1. Manuals
  2. Brands
  3. Stonesoft Manuals
  4. Firewall
  5. SSL-3200 Series
  6. Appliance installation manual

Stonesoft SSL-3200 Series Appliance Installation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
SSL-3200 Series
Appliance Installation Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SSL-3200 Series and is the answer not in the manual?

Questions and answers

Related Manuals for Stonesoft SSL-3200 Series

Summary of Contents for Stonesoft SSL-3200 Series

  • Page 1 SSL-3200 Series Appliance Installation Guide...
  • Page 2 European Council Regulation (EC) N:o 1334/2000 of 22 June 2000 setting up a Community regime for the control of exports of dual-use items and technology (as amended). Thus, the export of this Stonesoft software in any manner is restricted and requires a license by the relevant authorities.

  • Page 3: Table Of Contents

    I n t r o d u c t i o n Thank you for choosing a Stonesoft™ appliance. This guide provides instructions for the initial hardware installation and the maintenance of the SSL-3200 Series appliances. See Product Documentation (page 4) for information on other available documentation.

  • Page 4: Installation Procedure

    I n s t a l l a t i o n P r o c e d u r e  To install the appliance 1. If the Solid State Disk (SSD) is not pre-installed in the appliance, install the SSD. See Installing the Solid State Disk (page 11). Appliance 2.

  • Page 5: Safety Precautions

    S a f e t y P r e c a u t i o n s The following safety information and procedures must be followed whenever working with electronic equipment. Electrical Safety Precautions Basic electrical safety precautions should be followed to protect yourself from harm and the appliance from damage: •...
  • Page 6 Note – Use a UPS (Uninterruptible Power Supply) in critical environments with your Stonesoft appliance. If after a brief power outage your Stonesoft appliance only partially starts up (for example, the power light is on, but the NIC LEDs are off and the appliance does...
  • Page 7 Laser Precautions Class 1 Laser Product Caution – Invisible laser radiation is emitted from the end of the fiber- optic cable and from the aperture of the port when no fiber cable is connected. Do not stare into the beam and avoid direct exposure to the beam.

  • Page 8: Unpacking The Appliance

    U n p a c k i n g t h e A p p l i a n c e Inspect the box the appliance was shipped in and any other boxes included in the delivery. If the Solid State Disk (SSD) is not pre-installed in the appliance, the SSD is delivered in a separate box.
  • Page 9 Power Button Table 1 Power Status Status Explanation Indicates power is being supplied to the system's Green power supply unit. This LED is illuminated when the system is operating normally. LED Indicators The front panel has six LED indicators in the upper right corner. The LEDs provide you with critical information related to different parts of the system.

  • Page 10: Back Panel

    SSD Drive Indicators The indicators for the Solid State Disk (SSD) Drive are explained below. Power Disk Table 3 SSD Drive Indicators Indicator Status Explanation Power Blue A Solid State Disk is in the drive. Disk Unlit This indicator is not currently used. B a c k P a n e l AC or DC Power IPMI Port (Use...

  • Page 11: Installing The Solid State Disk

    Fixed Ethernet Ports The LED indicators for the two fixed Ethernet ports are explained below. Link Activity Table 4 Indicators for Fixed Ports Indicator Color Explanation Activity Yellow Link ok, blinks on activity. Unlit No link or the speed is 10 Mbps. Link Green Speed is 100 Mbps.

  • Page 12: Installing Interface Modules

    I n s t a l l i n g I n t e r f a c e M o d u l e s This section provides information on installing Stonesoft interface modules into the appliance. You must install an interface module or a placeholder module in each slot before you can make the appliance operational.

  • Page 13: Rack-Mounting

    R a c k - M o u n t i n g This section provides information on installing the Stonesoft appliance into a rack unit. You can install the appliance into a two-post or a four- post rack unit.
  • Page 14 Appliance Precautions • Determine the placement of each component in the rack before you install the rails. • Install the heaviest components on the bottom of the rack first, and then work up. • The appliance must be connected to grounded power outlets. •...
  • Page 15 Installing the Appliance Into a Two-Post Rack  To install the appliance into a two-post rack Locate the two rack-mounting brackets that are meant for the two- post rack installation. Locate the three pairs of supports on the side of the appliance and the corresponding holes on the brackets.
  • Page 16 Installing the Appliance Into a Four-Post Rack There are two sets of rails that you can use for installing the appliance into a four-post rack. The only difference is the length of the rails. This section explains the installation for both types of rails. ...
  • Page 17 Align the holes against its corresponding button. Once all are aligned, push the holes toward their corresponding buttons. Secure the rail to the appliance with a screw. Repeat steps 3-5 on the other side of the appliance. Insert the outer rails to the rack. If necessary, push the locking tab on the rail to retreat the outer rails.
  • Page 18 Line up the rear of the inner rails with the front of the extended outer rails. Slide the inner rails into the outer rails, keeping the pressure even on both sides (you may have to press the locking tabs when inserting).

