H3C SECPATH F100-A,SECPATH F100-A HOST,A Installation Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Firewall
  5. H3C SECPATH F100-A
  6. Installation manual
H3C SECPATH F100-A,SECPATH F100-A HOST,A Installation Manual

H3C SECPATH F100-A,SECPATH F100-A HOST,A Installation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
H3C SecPath F100-A Firewall
Installation Manual
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Manual Version: T2-08044B-20070622-C-1.03

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the H3C SECPATH F100-A,SECPATH F100-A HOST,A and is the answer not in the manual?

Questions and answers

Related Manuals for H3C H3C SECPATH F100-A,SECPATH F100-A HOST,A

Summary of Contents for H3C H3C SECPATH F100-A,SECPATH F100-A HOST,A

  • Page 1 H3C SecPath F100-A Firewall Installation Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: T2-08044B-20070622-C-1.03...
  • Page 2 Copyright © 2006-2007, Hangzhou H3C Technologies Co., Ltd. and its licensors All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. Trademarks H3C, , Aolynk,...

  • Page 3: About This Manual

    About This Manual Related Documentation In addition to this manual, each H3C SecPath Series Security Products documentation set includes the following: Manual Description It introduces the functional features, H3C SecPath Series Security Products principles and guide to configuration and Operation Manual operation for H3C SecPath Series Security Gateways/Firewalls.
  • Page 4 Chapter Contents Lists common system failures and specific locating 6 Troubleshooting methods. Details appearance, panel and LEDs of the functional modules available on the H3C SecPath 7 MIM Modules F100-A, as well as module installation and connection of interface cables. Conventions The manual uses the following conventions: I.
  • Page 5 Convention Description Multi-level menus are separated by forward slashes. For example, [File/Create/Folder]. III. Symbols Convention Description Means reader be extremely careful. Improper operation Warning may cause bodily injury. Means reader be careful. Improper operation may cause data loss or damage to equipment. Caution Note Means a complementary description.

  • Page 6: Table Of Contents

    Installation Manual H3C SecPath F100-A Firewall Table of Contents Table of Contents Chapter 1 Product Overview ......................1-1 1.1 Overview ..........................1-1 1.2 Hardware Features ......................1-3 1.2.1 Appearance ......................1-3 1.2.2 System Specifications ..................... 1-3 1.2.3 LEDs........................1-4 1.2.4 Fixed Interface Attributes ..................1-5 Chapter 2 Installation Preparations.....................
  • Page 7 Installation Manual H3C SecPath F100-A Firewall Table of Contents Chapter 5 Software Maintenance....................5-1 5.1 Boot Menu.......................... 5-1 5.2 Upgrading Application and Boot ROM Using XModem ............. 5-2 5.3 Backing Up and Restoring the Extended Segment of the Boot ROM ....... 5-5 5.4 Upgrading the Application Program Using TFTP ..............
  • Page 8 Installation Manual H3C SecPath F100-A Firewall List of Figures List of Figures Figure 1-1 Front panel of the H3C SecPath F100-A firewall..........1-3 Figure 1-2 Rear panel of the H3C SecPath F100-A firewall ..........1-3 Figure 3-1 Installation flow for the firewall................3-1 Figure 3-2 Rack-mount the firewall ..................
  • Page 9 Installation Manual H3C SecPath F100-A Firewall List of Tables List of Tables Table 1-1 Technical specifications of the H3C SecPath F100-A firewall ........ 1-3 Table 1-2 LEDs on the H3C SecPath F100-A firewall............1-4 Table 1-3 Attributes of the console port.................. 1-5 Table 1-4 Attributes of the AUX port ..................

  • Page 10: Chapter 1 Product Overview

    Installation Manual H3C SecPath F100-A Firewall Chapter 1 Product Overview Chapter 1 Product Overview 1.1 Overview H3C SecPath F100-A Firewall, developed by H3C Technologies, is a new-generation firewall designed for enterprise users. It can work both as an egress firewall for small and medium businesses and as an internal firewall for midsize enterprises.
  • Page 11 Installation Manual H3C SecPath F100-A Firewall Chapter 1 Product Overview II. Data security and reliability The H3C SecPath F100-A firewall offers: High network security. ACL-based packet filtering detects data packet at the network and transport layers to prevent illegal intrusion. Application specific packet filter (ASPF) detects information about the application layer protocols and monitors traffic at the application layer.

  • Page 12: Hardware Features

    Installation Manual H3C SecPath F100-A Firewall Chapter 1 Product Overview 1.2 Hardware Features 1.2.1 Appearance (2) (3)(4)(5) (6) (7) (8)(9)(10) ( 11) (12)(13) (14) (15) (1) MIM slot (2) Two LEDs for the fixed WAN 0 interface (3) Two LEDs for the fixed WAN 1 interface (4) Two LEDs for the fixed WAN 2 interface (5) Fixed WAN 0 interface (WAN 0) (6) Fixed WAN 1 interface (WAN 1)

  • Page 13: Leds

    Installation Manual H3C SecPath F100-A Firewall Chapter 1 Product Overview Item Description Flash memory 16 MB 44 × 436 × 330 mm (1.7 × 17.2 × 13.0 Physical dimensions (H × W × D) in.) (excluding feet) Weight 4 kg (8.8 lb) Rated voltage: 100 VAC to 240 VAC, 50 Hz or 60 Hz Power supply...

