1. Manuals
  2. Brands
  3. Stonesoft Manuals
  4. Network Hardware
  5. SSL-1302
  6. Appliance installation manual

Stonesoft SSL-1302 Appliance Installation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
SSL-1302
Appliance Installation Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SSL-1302 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Stonesoft SSL-1302

Summary of Contents for Stonesoft SSL-1302

  • Page 1 SSL-1302 Appliance Installation Guide...
  • Page 2 European Council Regulation (EC) N:o 1334/2000 of 22 June 2000 setting up a Community regime for the control of exports of dual-use items and technology (as amended). Thus, the export of this Stonesoft software in any manner is restricted and requires a license by the relevant authorities.

  • Page 3: Table Of Contents

    I n t r o d u c t i o n Thank you for choosing a Stonesoft™ appliance. This guide provides instructions for the initial hardware installation and the maintenance of the SSL-1302 appliance. See Product Documentation (page 4) for information on other available documentation.

  • Page 4: Installation Procedure

    I n s t a l l a t i o n P r o c e d u r e  To install the appliance 1. If the Solid State Disk (SSD) is not pre-installed in the appliance, install the SSD. See Installing the Solid State Disk (page 10). Appliance 2.

  • Page 5: Safety Precautions

    The following safety information and procedures must be followed whenever working with electronic equipment. However, please be advised that Stonesoft appliances are not end-user serviceable, and you must never open the appliance covers for any reason. Doing so may lead to serious injury and will void any hardware warranty that may be associated with your appliance.
  • Page 6 Note – Use a UPS (Uninterruptible Power Supply) in critical environments with your Stonesoft appliance. If after a brief power outage your Stonesoft appliance only partially starts up (for example, the power light is on, but the appliance does not connect) turn the appliance off for five seconds and then back on.

  • Page 7: Unpacking The Appliance

    strictly followed, the warranty may become void. Do not open the power supply casing. Read the Safety Precautions (page 5) before you conduct any installation or maintenance operations on the appliance. Operating and Storage Temperatures The allowed operating temperature of the appliance and the interface module is +5...+35ºC.

  • Page 8: Front Panel

    Fr o n t P a n e l Two USB ports Interface module Serial console port VGA port Fixed Ethernet Power button; ports warning and disk activity indicators Note – Standby power is supplied to the system even when the appliance is turned off.

  • Page 9: Back Panel

    Fixed Ethernet Port Link Activity Table 2 Indicators for Fixed Ports Indicator Status Explanation Activity Yellow Link ok, blinks on activity. Amber 1G link. Link Green 100M link. B a c k P a n e l Solid State Disk (SSD) Drive AC or DC power connector The indicators for the Solid State Disk (SSD) Drive are explained below.

  • Page 10: Installing The Solid State Disk

    I n s t a l l i n g t h e S o l i d S t a t e D i s k If the Solid State Disk (SSD) is not pre-installed in the appliance, you must first install the SSD.

  • Page 11: Installing The Interface Module

    I n s t a l l i n g t h e I n t e r f a c e M o d u l e This section provides information on installing a Stonesoft interface module into the appliance. You must install the interface module before you can configure the appliance.

  • Page 12: Rack-Mounting

    R a c k - M o u n t i n g This section provides information on installing the Stonesoft appliance into a rack unit. You can install the appliance into a two-post or a four- post rack unit.
  • Page 13 Appliance Precautions • Determine the placement of each component in the rack before you start the installation. • Install the heaviest components on the bottom of the rack first, and then work up. • The appliance must be connected to a grounded power outlet. •...
  • Page 14 Installing the Appliance Into a Two-Post Rack  To install the appliance into a two-post rack Locate the two rack-mounting brackets that are meant for the two- post rack installation. Attach a bracket to the appliance with three screws. Repeat step 2 on the other side of the appliance. Attach each bracket to the rack with two screws through the holes in the front of the bracket: one screw through the top hole and another through the bottom hole.
  • Page 15 Installing the Appliance Into a Four-Post Rack If you are installing the appliance into a four-post rack, the rack- mounting method depends on the depth at which the brackets are attached to the rack: • If the depth is 40-70 cm (c. 16-28 inches), see To install the appliance with medium-length brackets below.
  • Page 16 • These screws support the appliance when it is inserted into the rack. The number and position of the screws depends on the depth of the rack. Repeat step 5 on the other side of the appliance. Line up the screws that you have attached to the side of the appliance with the groove in the brackets attached to the rack.

