1. Manuals
  2. Brands
  3. Stonesoft Manuals
  4. Gateway
  5. SSL-1030
  6. Appliance installation manual

Stonesoft SSL-1030 Appliance Installation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

SSL-1030 and SSL-1060
Appliance Installation Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SSL-1030 and is the answer not in the manual?

Questions and answers

Summary of Contents for Stonesoft SSL-1030

  • Page 1 SSL-1030 and SSL-1060 Appliance Installation Guide...
  • Page 2 European Council Regulation (EC) N:o 1334/2000 of 22 June 2000 setting up a Community regime for the control of exports of dual-use items and technology (as amended). Thus, the export of this Stonesoft software in any manner is restricted and requires a license by the relevant authorities.

  • Page 3: Table Of Contents

    (page 4) for information on other available documentation. The use of the appliance is subject to the acceptance of the End User License Agreement, which can be found at the Stonesoft web site. C on t ent s Installation Procedure ....4 Product Documentation ....

  • Page 4: Installation Procedure

    The following safety information and procedures must be followed whenever working with the Stonesoft appliance. However, be advised that Stonesoft appliances are not end-user serviceable, and you must never open the appliance covers for any reason. Doing so may lead to serious injury and will void any hardware warranty that may be associated with your appliance.
  • Page 5 Note – Use a UPS (Uninterruptible Power Supply) in critical environments with your Stonesoft appliance. If after a brief power outage your Stonesoft appliance only partially starts up (for example, the power light is on, but the NIC LEDs are off and the appliance does not connect) turn the appliance off for five seconds and then back on.

  • Page 6: Unpacking The Appliance

    Lithium Battery Precautions Caution – Do not change the battery; the battery must be replaced by authorized service personnel only. Danger of explosion if battery is incorrectly replaced. Replacement battery must be same or equivalent type recommended by the manufacturer. Used batteries must be discarded according to the manufacturer’s instructions.

  • Page 7: Front Panel

    Fr o n t P a n e l Rack-mounting brackets Power and disk activity Port indicators indicators Note – Standby power is supplied to the system even when the appliance is turned off. The connectors are explained in detail in Connecting the Cables (page 13).
  • Page 8 Fixed Ports Activity Link Table 2 Indicators for Fixed Ports Indicator Status Explanation Unlit No link. Activity Amber Link ok. Unlit Speed is 10 Mbps. Link Green Speed is 100 Mbps. Orange Speed is 1 Gbps. B a c k P a n e l Power on/off switch AC power connector Back Panel...

  • Page 9: Rack-Mounting

    R a c k - M o u n t i n g This section provides information on installing the Stonesoft appliance into a rack unit. You can install the appliance into a two-post or a four- post rack unit.
  • Page 10 • The appliance must be connected to a grounded power outlet. • Use a regulating uninterruptible power supply (UPS) to protect the appliance from power surges, voltage spikes and to keep your system operating in case of a power failure. •...
  • Page 11  To install the appliance into a four-post Telco rack Attach a rack-mounting bracket to the rack with two screws through the holes in the front of the bracket: one screw through the top hole and another through the bottom hole in the bracket (see the front panel illustration for the location of the holes).
  • Page 12 recommended to re-attach the three remaining screws back to the front of the appliance. Repeat steps 1 and 2 with the bracket on the other side of the appliance. Attach each bracket to the rack with two screws through the holes in the front of the bracket: one screw through the top hole and another through the bottom hole in the bracket (see the front panel illustration for the location of the holes).

  • Page 13: Connecting The Cables

    C o n n e c t i n g t h e C a ble s Two USB ports Serial port Two or six Ethernet ports (number depends on appliance model) Connecting Network Cables  To connect network cables Connect the network cables to the Ethernet ports.
  • Page 14 Speed/Duplex Settings Network cards at both ends of each cable must have identical speed/ duplex settings. This also applies to the automatic negotiation setting: if one end of the cable is set to autonegotiate, the other end must also be set to autonegotiate.

