resolve hostnames using DNS even when running on a secondary WAN The needs here depend upon the configuration of the DNS Resolver or Forwarder If the DNS Resolver is in its default resolver mode t...

Страница 57: ...routing is to add a gateway to existing rules Navigate to Firewall Rules LAN tab Edit the default pass rule for the LAN Click Display Advanced Set the Gateway to one of the gateway groups based on th...

Страница 58: ...itiating it will always use the current default gateway Static routes can nudge traffic for a specific peer out a specific WAN OpenVPN can use a gateway group as an interface for clients or servers Cl...

Страница 59: ...nterface see Switch Overview This guide configures an OPT port as an additional LAN type interface These local interfaces can perform a variety of tasks such as being a guest network DMZ IOT isolation...

Страница 60: ...nation For example if there are no current OPT interfaces the new interface will be OPT1 The next will be OPT2 and so on Note As this guide does not know what that number will be on a given configurat...

Страница 61: ...This sets the lower From and upper To bound of automatic addresses assigned to clients The rest can be left at defaults Click Save See also DHCPv4 Configuration 12 5 Outbound NAT For clients on this...

Страница 62: ...ios administrators typically choose for local interfaces Open and Isolated 12 6 1 Open On an open LAN hosts in that LAN are free to contact any other host through the firewall This might be a host on...

Страница 63: ...ll of the RFC1918 networks is a safer practice Navigate to Firewall Aliases Click Add Configure it as follows Name PrivateNets Description Private Networks Type Network s Add entries for 192 168 0 0 1...

Страница 64: ...ottom of the list Configure the rule as follows Action Reject Interface OPTx or the custom name Protocol Any Source Any Destination This Firewall self Description Reject all other traffic to the firew...

Страница 65: ...e isolated network it s also possible to be much more strict with rules to only allow specific outbound ports When creating this type of configuration 12 7 Other Services In most cases the above confi...

Страница 66: ...eping the button depressed apply power to the device 4 Keep the button depressed for about 30 seconds until the device boots far enough to check the button state All three LEDs will rapidly flash red...

Страница 67: ...corresponding operating system interface for the switch uplink The internal uplink port operates at 2 5 Gbps and connects the switch to the SoC From the perspective of the operating system the only po...

Страница 68: ...LAN B LAN1 4 configured as individual network interfaces LAN1 2 configured as a switch for LAN A LAN3 configured for WAN B and LAN4 configured for WAN C Each of the switch ports LAN1 4 and Port 5 are...

Страница 69: ...pful resources make sure to browse the Netgate Resource Library https www netgate com resources 15 3 Professional Services Support does not cover more complex tasks such as CARP configuration for redu...

Страница 70: ...for warranty information or view the Product Lifecycle page All Specifications subject to change without notice For support information view support plans offered by Netgate See also For more informat...

Результаты поиска

Содержание SG-2100

Отзывы:

Похожие инструкции для SG-2100

Бренды по названию

Популярные бренды

Netgate SG-2100, Руководство пользователя

Результаты поиска

Содержание SG-2100

Отзывы:

Похожие инструкции для SG-2100

Бренды по названию

Популярные бренды