  • Page 17: Connecting The Cables

    Repeat step 3 on the other side of the appliance. Insert the outer rails to the rack. • The rails are marked with “L” for left and “R” for right. Line up the rear of the inner rails with the front of the outer rails. Slide the inner rails into the outer rails, keeping the pressure even on both sides (you may have to depress the locking tabs when inserting).
  • Page 18 (page 20) for information on how to connect to and configure the appliance. • The management port’s IP address is active only when a network cable is plugged into the port. Connect network cables to the Ethernet ports. • You are free to choose which Ethernet ports you connect to which network.
  • Page 19 Connect the copper or fiber-optic cable to the SFP transceiver. Note – Each SFP port must match the wavelength specifications at the other end of the cable. The cable must not exceed the stipulated cable length for reliable communications. Cable Types Make sure that the copper cables you use are correctly rated (CAT 5e or CAT 6 in gigabit networks).

  • Page 20: Configuring The Appliance

    • We highly recommend using an uninterruptible power supply (UPS) to ensure continuous operation and minimize the risk of damage to the appliance in case of sudden loss of power. Note – Standby power is supplied to the system even when the appliance is turned off.
  • Page 21 Highlight the correct layout and press Enter. Note – If the desired keyboard layout is not available, use the best- matching available layout, or select US_English.  To set the engine’s timezone Highlight the entry field for Local Timezone and press Enter. Select the correct timezone in the dialog that opens.
  • Page 22  To set the rest of the OS settings Type in the name of the SSL VPN engine. Highlight the entry field for Web Console and SSL-VPN admin Password and press Enter to change the password that the user admin uses to access the SSL VPN Web Console and the SSL VPN Administrator.
  • Page 23 Highlight Finish and press Enter. The Engine Configuration Wizard closes. Continue by Logging in to the SSL VPN Web Console. Logging in to the SSL VPN Web Console The SSL VPN Web Console is used for interface configuration and other such basic operating-system-level settings.
  • Page 24 Changing the Admin Password in the SSL VPN Web Console Changing the password for the admin user in the SSL VPN Web Console sets the same password for the admin user in both the SSL VPN Web Console and the SSL VPN Administrator. ...
  • Page 25 Setting the System Time System time must be set correctly for proper operation (used for example in access rules, certificate validity checking, and log entries).  To set the system time Expand Hardware in the menu on the left and select System Time. Select the correct Time Zone and click Save.
  • Page 26  To configure a network interface In the SSL VPN Web Console, expand Networking in the menu on the left and select Network Configuration. On the right, click Network Interfaces. Under Interfaces Activated at Boot Time, click Add a new interface above or below the interface table.
  • Page 27 (Static IP address only) Enter the Netmask and Broadcast addresses. Select whether to Activate at Boot. • The typical setting for Activate at boot is Yes. If you set this option to No, the interface is disabled until you change this setting and then reboot or manually apply the boot-time configuration on the main Network Interfaces page.
  • Page 28 Configuring Routing  To configure routing In the SSL VPN Web Console, under the Networking category in the menu on the left, select Network Configuration. On the right, click Routing and Gateways. The Routing page opens. Define the Default Router in one of the following ways: •...
  • Page 29 Adding Temporary Routes You can optionally add temporary routes in the Create Active Route section that only remain active until the network configuration is applied or the appliance is rebooted. For example, you can create a temporary route for testing, or for temporarily creating connectivity to a particular network.
  • Page 30 Configuring DNS Settings If you want services to be available by domain names as well as IP addresses, you must configure the DNS settings as below.  To configure the DNS Settings In the SSL VPN Web Console, under the Networking category in the menu on the left, select Network Configuration.
  • Page 31  To generate a certificate request While still connected to the appliance with a network cable, enter https://<SSL VPN Administrator IP Address>:8443 as the address in your web browser. Click either the For Windows or For Linux link according to your operating system to download certificate-related tools to your workstation.
  • Page 32 The SSL VPN Administrator is used to set up and manage the SSL VPN features.  To log in to the SSL VPN Administrator Click Log on on the left, under the title Stonesoft SSL VPN Administrator. Log in using the password you set for the SSL VPN Web Console and SSL VPN Administrator admin user account.
  • Page 33 Changing Admin Password in the SSL VPN Administrator By default, the same password is used to log in to the SSL VPN Web Console and the SSL VPN Administrator as the admin user. We recommend changing the SSL VPN Administrator admin password to a unique password.
  • Page 34 VPN license through the SSL VPN Administrator. If you later connect the appliance to the Stonesoft Management Center, you can optionally manage the licenses through the Management Client as well. See the Stonesoft Administrator’s Guide or the Online Help of the Management Client for more information.  To import a license After you log in and change your password, select License in the menu on the left.
  • Page 35 Importing Certificate Keys and Certificates Note – If your certificate is a bundled certificate, which may contain intermediate certificates, you must split the certificate before adding it to the SSL VPN Administrator. For details on adding bundled certificates, see the SSL VPN Administrator’s Guide. See Generating a Certificate Request (page 30) for information on how to generate a working certificate.
  • Page 36 Fill in the details: • Display Name: the name you want to give to the certificate for display in the SSL VPN Administrator interface. • Certificate: Browse and select the signed certificate file. • Key: Browse and select the private certificate key file (private.pk8).
  • Page 37 Select Access Points in the menu on the left. Click Access Point under the title Registered Access Points. Select the correct Server Certificate from the list. Scroll to the bottom of the page and click Save. Configuring the Appliance...
  • Page 38 Management Client. You can optionally also manage the SSL VPN licenses through the Management Client. In addition, you can configure that SSL VPN logs are sent to the Stonesoft Management Center and can be viewed through the Management Client. See the Stonesoft Administrator’s Guide or the Online Help of the Management...

