H3C SecPath F5000-A5 Installation Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Firewall
  5. SecPath F5000-A5
  6. Installation manual

H3C SecPath F5000-A5 Installation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
H3C SecPath F5000-A5 Firewall
Installation Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Document version: 6PW109-20141225

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SecPath F5000-A5 and is the answer not in the manual?

Questions and answers

Related Manuals for H3C SecPath F5000-A5

Summary of Contents for H3C SecPath F5000-A5

  • Page 1 H3C SecPath F5000-A5 Firewall Installation Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document version: 6PW109-20141225...
  • Page 2 Copyright © 2008-2014, Hangzhou H3C Technologies Co., Ltd. and its licensors All rights reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.
  • Page 3 Preface The H3C SecPath F5000-A5 Firewall Installation Guide includes eight chapters, which describe the product overview, preparing for installation, installing the firewall, installing FRUs, accessing the firewall for the first time, replacement procedures, hardware management and maintenance, and troubleshooting. This preface includes: Audience •...
  • Page 4 Convention Description The argument or keyword and argument combination before the ampersand (&) sign can &<1-n> be entered 1 to n times. A line that starts with a pound (#) sign is comments. GUI conventions Convention Description Window names, button names, field names, and menu items are in Boldface. For Boldface example, the New User window appears;...
  • Page 5 Provides frequently asked questions about the firewall. Obtaining documentation Access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support & Documents > Technical Documents]—Provides hardware installation, software...
  • Page 6 Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 7: Table Of Contents

    Contents Preparing for installation ············································································································································· 1   Safety recommendations ·················································································································································· 1   Safety symbols ·························································································································································· 1   General safety recommendations ··························································································································· 1   Electricity safety ························································································································································ 1   Laser safety ································································································································································ 2   Handling safety ························································································································································ 2   Examining the installation site ········································································································································· 2  ...
  • Page 8 Connecting an AC power cord ··························································································································· 26   Connecting a DC power cord ······························································································································ 27   Verifying the installation ················································································································································ 29   Installing FRUs ···························································································································································· 30   Installing an air filter ······················································································································································ 30   Installing a lightning protector for a network port ······································································································ 31  ...
  • Page 9 Verifying and diagnosing transceiver modules ·································································································· 68   Troubleshooting system exceptions ······························································································································ 68   Configuring the exception handling methods ···································································································· 68   Displaying the exception handling method ········································································································ 69   Rebooting your firewall ················································································································································· 69   Troubleshooting ·························································································································································· 71   MPU failures ···································································································································································...
  • Page 10 Power module ························································································································································ 85   Fan tray ·································································································································································· 86   MPU ········································································································································································ 86   Interface modules ·················································································································································· 87   Lightning protector for a network port (optional) ········································································································ 90   Power strip with lightning protection (optional) ·········································································································· 90   Appendix B LEDs ························································································································································ 91  ...

  • Page 11: Preparing For Installation

    Preparing for installation Safety recommendations To avoid possible bodily injury and equipment damage, read all safety recommendations carefully before installation. Note that the recommendations do not cover every possible hazardous condition. Safety symbols When reading this document, note the following symbols: WARNING means an alert that calls attention to important information that if not understood or followed can result in personal injury.

  • Page 12: Laser Safety

    Make sure the accessories of the firewall are not lost or damaged during firewall moving. • Examining the installation site The H3C F5000-A5 firewalls must be used indoors. To ensure normal operation and long service life of your firewall, the installation site must meet the requirements in this section. Weight support Make sure the floor can support the total weight of the rack, chassis, cards, power modules, and all other components.

  • Page 13: Temperature And Humidity

    Temperature and humidity Maintain appropriate temperature and humidity in the equipment room. Lasting high relative humidity can cause poor insulation, electricity creepage, mechanical property • change of materials, and metal corrosion. Lasting low relative humidity can cause washer contraction and ESD and bring problems including •...

  • Page 14: Cooling

    Cooling The F5000-A5 firewalls adopt left to right airflow for heat dissipation. Plan the installation site for adequate ventilation. • Leave at least 10 cm (3.94 in) of clearance at the inlet and outlet air vents. The installation site has a good cooling system. •...
  • Page 15 • Place the removed MPU, CF card, or service card on an antistatic workbench, with the face upward, or put it into an antistatic bag. • Touch only the edges, instead of electronic components when observing or moving a removed MPU, CF card, or service card.

  • Page 16: Emi

    The EMI might be coupled from the source to the firewall through the following coupling mechanisms: Capacitive coupling • Inductive coupling • Radiative coupling • • Common impedance coupling Conductive coupling • To prevent EMI, take the following actions: Take measures against interference from the power grid. •...

  • Page 17: Power Supply

    Power supply Make sure the power source of the installation site is steady and can satisfy the input requirements of the power modules and parameters such as rated voltage. For the power module specifications, see "Power module." Installation tools (user-supplied) The tools in the table might be used for installing the firewall.

