H3C SecPath V1000-A Installation Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Gateway
  5. SecPath V1000-A
  6. Installation manual
H3C SecPath V1000-A Installation Manual

H3C SecPath V1000-A Installation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
H3C SecPath V1000-A Security Gateway
Installation Manual
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Manual Version: T2-08044E-20070622-C-1.03

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SecPath V1000-A and is the answer not in the manual?

Questions and answers

Related Manuals for H3C SecPath V1000-A

Summary of Contents for H3C SecPath V1000-A

  • Page 1 H3C SecPath V1000-A Security Gateway Installation Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: T2-08044E-20070622-C-1.03...
  • Page 2 Copyright © 2006-2007, Hangzhou H3C Technologies Co., Ltd. and its licensors All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.
  • Page 3 About This Manual Related Documentation In addition to this manual, each H3C SecPath Series Security Products documentation set includes the following: Manual Description It introduces the functional features, H3C SecPath Series Security Products principles and guide to configuration and Operation Manual operation for H3C SecPath Series Security Gateways/Firewalls.
  • Page 4 Chapter Contents Discusses system software maintenance, including 5 Software Maintenance software upgrade and configuration file loading. Introduces system hardware maintenance, including 6 Hardware Maintenance replacing DDR SDRAM. Lists common system failures and specific locating 7 Troubleshooting methods. Details appearance, panel and LEDs of the 8 Multifunctional Interface functional modules available on the SecPath 1000, Modules...
  • Page 5 II. GUI conventions Convention Description Button names are inside angle brackets. For example, click < > <OK>. Window names, menu items, data table and field names are inside square brackets. For example, pop up the [New User] window. Multi-level menus are separated by forward slashes. For example, [File/Create/Folder].

  • Page 6: Table Of Contents

    Installation Manual H3C SecPath V1000-A Security Gateway Table of Contents Table of Contents Chapter 1 Product Overview ......................1-1 1.1 Brief Introduction........................ 1-1 1.2 Hardware Features ......................1-3 1.2.1 Appearance ......................1-3 1.2.2 System Description ....................1-3 1.2.3 LEDs........................1-4 1.2.4 Attributes of the Fixed Interfaces ................
  • Page 7 Installation Manual H3C SecPath V1000-A Security Gateway Table of Contents 4.2.2 Command Line Interface..................4-6 Chapter 5 Software Maintenance....................5-1 5.1 Software Maintenance ....................... 5-1 5.1.1 Boot Menu ....................... 5-1 5.1.2 Upgrading the Application and Boot ROM Programs Using XModem....5-3 5.1.3 Backing up and Restoring the Extended Segment of the Boot ROM .....
  • Page 8 Figure 1-1 Front panel of the SecPath V1000-A..............1-3 Figure 3-1 Installation procedure ................... 3-1 Figure 3-2 Installing the SecPath V1000-A in a rack ............. 3-3 Figure 3-3 Grounding screw on the SecPath V1000-A............3-4 Figure 3-4 Console cable assembly..................3-5 Figure 3-5 Ethernet cable assembly ..................
  • Page 9 Installation Manual H3C SecPath V1000-A Security Gateway List of Figures Figure 8-10 2GBE module ..................... 8-9 Figure 8-11 1GBE module panel.................... 8-9 Figure 8-12 2GBE module panel ................... 8-9 Figure 8-13 Ethernet cable ....................8-10 Figure 8-14 Category-5 twisted-pair cable................8-11...
  • Page 10 List of Tables Table 1-1 System description of the SecPath V1000-A ............1-3 Table 1-2 LEDs on the front panel of the SecPath V1000-A..........1-4 Table 1-3 Attributes of the console port.................. 1-4 Table 1-4 Attributes of the AUX port ..................1-5 Table 1-5 Attributes of the GE electrical interfaces ..............

  • Page 11: Chapter 1 Product Overview

    Chapter 1 Product Overview 1.1 Brief Introduction H3C SecPath V1000-A Security Gateway (referred to as the security gateway throughout the manual) is new-generation network security device intended for the use on enterprise networks. It can act as the core security gateway for small-and medium-sized enterprises or the convergence and network access gateway for large enterprises.
  • Page 12 II. Data security and reliability The security gateway supports: NAT. Besides the basic functions, the NAT of the SecPath V1000-A can limit the number of concurrent connections to a single user. This eliminates the malicious resource seizures while common network applications are being provided. In addition, its enhanced NAT ALG function provides NAT traversal for H.323, FTP,...

