1. Manuals
  2. Brands
  3. Clavister Manuals
  4. Network Hardware
  5. NetWall W20A
  6. Getting started manual

Clavister NetWall W20A Getting Started Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Clavister NetWall W20B
Getting Started Guide
Clavister AB
Sjögatan 6J
SE-89160 Örnsköldsvik
SWEDEN
Head office/Sales: +46-(0)660-299200
Customer support: +46-(0)660-297755
www.clavister.com
Published 2019-04-03
Copyright © 2019 Clavister AB

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NetWall W20A and is the answer not in the manual?

Questions and answers

Related Manuals for Clavister NetWall W20A

Summary of Contents for Clavister NetWall W20A

  • Page 1 Clavister NetWall W20B Getting Started Guide Clavister AB Sjögatan 6J SE-89160 Örnsköldsvik SWEDEN Head office/Sales: +46-(0)660-299200 Customer support: +46-(0)660-297755 www.clavister.com Published 2019-04-03 Copyright © 2019 Clavister AB...
  • Page 2 Clavister. Disclaimer The information in this document is subject to change without notice. Clavister makes no representations or warranties with respect to the contents hereof and specifically disclaims any implied warranties of merchantability or fitness for a particular purpose. Clavister reserves the right to revise this publication and to make changes from time to time in the content hereof without any obligation to notify any person or parties of such revision or changes.

  • Page 3: Table Of Contents

    1.2. Unpacking the W20B ................9 1.3. Interfaces and Ports ................11 1.4. Hardware Sensor Monitoring ..............13 2. Registering with Clavister .................. 15 3. W20B Installation ....................20 3.1. General Installation Guidelines ..............20 3.2. Flat Surface Installation ................22 3.3.
  • Page 4 1.3. W20B Interface Ports ..................11 3.1. The W20B Mini-USB Local Console Port .............. 27 3.2. Rear view of the Clavister W20B ................ 29 3.3. W20B Power Switch and Power Inlet Socket ............29 5.1. Factory Reset Using the Web Interface ............... 72...

  • Page 5: Preface

    The target audience for this guide is the administrator who has taken delivery of a packaged Clavister W20B appliance and is setting it up for the first time. The guide takes the user from unpacking and installation of the device through to power-up, including network connections and initial cOS Core configuration.
  • Page 6 Where a "See section" link is provided in the main text, this can be clicked on to take the reader directly to that reference. For example, see Appendix A, W20B Specifications. Web links Web links included in the document are clickable. For example, http://www.clavister.com. Trademarks Certain names in this publication are the trademarks of their respective owners.

  • Page 7: W20B Product Overview

    Chapter 1: W20B Product Overview • W20A and W20B Differences, page 7 • Unpacking the W20B, page 9 • Interfaces and Ports, page 11 • Hardware Sensor Monitoring, page 13 1.1. W20A and W20B Differences There are two W20B models: •...
  • Page 8 Chapter 1: W20B Product Overview or Off. • The W20B uses a USB mini-B connector for console connection. • The W20B factory reset button is located at a different position. • The W20B internal fan does not have a sensor and so this will not display in cOS Core's hardware monitoring feature.

  • Page 9: Unpacking The W20B

    Core license to the standby unit. When the faulty unit is returned to Clavister, a new cold standby unit is immediately sent back. More details about the CSB service can be found in the separate Hardware Replacement Guide.
  • Page 10 W20B link. Contacting Clavister Product Support Clavister customer support can be contacted by logging in as a customer and reporting an issue on the company website at https://www.clavister.com. Alternatively, the direct support telephone number is +46 (0)660-29 77 55 (answered 24/7). Sales enquiries should be directed to the head office number +46 (0)660-29 92 00.

  • Page 11: Interfaces And Ports

    Chapter 1: W20B Product Overview 1.3. Interfaces and Ports This section is an overview of the W20B product's external design. Figure 1.2. Clavister W20B Connection Ports The W20B features the following connection ports on the front panel: • 6 x RJ45 Gigabit Ethernet interfaces with the logical cOS Core names G1, G2, G3, G4, G5, and The G1 interface is the default interface for management access over a network.
  • Page 12 Chapter 1: W20B Product Overview • i - Orange when cOS Core is running normally.