  • Page 18: Checklist Before Installation

    Checklist before installation Table 4 Checklist before installation Item Requirements Result The floor can support the total weight of the rack, Weight support chassis, cards, power modules, and all other components. Operating ambient 0°C to 45°C (32°F to 113°F) temperature Operating ambient 10% to 95% (noncondensing) relative humidity...
  • Page 19 Item Requirements Result • Equip an uninterrupted power supply (UPS). Electricity safety • In case of emergency during operation, switch off the external power switch. • Install the firewall in an open rack if possible. If you install the firewall in a closed cabinet, make sure the cabinet is equipped with a good ventilation system.

  • Page 20: Installing The Firewall

    Installing the firewall IMPORTANT: Keep the packages of the firewall and the components for future use. Figure 3 F5000-A5 firewall installation flow Confirming installation preparations Before you install the firewall, verify that:...

  • Page 21: Installing The Firewall In A 19-Inch Rack

    • You have read "Preparing for installation" carefully and the installation site meets all the requirements. • A 19-inch rack is ready for use. The rack is sturdy and securely grounded. • There is sufficient clearance around the rack for heat dissipation and installation. •...

  • Page 22: Attaching The Mounting Brackets To The Chassis

    Figure 5 Installing cage nuts Attaching the mounting brackets to the chassis Mounting bracket Figure 6 Mounting bracket (1) Left mounting bracket (2) Right mounting bracket Attaching the cable management bracket As shown in Figure 7, before you attach a mounting bracket to the chassis, attach the cable management bracket to the left mounting bracket with screws.
  • Page 23 Figure 7 Attaching the cable management bracket (1) Cable management bracket (2) Left mounting bracket Attaching the mounting brackets to the chassis Before you mount the firewall to the rack, attach the front mounting brackets to the two sides of the chassis.

  • Page 24: Mounting The Firewall To The Rack

    Figure 8 Attaching the front mounting brackets to the chassis Mounting the firewall to the rack Put the firewall on the rack shelf, and slide the firewall, making sure there is enough clearance between the firewall and rack posts for installing the mounting brackets. Attach the firewall horizontally by fastening the mounting brackets to the rack with appropriate pan head screws.

  • Page 25: Grounding The Firewall

    Figure 9 Mounting the firewall to the rack (1) Rack shelf NOTE: If you have purchased an air filter, install the air filter before mounting the firewall to the rack. For how to install an air filter, see "Installing an air filter."...

  • Page 26: Connecting The Grounding Cable

    The power input end of the firewall has a noise filter, whose central ground is directly connected to the chassis to form the chassis ground (commonly known as PGND). You must securely connect this chassis ground to the earth so the faradism and leakage electricity can be safely released to the earth to minimize EMI susceptibility of the firewall.

  • Page 27: Installing An Mpu

    Figure 11 Connecting the grounding cable to the grounding hole of firewall NOTE: The resistance reading should be smaller than 5 ohms between firewall chassis and the ground. • To guarantee the grounding effect, use the grounding cable provided with the firewall to connect to the •...
  • Page 28 Figure 12 Inserting the MPU into slot Fasten the captive screws with a Phillips screwdriver. Figure 13 Fastening the captive screws The RUN LED (green) flashes fast (at 8 Hz). It flashes slowly (at 1 Hz) after the MPU application is loaded.

  • Page 29: Installing A Cf Card

    NOTE: The MPU is not hot swappable. • For the LED description, see "LED description." • Installing a CF card IMPORTANT: Before you boot the firewall, make sure the CF card with correct system software image has been correctly installed into the CF card slot. Otherwise, the firewall cannot be booted. To install a CF card: Examine the CF card LED.
  • Page 30 Remove the filler panel. For how to remove a filler panel, see "Removing a filler panel." Use even pressure to gently push the interface module into the slot along the slide rails until the positioning pins on the interface module are seated in the positioning holes on the backplane, and then push the ejector levers inward to lock the interface module in position.

  • Page 31: Installing A Fan Tray

    Figure 16 Fastening the captive screws on the interface module After the firewall is powered on, the RUN LED (green) flashes once and then flashes fast (at 8 Hz). It flashes slowly (at 1 Hz) after the application is loaded. This means that the interface module is operating correctly.
  • Page 32 Figure 17 Pushing the fan tray into the slot Use a Phillips screwdriver to fasten the captive screws on the fan tray. Figure 18 Fastening the captive screws on the fan tray Power on the firewall and examine the status LED on the front panel. On means the fan tray is operating correctly.

  • Page 33: Installing A Power Module

    NOTE: The fans can automatically adjust the speed. • For the LED description of the fan tray, see "Fan tray LEDs." • Installing a power module The procedures for installing an AC power module and DC power module are similar. The following uses an AC power module as an example.

  • Page 34: Connecting Interface Cables

    Connecting interface cables Connecting the management Ethernet port The firewall has one management Ethernet port, which is a 10Base-T/100Base-TX/1000Base-T autosensing RJ-45 port. You can connect this port to a PC or management station for loading and debugging software or remote management. You can use straight-through cables or crossover cables to connect the management Ethernet port.

