1. Manuals
  2. Brands
  3. Clavister Manuals
  4. Network Hardware
  5. SG4300 Series
  6. Getting started manual

Clavister SG4300 Series Getting Started Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Getting Started Guide
Clavister SG4300 Series
Clavister AB
Sjögatan 6J
SE-89160 Örnsköldsvik
SWEDEN
Phone: +46-660-299200
Fax: +46-660-12250
www.clavister.com
Build: 91006
Published 2009-09-29
Copyright © 2009 Clavister AB

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SG4300 Series and is the answer not in the manual?

Questions and answers

Related Manuals for Clavister SG4300 Series

Summary of Contents for Clavister SG4300 Series

  • Page 1 Getting Started Guide Clavister SG4300 Series Clavister AB Sjögatan 6J SE-89160 Örnsköldsvik SWEDEN Phone: +46-660-299200 Fax: +46-660-12250 www.clavister.com Build: 91006 Published 2009-09-29 Copyright © 2009 Clavister AB...
  • Page 2 DAMAGES OF ANY CHARACTER (E.G. DAMAGES FOR LOSS OF PROFIT, SOFTWARE RESTORATION, WORK STOPPAGE, LOSS OF SAVED DATA OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES) RESULTING FROM THE APPLICATION OR IMPROPER USE OF THE CLAVISTER PRODUCT OR FAILURE OF THE PRODUCT, EVEN CLAVISTER INFORMED...

  • Page 3: Table Of Contents

    3.3. Manual Web Interface Setup ..............31 3.4. CLI Setup .....................46 3.5. Troubleshooting Setup ................54 3.6. Going Further with CorePlus ..............56 4. Warranty Service ....................59 A. SG4300 Series Specifications ................61 B. Declarations of Conformity ................62 C. Safety Precautions ....................64 D. Apple Mac IP Setup ..................67...
  • Page 4 List of Figures 1.1. An Unpacked Clavister SG4300 Series Appliance ..........6 1.2. Front View of the Clavister SG4300 Series............8 1.3. The SG4300 Series Keypad and Display .............. 9 2.1. A Typical 1000 Base LX/SX Module ..............14 2.2. Installing a 1000 Base LX/SX Module ...............14 2.3.

  • Page 5: Preface

    The target audience for this guide is the administrator who has taken delivery of a packaged Clavister SG4300 Series appliance. The guide takes the user from unpacking and installation of the device through to power-up, including network connections and initial CorePlus configuration.

  • Page 6: Product Overview

    • The Keypad and Display, page 9 1.1. Unpacking the Product This section details the unpacking of the SG4300 Series appliance. Open the packaging box used for shipping and carefully unpack the contents. The box should contain the following: The Clavister SG4300 Series appliance.
  • Page 7 1.1. Unpacking the Product Chapter 1. Product Overview...

  • Page 8: Ports And Connectors

    Figure 1.2. Front View of the Clavister SG4300 Series. The SG4300 Series features a number of connection ports. On the far right is the RS-232 console port and an LED display screen. To the left of these are a set of 10 Ethernet ports.

  • Page 9: The Keypad And Display

    Chapter 1. Product Overview 1.3. The Keypad and Display The SG4300 Series features a keypad and display on the right hand front side of the hardware consisting of an LED display and 4 navigation buttons. The buttons are used to either move forwards or backwards through a sequential list of parameters which are always shown on the display while the power is on.
  • Page 10 1.3. The Keypad and Display Chapter 1. Product Overview This shows the current uptime (time since last restart), the total hardware RAM memory available to CorePlus and the current memory usage. • Anti-Virus Information This shows the current signature count in the Anti-Virus database and the time of the last database update.
  • Page 11 1.3. The Keypad and Display Chapter 1. Product Overview...

