1. Manuals
  2. Brands
  3. Stonesoft Manuals
  4. Firewall
  5. 3201
  6. Installation manual

Stonesoft 3201 Installation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Stonesoft 3201 and 3205
Appliance Installation Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 3201 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Stonesoft 3201

Summary of Contents for Stonesoft 3201

  • Page 1 Stonesoft 3201 and 3205 Appliance Installation Guide...
  • Page 2 European Council Regulation (EC) N:o 1334/2000 of 22 June 2000 setting up a Community regime for the control of exports of dual-use items and technology (as amended). Thus, the export of this Stonesoft software in any manner is restricted and requires a license by the relevant authorities.

  • Page 3: Table Of Contents

    I n t r o d u c t i o n Thank you for choosing a Stonesoft™ appliance. This guide provides instructions for the initial hardware installation and the maintenance of the Stonesoft 3201 and 3205 appliances. See Product Documentation (page 5) for information on other available documentation.

  • Page 4: Installation Procedure

    I n s t a l l a t i o n P r o c e d u r e Note – You must have a working Management Center on a separate server to bring the appliance(s) operational. See the Stonesoft Management Center Installation Guide.

  • Page 5: Product Documentation

    Press F1 in any Management Client window to view the Online Help. All PDF guides are available: • On the Management Center CD-ROM (in the Documentation folder) • At the Stonesoft website at http://www.stonesoft.com/en/support/ technical_support_and_documents/manuals/ Install the free Adobe Reader program to view the PDF documents (available at www.adobe.com/reader/).
  • Page 6 • If you have to replace the motherboard battery, install it the same way as the original battery. Make sure that the positive side faces up on the motherboard. This battery must be replaced only with the same or an equivalent type recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions.
  • Page 7 Note – Use a UPS (Uninterruptible Power Supply) in critical environments with your Stonesoft appliance. If after a brief power outage your appliance only partially starts up (for example, the power light is on, but the NIC LEDs are off and the appliance does not connect) turn the appliance off for five seconds and then back on.

  • Page 8: Unpacking The Appliance

    Lithium Battery Precautions Caution – The battery must be replaced by authorized service personnel only. Danger of explosion if battery is incorrectly replaced. Replacement battery must be same or equivalent type recommended by the manufacturer. Used batteries must be discarded according to the manufacturer’s instructions.

  • Page 9: Front Panel

    Fr o n t P a n e l Slots for Interface Power Modules Button Indicators USB Ports SSD Drive Serial Port On the front panel, there are slots for the interface modules, a Solid State Disk (SSD) Drive, two USB ports, and a serial port. There are two more USB ports on the back panel of the appliance.
  • Page 10 LED Indicators The front panel has six LED indicators in the upper right corner. The LEDs provide you with critical information related to different parts of the system. Table 2 Front Panel LEDs Indicates that a power supply cable is detached. When flashing, indicates a fan failure.
  • Page 11 SSD Drive Indicators The indicators for the Solid State Disk (SSD) Drive are explained below. Power Disk Table 3 SSD Drive Indicators Indicator Status Explanation Power Blue A Solid State Disk is in the drive. Disk Unlit This indicator is not currently used. Front Panel...

  • Page 12: Back Panel

    B a c k P a n e l AC or DC Power IPMI Port (Use Serial Port Connectors not supported (Not used) Two USB Ports VGA Port Fixed Ethernet Ports The connectors and ports on the back panel are explained in Connecting the Cables (page 21).

  • Page 13: Installing The Solid State Disk

    I n s t a l l i n g t h e S o l i d S t a t e D i s k If the Solid State Disk (SSD) is not pre-installed in the appliance, you must first install the SSD.

  • Page 14: Installing Interface Modules

    I n s t a l l i n g I n t e r f a c e M o d u l e s This section provides information on installing Stonesoft interface modules into the appliance. You must install an interface module or a placeholder module in each slot before you can make the appliance operational.

  • Page 15: Rack-Mounting

    R a c k - M o u n t i n g This section provides information on installing the Stonesoft appliance into a rack unit. You can install the appliance into a two-post or a four- post rack unit.
  • Page 16 • The appliance must be connected to a grounded power outlet. • Use a regulating uninterruptible power supply (UPS) to protect the appliance from power surges, voltage spikes and to keep your system operating in case of a power failure. •...
  • Page 17 Installing the Appliance Into a Two-Post Rack  To install the appliance into a two-post rack Locate the two rack-mounting brackets that are meant for the two- post rack installation. Locate the three pairs of supports on the side of the appliance and the corresponding holes on the brackets.
  • Page 18 Installing the Appliance Into a Four-Post Rack There are two sets of rails that you can use for installing the appliance into a four-post rack. The only difference is the length of the rails. This section explains the installation for both types of rails. ...
  • Page 19 Align the holes against its corresponding button. Once all are aligned, push the holes toward their corresponding buttons. Secure the rail to the appliance with a screw. Repeat steps 3-5 on the other side of the appliance. Insert the outer rails to the rack. If necessary, push the locking tab on the rail to retreat the outer rails.
  • Page 20 Line up the rear of the inner rails with the front of the extended outer rails. Slide the inner rails into the outer rails, keeping the pressure even on both sides (you may have to press the locking tabs when inserting).

  • Page 21: Connecting The Cables

    C o n n e c t i n g t h e C a ble s Front Panel Interface Modules Back Panel IPMI Port (Use Serial Port not supported) (Not used) Slot 0: Fixed Ethernet Ports USB Ports VGA Port eth0_0 and eth0_1 The use of the IPMI (Intelligent Platform Management Interface) port on the back panel is not supported.