  • Page 15: Configuring The Appliance

    C o n fi g u r i n g t h e A p p l i a n c e Before the appliance can offer any services to the users, you must configure the networking settings for all interfaces you intend to use. Start by Defining the Basic Settings.
  • Page 16 Tip: Type in the first letter to move forward more quickly in the list of keyboard layouts. Note – If the desired keyboard layout is not available, use the best- matching available layout, or select US_English.  To set the engine’s timezone Highlight the entry field for Local Timezone using the arrow keys and press Enter.
  • Page 17  To set the rest of the OS settings Type in the name of the SSL VPN engine. Highlight the entry field for Web Console and SSL-VPN admin Password and press Enter to change the password that the user admin uses to access the SSL VPN Web Console and the SSL VPN Administrator.
  • Page 18 Highlight Finish and press Enter. The Engine Configuration Wizard closes. Continue by Logging in to the SSL VPN Web Console. Logging in to the SSL VPN Web Console The SSL VPN Web Console is used for interface configuration and other such basic operating-system-level settings.
  • Page 19 Changing the Admin Password in the SSL VPN Web Console Changing the password for the admin user in the SSL VPN Web Console sets the same password for the admin user in both the SSL VPN Web Console and the SSL VPN Administrator. ...
  • Page 20 Setting System Time The system time must be set correctly for proper operation (used for example, in Access rules, certificate validity checking, and log entries).  To set the system time Expand Hardware in the menu on the left and select System Time. Select the correct Time Zone and click Save.
  • Page 21  To configure a network interface In the SSL VPN Web Console, expand Networking in the menu on the left, and select Network Configuration. On the right, click Network Interfaces. Under Interfaces Activated at Boot Time, click Add a new interface above or below the interface table.
  • Page 22 • The typical setting for Activate at boot is Yes. If you set this option to No, the interface is disabled until you change this setting and then reboot or manually apply the boot-time configuration on the main Network Interfaces page. Click Create to save the interface configuration without activating it, or click Create and Apply to save and activate the interface configuration.
  • Page 23 Configuring Routing  To configure routing In the SSL VPN Web Console, under the Networking category in the menu on the left, select Network Configuration. On the right, click Routing and Gateways. The Routing page opens. Define the Default Router in one of the following ways: •...
  • Page 24 Adding Temporary Routes You can optionally add temporary routes in the Create Active Route section that only remain active until the network configuration is applied or the appliance is rebooted. For example, you can create a temporary route for testing, or for temporarily creating connectivity to a particular network.
  • Page 25 Configuring DNS Settings If you want services to be available by domain names as well as IP addresses, you must configure the DNS settings as below.  To configure the DNS settings In the SSL VPN Web Console, under the Networking category in the menu on the left, select Network Configuration.
  • Page 26  To generate a certificate request While still connected to the appliance with a network cable, enter https://<SSL VPN Administrator IP Address>:8443 as the address in your web browser. Click either the For Windows or For Linux link according to your operating system to download certificate-related tools to your workstation.
  • Page 27 The SSL VPN Administrator is used to set up and manage the SSL VPN features.  To log in to the SSL VPN Administrator Click Log on on the left, under the title Stonesoft SSL VPN Administrator. Log in using the password you set for the SSL VPN Web Console and SSL VPN Administrator admin user account.
  • Page 28 Changing the Admin Password in the SSL VPN Administrator By default, the same password is used to log in to the SSL VPN Web Console and the SSL VPN Administrator as the admin user. We recommend changing the SSL VPN Administrator admin password to a unique password.
  • Page 29 VPN license through the SSL VPN Administrator. If you later connect the appliance to the Stonesoft Management Center, you can optionally manage the licenses through the Management Client as well. See the Stonesoft Administrator’s Guide or the Online Help of the Management Client for more information.  To import a license After you log in and change your password, select License in the menu on the left.
  • Page 30 Importing Certificate Keys and Certificates Note – If your certificate is a bundled certificate, which may contain intermediate certificates, you must split the certificate before adding it to the SSL VPN Administrator. Details on adding bundled certificates can be found in the SSL VPN Administrator’s Guide. See Generating a Certificate Request (page 25) for information on how to generate a working certificate.
  • Page 31 Select Access Points in the menu on the left. Click Access Point under the title Registered Access Points. Select the Server Certificate from the list. Scroll to the bottom of the page and click Save. Configuring the Appliance...
  • Page 32 Management Client. You can optionally also manage the SSL VPN licenses through the Management Client. In addition, you can configure that SSL VPN logs are sent to the Stonesoft Management Center and can be viewed through the Management Client. See the Stonesoft Administrator’s Guide or the Online Help of the Management...

  • Page 33: Managing The Appliance

    M a n a gin g t h e A p p l i a n c e Enabling Command Line Access You can enable SSH on the appliance to remotely connect to the operating system command line (Linux) to use standard networking tools (like Ping) or to transfer files through SSH.
  • Page 34 • The default key map is set to US English. If you want to change the key map, run the command sg-reconfigure --no-shutdown • The dash character is located to the left of the backspace key in the US English keyboard layout. Checking System Information This section explains how you can check basic system operating status and the software version that the access point is running.

  • Page 35: Maintenance Operations

    M a i n t e n a n c e O p e r a t i o n s Changing the Password for Command Line Access The account for the user root is the only account for engine command line access.
  • Page 36 Reverting to Previously Installed Software Version This procedure allows you to undo a software upgrade. The appliance has two working partitions. One is designated as active and the other as inactive. The inactive partition is used for upgrades and the status is switched between the partitions when the upgrade is ready to be activated.

  • Page 37: Disposal Instructions

    Resetting the Appliance to Factory Settings Note – Perform a factory reset only if you have a specific need to do so. Consult Stonesoft Support before performing this operation if you are unsure of whether this operation is necessary or not.
  • Page 38 Stonesoft Appliance Installation Guide This booklet covers the initial installation and configuration tasks specific to your Stonesoft Appliance. For information on how to prepare the Management Center for a new engine installation, see the other available documentation. See inside for fur ther details.

This manual is also suitable for:

Ssl-1060

Table of Contents