  • Page 12: Installation

    Rubber feet on the SG4300 Series unit are attached to the underside of the appliance for operation on a flat surface. This protects both the surface and the appliance from external damage as well as allowing air to circulate underneath the hardware during operation.
  • Page 13 Chapter 2. Installation Rack Installation A rack mounted Clavister Security Gateway can be installed in most standard 19" equipment racks. To do this, fasten the appliance with screws suitable for the kind of rack you are using. The following mounting guidelines should be followed: •...

  • Page 14: Installing Sfp Modules

    2.2. Installing SFP Modules Small Form Pluggable (SFP) modules come in different forms from different manufacturers. Shown below are some typical units. The SG4300 Series does not come as standard with SFP modules and these must be purchased separately. Installation of different types SFP units is usually done in a similar way. With the units shown, the modules are inserted into sockets with the label facing upwards.

  • Page 15: Installing A 1000 Base Tx Module

    2.2. Installing SFP Modules Chapter 2. Installation Figure 2.4. Installing a 1000 Base TX Module Note The installation images above do not feature the SG4300 Series. However, the SFP installation principles are the same on all Clavister hardware models.

  • Page 16: Console Port Connection

    However, if the SG4300 Series is not placed in a secure area, it can be advisable to set the console password. This is done using the console boot menu and more detail on this topic can be found in the CorePlus Administrators Guide.
  • Page 17 1 stop bit. • No flow control. • An RS-232 cable with appropriate terminating connectors. The SG4300 Series package includes an RS-232 null-modem cable. Connection Steps To connect a terminal to the console port, follow these steps: Check that the console connection settings are configured as described above.

  • Page 18: Connecting Power

    Power on the appliance using the On/Off switch at the back of the unit. The SG4300 Series will boot up and CorePlus will start. After some minutes, the unit will be ready for connection through either the Web Interface or through the CLI.
  • Page 19 2.4. Connecting Power Chapter 2. Installation...

  • Page 20: Coreplus Configuration

    3.1. Management Workstation Connection CorePlus is Pre-installed on Clavister Hardware It is assumed you have now unpacked, positioned and powered up the SG4300 Series unit. If not, you should refer to the earlier chapters in this manual before continuing. CorePlus is already installed on the SG4300 Series in the factory and will automatically boot up after switching on power to the hardware.
  • Page 21 WAN interface. In this manual we will assume that the physical ge2 interface of the SG4300 Series is used for Internet connection although it could be any other unused interface.
  • Page 22 3.1. Management Workstation Chapter 3. CorePlus Configuration Connection Tip: Using another interface IP address The assigned IP address 192.168.1.30 could be another address from the 192.168.1.0/24 network as long as it is different from 192.168.1.1 which is the address used by CorePlus on its default management interface. To enter these settings on a PC running Windows XP, the following steps are needed: •...
  • Page 23 3.1. Management Workstation Chapter 3. CorePlus Configuration Connection Note: Apple Mac Workstation Setup To set up an Apple Mac as the workstation, see Appendix D, Apple Mac IP Setup.

  • Page 24: Web Interface And Wizard Setup

    3.2. Web Interface and Wizard Setup Chapter 3. CorePlus Configuration 3.2. Web Interface and Wizard Setup This chapter describes the setup when accessing the CorePlus for the first time through a web browser. The user interface accessed in this way is called the Web Interface. Note: Screenshot images Many of the screenshots in this section have had sections cut from the original image to aid readability.
  • Page 25 The wizard assumes that Internet access will be configured. If this is not the case, for example if the Clavister Security Gateway is being used in Transparent Mode between two internal networks, then the configuration setup is best done with individual Web Interface steps or through the CLI instead of through the wizard.
  • Page 26 3.2. Web Interface and Wizard Setup Chapter 3. CorePlus Configuration time and configuring a log server. The steps that the wizard goes through after the welcome screen are listed next. Wizard step 1: Enter a new username and password You will be prompted to enter a new administration username and password as shown below. It is recommended that this is always done and the new username/password is remembered (if these are forgotten, restoring to factory defaults will restore the original admin/admin combination).
  • Page 27 3.2. Web Interface and Wizard Setup Chapter 3. CorePlus Configuration Wizard step 4: Select the WAN interface settings This step selects how the WAN connection to the Internet will function. It can be one of Manual configuration, DHCP, PPPoE or PPTP as shown below. These four different connection options are discussed next in the following subsections 4A to 4D.
  • Page 28 DNS servers are set automatically after connection with PPTP. Wizard step 5: DHCP server settings If the Clavister Security Gateway is to function as a DHCP server, it can be enabled here in the wizard on a particular interface or configured later.
  • Page 29 3.2. Web Interface and Wizard Setup Chapter 3. CorePlus Configuration Wizard step 6: Helper server settings Optional NTP and Syslog servers can be enabled here in the wizard or configured later. Network Time Protocol servers keep the system date and time accurate. Syslog servers can be used to receive and store log messages sent by CorePlus.
  • Page 30 You will require your Clavister registration key to do this. For the SG4300 Series this key can be found written on the label on the underside of the unit. If you are already registered as a customer then you will need to login to the Customer Web.

