H3C SecPath F5000-AI-15 Installation Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Firewall
  5. SecPath F5000-AI-15
  6. Installation manual
H3C SecPath F5000-AI-15 Installation Manual

H3C SecPath F5000-AI-15 Installation Manual

Hide thumbs Also See for SecPath F5000-AI-15:
Table of Contents

Advertisement

Quick Links

Download this manual
H3C SecPath F5000-AI-15 Firewall
Installation Guide
New H3C Technologies Co., Ltd.
http://www.h3c.com
Document version: 6W100-20211224

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SecPath F5000-AI-15 and is the answer not in the manual?

Questions and answers

Related Manuals for H3C SecPath F5000-AI-15

Summary of Contents for H3C SecPath F5000-AI-15

  • Page 1 H3C SecPath F5000-AI-15 Firewall Installation Guide New H3C Technologies Co., Ltd. http://www.h3c.com Document version: 6W100-20211224...
  • Page 2 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.
  • Page 3 Preface This installation guide describes the procedure for installing H3C SecPath F5000-AI-15 firewall series. It includes the following sections: preparing for installation, installing the firewall, logging in to the firewall, hardware replacement, hardware management and maintenance, and troubleshooting. This preface includes the following topics about the documentation: •...
  • Page 4 Convention Description Folder. Symbols Convention Description An alert that calls attention to important information that if not understood or followed WARNING! can result in personal injury. An alert that calls attention to important information that if not understood or followed CAUTION: can result in data loss, data corruption, or damage to hardware or software.
  • Page 5 It is normal that the port numbers, sample output, screenshots, and other information in the examples differ from what you have on your device. Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 6: Table Of Contents

    Contents 1 Preparing for installation ············································································· 1 Safety recommendations ··································································································································· 1 Safety symbols ··········································································································································· 1 General safety recommendations ·············································································································· 1 Electrical safety ·········································································································································· 2 Laser safety ················································································································································ 2 Handling safety ·········································································································································· 2 Examining the installation site ···························································································································· 3 Weight support ··········································································································································· 3 Temperature and humidity ·························································································································...
  • Page 7 5 Hardware management and maintenance ············································· 5-31 Displaying detailed information about the firewall ························································································· 5-31 Displaying the software and hardware version information for the firewall ··················································· 5-31 Displaying the electrical label information for the firewall·············································································· 5-32 Displaying the CPU usage of the firewall ······································································································ 5-33 Displaying the memory usage of the firewall·································································································...

  • Page 8: Preparing For Installation

    Preparing for installation Unless otherwise stated, power supplies and power modules are used interchangeably in this document. Safety recommendations To avoid any equipment damage or bodily injury, read the following safety recommendations before installation. Note that the recommendations do not cover every possible hazardous condition. Safety symbols When reading this document, note the following symbols: WARNING means an alert that calls attention to important information that if not understood or...

  • Page 9: Electrical Safety

    Symbol Description Transported and stored with care. Transported and stored avoiding humidity, rains and wet floor. Electrical safety • Carefully examine your work area for possible hazards such as moist floors, ungrounded power extension cables, and missing safety grounds. • Locate the emergency power-off switch in the room before installation.

  • Page 10: Examining The Installation Site

    Examining the installation site The firewall can only be used indoors. To make sure the firewall operates correctly and to prolong its service lifetime, the installation site must meet the following requirements. Weight support Make sure the floor can support the total weight of the rack, chassis, modules, and all other components.

  • Page 11: Cooling System

    Max. (mg/m 0.006 0.05 0.01 0.04 Cooling system The F5000-AI-15 firewall provides front side-intake and rear side-exhaust airflow for heat dissipation. For adequate cooling of the firewall, follow these guidelines: • Install the firewall at the installation site with its airflow direction meeting the ventilation requirements.

  • Page 12: Emi

    Lock the wrist strap tight around your wrist to keep good contact with the skin. Secure the wrist strap lock and the alligator clip lock together. Attach the alligator clip to the rack or the workbench. Figure1-3 Attaching an ESD wrist strap (1) ESD wrist strap (2) Lock (3) Alligator clip...

  • Page 13: Power Supply

    • Make sure the grounding cable of the chassis is reliably grounded. • Make sure the grounding terminal of the AC power receptacle is reliably grounded. • Install a lightning arrester at the input end of the power supply to enhance the lightning protection capability of the power supply.