  • Page 35: Connecting Ethernet Cables

    • Stateful failover can be implemented between only two devices. Use a network cable to directly connect the failover interfaces. No intermediary device (such as a router, a switch, or a hub) is allowed between the interfaces. For more information about stateful failover, see the configuration guide of the firewall. Figure 21 Network diagram for stateful failover Connecting Ethernet cables Connecting a copper Ethernet port...

  • Page 36: Connecting A Power Cord

    To connect a fiber port to a peer device through optical fibers: Remove the dust plug from the fiber port. Remove the dust cover from the transceiver module, and plug the end without a pull latch into the SFP port. Remove the dust cover from the fiber connector.

  • Page 37: Connecting A Dc Power Cord

    Connect one end of the AC power cord to the AC receptacle on the firewall, and the other end to the AC power source. Figure 23 Connecting an AC power cord to the firewall Connecting a DC power cord WARNING! Identify the label on the DC power cord when connecting a DC power cord to avoid connection mistakes.
  • Page 38 Figure 24 DC power cord (1) Naked crimping terminal, OT, 6mm^2, M4, tin plating, naked ring terminal, 12 to 10 AWG (2) Heat shrink tube (3) Label 1 (+) (4) Power cord, 600V, UL10455, 5.3 mm^2, 10AWG, black, 45 A (5) Main label (6) Heat shrink tube (7) Power cord, 600 V, UL10455, 5.3 mm^2, 10AWG, blue, 45 A...

  • Page 39: Verifying The Installation

    Figure 25 Connecting the DC power cord Verifying the installation To ensure normal operation of the firewall, verify the following items before you power on the firewall: There is enough space for heat dissipation around the firewall. • The grounding cable is securely connected. •...

  • Page 40: Installing Frus

    Installing FRUs You can install an air filter, a lightning protector for a network port, and a power strip with lightning protection on an F5000-A5 firewall. These components do not come with the firewall. Prepare them yourself. Installing an air filter Face the left side of the chassis.

  • Page 41: Installing A Lightning Protector For A Network Port

    Figure 27 Pushing the air filter along the slide rails Fasten the captive screws on the rear edge of the air filter with a Phillips screwdriver. Figure 28 Fastening the captive screws Installing a lightning protector for a network port The lightning protector for a network port is only applicable to a copper Ethernet port.
  • Page 42 The following two types of lightning protectors for network ports are available for the F5000-A5. Maximum discharge current Type Port description Output voltage (8/20μs waveform) • Core-core < 15 V 10M/100M port Single port 2.5 kA • lightning protector Core-ground < 300 V •...
  • Page 43 Figure 29 Installing a lightning protector (1) Grounding wire (2) Outdoor network cable (3) Lightning protector for a network port (4) Cable connected to the firewall Installation precautions The performance of the port lightning protector may be affected in the following cases: The port lightning protector is installed in reverse direction.

  • Page 44: Connecting The Ac Power Supply To A Power Strip With Lightning Protection

    Connecting the AC power supply to a power strip with lightning protection CAUTION: Make sure the PE terminal of the power socket has been securely grounded. If part of the AC power line is routed outdoors, use a power strip with lightning protection to connect the AC power cord of the firewall to the AC power line to protect the firewall from being damaged by lightning strikes.

  • Page 45: Logging In And Performing Basic Configurations

    Logging in and performing basic configurations The first time you access the firewall, you can log in to the CLI through the console port or log in to the Web interface by using a Web browser. After login, you can configure Telnet or SSH for remote access. You can also configure AUX access parameters so you can use the AUX port for local access when the console port is not available.

  • Page 46: Configuring Communication Parameters On The Terminal

    Figure 31 Connecting the terminal to the firewall (1) Console port (2) RJ-45 connector (3) Console cable IMPORTANT: • Identify the mark on the console port and make sure you are connecting to the correct port. The serial ports on PCs do not support hot swapping. If the firewall has been powered on, always •...
  • Page 47 Figure 32 Creating a HyperTerminal connection Select the serial port used to connect to the firewall and click OK. Figure 33 Selecting the serial port Configure serial port properties as described in Table...
  • Page 48 Figure 34 Configuring serial port properties Table 5 Serial port properties Property Value Bits per second 9600 bps (the default) Data bits Parity None Stop bits Flow control None NOTE: If you are using SecureCRT, set the flow control property to Xon/Xoff to ensure correct display. To restore the default settings, click Restore Defaults.
  • Page 49 Figure 35 HyperTerminal window Select File > Properties and then click the Settings tab. Figure 36 Selecting the emulation type Select VT100 or Auto detect for Emulation and click OK.