  • Page 13: Hardware Sensor Monitoring

    In addition, log message alerts can be automatically generated if a sensor reaches a value outside of its normal operational range. Configuring this feature, as well as a list of all the sensors available on each Clavister hardware model and their normal ranges, can be found in the Hardware Monitoring section of the separate...
  • Page 14 Chapter 1: W20B Product Overview...

  • Page 15: Registering With Clavister

    The wizard is described in Section 4.1, “Web Interface and Wizard Setup”. Manual registration of the W20B on the Clavister website - This is described in the last half of this chapter. Manual registration may be necessary if the W20B does not have Internet access.
  • Page 16 Chapter 2: Registering with Clavister The MyClavister login page is presented. If you are already registered, log in and skip to step 8. If you are a new customer accessing MyClavister for the first time, click the Create Account link.
  • Page 17 Chapter 2: Registering with Clavister Below is an example of the heading in the email that would be received. The confirmation link in the email leads back to the Clavister website to show that confirmation has been successful and logging in is now possible.
  • Page 18 If the unit does not have Internet access then manual registration is required and this is done using the following steps: Log in to the Clavister website and select the Register License option. The registration page is displayed. Under the tab Hardware Serial Number and Service Tag, enter the Hardware Serial Number and Service Tag must be entered.
  • Page 19 Once the W20B hardware unit is registered, a cOS Core license for the unit becomes available for download and installation from Clavister servers. This installation can be done automatically through the cOS Core Setup Wizard which is described in Section 4.1, “Web Interface and Wizard Setup”.

  • Page 20: W20B Installation

    • Mini-USB Console Port Connection, page 27 • Connecting Power, page 29 3.1. General Installation Guidelines Follow these general guidelines when installing your Clavister W20B appliance: • Safety Take notice of the safety guidelines laid out in Chapter 7, Safety Precautions. These are specified in multiple languages.
  • Page 21 Chapter 3: W20B Installation • Surge Protection A third party surge protection device should be considered and is strongly recommended as a means to prevent electrical surges reaching the appliance. This is mentioned again in Section 3.6, “Connecting Power”. • Temperature Do not install the appliance in an environment where the ambient temperature during operation might fall outside the specified operating range.

  • Page 22: Flat Surface Installation

    Chapter 3: W20B Installation 3.2. Flat Surface Installation The W20B can be mounted on any appropriate stable, flat, level surface that can safely support the weight of the appliance and its attached cables. However, the W20B is designed to be rack mounted and installation on a flat surface is not recommended and should only be done for testing purposes.

  • Page 23: Rack Installation

    Chapter 3: W20B Installation 3.3. Rack Installation The W20B is designed to be installed in most standard 19-inch equipment racks. In the packaging for the W20B there should be included a Rack Mount Kit which consists of two brackets, each of which has three screws for attachment to the front-sides of the unit as shown in the image below.

  • Page 24: Management Computer Connection

    Clavister's cOS Core network security operating system is preloaded on the W20B and will automatically boot up after power is applied. After the start-up sequence is complete, an external management computer can be used to configure cOS Core.
  • Page 25 Traffic will be able to flow between the designated management computer interface and the Clavister Next Generation Firewall interface because they are on the same IP network. This means the management computer interface should be first assigned the following static IPv4 addresses: •...
  • Page 26 Chapter 3: W20B Installation Tip: Using another management interface IP address The IPv4 address assigned to the management computer's Ethernet interface, could be any address from the 192.168.1.0/24 network. However, the IP chosen must be different from 192.168.1.1 which is used by cOS Core's default management interface. The following appendices at the end of this guide describe how to set up the management computer IP with different operating systems: •...

  • Page 27: Mini-Usb Console Port Connection

    For the Linux and MacOS micro-USB drivers or to download the Windows driver manually, go to the W20B product page which can be found at https://www.clavister.com/start. Direct the console emulator on the computer to connect to the newly installed device. After successful connection, commands can be issued to the cOS Core Command Line Interface (CLI).
  • Page 28 Chapter 3: W20B Installation An alternative to using the local console port for CLI access is to connect over a network via a physical Ethernet interface and using a Secure Shell (SSH) client on the management computer to issue CLI commands. This is discussed further in Section 3.4, “Management Computer Connection”.

