Advertisement
Cisco IronPort S670
Use this Quickstart Guide to get the Cisco IronPort S-Series
appliance installed and running on your network, and refer to
the Deployment chapter in the IronPort AsyncOS for Web
User Guide for information about how to configure appliance
settings.
Before you start, make sure you have the following equipment:
•
Rack cabinet enclosure
•
RapidRails
TM
and adaptor kits
•
10/100/Gigabit BaseT TCP/IP local area network (LAN)
1
u NPACk
Check to make sure the following items are present in the Cisco
IronPort Web Security appliance system box:
•
Cisco IronPort S-Series appliance
•
Dual-head power cables (1)
•
Straight power cables (2)
•
Ethernet
cable
TM
•
Null Modem cable
•
Documentation CD
•
IronPort AsyncOS for Web User Guide
•
Safety and Compliance Guide
•
Terms and Conditions of Use
•
Release Notes
Note:
You can download the AsyncOS Release Notes from the IronPort
Customer Support Portal located at www.ironport.com/support
Documentation
CD
User Guide
Quickstart
Guide
Dual-Head
Straight
Ethernet
Null Modem
Power
Power
Cable
Cable
Cables
Cables
(1)
(2)
Safety and
Compliance Guide
2
I NSTALL
Plan the installation within your network
The S-Series appliance is typically installed as an additional layer in the
network between clients and the Internet. Depending on how you deploy
the appliance, you may or may not need a Layer 4 (L4) switch or a WCCP
router to direct client traffic to the appliance. Deployment options include:
•
Transparent Proxy
– Web proxy with an L4 switch
•
Transparent Proxy
– Web proxy with a WCCP router
•
Explicit Forward Proxy
– Connected to a network switch
•
L4 Traffic Monitor
– Ethernet tap (simplex or duplex)
S implex Mode:
–
Port T1 receives all outgoing traffic and port T2
receives all incoming traffic.
–
Duplex Mode:
Port T1 receives all incoming and outgoing traffic.
Management PC
1
3
2
4
MANAGEMENT
SERIAL
L4 switch/
Ethernet tap
Clients
WCCP router
Simplex/Duplex
Firewall
Internet
Note: The Networking Worksheet that is located toward the back of
this guide is a useful prerequisite to running the System Setup Wizard.
Ironport strongly recommends using the Networking Worksheet to plan
your deployment and record the information that you need to complete
the initial configuration.
Note: To monitor true client IP addresses, the L4 Traffic Monitor should
always be configured inside the firewall and before NAT (Network
Address Translation).
Install in Rack
Install the Cisco IronPort appliance into your rack cabinet. Ensure the
ambient temperature around the system is within the specified limits,
and ensure there is sufficient airflow around the unit.
C
SERIAL
35
10
Temperature Limits
3
C ONNECT
Management
Configure your laptop's network connection to use an IP address on the
same subnet as the S-Series appliance (192. 1 68.42.xx).
Note: The laptop can only connect to the S-Series appliance if the laptop
IP address and the appliance IP address are on the same subnet.
Connect your laptop to the Management Port using the Ethernet
cable included in the system box. The S-Series appliance uses the M1
Management Port only.
Management Port
1
3
2
4
MANAGEMENT
SERIAL
Cable
Cable the S-Series appliance. Plug the Ethernet cables into the
appropriate ports on the back panel of the appliance.
The proxy ports are labeled P1 and P2.
•
–
P1 only enabled:
When only P1 is enabled, connect it to
the network for both incoming and outgoing traffic.
–
P1 and P2 enabled:
When both P1 and P2 are enabled, you
must connect P1 to the internal network and P2 to the Internet.
The Traffic Monitor ports are labeled T1 and T2.
•
– Simplex tap: Ports T1 and T2; one cable for all packets destined
for the Internet (T1), and one cable for all packets coming from the
Internet (T2).
Duplex tap:
–
Port T1; one cable for all incoming and outgoing traffic.
Management PC
3
4
MANAGEMENT
L4 switch/WCCP Router/
Network switch
Power
•
Plug the female end of the straight power cable, or the female ends of
the dual-head power cable into the redundant power supplies on the
back panel of the appliance.
•
Plug the male end(s) into an electrical outlet.
3
3
4
4
F
MGMT DATA 1
2
3
SERIAL
MGMT DATA 1
2
3
95
Straight
Dual-Head
50
OR
Power Cable
Power Cable
4
PO WER-uP
Turn on the system power by pressing the On/Off switch on the front
panel of the appliance. You must wait five minutes for the system to
initialize each time you power up the system.
Power
5
Ru N Th E S yS TE M S E TuP WIz ARD
Access the Cisco IronPort S-Series appliance and run the System Setup
Wizard to configure basic settings and enable a set of system defaults.
•
To access the S-Series appliance, open a web browser and connect
to the Management interface:
http://192. 1 68.42.42:8080 where 192. 1 68.42.42 is the default IP
address, and 8080 is the default Admin port setting.
The host name parameter is assigned during system setup. Before
you can connect to the Management interface using a host name
(http://hostname:8080), you must add the appliance host name and
IP address to your DNS server database.
admin
•
Login using the default user name
ironport
password
.
•
Run the System Setup Wizard.
6
C ONF Igu RE
Use the web interface to set up policies, enable features, and modify
settings as necessary to maintain your configuration.
Set Identities and Access Policies: Use the Web Security Manager
Ethernet tap
Simplex/Duplex
> Identities page to identify groups of users on the network. Then use
the Web Access Policies page to control user access to the Internet by
configuring which objects and applications to allow or block, which URL
categories to monitor or block, and web reputation and anti-malware
settings.
Schedule Reports: Use the Monitor > Reports page to schedule
interactive reports, and set up archive reporting to track trends and
activity over time.
Enable Features: Use the System Administration > Feature Keys page
to enter valid keys for features that you enabled during setup.
Create WCCP Services: If you connect the appliance to a WCCP v2
router, use the Network > Transparent Redirection page to create at least
one WCCP service.
Send Configuration File: Send a copy of the current configuration file
to the system administrator. This file can be used to restore your initial
System Setup Wizard defaults if necessary.
For information about managing the Cisco IronPort S-Series appliance,
refer to the IronPort AsyncOS for Web User Guide.
Wait 5
minutes
, and the default
Advertisement