  • Page 14: Pre-Installation Checklist

    Pre-installation checklist Table1-4 Checklist before installation Item Requirements Result • Workbench mounting—Ensure a minimum clearance of 100 mm (3.94 in) around the air inlet and outlet vents of the chassis. • 19-inch rack mounting—Ensure a distance of 1U Ventilation (44.45 mm, or 1.75 in) between the chassis and other devices.
  • Page 15 Item Requirements Result power switch. • Make sure the rack is equipped with a good ventilation system. • The rack is sturdy enough to support the weight of the Rack-mounting firewall and installation accessories. requirements • The size of the rack is appropriate for the firewall. •...

  • Page 16: Installing The Firewall

    WARNING! Keep the tamper-proof seal on a mounting screw on the chassis cover intact, and if you want to open the chassis, contact H3C for permission. Otherwise, H3C shall not be liable for any consequence. Installation flow The firewall supports the following installation methods: •...
  • Page 17 Figure2-1 Firewall installation flow Start Determine the installation position Mount the firewall on Install the firewall in a a workbench 19-inch rack Ground the firewall Install fan trays Install power supplies Install interface modules Install drives Connect Ethernet cables Connect power cords Verify the installation...

  • Page 18: Mountmounting The Firewall On A Workbench

    MountMounting the firewall on a workbench IMPORTANT: • Ensure good ventilation and a minimum clearance of 100 mm (3.94 in) around the chassis for heat dissipation. • Avoid placing heavy objects on the firewall. • To stack firewalls, make sure a minimum vertical distance of 15 mm (0.59 in) is available between two adjacent firewalls.
  • Page 19 CAUTION: • For adequate heat dissipation, ensure a minimum clearance of 80 mm (3.15 in) around the air inlet and outlet vents of the chassis and a distance of 1U (44.45 mm, or 1.75 in) between the chassis and other devices in the rack. •...
  • Page 20 greater than 153 mm (6.02 in) between the rear rack posts and the interior side of the rack door. Figure2-5 Attaching the rear mounting brackets to the rear rack posts (with the wide flange inside the rack) Figure2-6 Attaching the rear mounting brackets to the rear rack posts (with the wide flange outside the rack)
  • Page 21 Mount the firewall in the rack. Use M6 screws to secure the mounting brackets to the front rack posts and make sure the shoulder screws rest firmly on the upper edge of the rear mounting brackets. Figure2-7 Mounting the firewall in the rack (with the wide flange of the rear mounting brackets inside the rack)

  • Page 22: Grounding The Firewall

    Figure2-8 Mounting the firewall in the rack (with the wide flange of the rear mounting brackets outside the rack) Grounding the firewall WARNING! • Correctly connecting the firewall grounding cable is crucial to lightning protection and EMI protection. • Do not connect the firewall grounding cable to a fire main or lightning rod. You can ground the firewall in one of the following ways, depending on the grounding conditions available at the installation site.

  • Page 23: Grounding The Firewall With The Grounding Terminal On The Rack

    Figure2-9 Grounding the firewall with a grounding strip Grounding the firewall with the grounding terminal on the rack Remove the grounding screw from the firewall chassis. Attach the grounding screw to the ring terminal of the grounding cable. Use a screwdriver to fasten the grounding screw into the grounding hole on the firewall. Remove the grounding screw from the grounding point on the rack.

  • Page 24: Installing A Fan Tray

    Installing a fan tray CAUTION: • The firewall comes with the fan tray slots empty. Before powering on the firewall, make sure the firewall is fully configured with fan trays of the same model. • If a fan tray fails during operation, replace the fan tray as soon as possible and keep the failed fan tray in place before replacing it.

  • Page 25: Installing An Interface Module

    The firewall comes with the PWR1 slot empty and the PWR0 slot installed with a filler panel. Figure2-12 Removing the filler panel from a firewall Orient the power supply with its handle at the right. Holding the handle of the module with one hand and supporting the module bottom with the other, slide the power supply slowly into the slot along the guide rails.

  • Page 26: Installing A Drive

    • Install a filler panel in empty drive slots to prevent dust and ESD damage. IMPORTANT: • The firewall does not come with any drives and cannot recognize drives from other vendors. Purchase drives from H3C as needed. • Before using the drive, execute the commands from the CLI to partition and...

  • Page 27: Connecting Ethernet Cables

    Figure2-16 Installing a drive Connecting Ethernet cables Connecting a copper Ethernet port You can use either a straight-through or a cross-over network cable to connect a copper Ethernet port. For more information about Ethernet twisted pair cables, see Ethernet twisted pair cable in "Appendix C Cables."...
  • Page 28 The firewall supports GE SFP transceiver modules and 10GE SFP+ transceiver modules. For the transceiver module specifications, see port specifications in "Appendix A Chassis views and technical specifications." No transceiver module is provided with the firewall. As a best practice, use H3C transceiver modules. Figure2-17 GE SFP transceiver module...