  • Page 50: Powering On The Firewall

    Press Ctrl+D to access BASIC-BOOTWARE MENU Booting Normal Extend BootWare..**************************************************************************** H3C SecPath NSQ MPUA BootWare, Version 1.10 **************************************************************************** Copyright (c) 2004-2013 Hangzhou H3C Technologies Co., Ltd. Compiled Date : Feb 28 2013 CPU Type : XXXX CPU L1 Cache...

  • Page 51: Logging In To The Cli By Using Telnet

    .... The main application file is self-decompressing......Press ENTER to get started. Press Enter at the prompt. When the prompt <H3C> appears, you can configure and manage the firewall. NOTE: To access the extended Boot menu (also called the "main BootWare menu"), press Ctrl+B immediately •...

  • Page 52: Logging In To The Web Interface

    NOTE: The default account is used at the first login. To ensure security, you must delete the default account and create an administrator account. For more information, see H3C SecPath Series Firewalls and UTM Devices Getting Started Guide. Logging in to the CLI through the AUX port...

  • Page 53: Performing Basic Configurations

    Step Command Remarks Enter system view. system-view Set the system name. sysname sysname By default, the system name is H3C. By default, the Telnet server is Enable the Telnet server. telnet server enable disabled. interface interface-type Enter Ethernet interface view.

  • Page 54: Performing Basic Configurations In The Web Interface

    Step Command Remarks Five security zones are predefined zone name zone-name [ id in the system: Management, Local, zone-id ] Trust, DMZ, and Untrust. Add the interface to a security By default, GigabitEthernet 0/0 zone. import interface interface-type belongs to the management zone, interface-number [ vlan vlan-list ] and other interfaces do not belong to any zone.
  • Page 55 To change the password, enter the new password and confirm it. New Password For versions prior to F3210, the default username and password are both h3c. For F3210 and later versions, the default username and password are both admin. Confirm Password Specify the password encryption method: •...
  • Page 56 Figure 40 Basic configuration wizard—3/6 (service management) Configure services as described in Table Table 7 Configuration items Item Description Specify whether to enable the FTP service on the firewall. By default, the FTP service is disabled. Specify whether to enable the Telnet service on the firewall. Telnet By default, the Telnet service is disabled.
  • Page 57 Item Description Specify whether to enable the HTTPS service on the firewall. To enable the HTTPS service on the firewall, select the Enable option and select the HTTPS service port number. By default, the HTTP service is disabled. To improve the security of your connection to the firewall, use HTTPS, which is based on SSL. HTTPS IMPORTANT: •...
  • Page 58 Table 8 Configuration items Item Description Select an IP address acquisition approach for the interface: • None—Assigns no IP address to the interface. • Static Address—If you select this option, you must manually assign an IP address and a mask to the IP Configuration IMPORTANT: interface.
  • Page 59 Item Description Specify whether to enable dynamic NAT on the interface. If dynamic NAT is enabled, the IP address of the interface will be used as the IP address Dynamic NAT of a matched packet after the translation. By default, dynamic NAT is disabled. Specify the source IP address and wildcard for matching packets.
  • Page 60 Figure 43 Basic configuration wizard—6/6 To modify your configuration, click Back to go back to the previous page. To save the current configuration to the startup configuration file (.cfg or .xml file) for the next device boot when you submit the configurations, select Save Configuration. Click Finish to complete the configuration.

  • Page 61: Replacement Procedures

    Replacement procedures Precautions • Always wear an ESD wrist strap or ESD gloves when servicing the firewall. When removing FRUs (such as MPUs, interface modules, fan trays, power modules, and the CF • card): Ensure good alignment with the slot and use uniform force to avoid damage to the FRUs. Completely loosen each captive screw before removing FRUs to keep their panels in good condition.

  • Page 62: Removing A Filler Panel

    NOTE: The MPU and interface module slots use the same type of filler panels. Figure 45 Filler panel for a power module slot (1) Front view (2) Side view (3) Rear oblique view (4) EMI gasket Removing a filler panel This section takes the filler panel for an interface module slot as an example.

  • Page 63: Installing A Filler Panel

    Keep the removed filler panels and screws for future use. • H3C recommends that you install filler panels in all empty slots to prevent dust from entering the firewall • chassis and make sure of good ventilation in the firewall.

  • Page 64: Replacing An Mpu

    Figure 47 Installing a filler panel in an interface module slot Replacing an MPU IMPORTANT: MPUs are not hot-swappable. Before you remove MPUs, power off the firewall. To replace an MPU: Face the front panel of the firewall. Loosen the captive screws with a Phillips screwdriver until all pressure is released.
  • Page 65 Figure 48 Loosening the captive screws Pull the two ejector levers at both ends of the MPU outward to release the MPU, and then gently pull the MPU out along the slide rails. Put the removed MPU in an antistatic bag. Figure 49 Pulling out the MPU...

  • Page 66: Replacing An Interface Module

    Install a new MPU. For the installation procedures, see "Installing an MPU." If no new MPU is to be installed, install a filler panel. For the installation procedures, see "Installing a filler panel." Replacing an interface module IMPORTANT: Interface modules are not hot-swappable. Before you remove Interface modules, power off the firewall. To replace an interface module: Face the front panel of the firewall.