  • Page 39: Managing The Appliance

    M a n a gin g t h e A p p l i a n c e Enabling Command Line Access You can enable SSH on the appliance to remotely connect to the operating system command line (Linux) to use standard networking tools (like Ping) or to transfer files through SSH.
  • Page 40 • The default key map is set to US English. If you want to change the key map, run the command sg-reconfigure --no-shutdown • The dash character is located to the left of the backspace key in the US English keyboard layout. Checking System Information This section explains how you can check basic system operating status and the software version that the access point is running.

  • Page 41: Maintenance Operations

    M a i n t e n a n c e O p e r a t i o n s Changing the Password for Command Line Access The account for the user root is the only account for engine command line access.
  • Page 42 Reverting to Previously Installed Software Version This procedure allows you to undo a software upgrade. The appliance has two working partitions. One is designated as active and the other as inactive. The inactive partition is used for upgrades and the status is switched between the partitions when the upgrade is ready to be activated.
  • Page 43 Resetting the Appliance to Factory Settings Note – Perform a factory reset only if you have a specific need to do so. Consult Stonesoft Support before performing this operation if you are unsure of whether this operation is necessary or not.
  • Page 44 Replacing the Solid State Disk Caution – We recommend using a grounding strap when handling a Solid State Disk (SSD). Uninstalled SSDs are sensitive to ESD damage. If necessary, you can replace the Solid State Disk in the appliance with another one of the same model.
  • Page 45 Replacing the Interface Module Caution – Do not install or remove the interface module if the appliance is powered on to avoid damaging the module and the appliance. You can replace an interface module either with the same type of module or with a different type of module.

  • Page 46: Disposal Instructions

    Connect the cables and plug the power cords to the system and to the wall outlets. Power on the appliance using the power button. Caution – Do not power on the appliance if you have not installed an interface module in the appliance. If the number of ports in the new module differs from the old module, modify the interface definitions as needed in the SSL VPN Web Console and save and activate the changes.
  • Page 47 Stonesoft Appliance Installation Guide This booklet covers the initial installation and configuration tasks specific to your Stonesoft Appliance. For information on how to prepare the Management Center for a new engine installation, see the other available documentation. See inside for fur ther details.

Table of Contents