  • Page 19: Connecting The Cables

    C o n n e c t i n g t h e C a ble s Front Panel Slots for Interface Modules Back Panel IPMI Port (Use not supported) Slot 0: Fixed Ethernet Ports Two USB Serial Port Port eth0_0 and eth0_1 Ports (Secondary)
  • Page 20 Ethernet Port Names There are 4 slots in the appliance. Each Ethernet port has a unique name that also indicates the slot to which the port belongs. • The fixed Ethernet ports eth0_0 and eth0_1 on the back panel belong to slot 0.
  • Page 21 Connecting Cables to SFP Ports If you have installed an SFP interface module on the appliance, you can use the ports on the module as either copper or fiber ports by inserting a small form-factor pluggable (SFP) transceiver for a copper or fiber-optic cable into the ports.
  • Page 22 Connecting Management Cables  To connect management cables  Choose one of the following: • Connect a monitor to the VGA port on the appliance’s back panel and a keyboard to a USB port. • Or connect the supplied null-modem cable to the serial port on the appliance’s front panel and to a computer that you will use for a terminal connection.

  • Page 23: Configuring The Appliance

    C o n fi g u r i n g t h e A p p l i a n c e Before the appliance can offer any services to the users, you must configure the networking settings for all interfaces you intend to use. Start by Defining the Basic Settings.
  • Page 24 Highlight the correct layout and press Enter. Note – If the desired keyboard layout is not available, use the best- matching available layout, or select US_English.  To set the engine’s timezone Highlight the entry field for Local Timezone and press Enter. Select the correct timezone in the dialog that opens.
  • Page 25  To set the rest of the OS settings Enter the name of the SSL VPN engine. Highlight the entry field for Web Console and SSL-VPN Admin Password and press Enter to change the password that the user admin uses to access the SSL VPN Web Console and the SSL VPN Administrator.
  • Page 26 Highlight Finish and press Enter. The Engine Configuration Wizard closes. Continue by Logging in to the SSL VPN Web Console. Logging in to the SSL VPN Web Console The SSL VPN Web Console is used for interface configuration and other such basic operating-system-level settings.
  • Page 27 Changing the Admin Password in the SSL VPN Web Console Changing the password for the admin user in the SSL VPN Web Console sets the same password for the admin user in both the SSL VPN Web Console and the SSL VPN Administrator. ...
  • Page 28 Setting the System Time The system time must be set correctly for proper operation (used for example, in Access rules, certificate validity checking, and log entries).  To set the system time Expand Hardware in the menu on the left and select System Time. Select the correct Time Zone and click Save.
  • Page 29  To configure a network interface In the SSL VPN Web Console, expand Networking in the menu on the left, and select Network Configuration. On the right, click Network Interfaces. Under Interfaces Activated at Boot Time, click Add a new interface above or below the interface table.
  • Page 30 • The typical setting for Activate at boot is Yes. If you set this option to No, the interface is disabled until you change this setting and then reboot or manually apply the boot-time configuration on the main Network Interfaces page. Click Create to save the interface configuration without activating it, or click Create and Apply to save and activate the interface configuration.
  • Page 31 • Netmask: Enter the Netmask. • Gateway: (Static Routes only) Enter the IP address of the next- hop gateway through which outgoing traffic is routed. Click Save. Click Return to Network Configuration. You are returned to the Network Configuration page. Click Apply Configuration.
  • Page 32 Configuring DNS Settings If you want services to be available by domain names as well as IP addresses, you must configure the DNS settings as below.  To configure the DNS settings In the SSL VPN Web Console, under the Networking category in the menu on the left, select Network Configuration.
  • Page 33  To generate a certificate request While still connected to the appliance with a network cable, enter https://<SSL VPN Administrator IP Address>:8443 as the address in your web browser. Click either the For Windows or For Linux link according to your operating system to download certificate-related tools to your workstation.
  • Page 34 The SSL VPN Administrator is used to set up and manage the SSL VPN features.  To log in to the SSL VPN Administrator Click Log on on the left, under the title Stonesoft SSL VPN Administrator. Log in using the password you set for the SSL VPN Web Console and SSL VPN Administrator admin user account.
  • Page 35 Changing the Admin Password in the SSL VPN Administrator By default, the same password is used to log in to the SSL VPN Web Console and the SSL VPN Administrator as the admin user. We recommend changing the SSL VPN Administrator admin password to a unique password.
  • Page 36 VPN license through the SSL VPN Administrator. If you later connect the appliance to the Stonesoft Management Center, you can optionally manage the licenses through the Management Client as well. See the Stonesoft Administrator’s Guide or the Online Help of the Management Client for more information.  To import a license After you log in and change your password, select License in the menu on the left.
  • Page 37 Importing Certificate Keys and Certificates Note – If your certificate is a bundled certificate, which may contain intermediate certificates, you must split the certificate before adding it to the SSL VPN Administrator. Details on adding bundled certificates can be found in the SSL VPN Administrator’s Guide. See Generating a Certificate Request (page 32) for information on how to generate a working certificate.
  • Page 38 Fill in the details: • Display Name: the name you want to give to the certificate for display in the SSL VPN Administrator interface. • Certificate: Browse and select the signed certificate file. • Key: Browse and select the private certificate key file (private.pk8).
  • Page 39 Select Access Points in the menu on the left. Click Access Point under the title Registered Access Points. Select the Server Certificate from the list. Scroll to the bottom of the page and click Save. Configuring the Appliance...
  • Page 40 Management Client. You can optionally also manage the SSL VPN licenses through the Management Client. In addition, you can configure that SSL VPN logs are sent to the Stonesoft Management Center and can be viewed through the Management Client. See the Stonesoft Administrator’s Guide or the Online Help of the Management...