  • Page 67: Replacing A Cf Card

    Figure 51 Pulling out the interface module Install a new interface module. For the installation procedures, see "Installing an interface module." If no new interface module is to be installed, install a filler panel. For the installation procedures, see "Installing a filler panel."...

  • Page 68: Replacing A Transceiver Module

    Figure 52 Removing a CF card Install a new CF card. For the installation procedures, see "Installing a CF card." Replacing a transceiver module WARNING! • When you remove a transceiver module, do not touch the golden finger on the module. Do not stare at the fibers to avoid hurting your eyes.

  • Page 69: Replacing A Power Module

    Pressing the tab of the LC connector, pull out the LC connector from the transceiver module. Put on the dust cap for the LC connector. Pivot the clasp of the transceiver module down to the horizontal position. Hold the clasp to pull the transceiver module out of the socket. Put the dust plug on the removed module, and put the removed module into its original shipping materials.

  • Page 70: Replacing A Fan Tray

    Figure 54 Pulling out the power module Install a new power module. For the installation procedures, see "Installing a power module." If no new power module is to be installed to the slot, install a filler panel to prevent dust from entering the chassis.
  • Page 71 Figure 55 Loosening the captive screws Gently pull the fan tray out along the slide rails. Put the removed fan tray in an antistatic bag. Figure 56 Pulling out the fan tray Install a new fan tray. For the installation procedures, see "Installing a fan tray."...

  • Page 72: Hardware Management And Maintenance

    H3C Comware Platform Software Comware Software, Version 5.20, Feature 3213 Copyright (c) 2004-2013 Hangzhou H3C Tech. Co., Ltd. All rights reserved. H3C SecPath F5000-A5 uptime is 0 week, 0 day, 0 hour, 57 minutes CPU type: XXXX 3584M bytes DDR2 SDRAM Memory...

  • Page 73: Displaying Running Status Data

    Displaying running status data For diagnosis or troubleshooting, you can use the display diagnostic-information command in any view to bulk collect running data for multiple modules, rather than using separate display commands (such as display clock, display version, display device, and display current-configuration) to collect running status data module by module.

  • Page 74: Displaying The Electrical Label Data

    MAC address, and vendor name. Use the display device manuinfo command to display the electronic label data for the cards. <Sysname> display device manuinfo slot 0 DEVICE_NAME:NSQM1MPUA0 DEVICE_SERIAL_NUMBER:210231A850B103000105 MAC_ADDRESS:0023-89a6-dbdc MANUFACTURING_DATE:2010-03-11 VENDOR_NAME:H3C slot 1 DEVICE_NAME:NSQ1GT8C4 DEVICE_SERIAL_NUMBER:210231A84X0089000002 MAC_ADDRESS:000f-e2c0-cde0 MANUFACTURING_DATE:2008-09-08 VENDOR_NAME:H3C Displaying CPU usage statistics Use the display cpu-usage command to display CPU usage statistics.

  • Page 75: Displaying Memory Usage Statistics

    Unit CPU usage: 3% in last 5 seconds 3% in last 1 minute 3% in last 5 minutes Table 10 Command output Field Description After a boot, the system calculates and records the average CPU usage rate every five seconds. 3% in last 5 seconds This field displays the average CPU usage rate in the last five seconds.

  • Page 76: Displaying The Operating States Of Fans

    Table 12 Command output Field Description CF ID Slot number of the CF card CF card status, which can be: • Absent—No CF card is in the slot. Status • Fault—The CF card has failed. • Normal—The CF card is operating correctly. Size Storage memory of the CF card Displaying the operating states of fans...

  • Page 77: Managing Interfaces And Transceiver Modules

    Managing interfaces and transceiver modules Managing combo interfaces Combo interfaces are logical interfaces. A combo interface comprises one SFP fiber port and one RJ-45 copper port. The two ports cannot work simultaneously because they share the same forwarding interface. If one port is enabled, the other port is automatically disabled. Verifying a fiber or copper port You can use the display interface interface-type interface-number command to identify the SFP fiber port and RJ-45 copper port.

  • Page 78: Verifying And Diagnosing Transceiver Modules

    Verifying and diagnosing transceiver modules Commonly used transceiver modules Whether can be an Whether can be an Transceiver type Application scenarios optical transceiver electrical module transceiver module Generally used for SFP (Small Form-factor 100M/1000M Ethernet Pluggable) interfaces XFP (10-Gigabit small Generally used for 10G Ethernet Form-factor Pluggable) interfaces...

  • Page 79: Displaying The Exception Handling Method

    To configure the exception handling method: Step Command Remarks Enter system view. system-view Optional. Configure the exception handling system-failure { maintain | reboot } By default, the MPU uses the reboot method for the MPU. method when an exception occurs. NOTE: Rebooting an MPU reboots the firewall.
  • Page 80 Task Command Remarks Optional. Enable the scheduled reboot schedule reboot delay { hh:mm | The scheduled reboot function is function and specify a reboot mm } disabled by default. waiting time. Available in user view.