  • Page 22: Connecting Network Cables

    Ethernet Port Names There are 4 slots in the appliance. Each Ethernet port has a unique name that indicates also the slot to which the port belongs. • The fixed Ethernet ports eth0_0 and eth0_1 on the back panel belong to slot 0.
  • Page 23  To connect cables to SFP ports Insert the SFP transceiver in the port slot until you feel the connector on the transceiver snap into place. The illustration below shows the correct position of inserting the SFP transceiver. SFP transceiver SFP transceiver for for copper cable fiber-optic cable...
  • Page 24 Connecting Management Cables  To connect management cables  Choose one of the following: • Connect a monitor to the VGA port on the appliance’s back panel and a keyboard to a USB port. • Or connect the supplied null-modem cable to the serial port on the appliance’s front panel and to another computer that you will use for a terminal connection.

  • Page 25: Initial Configuration

    I n i t i a l C o n fi g u r a t i o n Your appliance comes pre-loaded with Stonesoft Security Engine software. However, before a policy can be loaded on the appliance, you must select in which role the Security Engine is used (either as a Firewall, IPS, or Layer 2 Firewall engine).
  • Page 26 time, the serial console remains inactive and you must reboot the appliance to try again. A list of the appliance partitions is shown. The currently active partition is highlighted. Press Enter. A list of available commands opens. Select Switch to Serial Console and press Enter. The appliance boots up with the serial console activated.
  • Page 27 The following message is displayed: Stonesoft Engine is currently performing an automatic contact to Stonesoft Installation Server. Do you want to stop that process? N)o log in and leave the autocontact process running. Y)es stop the autocontact process and start the Engine Configuration Wizard.
  • Page 28 3201 and 3205 appliances. After some time, the engine configuration wizard starts. Note – You can (re)start the engine configuration wizard at any time using the sg-reconfigure command on the engine command line.  To select the Security Engine role Make sure that Role is selected on the Welcome page and press .
  • Page 29  To set the keyboard layout Highlight the entry field for Keyboard Layout using the arrow keys and press E . The Select Keyboard Layout dialog opens. NTER Highlight the correct layout and press E NTER Tip: Type in the first letter to move forward more quickly in the list of keyboard layouts.
  • Page 30 Select the correct timezone in the dialog that opens. Note – The timezone setting affects only the way the time is displayed on the engine command line. The actual operation always uses UTC time. Note – The appliance’s clock is automatically synchronized with the Management Server’s clock.
  • Page 31 Configuring the Network Interfaces Note – The illustrations below show examples of configuring network interfaces. The number of network interfaces and the drivers depend on the network interface modules in the appliance.  To map the physical interfaces to Interface IDs Type in the Interface IDs to define how physical interfaces are mapped to the Interface IDs you defined in the engine element.
  • Page 32 appliance. Do not set the initial bypass state when the bypass network interface pairs are in the Bypass mode. • In the example below interface 1 is soft-bypassed with interface Highlight Next and press E to continue. NTER Contacting the Management Server The Prepare for Management Contact window opens.
  • Page 33 The initial configuration contains a simple policy that allows only administration-related connections and blocks everything else. In the second part of the configuration, you define the information needed for establishing a connection between the engine and the Management Server.  To fill in the Management Server information Highlight Contact and press the spacebar to activate.

  • Page 34: Command-Line Management

    the Firewall/VPN Installation Guide or the IPS and Layer 2 Firewall Installation Guide. Note – Once initial contact has been made, the engine receives a certificate from the Management Center for authentication. If the certificate is deleted or expires, you must repeat the initial contact using a new one-time password.

  • Page 35: Maintenance Operations

    M a i n t e n a n c e O p e r a t i o n s Common maintenance operations for this Stonesoft appliance are described below. Note – The only user-serviceable units are the power supply modules, the Solid State Disk, and the interface modules.
  • Page 36 Resetting the Appliance to Factory Settings Note – Perform a factory reset only if you have a specific need to do so. Consult Stonesoft Support before performing this operation if you are unsure of whether this operation is necessary or not.
  • Page 37 Replacing Power Supply Modules You can use both AC and DC power supply modules on the appliance. If necessary, you can replace a power supply module with a new one.  To replace a power supply module Unplug the power cord from the AC power supply module or disconnect the wires from the DC power supply module.
  • Page 38 Replacing the Solid State Disk Caution – We recommend using a grounding strap when handling a Solid State Disk (SSD). Uninstalled SSDs are sensitive to ESD damage. If necessary, you can replace the Solid State Disk in the appliance with another one of the same model.
  • Page 39 Replacing Interface Modules Caution – Do not install or remove interface modules if the appliance is powered on to avoid damaging the interface modules and the appliance.  To replace an interface module Connect to the engine command line as described in Connecting to the Engine Command Line (page 35).

  • Page 40: Disposal Instructions

    Removing SFP Transceivers If necessary, you can remove the SFP transceivers from the SFP ports. Caution – Invisible laser radiation is emitted from the end of fiber- optic cable and from fiber port. Do not stare into the beam and avoid direct exposure to the beam.
  • Page 41 Stonesoft Appliance Installation Guide This booklet covers the initial installation and configuration tasks specific to your Stonesoft Appliance. For information on how to prepare the Management Center for a new engine installation, see the other available documentation. See inside for fur ther details.

This manual is also suitable for:

32053206

Table of Contents