  • Page 13: Hardware Features

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 1 Product Overview 1.2 Hardware Features 1.2.1 Appearance Figure 1-1 Front panel of the SecPath V1000-A 1.2.2 System Description Table 1-1 System description of the SecPath V1000-A Item Description Slot 1 MIM slot...

  • Page 14: Leds

    Boot Read Only Memory (Boot ROM) stores the bootstrap program files. 1.2.3 LEDs The following table describes the LEDs on the front panel of the SecPath V1000-A and describes how to read their status. Table 1-2 LEDs on the front panel of the SecPath V1000-A...

  • Page 15: Table 1-4 Attributes Of The Aux Port

    Backup III. Gigabit Ethernet (GE) Interface On the main control board, the SecPath V1000-A provides two 10/100/1000 Mbps Ethernet interfaces: Ethernet 0 (right) and Ethernet 1 (left), each providing an optical interface and an electrical interface (one in use at a time). The electrical interface uses the RJ45 connector and the optical interface uses the Small Form-Factor Pluggable (SFP) module.

  • Page 16: Mim

    (electrical or optical), and then configure the interface after the switchover. 1.2.5 MIM The SecPath V1000-A provides one extended MIM slot where one of the following MIMs can be installed:...
  • Page 17 Installation Manual H3C SecPath V1000-A Security Gateway Chapter 1 Product Overview 1-port 10Base-T/100Base-TX Fast Ethernet interface module (1FE) 2-port 10Base-T/100Base-TX Fast Ethernet interface module (2FE) 1-port 10Base-T/100Base-T/1000Base-TX Ethernet interface module (1GBE) 2-port 10Base-T/100Base-T/1000Base-TX Ethernet interface module (2GBE) For more information on the MIMs, see “Chapter 8 Multifunctional Interface Module”.

  • Page 18: Chapter 2 Preparation For Installation

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 2 Preparation for Installation Chapter 2 Preparation for Installation 2.1 Site Requirements The security gateway must be used indoors. To guarantee the normal operation and long service life of your security gateway, install it in an environment that can meet the requirements in the following subsections.

  • Page 19: Esd Prevention

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 2 Preparation for Installation Table 2-2 Limit to the content of dust in an equipment room Substance Unit Content ≤ 3 X 104 Dust Particles/m³ (No visible dust on the table top for three days) Note: diameter of a dust particle ≥...

  • Page 20: Electromagnetic Environment

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 2 Preparation for Installation 2.1.4 Electromagnetic Environment All interference sources, wherever they are from, impact the security gateway negatively in the conducted emission patterns of capacitance coupling, inductance coupling, electromagnetic wave radiation, and common impedance (including the grounding system) coupling.

  • Page 21: Unpacking Check

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 2 Preparation for Installation Follow these safety precautions when installing or using your security gateway: Keep the device far from the moisture and heat sources. Make sure that the device is well earthed.

  • Page 22: Chapter 3 Hardware Installation

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 3 Hardware Installation Chapter 3 Hardware Installation 3.1 Installation Procedures Start Install the rack (optional ) Install the Security gateway Connect the grounding wires Connect the power cord Connect the Security gateway to a terminal for...

  • Page 23: Mounting The Device

    SecPath V1000-A (W X D X H) excluding the rubber feet Follow these steps to install the SecPath V1000-A: Step 1: Check that the rack is stable enough and properly earthed. Attach the rack-mount brackets to the front or rear of the chassis with screws.

  • Page 24: Installing An Mim

    (EMI). On the rear panel of the SecPath V1000-A, the grounding screw resides at the bottom right with a grounding mark, as shown in Figure 3-3.

  • Page 25: Connecting To The Console Terminal

    Chapter 3 Hardware Installation (1) Grounding screw Figure 3-3 Grounding screw on the SecPath V1000-A Connect this screw to the earth ground using a grounding wire. The grounding resistance must be smaller than 5 ohm. If the device is mounted in a 19-inch standard rack, the rack must be earthed.

  • Page 26: Connecting An Ethernet Interface

    3.6 Connecting an Ethernet Interface I. Introduction to the Ethernet interface The SecPath V1000-A provides two fixed 10/100/1000 Mbps auto-sensing GE interfaces, each providing an optical interface and an electrical interface (one in use at a time). For optical interfaces, SFP transceivers are used. For the available SFP transceiver options, see Table 1-6.