  • Page 81: Troubleshooting

    Troubleshooting IMPORTANT: The barcode stuck on the firewall chassis contains information about production and servicing. Before you return a faulty firewall for serving, provide the barcode information of the firewall to your local sales agent. MPU failures Symptom 1 Symptom The RUN LED of the MPU is off, which indicates that the MPU is powered off or faulty.

  • Page 82: Symptom 3

    The ALM LED is steady on or flashing, which indicates that the firewall is faulty. For example, the ALM LED is on when the system is over-temperature. In this case, the system displays the following error message: %Jun 25 14:38:45:444 2007 H3C DRVMSG/3/TempCritical: CPU temperature critical in Slot 3, index is 1. Solution Examine the messages displayed on the configuration terminal and the software management tool, such as the system temperature and module voltage alarms.

  • Page 83: Power Supply System Failures

    Slot3: The Board is present, state is unknown Solution Contact your local sales agent. Power supply system failures Symptom 1 Symptom The firewall cannot be powered on. The power LED on the front panel is off, which indicates that no power is input.

  • Page 84: Fan Failures

    5 14:59:03:878 2007 H3C DRVMSG/3/FanPlugIn:Fan 1 Plug In. %Jul 5 14:59:03:879 2007 H3C DRVMSG/3/FanErr:Fan 1 Error. #Jul 5 14:59:03:998 2007 H3C DEV/1/FAN STATE CHANGES TO FAILURE: Trap 1.3.6.1.4.1.2011.2.23.1.12.1.6<fanfailure>: fan ID is 1 %Jul 5 14:59:03:998 2007 H3C DEV/4/FAN FAILED: Fan 1 failed.

  • Page 85: No Display On The Configuration Terminal

    No display on the configuration terminal Symptom After the firewall is powered on, the configuration terminal does not display anything. Solution To troubleshoot the configuration system failure first: Verify that the power supply system is operating correctly. Verify that the console cable is correctly connected. If the cause cannot be located in the steps above, the possible reasons are as follows: •...

  • Page 86: Password Loss

    For more information, see the firewall command references. Password loss For troubleshooting console login password loss and user privilege level password loss, see H3C SecPath Series Firewalls and UTM Devices System Management and Maintenance Configuration Guide. Cooling system failures Symptom When the temperature inside the firewall exceeds 75°C (167°F), the following information appears on...

  • Page 87: Software Upgrade Failures

    %May 14 22:25:18:713 2007 H3C DEV/4/BOARD TEMP NORMAL: Board temperature changes to normal on Frame 0 Slot 0, type is MPU. The output shows that the operating temperature of the firewall restores to normal state. When exceptions occur, the temperature inside the firewall might exceed 90°C (194°F), in which case the...

  • Page 88: Failure To Upgrade Through Ftp

    Failed to write data into storage device, maybe no enough space on device Symptom 2: The file to be downloaded is not found. • File will be transferred in binary mode Downloading file from remote TFTP server, please wait... File not found. Symptom 3: The server IP address or local IP address is incorrect.

  • Page 89: Application File Missing Errors

    Application file missing errors Symptom When none of the main, backup, and secure application files exists, the system displays the following information at startup: BootWare Validating... Application program does not exist. Please input BootWare password: If you select 1 on the main BootWare menu, the system displays the following information: Starting to get the main application file--cfa0:/main.bin! The main application file does not exist--cfa0:/main.bin! Starting to get the backup application file--cfa0:/backup.bin!

  • Page 90: Appendix A Chassis Views And Technical Specifications

    Appendix A Chassis views and technical specifications Chassis views CAUTION: When moving the chassis, do not use the rear chassis cover handle (callout 2) in Figure 57. This handle is not designed to support the chassis weight. Figure 57 Front view (1) MPU slot (Slot 0) (2) Fan tray slot (3) Chassis handle...

  • Page 91: Main Processing Unit

    Figure 58 Rear view (1) Warning label (2) Rear chassis cover handle (3) (Optional) Upper slide rail for the air filter (4) (Optional) Air filter (5) (Optional) Lower slide rail for the air filter (6) Chassis handle (7) Weight support warning label (Max. weight of 50 kg/110.23 lb) (8) Grounding screw and sign (9) Air vents Main processing unit...

  • Page 92: Interface Modules

    Interface modules The F5000-A5 firewall must have at least one interface module in addition to one MPU. The slots for interface modules are slot 1 through slot 4. NSQ1GT8C40 The NSQ1GT8C40 interface module provides eight 10/100/1000BASE-T copper Ethernet ports and four combo interfaces.