  • Page 29: Connecting Power

    Please review the electrical safety information in Chapter 7, Safety Precautions. The image below shows the back of the W20B. This is divided into four sections secured by screws. Figure 3.2. Rear view of the Clavister W20B Connecting AC Power To connect power, follow these steps: Connect the end of the power cord to the power inlet on the W20B.
  • Page 30 Chapter 3: W20B Installation Important: Protecting against power surges It is recommended that the purchase and use of a separate surge protection unit from a third party is considered for the power connection to the W20B hardware. This is to ensure that the W20B is protected from damage by sudden external electrical power surges through the power cable.
  • Page 31 Chapter 3: W20B Installation...

  • Page 32: Cos Core Configuration

    Chapter 4: cOS Core Configuration • Web Interface and Wizard Setup, page 32 • Manual Web Interface Setup, page 42 • Manual CLI Setup, page 56 • License Installation Methods, page 64 • Setup Troubleshooting , page 66 • Going Further with cOS Core, page 68 Note: Upgrading to the latest cOS Core version A new W20B may not have the very latest cOS Core version pre-installed.
  • Page 33 In the latest Microsoft browser, the following error message will be displayed in the browser window. The browser should now be told to accept the Clavister certificate by choosing the option to continue.
  • Page 34 Chapter 4: cOS Core Configuration The Login Dialog cOS Core will next respond like a web server with the initial login dialog page, as shown below. The available Web Interface language options are selectable at the bottom of this dialog. This defaults to the language set for the browser if cOS Core supports that language.
  • Page 35 The wizard assumes that Internet access will be configured. If this is not the case, for example if the Clavister Next Generation Firewall is being used in Transparent Mode between two internal networks, then the configuration setup is best done with manual Web Interface steps or through the CLI instead of through the wizard and these are explained in the two sections that follow.
  • Page 36 Chapter 4: cOS Core Configuration Wizard step 3: Select transparent mode interfaces This step allows any transparent mode interfaces to be set up. If no transparent mode interfaces are required, leave this dialog in the default Normal Mode and go to the next step. Transparent mode interfaces can be configured at any time later, outside of the wizard.
  • Page 37 Chapter 4: cOS Core Configuration Wizard step 4: Select the WAN interface Next, you will be asked for the WAN interface that will be used to connect to an ISP for Internet access. Wizard step 5: Select the WAN interface settings This step selects how the WAN connection to the Internet will function.
  • Page 38 Chapter 4: cOS Core Configuration • 5B. DHCP - automatic configuration All required IP addresses will automatically be retrieved from the ISP's DHCP server with this option. No further configuration is required for this so it does not have its own wizard screen. •...
  • Page 39 DNS servers are set automatically after connection with PPTP. Wizard step 6: DHCP server settings If the Clavister Next Generation Firewall is to function as a DHCP server, it can be enabled here in the wizard on a particular interface or configured later.
  • Page 40 Time Protocol servers keep the system date and time accurate. Syslog servers can be used to receive and store log messages sent by cOS Core. By selecting the Clavister option, the current time will be updated over the Internet from Clavister's own timeserver.
  • Page 41 Internet access must have been set up in previous wizard steps for this option to function. The only input required is the MyClavister username and password for the Clavister website. This also creates a lasting link between the W20B and the Clavister servers so that any future license updates can be installed automatically.