  • Page 41: Managing The Appliance

    M a n a gin g t h e A p p l i a n c e Enabling Command Line Access You can enable SSH on the appliance to remotely connect to the operating system command line (Linux) to use standard networking tools (like Ping) or to transfer files through SSH.
  • Page 42 • The default key map is set to US English. If you want to change the key map, run the command sg-reconfigure --no-shutdown • The dash character is located to the left of the backspace key in the US English keyboard layout. Checking System Information This section explains how you can check basic system operating status and the software version that the access point is running.

  • Page 43: Maintenance Operations

    M a i n t e n a n c e O p e r a t i o n s Changing the Password for Command Line Access The account for the user root is the only account for engine command line access.
  • Page 44 Reverting to Previously Installed Software Version This procedure allows you to undo a software upgrade. The appliance has two working partitions. One is designated as active and the other as inactive. The inactive partition is used for upgrades and the status is switched between the partitions when the upgrade is ready to be activated.
  • Page 45 Resetting the Appliance to Factory Settings Note – Perform a factory reset only if you have a specific need to do so. Consult Stonesoft Support before performing this operation if you are unsure of whether this operation is necessary or not.
  • Page 46 Replacing Power Supply Modules You can use both AC and DC power supply modules in the appliance. If necessary, you can replace a power supply module with a new one.  To replace a power supply module Unplug the power cord from the DC power supply module or disconnect the wires from the AC power supply module.
  • Page 47 Replacing the Solid State Disk Caution – We recommend using a grounding strap when handling a Solid State Disk (SSD). Uninstalled SSDs are sensitive to ESD damage. If necessary, you can replace the Solid State Disk in the appliance with another one of the same model.
  • Page 48 Replacing Interface Modules Caution – Do not install or remove interface modules if the appliance is powered on to avoid damaging the modules and the appliance. You can replace an interface module either with the same type of module or with a different type of module. If the number of ports in the old module and the new module are the same, the mapping between the Interface IDs and the port names does not change.

  • Page 49: Disposal Instructions

    Power on the appliance using the power button. Caution – Do not power on the appliance if you have not installed an interface module or a placeholder module in the appliance. If the number of ports in the new module differs from the old module, modify the interface definitions as needed in the SSL VPN Web Console and save and activate the changes.
  • Page 50 Stonesoft Appliance Installation Guide This booklet covers the initial installation and configuration tasks specific to your Stonesoft Appliance. For information on how to prepare the Management Center for a new engine installation, see the other available documentation. See inside for fur ther details.

Table of Contents