  • Page 29: Connecting Power Cords

    Figure2-19 Installing an optical fiber and connecting a fiber Connecting power cords CAUTION: Make sure the grounding cable of the firewall is correctly connected and the power source is powered off before connecting the power cord. Connecting an AC power cord Connect the female connector of the AC power cord to the AC-input power receptacle on the power supply.

  • Page 30: Connecting A High-Voltage Dc Power Cord

    Correctly orient the DC power cord connector with the power receptacle on the power supply, and insert the connector into the receptacle. The receptacle is foolproof. If you cannot insert the connector into the receptacle, re-orient the connector rather than use excessive force to push it in. Fasten the captive screws on the power cord connector with a screwdriver to secure the power cord connector.

  • Page 31: Accessing The Firewall

    Accessing the firewall By default, the firewall uses the scheme access authentication mode. The username and password are both admin. Setting up the configuration environment and configuring terminal parameters CAUTION: • When you connect the console cable, identify the port marks and make sure you are connecting the correct ports.

  • Page 32: Starting The Firewall And Observing The Initial Startup Conditions

    Press Ctrl+T to start heavy memory test Booting Normal Extended BootWare The Extended BootWare is self-decompressing..Done. **************************************************************************** H3C F5000-AI-15 BootWare, Version 1.04 **************************************************************************** Copyright (c) 2004-2019 New H3C Technologies Co., Ltd. Compiled Date : Aug 28 2019 Memory Type : DDR4 SDRAM Memory Size...

  • Page 33: Logging In To The Firewall

    ........Done. System image is starting... Cryptographic algorithms tests passed. Startup configuration file doesn't exist or is invalid. Line con0 is available. Press ENTER to get started. … Press Enter to access user view of the firewall. NOTE: To access the EXTENDED-BOOTWARE menu, press Ctrl + B within four seconds at the prompt "Press Ctrl+B to access EXTENDED-BOOTWARE MENU."...

  • Page 34: Logging In From The Serial Console Port Or Micro Usb Console Port

    Enter the default username admin and password admin and then click Login. Logging in from the serial console port or micro USB console port To log in from the serial console port or micro USB console port, see "Setting up the configuration environment and configuring terminal parameters."...

  • Page 35: Hardware Replacement

    Hardware replacement CAUTION: Wear an ESD wrist strap or ESD gloves for hardware maintenance. They are not provided with the firewall. Prepare them yourself. Replacing a power supply CAUTION: Before you replace a power supply, power off the firewall and remove the power cord. The replacement procedure is the same for an AC power supply and a DC power supply.

  • Page 36: Replacing A Drive

    To replace an interface module: Power off the firewall. Use a screwdriver to loosen the captive screws of the interface module. Holding the ejector levers of the interface module with both hands, pull the ejector levers outward, and pull the interface module part way out of the slot along the slide rails. Supporting the bottom of the interface module with one hand, gently pull the interface module out of the slot with the other.

  • Page 37: Replacing A Transceiver Module

    Replacing a transceiver module WARNING! Disconnected optical fibers or transceiver modules might emit invisible laser light. Do not stare into beams or view directly with optical instruments when the firewall is operating. When you replace a transceiver module, make sure the two transceiver modules connected by the same optical fiber are the same type.

  • Page 38: Hardware Management And Maintenance

    <Sysname> display version H3C Comware Software, Version 7.1.064, Feature 8660P06 Copyright (c) 2004-2020 New H3C Technologies Co., Ltd. All rights reserved. H3C SecPath F5000-AI-15 uptime is 0 weeks, 0 days, 0 hours, 4 minutes Last reboot reason: Warm reboot Boot image: flash:/main-CMW710-BOOT-F8660P06.bin Boot image version: 7.1.064, Feature 8660P06...

  • Page 39: Displaying The Electrical Label Information For The Firewall

    Use the command to display the electrical label information for the display device manuinfo firewall. <Sysname> display device manuinfo Slot 1 CPU 0: DEVICE_NAME : SecPath F5000-AI-15 DEVICE_SERIAL_NUMBER : 210235A3U4B206000153 MAC_ADDRESS : 00BE-D586-04D4 MANUFACTURING_DATE : 2020-06-27 VENDOR_NAME : H3C...