  • Page 27: Figure 3-5 Ethernet Cable Assembly

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 3 Hardware Installation Figure 3-5 Ethernet cable assembly Note: In making network cables, shielded cables are preferred for the sake of electromagnetic compatibility. Cables for optical Ethernet interfaces For an optical Ethernet interface, you can choose the appropriate fiber-optic, single-mode or multi-mode, depending on the 1000Base-FX SFP optical transceiver you are using (see Table 1-6 for fiber options).
  • Page 28 Caution: For each fixed Ethernet interface (for example, 10/100/1000 Mbps Ethernet 1 on the SecPath V1000-A), if both of its electrical and optical ports are connected, the electrical port is regarded as the operating port by default. Connect the Ethernet electrical port...

  • Page 29: Connecting A Psu

    Rx port on the peer device. Step 2: Power up the SecPath V1000-A and check the status of the LINK LED of the Ethernet 1 interface. On means the Rx link is present. OFF means no Rx link is present;...

  • Page 30: Verifying Installation

    You must make sure that the power supply for the building is well grounded before connecting the AC power cord. III. Connecting an AC-input PSU Take the SecPath V1000-A for example. Step 1: Make sure that the PGND on the chassis is securely connected to the earth ground.

  • Page 31: Chapter 4 Booting And Configuration

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 4 Booting and Configuration Chapter 4 Booting and Configuration 4.1 Booting You can only configure the security gateway through the console port when you use it for the first time. 4.1.1 Setting up a Configuration Environment I.

  • Page 32: Figure 4-2 Setting Up A New Connection

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 4 Booting and Configuration Figure 4-2 Setting up a new connection Step 2: Enter the name of the new connection in the Name field and click <OK>. The dialog box, as shown in Figure 4-3 pops up.

  • Page 33: Figure 4-4 Setting Communications Parameters

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 4 Booting and Configuration Figure 4-4 Setting communications parameters Step 6: Click <OK>. The HyperTerminal dialogue box appears. Step 7: Select Properties. Step 8: In the Properties dialog box, select the Settings tab, as shown in Figure 4-5.

  • Page 34: Powering Up The Security Gateway

    After powering up the security gateway, you can see the startup interface on the console terminal (see the section “4.1.3 Startup Process”). After the system passes Power-On Self-Test (POST), press <Enter> as prompted. When “<H3C>” is displayed, you can proceed to configure the security gateway.
  • Page 35 Chapter 4 Booting and Configuration Note: The message displayed on the terminal could vary with Boot ROM versions. ************************************************** H3C SecPath Series Gateway Boot ROM V1.17 ************************************************** Copyright(C) 2004-2007 by Hangzhou H3C Technologies Co.,Ltd. Compiled at Wed Apr 12 17:39:36 CST 2006 Testing memory...OK!

  • Page 36: Configuration Fundamentals

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 4 Booting and Configuration 4.2 Configuration Fundamentals 4.2.1 Basic Configuration Procedures Following are the basic steps that you can follow to configure your security gateway: Step 1: Figure out detailed networking requirements, including networking objectives, the role of the security gateway in the network, transmission medium, security policy, and network reliability.

  • Page 37: Chapter 5 Software Maintenance

    Type the correct password and press <Enter>. (If no Boot ROM password is configured, just press <Enter>.) The system accesses the following Boot menu: I. Boot menu of the SecPath V1000-A Boot Menu: Download application program with XMODEM...
  • Page 38 To download an application program using XModem, see the section “5.1.2 Upgrading the Application and Boot ROM Programs Using XModem”. In downloading an application program using the Ethernet, only TFTP is available for the SecPath V1000-A. See the section “5.1.4 Upgrading an Application Program Using TFTP” for the procedures.

  • Page 39: Upgrading The Application And Boot Rom Programs Using Xmodem

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance Caution: You are recommended to upgrade the software of the security gateway under the guidance of support engineers. In addition, when upgrading the security gateway, make sure the version of the Boot ROM software is consistent with that of the application program.

  • Page 40: Figure 5-1 Send File Dialog Box

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance Note: The new baud rate takes effect only after you reconnect the terminal emulation program. Step 4: Select [Transmit/Send File] in the terminal window. The following dialog box pops up: Figure 5-1 Send File dialog box Step 5: Click <Browse>.
  • Page 41 Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance ######################################################## Writing FLASH Success. Please use 9600 bps.Press <ENTER> key to reboot the system. Restore the speed of the console terminal to 9600 bps as prompted, disconnect and reconnect the terminal. The system starts up normally.