  • Page 31: Manual Web Interface Setup

    All CorePlus interfaces are logically equal for CorePlus and although their physical capabilities may be different, any interface can perform any logical function. With the SG4300 Series, the ge1 interface is the default management interface. The other interfaces can be used as required. For this section, we will assume that the ge2 interface will be used for connection to the public Internet and the ge3 interface will be used for connection to a protected, local network.
  • Page 32 3.3. Manual Web Interface Setup Chapter 3. CorePlus Configuration By pressing the Set Date and Time button, a dialog appears that allows the exact time to be set. A Network Time Protocol (NTP) servers can optionally be configured to maintain the accuracy of the system date and time and this will require public Internet access.
  • Page 33 Reconfiguration is a process that the CorePlus administrator may initiate often. Normally, reconfiguration takes a brief amount of time and causes only a slight delay in traffic throughput. Active user connections through the Clavister Security Gateway should rarely be lost. Tip: How frequently to commit changes It is up to the administrator to decide how many changes to make before activating a new configuration.
  • Page 34 Let's now add the gateway IP4 Address object which we will call wan_gw and assign it the IP address 10.5.4.1. The ISP's gateway is the first router hop towards the public Internet from the Clavister Security Gateway. Go to System > Objects > Address Book in the Web Interface navigation tree.
  • Page 35 Together, these 3 IP address objects will be used to configure the interface connected to the Internet which in this example is ge2. Select Interfaces > Ethernet in the navigation tree to display a list of the physical interfaces. The first few lines of the interface list for the SG4300 Series are shown below.
  • Page 36 At this point, the connection to the Internet is configured but no traffic can flow to or from the Internet since all traffic needs a minimum of the following two CorePlus configuration objects to exist before it can flow through the Clavister Security Gateway: •...
  • Page 37 3.3. Manual Web Interface Setup Chapter 3. CorePlus Configuration The destination network in the IP rule is specified as the predefined IP4 Address object all-nets. This is used since we don't know to which IP address the web surfing will be done and this allows surfing to any IP address.
  • Page 38 For the Internet connection to work, we also need a routedefined so that CorePlus knows on which interface the web surfing traffic should leave the Clavister Security Gateway. This route will define the interface where the network all-nets will be found. If we open the default main routing table by going to Routing >...
  • Page 39 Usually, a DHCP Host Name does not need to be specified but can sometimes be used by an ISP to uniquely identify this Clavister Security Gateway as a particular DHCP client to the ISP's DHCP server.
  • Page 40 3.3. Manual Web Interface Setup Chapter 3. CorePlus Configuration Your ISP will supply the correct values for pppoe_username and pppoe_password in the dialog above. The PPPoE tunnel interface can now be treated exactly like a physical interface by the policies defined in CorePlus rule sets.
  • Page 41 DHCP Server Setup If the Clavister Security Gateway is to act as a DHCP server then this can be set up in the following way: First create an IP4 Address object which defines the address range to be handed out. Here, we will assume this is called dhcp_range.
  • Page 42 As a further example of setting up IP rules, it can be very useful to allow ICMP Ping requests to flow through the Clavister Security Gateway. As discussed earlier, the CorePlus will drop any traffic unless an IP rule explicitly allows it. Let us suppose that we wish to allow the pinging of external hosts with the ICMP protocol by computers on the internal ge3_net network.
  • Page 43 The IP rule again has the NAT action and this is necessary if the protected local hosts have private IP addresses. The ICMP requests will be sent out from the Clavister Security Gateway with the IP address of the interface connected to the ISP as the source interface. Responding hosts will send back ICMP repsonses to this single IP and CorePlus will then forward the response to the correct private IP address.
  • Page 44 Without a valid license loaded, CorePlus operates in demonstration mode which means it will cease operations after 2 hours from startup. To remove this restriction, a valid license must be uploaded to the Clavister Security Gateway To do this, download a license as described in the last part of Section 3.2, “Web Interface and Wizard Setup”.
  • Page 45 3.3. Manual Web Interface Setup Chapter 3. CorePlus Configuration Now press the Browse button to select the file from the load file system and then the Upload License button to send it to CorePlus. As soon as upload of the license is complete, the 2 hour restriction will be removed and CorePlus will be restricted only by the restrictions of the license.