  • Page 42: Manual Web Interface Setup

    Core. Ethernet Interfaces The physical connection of external networks to the Clavister Next Generation Firewall is through the various Ethernet interfaces which are provided by the hardware platform. On first-time startup, cOS Core scans for these interfaces and determines which are available and allocates their names.
  • Page 43 Chapter 4: cOS Core Configuration For version 12.00.09 and later, an FQDN Address address must be used instead of a direct URL reference. See the relevant cOS Core Administration Guide for more explanation. Once the values are set correctly, we can press the OK button to save the values while we move on to more steps in cOS Core configuration.
  • Page 44 Reconfiguration is a process that the cOS Core administrator may initiate often. Normally, reconfiguration takes a brief amount of time and causes only a slight delay in traffic throughput. Active user connections through the Clavister Next Generation Firewall should rarely be lost. Tip: How frequently to commit configuration changes It is up to the administrator to decide how many changes to make before activating a new configuration.
  • Page 45 IPv4 address 203.0.113.1. The ISP's gateway is the first router hop towards the public Internet from the Clavister Next Generation Firewall. Go to Objects > Address Book in the Web Interface. The current contents of the address book will be listed and will contain a number of predefined objects automatically created by cOS Core after it scans the interfaces for the first time.
  • Page 46 Chapter 4: cOS Core Configuration Now click the Add button at the top left of the list and choose the IP4 Address option to add a new address to the folder. Enter the details of the object into the properties fields for the IP4 Address object. Below, the IPv4 address 203.0.113.1 has been entered for the address object called wan_gw.
  • Page 47 At this point, the connection to the Internet is configured but no traffic can flow to or from the Internet since all traffic needs a minimum of the following two cOS Core configuration objects to exist before it can flow through the Clavister Next Generation Firewall: •...
  • Page 48 Chapter 4: cOS Core Configuration The destination network is specified as the predefined IP4 Address object all-nets. This is used since it cannot be known in advance to which IP address web browsing will be directed and all-nets allows browsing to any IP address. IP rule sets are processed in a top down fashion, with the search ending at first matching entry.
  • Page 49 For the Internet connection to work, a route also needs to be defined so that cOS Core knows on which interface the web browsing traffic should leave the Clavister Next Generation Firewall. This route will define the interface where the network all-nets (in other words, any network) will be found.
  • Page 50 DHCP client. Usually, a DHCP Host Name does not need to be specified but can sometimes be used by an ISP to uniquely identify this Clavister Next Generation Firewall as a particular DHCP client to the ISP's DHCP server.
  • Page 51 Chapter 4: cOS Core Configuration An ISP will supply the correct values for pppoe_username and pppoe_password in the dialog above. The PPPoE tunnel interface can now be treated exactly like a physical interface by the policies defined in cOS Core rule sets. There also has to be a route associated with the PPPoE tunnel to allow traffic to flow through it, and this is automatically created in the main routing table when the tunnel is defined.
  • Page 52 PPTP tunnel that has been defined. DHCP Server Setup If the Clavister Next Generation Firewall is to act as a DHCP server then this can be set up in the following way: First, create an IP4 Address object which defines the address range to be handed out. Here, it is assumed that this has the name dhcp_range.
  • Page 53 Chapter 4: cOS Core Configuration Also in the Options tab, we should specify the DNS address which is handed out with DHCP leases. This could be set, for example, to be the IPv4 address object dns1_address. Syslog Server Setup Although logging may be enabled, no log messages are captured unless at least one log server is set up to receive them and this is configured in cOS Core.
  • Page 54 As with previous policy definitions, NAT should also be enabled if the protected local hosts have private IPv4 addresses. The ICMP messages will then be sent out from the Clavister Next Generation Firewall with the IP address of the interface connected to the ISP as the source interface.
  • Page 55 Chapter 4: cOS Core Configuration If this IP policy were the only one defined, the main IP rule set listing would be as shown below. A Valid License Must Be Installed Lastly, a valid license should be installed to remove the cOS Core 2 hour demo mode limitation. Without a license installed, cOS Core will have full functionality during the 2 hour period following startup, but after that, only management access will be possible.

  • Page 56: Manual Cli Setup

    Chapter 4: cOS Core Configuration 4.3. Manual CLI Setup This chapter describes the cOS Core setup steps using CLI commands instead of the Web Interface and the setup wizard. The CLI is accessible using either of the following two methods: •...
  • Page 57 Ethernet Interfaces The connection of external networks to the Clavister Next Generation Firewall is via the various Ethernet interfaces which are provided by the hardware platform. On first-time startup, cOS Core determines which interfaces are available and allocates their names. One interface is chosen as the initial default management interface and this can only be changed after initial startup.
  • Page 58 Chapter 4: cOS Core Configuration Device:/> set Address IP4Address wan_gw Address=203.0.113.1 Now, set the gateway on the G2. interface which is connected to the ISP: Device:/> set Interface Ethernet G2 DefaultGateway=wan_gw Next, set the IP address of the G2_ip address object which is the IP assigned to the interface: Device:/>...
  • Page 59 Chapter 4: cOS Core Configuration from the protected network G1_net which is connected to the interface G1. The following command will add an IP policy called lan_to_wan to allow HTTP and HTTPS traffic through to the public Internet: Device:/> add IPPolicy Name=lan_to_wan SourceInterface=G1 SourceNetwork=InterfaceAddresses/G1_net DestinationInterface=G2...
  • Page 60 Chapter 4: cOS Core Configuration B. DHCP - automatic configuration Alternatively, all required IP addresses can be automatically retrieved from the ISP's DHCP server by enabling DHCP on the interface connected to the ISP. If the interface on which DHCP is to be enabled is G2, then the command is: Device:/>...
  • Page 61 DHCP Server Setup If the Clavister Next Generation Firewall is to act as a DHCP server then this can be set up in the following way: First define an IPv4 address object which has the address range that can be handed out. Here, we will use the IPv4 range 192.168.1.10 - 192.168.1.20 as an example and this will be made available...