  • Page 40: Displaying The Cpu Usage Of The Firewall

    MANUFACTURING_DATE : 2020-05-23 VENDOR_NAME : H3C Power 0: DEVICE_NAME : PSR250-12A1 DEVICE_SERIAL_NUMBER : GHL76867204203318 MAC_ADDRESS : NONE MANUFACTURING_DATE : NONE VENDOR_NAME : H3C Table5-1 Output description Field Description DEVICE_NAME Firewall name. DEVICE_SERIAL_NUMBER Firewall serial number. MAC_ADDRESS MAC address of the firewall.

  • Page 41: Displaying The Operational Status Of Power Supplies

    Swap: Table5-3 Output description Field Description Slot Slot number of the interface module Memory usage information. Total size of the physical memory space that can be allocated. The memory space is virtually divided into two parts. Part 1 is used for kernel codes, kernel management, and ISSU functions.

  • Page 42: Displaying The Temperature Information For The Firewall

    Field Description Output current of the power supply. This field displays two hyphens (--) if Current(A) it is not supported in the current software version. Output voltage of the power supply. This field displays two hyphens (--) if Voltage(V) it is not supported in the current software version. Output power of the power supply.

  • Page 43: Displaying Transceiver Module Information

    command in any view to display or save the operational statistics of diagnostic-information multiple functional modules of the firewall. • Save the operational statistics of each functional module of the firewall: <Sysname> display diagnostic-information Save or display diagnostic information (Y=save, N=display)? [Y/N]:y Please input the file name(*.gz)[flash:/diag.gz]: Diagnostic information is outputting to flash:/diag.gz.

  • Page 44: Rebooting The Firewall

    • Power on the firewall after powering it off, which is also called hard reboot or cold start. H3C does not recommend that you use this method because it might cause data loss and hardware damages.

  • Page 45: Troubleshooting

    Troubleshooting Power supply failure Symptom The firewall cannot be powered on, and the power LED (PWR0/PWR1) on the front panel is off. Solution To solve the issue: Power off the firewall. Verify that the power supply is as required by the firewall. Verify that the power cords of the firewall are firmly connected.

  • Page 46: Cooling System Failure

    If the temperature of the firewall exceeds 60°C (140°F), the following alarm information appears on the configuration terminal: %Nov 28 20:02:59:085 2019 H3C DEV/4/TEMPERATURE_WARNING: -Context=1; Temperature is greater than the high-temperature warning threshold on slot 1 sensor outflow 1. Current temperature is 72 degrees centigrade.

  • Page 47: Interface Modules

    • Eight 1000BASE-X fiber ports. • Eight 10GBASE-R fiber ports. • Two USB ports. • One console port. • One micro USB port. • Two drive slots. Figure6-1 Front panel (1) Drive slots (2) Management Ethernet port (1/MGMT) (3) 10/100/1000BASE-T copper ports (4) 10GBASE-R fiber ports (5) 1000BASE-X fiber ports (6) LEDs...

  • Page 48: Nsqm1Gt4Pfc

    Table6-1 Interface module and device slot compatibility Interface module F5000-AI-15 NS-NIM-TG6A Slot 1 NSQM1GT4PFC Slot 2 NSQM1GP4FBA Slot 2 NSQM1GT4PFC The NSQM1GT4PFC interface module provides four 10/100/1000BASE-T Ethernet copper ports. • When the firewall is operating correctly, the four ports operate as common data ports. •...

  • Page 49: Ns-Nim-Tg6A

    NS-NIM-TG6A The NS-NIM-TG6A interface module provides six 10GBASE-R fiber ports. Figure6-5 Front panel of the NS-NIM-TG6A interface module (1) 10GBASE-R fiber ports (2) Captive screw (3) Ejector lever Power supplies The firewall comes with power supply slot PWR0 installed with a filler panel and power supply slot PWR1 empty.

  • Page 50: Dc Power Supplies

    DC power supplies The PSR450-12D power supply provides a maximum output power of 450 W. Figure6-7 PSR450-12D power supply (1) Latch (2) Status LED (3) Handle (4) Power receptacle High-voltage DC power supplies The PSR450-12AHD power supply provides a maximum output power of 450 W. Figure6-8 PSR450-12AHD power supply (1) Latch (2) Status LED...

  • Page 51: Chassis

    Chassis Table6-2 Chassis dimensions and weights Dimensions (H × W × D), excluding rubber feet and Weight (fully Firewall model mounting brackets configured) F5000-AI-15 44 × 440 × 435 mm (1.73 × 17.32 × 17.13 in) 6.40 kg (14.11 lb) Interface modules Table6-3 Interface module dimensions and weights Interface module model...