  • Page 42: Backing Up And Restoring The Extended Segment Of The Boot Rom

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance 5.1.3 Backing up and Restoring the Extended Segment of the Boot ROM I. Backing up the extended segment of the Boot ROM to the Flash Follow these steps to back up the extended segment of the Boot ROM: Step 1: Enter the Boot Menu (see the section “5.1.1 Boot Menu”) and select <7>...
  • Page 43 The security gateway does not provide TFTP server programs. You should purchase and install one by yourself. The SecPath V1000-A can only act as the TFTP client, so you can only upgrade an application program using TFTP, shown as follows:...

  • Page 44: Uploading/Downloading A Program/File Using Ftp

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance Caution: The upgrade should be performed through ETH0 on the security gateway. The item “IP address of the server: [192.168.1.10]” must be set to the IP address of the TFTP server connected to the Ethernet interface on the security gateway.

  • Page 45: Figure 5-3 Setting Up An Environment For Local Uploading/Downloading Using Ftp

    Download is to transfer files from the security gateway to an FTP client, that is, the get operation. I. Setting up an uploading/downloading environment Set up a local uploading/downloading environment using FTP H3C SecPath V1000-A (FTP Server ) 10.110.10.13/24 Ethernet i nterface 10.110.

  • Page 46: Figure 5-4 Setting Up An Environment For Remote Uploading/Downloading Using Ftp

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance H3C SecPath V1000-A (FTP Server) 10.110.10.13 Router hernet interface 10.110.10.10 (FTP Client) Figure 5-4 Setting up an environment for remote uploading/downloading using FTP Step 1: Connect the PC to an interface on the security gateway through the WAN. The PC and the security gateway can reside on different network segments.
  • Page 47 Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance After the FTP server is enabled and the user is added onto the security gateway, any FTP client program can use the username and password to log onto the FTP server.

  • Page 48: Recovering/Replacing The Lost Password

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 5 Software Maintenance Upon the completion of uploading, the prompt “ftp>” appears again. Enter <dir> to view the name and size of the uploaded file on the security gateway. It has the same size as the original file on the host if the uploading is successful.

  • Page 49: Chapter 6 Hardware Maintenance

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 6 Hardware Maintenance Chapter 6 Hardware Maintenance 6.1 Preparing Tools Phillips screwdriver Flat-blade screwdriver ESD-preventive wrist strap Static shielding bag Note: The tools are not provided with the security gateway, so you need to prepare them yourself.

  • Page 50: Replacing A Ddr Sdram

    Wear an ESD-preventive wrist strap when servicing the device, making sure it has good skin-contact. You must use the SDRAMs provided by H3C. Otherwise, anomalies might occur to the device. 6.3 Replacing a DDR SDRAM...

  • Page 51: Figure 6-2 Ddr Sdram Maintenance Flow

    When booting the security gateway, you can see the following messages: ************************************************** H3C SecPath Series Gateway Boot ROM V1.17 ************************************************** Copyright(C) 2004-2007 by Hangzhou H3C Technologies Co.,Ltd. Compiled at Wed Apr 12 17:39:36 CST 2006...

  • Page 52: Locating The Ddr Sdrams On The Mainboard

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 6 Hardware Maintenance 512M bytes DDR SDRAM Memory bytes Flash Memory Hardware Version is 2.0 CPLD Version is 1.0 Press Ctrl-B to enter Boot Menu “512M bytes DDR SDRAM” means that the security gateway is installed with a DDR SDRAM of 512M bytes.

  • Page 53: Removing A Ddr Sdram

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 6 Hardware Maintenance Figure 6-3 The position of the DDR SDRAMs, Flash, and Boot ROM on the mainboard Each DDR SDRAM has one positioning recess at its bottom for correct orientation. When installing a DDR SDRAM into a memory bank, press the positioning recess into the pin in the bank.

  • Page 54: Installing A Ddr Sdram

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 6 Hardware Maintenance Caution: Hold the DDR SDRAM only by its non-conductive edge, because it is prone to ESD and could be damaged by incorrect operations. You need to exercise some strength to pull the DDR SDRAM out of its bank but do not overdo it.

  • Page 55: Replacing An Mim

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 6 Hardware Maintenance (1) Insert the cover towards this direction (2) Install six screws at these places Figure 6-5 Closing the chassis cove Step 5: Tighten the six captive screws that are removed in steps 3 and 4 described in the section “6.2 Opening the Chassis Cover”...