  • Page 62: Syslog Server Setup

    Chapter 4: cOS Core Configuration Device:/> add Address IP4Address dhcp_range Address=192.168.1.10-192.168.1.20 The DHCP server is then configured with this IP address object on the appropriate interface. In this case we will call the created DHCP server object my_dhcp_server. Device:/> add DHCPServer my_dhcp_server IPAddressPool=dhcp_range Interface=G1 Netmask=255.255.255.0...
  • Page 63 The IP policy above assumes NAT will be used and this is necessary if the protected local hosts have private IPv4 addresses. The ICMP requests will be sent out from the Clavister Next Generation Firewall with the IP address of the interface connected to the ISP as the source interface.

  • Page 64: License Installation Methods

    Core for another two hours. To remove this 2 hour restriction, a valid license must be installed. Licenses are files which are made available for download from the Clavister servers but before they become available, the user must have registered themselves with Clavister and doing this is described in Chapter 2, Registering with Clavister.
  • Page 65 Automatically, by creating a permanent link between the W20B and the associated MyClavister account on the Clavister website. Doing this is one of the last options in the setup wizard. Alternatively, the link can be established later by going to the Status > Maintenance >...

  • Page 66: Setup Troubleshooting

    If the Input counters in the hardware section of the output are not increasing then the error is likely to be in the cabling. However, it may simply be that the packets are not getting to the Clavister Next Generation Firewall in the first place. This can be confirmed with a packet sniffer if it is available.
  • Page 67 Chapter 4: cOS Core Configuration This will display console messages that show all the ARP packets being received on the different interfaces and confirm that the correct cables are connected to the correct interfaces. To look at the ARP activity only a particular interface, follow the command with the interface name: Device:/>...

  • Page 68: Going Further With Cos Core

    IP rules identify the targeted traffic using combinations of the source/destination interface/network combined with protocol type. By default, no IP rules are defined so all traffic is dropped. At least one IP rule needs to be defined before traffic can traverse the Clavister Next Generation Firewall.
  • Page 69 It is recommended to subscribe to this feed so that you receive notifications when new releases of cOS Core versions are available for download and installation. Alternatively, announcements can be read directly from the Clavister forums which can be found at https://forums.clavister.com/.
  • Page 70 Chapter 4: cOS Core Configuration...

  • Page 71: Resetting To Factory Defaults

    Chapter 5: Resetting to Factory Defaults In some circumstances, it may be necessary to reset the W20B hardware to the state it was in when it left the factory and was delivered to a customer. This process is known as a reset to factory defaults or simply a factory reset.

  • Page 72: Factory Reset Using The Web Interface

    Chapter 5: Resetting to Factory Defaults Figure 5.1. Factory Reset Using the Web Interface • Using the CLI The cOS Core CLI can be used by connecting to one of the W20B's Ethernet interfaces using an SSH client over a network. A reset is performed by entering the reset -unit command twice in succession: Device:/>...
  • Page 73 Chapter 5: Resetting to Factory Defaults The progress of the reset can be followed using a local console connection. If that is required, open a console display window connected to the W20B local console port. Power off the W20B. Push in the recessed reset button on the W20B with a suitable pointed tip tool and keep it pushed in.