  • Page 52: Chassis

    Chassis Table6-7 Chassis power consumption Firewall model Power consumption F5000-AI-15 178 W Interface modules Table6-8 Interface module power consumption Interface module model Power consumption NSQM1GT4PFC 11.5 W NSQM1GP4FBA 10.4 W NS-NIM-TG6A 11 W Drives Table6-9 Drive power consumption Drive model Power consumption NS-SSD-480G-SATA-SFF NS-HDD-500G-SATA-SFF...

  • Page 53: Fan Tray Specifications

    Rated input voltage Maximum input Maximum Model range current power input Fan tray specifications Table6-13 Fan tray specifications Item Description Dimensions (H × W × D), 40 × 40 × 28 mm (1.57 × 1.57 × 1.10 in) excluding the handle Airflow direction LSPM1FANSB, from the port side to the power supply side Hot swapping...

  • Page 54: Ge Copper Port

    Item Specification ≤ 10 m (32.81 ft) Transmission distance • Connection to an ASCII terminal • Connection to the serial port of a local PC running the terminal Services emulation program • GE copper port Table6-16 GE copper port specifications Item Specification Connector...
  • Page 55 Table6-19 GE fiber port specifications Item Specification Connector type Transceiver module type Standard compliance 1000BASE-X Interface speed 1000 Mbps Duplex mode Full duplex Table6-20 1000BASE-X SFP transceiver module specifications Central Cable Connector Max transmission Transceiver module wavelength specifications type distance (nm) (µm) 62.5/125,...

  • Page 56: Appendix B Leds

    Central Cable Connector Transceiver module wavelength specifications transmission type (nm) (µm) distance SFP-XG-LH40-SM1550 1550 9/125, SMF 40 km (24.86 miles) Appendix B LEDs Figure6-9 LEDs (1) Ethernet copper port LED (2) Ethernet fiber port LED (3) System status LED (4) Power supply status LED (5) Interface module status LED Table6-23 LED description Mark...

  • Page 57: Appendix C Cables

    Appendix C Cables Console cable RJ-45 to DB9 console cable An RJ-45 to DB9 console cable is used to connect the console port on the firewall to the serial port on a configuration terminal (a PC for example): • Connect the DB9 female connector of the cable to the 8-core serial port on the configuration terminal.

  • Page 58: Ethernet Twisted Pair Cable

    Figure6-11 Micro USB console cable Type A connector Type B connector Table6-25 Micro USB console cable pinouts USB Type A USB Type mini-A/B Signal Signal connector connector VBUS VBUS ID(NC) Ethernet twisted pair cable Introduction An Ethernet twisted pair cable consists of four pairs of insulated copper wires twisted together. Every wire uses a different color, and has a diameter of about 1 mm (0.04 in).
  • Page 59 Figure6-12 RJ-45 connector pinout NOTE: The RJ-45 Ethernet ports of the firewall use category 5 or higher Ethernet twisted pair cables for connection. EIA/TIA cabling specifications define two standards, 568A and 568B, for cable pinouts. • Standard 568A—pin 1: white/green stripe, pin 2: green solid, pin 3: white/orange stripe, pin 4: blue solid, pin 5: white/blue stripe, pin 6: orange solid, pin 7: white/brown stripe, pin 8: brown solid.
  • Page 60 Figure6-14 Crossover cable white/orange orange white/green blue white/blue green white/brown brown Crossover cable white/green green white/orange blue white/blue orange white/brown brown Select an Ethernet twisted pair cable according to the RJ-45 Ethernet port type on your device. An RJ-45 Ethernet port can be MDI (for routers and PCs) or MDIX (for switches). Table6-27 Table6-28 show their pinouts.

  • Page 61: Making An Ethernet Twisted Pair Cable

    10BASE-T/100BASE-TX 1000BASE-T Signal Function Signal Function Sends data BIDA- Bi-directional data cable A- Reserved BIDC+ Bi-directional data cable C+ Reserved BIDC- Bi-directional data cable C- To ensure normal communication, the pins for sending data on one port must correspond to the pins for receiving data on the peer port.
  • Page 62 Item Single mode fiber Multi-mode fiber transmission distance within campus backbones for distance LANs or distances of a couple hundred of several thousand meters meters within a campus network Table6-30 Allowed maximum tensile force and crush load Period of force Tensile load (N) Crush load (N/mm) Short period...

Table of Contents