  • Page 56: Chapter 7 Troubleshooting

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 7 Troubleshooting Chapter 7 Troubleshooting 7.1 Troubleshooting the Power System Symptom: The PWR0/PWR1 LED does not light. Troubleshooting: Check that: The power switch of the PSU is turned on. The power switch of the mains supply is turned on.

  • Page 57: Troubleshooting The Software Upgrade

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 7 Troubleshooting II. Illegible characters on the terminal Symptom: The powered-up security gateway displays illegible characters on the console terminal. Troubleshooting: Make sure you have set on your terminal (HyperTerminal): Baud rate = 9600...
  • Page 58 Installation Manual H3C SecPath V1000-A Security Gateway Chapter 7 Troubleshooting Net Port Download Menu: Change Net Parameter Download From Net Exit to Main Menu Enter your choice(1-3): 2 Starting the TFTP download... Failed to find the updated file Please check the...

  • Page 59: Chapter 8 Multifunctional Interface Modules

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules Chapter 8 Multifunctional Interface Modules 8.1 Multifunctional Interface Module Options Following are the Multifunctional Interface Modules (MIMs) available for the security gateway: I. Ethernet interface modules 1-port 10Base-T/100Base-TX Fast Ethernet interface module (1FE)

  • Page 60: Figure 8-1 Installing The Mim – Step 1

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules Step 3: Select a slot and push the MIM into the chassis until it is fully seated in the slot and its front panel is flush with the front of the chassis.

  • Page 61: Troubleshooting An Mim

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules Caution: If you remove an MIM and do not install a new one right away, you must replace the blanking filler panel to prevent dust and debris from entering the security gateway and to provide adequate ventilation.

  • Page 62: Interface Attributes

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules Figure 8-3 1FE module II. Appearance of the 2FE module The following figure shows the 2FE module: Figure 8-4 2FE module 8.4.3 Interface Attributes The following table shows the attributes of the 1FE and 2FE modules:...

  • Page 63: Panel And Interface Leds

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules Description Attributes 1FE module 2FE module Ethernet_II Frame format Ethernet_SNAP 8.4.4 Panel and Interface LEDs The following figure shows the 1FE module panel: 10/100BASE-TX Figure 8-5 1FE module panel...

  • Page 64: Figure 8-7 Ethernet Cable

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules Figure 8-7 Ethernet cable II. Making an Ethernet cable To make an Ethernet cable with RJ45 connectors using a category-5 twisted-pair cable, refer to Figure 8-8. A category-5 twisted-pair cable is composed of eight wires that are identified and grouped by colors of the outer insulator.

  • Page 65: Table 8-4 Crossover Cable Pinout

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules Category-5 Direction of twisted-pair RJ45 Signal RJ45 signal cable –– White (brown) –– –– Brown –– Table 8-4 Crossover cable pinout Category-5 Direction of Direction of RJ45 twisted-pair...

  • Page 66: Connecting The Interface Cable

    8.5 1GBE/2GBE Module 8.5.1 Introduction 1-/2-port 10Base-T/100Base-T/1000Base-TX Ethernet interface module (1GBE/2GBE) can provide the communications between the SecPath V1000-A and a LAN. The 1GBE/2GBE module supports: The transmission distance of 100 meters over category-5 twisted-pair cable Three operating rates: 1000 Mbps, 100 Mbps, and 10 Mbps, with auto-sensing Full-duplex mode 8.5.2 Appearance...

  • Page 67: Interface Attributes

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules Figure 8-10 2GBE module 8.5.3 Interface Attributes Table 8-5 shows the interface attributes of the 1GBE/2GBE module. Table 8-5 Interface attributes of the 1GBE/2GBE module Attribute 1GBE 2GBE...

  • Page 68: Interface Connection Cable

    Installation Manual H3C SecPath V1000-A Security Gateway Chapter 8 Multifunctional Interface Modules Table 8-6 describes the LEDs on the 1GBE/2GBE module panel and how to read their status. Table 8-6 LEDs on the 1GBE/2GBE module Description LINK OFF means no link is present; ON means a link is present.

  • Page 69: Connecting The Interface Cable

    HUB or LAN Switch, use a crossover cable.) Step 2: Power up the SecPath V1000-A and check the status of the LED for the module on the front panel of the SecPath V1000-A. ON means the module has passed the POST and can operate normally;...

Table of Contents