  • Page 46: Cli Setup

    • Using a terminal or computer running a console emulator connected directly to the local RS-232 console port on the Clavister Security Gateway. Performing console port connection is described in the hardware installation manual for each Clavister hardware model. The CLI commands listed below are grouped so that they mirror the options available in the setup wizard.
  • Page 47 All CorePlus interfaces are logically equal for CorePlus and although their physical capabilities may be different, any interface can perform any logical function. With the SG4300 Series, the ge1 interface is the default management interface. The other interfaces can be used as desired. For the sake of example, we will assume that the ge2 interface will be used for connection to the public Internet and the ge3 interface will be used for connection to a protected, local network.
  • Page 48 Device:/> set IP4Address InterfaceAddresses/ge2_ip Address=10.5.4.35 Note: Qualifiying the names of IP objects in folders On initial startup of the SG4300 Series, CorePlus automatically creates and fills the InterfaceAddresses folder in the CorePlus address book with the interface related IP address objects.
  • Page 49 3.4. CLI Setup Chapter 3. CorePlus Configuration Comments: <empty> Setting the default gateway on the interface has the additional effect that CorePlus automatically creates a route in the default main routing table that has the network all-nets routed on the interface. This means that we do not need to explicitly create this route.
  • Page 50 3.4. CLI Setup Chapter 3. CorePlus Configuration assume an IP address object called dns1_address has already been defined for the first DNS server, the command to specify the first DNS server is: Device:/> set DNS DNSServer1=dns1_address Assuming a second IP object called dns2_address has been defined, the second DNS server is specified with: Device:/>...
  • Page 51 3.4. CLI Setup Chapter 3. CorePlus Configuration As was done in option A above, we must define an IP rule that will allow traffic from a designated source interface and source network (in this example, the network ge3_net and interface ge3) to flow to the destination network all-nets and the destination interface which is the PPPoE tunnel that we have defined.
  • Page 52 3.4. CLI Setup Chapter 3. CorePlus Configuration If the Clavister Security Gateway is to act as a DHCP server then this can be set up in the following way: First define an IP address object which has the address range that can be handed out. Here, we will use the IP range 192.168.1.10-192.168.1.20 as an example and this will be available on the ge3...
  • Page 53 The IP rule again has the NAT action and this is necessary if the protected local hosts have private IP addresses. The ICMP requests will be sent out from the Clavister Security Gateway with the IP address of the interface connected to the ISP as the source interface. Responding hosts will send back ICMP repsonses to this single IP and CorePlus will then forward the response to the correct private IP address.