  • Page 93: Nsq1Gt8P40

    NSQ1GT8P40 The NSQ1GT8P40 interface module provides eight 1000BASE-X fiber Ethernet ports and four combo interfaces. These ports can be set to operate as Layer 2 interfaces or Layer 3 interfaces. Each combo interface comprises one 10/100/1000BASE-T copper port and one 1000BASE-X fiber port. When one port in a pair is activated, the other port automatically shuts down.

  • Page 94: Dc Power Module

    DC power module Figure 64 F5000-A5 DC power module (1) DC-input terminal block (2) Power LED (3) Power module handle (4) Power switch (5) Captive screw Fan tray Figure 65 F5000-A5 fan tray (1) Running status LED (RUN) (2) Alarm LED (ALM) (3) Fan tray handle (4) Fan (5) Warning label...

  • Page 95: Technical Specifications

    Technical specifications Dimensions and weight Table 15 Dimensions and weight Item Description Dimensions (H × W × D) 308 (7RU) × 436 × 476 mm (12.13 × 17.17 × 18.74 in) Weight (full configuration) 44 kg (97.00 lb) Number of slots Power module Table 16 Power module specifications Item...

  • Page 96: Fan Tray

    Item Description Dimensions (H × W × D) 40 × 140 × 350 mm (1.57 × 5.51 × 13.78 in) DC power module Table 18 DC power module specifications Item Description Rated voltage range –48 VDC to –60 VDC Maximum input current 25 A Maximum power consumption 650 W...

  • Page 97: Interface Modules

    Item Specification Management Ethernet port 1 (10Base-T/100Base-TX/1000Base-T) HA port 1 (10Base-T/100Base-TX/1000Base-T) • 256 MB by default for the built-in CF card CF card • 256 MB, 512 MB, or 1 GB for an optional external CF card 2 (USB 0: operating in the host mode; USB 1: operating in the device mode) USB interfaces Reserved for future use Dimensions (H ×...
  • Page 98 Item Description Short-haul Medium-haul Long-haul Long-haul Ultra-long multimode single-mode optical optical haul optical optical optical interface interface interface Type interface interface Optical module module module module (850 module transmit (1550 nm) (1310 nm) (1550 nm) (1310 nm) power –9.5 dBm –9 dBm –2 dBm –4 dBm...
  • Page 99 Item Description 62.5/125 μm 9/125 μm 9/125 μm 9/125 μm Fiber type multimode fiber single-mode fiber single-mode fiber single-mode fiber Maximum 40 km (24.86 transmission 300 m (984.25 ft) 300 m (984.25 ft) 10 km (6.21 miles) miles) distance NSQ1GT8P40 Table 23 NSQ1GT8P40 specifications Item Description...

  • Page 100: Lightning Protector For A Network Port (Optional)

    Item Description Maximum transmission 0.55 km 10 km (6.21 40 km (24.86 40 km (24.86 70 km (43.50 distance (0.34 miles) miles) miles) miles) miles) Lightning protector for a network port (optional) If part of the network cable of a network port must be routed outdoors, connect a lightning protector to the cable before you plug the cable into the port.

  • Page 101: Appendix B Leds

    Appendix B LEDs Table 24 lists the LEDs available for you to monitor module status. Table 24 LEDs at a glance LEDs Description Device status LED (RUN) Device status LED (ACT) Device status LED (ALM) MPU LEDs Figure 66 Management Ethernet interface status LED (LINK/ACT) USB interface status LED (USB) CF card status LED (CF)
  • Page 102 Table 25 LED description Status Description No link is present on the management Ethernet port. A link is present on the management Ethernet port. (green) No link is present on the HA port. (green) A link is present on the HA port. No CF card is present or the CF card is not recognizable.

  • Page 103: Interface Module Leds

    Interface module LEDs NSQ1GT8C40 Figure 67 NSQ1GT8C40 LEDs Table 26 LED description Status Description No link is present on the corresponding port. Steady green A 1000 Mbps link is present on the port. Flashing green Data is being transmitted or received at 1000 Mbps. (yellow/green) Steady yellow A 10/100 Mbps link is present on the port.

  • Page 104: Nsq1Gt8P40

    Table 27 LED description Status Description No fiber link is present on the port. Steady green A fiber link is present on the port. (green) Flashing green Data is being transmitted or received at 10 Gbps. No power input or the interface module is faulty. Slow flashing (1 Hz) The interface module is operating correctly.

  • Page 105: Power Module Leds

    Power module LEDs Figure 70 AC power module LED Figure 71 DC power module LED Table 29 LED description Status Description Steady green The power module is operating correctly. Power LED Steady red The power module is faulty. No power input is present.

  • Page 106: Fan Tray Leds

    Fan tray LEDs Figure 72 Fan tray LEDs Table 30 LED description Status Description No system power input is present or the fan tray is faulty. (green) The fan tray is operating correctly. The fan tray is operating correctly. (red) The fan tray is faulty.