  • Page 74: Warranty Service

    Start Date (as defined below). The warranty will only apply to failure of the product if Clavister is informed of the failure not later than two (2) years from the Start Date or thirty (30) days after that the failure was or ought to have been noticed by the customer.
  • Page 75 Sjögatan 6J 891 60 Örnsköldsvik SWEDEN If the product has not yet been registered with Clavister through its website, some proof of purchase (such as a copy of the dated purchase invoice) must be provided with the shipped product. Important: An RMA Number must be obtained before shipping! Any package returned to Clavister without an RMA number will be rejected and shipped back at the customer's expense.

  • Page 76: Safety Precautions

    Chapter 7: Safety Precautions Safety Precautions Clavister W20B devices are Safety Class I products and have protective ground terminals. There must be an uninterrupted safety earth ground from the main power source to the product’s input wiring terminals, power cord, or supplied power cord set. Whenever it is likely that the protection has been impaired, disconnect the power cord until the ground has been restored.
  • Page 77 Chapter 7: Safety Precautions Informations concernant la sécurité Cet appareil est un produit de classe I et possède une borne de mise à la terre. La source d’alimentation principale doit être munie d’une prise de terre de sécurité installée aux bornes du câblage d’entree, sur le cordon d’alimentation ou le cordon de raccordement fourni avec le produit.
  • Page 78 Chapter 7: Safety Precautions • se la vostra LAN copre un’area servita da più di un sistema di distribuzione elettrica, accertatevi che i collegamenti a terra di sicurezza siano ben collegati fra loro; • i cavi LAN possono occasionalmente andare soggetti a pericolose tensioni transitorie (ad esempio, provocate da lampi o disturbi nella griglia d’alimentazione della società...

  • Page 79: W20B Specifications

    Appendix A: W20B Specifications Below are the key hardware specifications for the Clavister W20B product. Dimensions, Weight and MTBF Height x Width x Depth (mm) 44 x 430 x 205 Hardware Weight 2 kg Packaged Weight 2.7 kg Hardware Form Factor...

  • Page 80: Declarations Of Conformity

    Appendix B: Declarations of Conformity...
  • Page 81 Appendix B: Declarations of Conformity...

  • Page 82: Windows 7 Ip Setup

    If a PC running Microsoft Windows 7™ is being used as the cOS Core management computer, the computer's Ethernet interface connected to the Clavister Next Generation Firewall must be configured with an IPv4 address which belongs to the network 192.168.1.0/24 and is different from the firewall's address of 192.168.1.1.
  • Page 83 Appendix C: Windows 7 IP Setup Select and display the properties for Internet Protocol Version 4 (TCP/IPv4). In the properties dialog, select the option Use the following IP address and enter the following values: • IP Address: 192.168.1.30 • Subnet mask: 255.255.255.0 •...

  • Page 84: Windows 8/8.1/10 Ip Setup

    If a computer running Windows is being used as the cOS Core management computer and a DHCP server is not enabled on the cOS Core management interface, the management computer's Ethernet interface connected to the Clavister Next Generation Firewall should be configured with an IPv4 address which belongs to the network 192.168.1.0/24. That address must be different from the firewall's default management interface address of 192.168.1.1.
  • Page 85 Appendix D: Windows 8/8.1/10 IP Setup A list of adapters will appear and will include the Ethernet interfaces. Select the interface that will connect to the firewall. The properties for the selected interface will appear. Select and display the properties for Internet Protocol Version 4 (TCP/IPv4). In the properties dialog, select the option Use the following IP address and enter the following values: •...
  • Page 86 Appendix D: Windows 8/8.1/10 IP Setup Click OK to close this dialog and close all the other dialogs opened since step (1).

  • Page 87: Apple Mac Ip Setup

    Appendix E: Apple Mac IP Setup An Apple Mac can be used as the management computer for initial setup of a Clavister Next Generation Firewall. To do this, a selected Ethernet interface on the Mac must be configured correctly with a static IP. The setup steps for this with Mac OS X are: Go to the Apple Menu and select System Preferences.
  • Page 88 Appendix E: Apple Mac IP Setup Now set the following values: • IP Address: 192.168.1.30 • Subnet Mask: 255.255.255.0 • Router: 192.168.1.1 Click Apply to complete the static IP setup.
  • Page 89 Clavister AB Sjögatan 6J SE-89160 Örnsköldsvik SWEDEN Head office/Sales: +46-(0)660-299200 Customer support: +46-(0)660-297755 www.clavister.com...

This manual is also suitable for:

Netwall w20b

Table of Contents