  • Page 54: Troubleshooting Setup

    If the Input counters in the hardware section of the output are not increasing then the error is likely to be in the cabling. However, it may simply be that the packets are not getting to the Clavister Security Gateway in the first place. This can be confirmed with a packet sniffer if it is available.
  • Page 55 3.5. Troubleshooting Setup Chapter 3. CorePlus Configuration This will show the ARP packets being received on the different interfaces and confirm that the correct cables are connected to the correct interfaces.

  • Page 56: Going Further With Coreplus

    HTTP ALG provides a number of important features such as content filtering. VPN Setup A common requirement is to quickly setup VPN networks based on Clavister Security Gateways. The CorePlus Administrators Guide includes an extensive VPN section and as part of this, a VPN Quick Start section which goes through a checklist of setup steps for nearly all types of VPN scenarios.
  • Page 57 Staying Informed Clavister maintains an RSS feed of announcements that can be subscribed to at https://forums.clavister.com/rss-feeds/announcements/. It is recommended to subscribe to this feed so that you receive notifications when new releases of CorePlus versions are available for download and installation.
  • Page 58 3.6. Going Further with CorePlus Chapter 3. CorePlus Configuration...

  • Page 59: Warranty Service

    Start Date (as defined below). The warranty will only apply to failure of the product if Clavister is informed of the failure not later than two (2) years from the Start Date or thirty (30) days after that the failure was or ought to have been noticed by the customer.
  • Page 60 Clavister pursuant to this warranty. Contacting Clavister Should there be a problem with the online form then Clavister support can be contacted by email at: support@clavister.com. Customer Remedies...

  • Page 61: Sg4300 Series Specifications

    Appendix A. SG4300 Series Specifications Below are the key hardware specifications for Clavister SG4300 Series installation. Figure A.1. SG4300 Series Dimensions, Weight and MTBF Height x Width x Depth (mm) 44 x 440 x 430 Hardware Weight 6.0 kg Hardware Form Factor 19"...

  • Page 62: Declarations Of Conformity

    Appendix B. Declarations of Conformity...
  • Page 63 Appendix B. Declarations of Conformity...

  • Page 64: Safety Precautions

    Appendix C. Safety Precautions Safety Precautions Clavister SG4300 Series devices are Safety Class I products and have protective ground terminals. There must be an uninterrupted safety earth ground from the main power source to the product’s input wiring terminals, power cord, or supplied power cord set. Whenever it is likely that the protection has been impaired, disconnect the power cord until the ground has been restored.
  • Page 65 Appendix C. Safety Precautions Aucune pièce contenue à l’intérieur de ce produit ne peut être réparée par l’utilisateur. Tout dépannage, réglage, entretien ou réparation devra être confié exclusivement à un personnel qualifié. Hinweise zur Sicherheit Dies ist ein Gerät der Sicherheitsklasse I und verfügt über einen schützenden Erdungsterminal. Der Betrieb des Geräts erfordert eine ununterbrochene Sicherheitserdung von der Hauptstromquelle zu den Geräteingabeterminals, den Netzkabeln oder dem mit Strom belieferten Netzkabelsatz voraus.
  • Page 66 Appendix C. Safety Precautions • Es posible que los cables de la LAN se vean sometidos de vez en cuando a voltajes momentáneos que entrañen peligro (rayos o alteraciones en la red de energía eléctrica). Manejar con precaución los componentes de metal de la LAN que estén al descubierto. Este aparato no contiene pieza alguna susceptible de reparación por parte del usuario.

  • Page 67: Apple Mac Ip Setup

    Appendix D. Apple Mac IP Setup An Apple Mac can be used as the management workstation for initial setup of a Clavister Security Gateway. To do this, a selected Ethernet interface on the Mac must be configured correctly with a static IP.
  • Page 68 Appendix D. Apple Mac IP Setup Now set the following values: • IP Address: 192.168.1.30 • Subnet Mask: 255.255.255.0 • Router: 192.168.1.1 Click Apply to complete the static IP setup.

Table of Contents