  • Page 107: Appendix C Arranging Slots And Numbering Interfaces

    Appendix C Arranging slots and numbering interfaces Arranging slots The F5000-A5 supports console, AUX, GigabitEthernet, and Ten-GigabitEthernet interfaces. This chapter describes how these interfaces are numbered. Figure 73 Slot arrangement on the F5000-A5 NOTE: The numbers 0 through 4 in Figure 73 represent Slot 0 through Slot 4 on the device respectively.

  • Page 108: Examples

    • interface-type represents the type of the interface such as GigabitEthernet. X represents the number of the slot where the interface module resides, in the range of 1 to 4. • Y represents the sequence number of the interface on the interface module, depending on the •...

  • Page 109: Appendix D Cables

    Appendix D Cables This chapter describes cables used for connecting network ports. Table 31 Cable description Cable Port type Application Ethernet twisted pair cable RJ-45 Ethernet ports Connects RJ-45 Ethernet ports to transmit data. Optical fiber SFP/XFP ports Connects the fiber ports to transmit data. Ethernet twisted pair cable Introduction An Ethernet twisted pair cable consists of four pairs of insulated copper wires twisted together.
  • Page 110 strict application requirements and are expensive although they provide better EMI prevention performance than UTPs, so in most LANs, UTPs are commonly used. An Ethernet twisted pair cable connects network devices through the RJ-45 connectors at the two ends. Figure 74 shows the pinouts of an RJ-45 connector.
  • Page 111 Figure 75 Straight-through cable Figure 76 Crossover cable Select an Ethernet twisted pair cable according to the RJ-45 Ethernet port type on your device. An RJ-45 Ethernet interface can be MDI (for routers and PCs) or MDIX (for switches). For the pinouts of RJ-45 Ethernet interfaces, see Table 33 Table...

  • Page 112: Making An Ethernet Twisted Pair Cable

    Table 33 RJ-45 MDI interface pinouts 10Base-T/100Base-TX 1000Base-T Signal Function Signal Function Send data BIDA+ Bi-directional data cable A+ Send data BIDA- Bi-directional data cable A- Receive data BIDB+ Bi-directional data cable B+ Reserved BIDC+ Bi-directional data cable C+ Reserved BIDC- Bi-directional data cable C- Receive data...

  • Page 113: Optical Fiber

    Untwist the pairs so that they can lie flat, and arrange the colored wires based on the wiring specifications. Cut the top of the wires even with one another. Insert the wires into the RJ-45 end and make sure the wires extend to the front of the RJ-45 end and make good contact with the metal contacts in the RJ-45 end and in the correct order.

  • Page 114: Precautions

    Precautions • Make sure the fiber connector and fiber type match the transceiver module type. The optical interfaces on some cards have shielded covers. Remove the shielded covers before • using the optical interfaces. Optical interfaces must be installed with shielded covers when they are not in use.

  • Page 115: Appendix E Cabling Recommendations

    Appendix E Cabling recommendations When an F5000-A5 is mounted in a 19-inch standard rack, the interface cables are routed through the cable management brackets, bound at cabling racks on chassis sides, and then routed up or down to pass through the chassis top or the raised floor, depending on the available equipment room condition. The power cables run along the two sides of the chassis and out of the chassis either from the chassis top or the raised floor depending on the equipment room conditions (power distribution cabinet, lightning protection box, connector strip, and so on) of the exchange office.
  • Page 116 Figure 78 Correct and incorrect cable binding • Route different types of cables (for example, power cables and signal cables) separately. If they are close to one another, cross them over one another. If you route them in parallel, make sure the space between a power cable bundle and a signal cable bundle is at least 30 mm (1.18 in).
  • Page 117 Figure 80 Binding cables where they must be bent • Route, bind, and attach excess cables for easy, safe maintenance activities and correct operations. Do not tie power cables to slide rails. • When you connect a cable to an articulated part, for example, when you connect a grounding •...

  • Page 118: Cabling Examples

    Table 36 Tie-binding parameters Cable bundle diameter (mm) Space between bundles (mm) 80 to 150 10 to 30 150 to 200 200 to 300 Do not tie cables or bundles in a knot. • The metal parts of the crimped cold-pressed terminal blocks (such as air switch) cannot protrude •...
  • Page 119 Figure 83 Fiber cabling example...

  • Page 120: Index

    Index A C D E F G I L M N O P R S T V Examples,98 Accessories,7 Application file missing errors,79 failures,74 Arranging slots,97 tray,84 Fan tray LEDs,96 Cable management requirements,105 Cabling examples,108 General cabling requirements,105 Chassis views,80 Grounding the firewall,15 Checklist before...
  • Page 121 Managing interfaces and transceiver modules,67 Rebooting your firewall,69 failures,71 Replacing a CF card,57 LEDs,91 Replacing a fan tray,60 Replacing a power module,59 Replacing a transceiver module,58 Numbering interfaces,97 Replacing an interface module,56 Replacing an MPU,54 Optical fiber,103 Safety recommendations,1 Password loss,76 Service module failures,72...

Table of Contents