  • Page 14: Fixed Interface Attributes

    Installation Manual H3C SecPath F100-A Firewall Chapter 1 Product Overview 1.2.4 Fixed Interface Attributes I. Console port (CONSOLE) Table 1-3 Attributes of the console port Item Description Connector RJ-45 Interface standard RS-232 1,200 bps to 115,200 bps, defaults to Baud rate 9,600 bps Connected to an ASCII terminal Connected to the serial interface of a...
  • Page 15 Installation Manual H3C SecPath F100-A Firewall Chapter 1 Product Overview Item Description Both LAN and WAN interfaces support Interface type auto-MDI/MDIX. Ethernet_II Frame format Ethernet_SNAP 10/100 Mbps autosensing Operating mode Half/full duplex...

  • Page 16: Chapter 2 Installation Preparations

    Installation Manual H3C SecPath F100-A Firewall Chapter 2 Installation Preparations Chapter 2 Installation Preparations 2.1 General Site Requirements The H3C SecPath F100-A firewall must be used indoors. To guarantee normal operation and longevity of your device, its installation site should meet the requirements described in this chapter.

  • Page 17: Esd Prevention

    Installation Manual H3C SecPath F100-A Firewall Chapter 2 Installation Preparations Besides, the equipment room should meet the rigorous limits on salt, acid and sulfide to eliminate corrosion and premature aging of some parts, as shown in the Table 2-3. Table 2-3 Harmful gas limits in the equipment room Max content (mg/m3) 0.006 0.05...

  • Page 18: Lightning Protection

    Installation Manual H3C SecPath F100-A Firewall Chapter 2 Installation Preparations 2.1.5 Lightning Protection By design, the H3C SecPath F100-A firewall is lightning protective; but excessive lightning may still damage the device. To protect the device better, you are recommended to: Ensure the grounding screw of the chassis is securely connected to the earth ground.

  • Page 19: Unpacking Inspections

    Installation Manual H3C SecPath F100-A Firewall Chapter 2 Installation Preparations 2.3 Unpacking Inspections Check the arrived shipment contents against the packing list, making sure all the items are included and in good condition. Contact your agent for shortage or wrong delivery. 2.4 Installation Tools, Meters and Equipment I.

  • Page 20: Chapter 3 Firewall Installation

    Installation Manual H3C SecPath F100-A Firewall Chapter 3 Firewall Installation Chapter 3 Firewall Installation 3.1 Installation Flow Start Install cabinet (optional) Install the device to the specified location Connect PGND wire Connect power cord Connect the device to console terminal Check Power on Troubleshooting...

  • Page 21: Mounting The Firewall

    Installation Manual H3C SecPath F100-A Firewall Chapter 3 Firewall Installation Caution: Before you install the H3C SecPath F100-A firewall, make sure: You have read Chapter 2 carefully. The requirements listed in Chapter 2 are matched. 3.2 Mounting the Firewall You can place the H3C SecPath F100-A firewall on a workbench/tabletop or mount it in a 19-inch standard rack.

  • Page 22: Connecting The Pgnd Wire

    Installation Manual H3C SecPath F100-A Firewall Chapter 3 Firewall Installation (1) Screws (four) (2) Mounting ear (3) Guide rail Figure 3-2 Rack-mount the firewa 3.3 Connecting the PGND Wire Caution: Connection of the PGND wire is an important guard against the lightning and interference.

  • Page 23: Connecting To The Console Terminal

    Installation Manual H3C SecPath F100-A Firewall Chapter 3 Firewall Installation Caution: The firewall must be well grounded during its operation. Otherwise, it cannot be protected reliably from lightning, which may damage the firewall itself and even the peer device. 3.4 Connecting to the Console Terminal I.

  • Page 24: Connecting To The Ethernet Interface

    Installation Manual H3C SecPath F100-A Firewall Chapter 3 Firewall Installation 3.5 Connecting to the Ethernet Interface I. Ethernet interface H3C SecPath F100-A firewall provides four fixed 10/100 Mbps autosensing LAN interfaces, and three fixed 10/100 Mbps autosensing WAN interfaces for connection to switches or routers.

  • Page 25: Connecting The Power Cord

    Installation Manual H3C SecPath F100-A Firewall Chapter 3 Firewall Installation III. Connecting the Ethernet cable Take the LAN0 interface on the front panel of the H3C SecPath F100-A firewall for example. Follow these steps to connect its Ethernet cable: Caution: Read the symbol above the interface carefully to avoid misconnection.

  • Page 26: Verifying Installation

    Installation Manual H3C SecPath F100-A Firewall Chapter 3 Firewall Installation Step 6: Check that the SYS LED on the front panel is blinking. Blinking means the hardware system is operating normally. 3.7 Verifying Installation Each time you power up the H3C SecPath F100-A firewall during installation, verify that: Enough clearance has been reserved around the ventilation openings of the device and the workbench/rack is stable enough.

  • Page 27: Chapter 4 Firewall Configuration

    Installation Manual H3C SecPath F100-A Firewall Chapter 4 Firewall Configuration Chapter 4 Firewall Configuration 4.1 Booting For the initial use of the H3C SecPath F100-A firewall, you can only make CLI configuration through the console port. 4.1.1 Setting Up a Configuration Environment I.

  • Page 28: Figure 4-2 Create A New Connection

    Installation Manual H3C SecPath F100-A Firewall Chapter 4 Firewall Configuration Figure 4-2 Create a new connection Step 2: Define terminal parameters (using the HyperTerminal on Windows98 as an example). Select connection port Select the serial interface to be used from the Connect Using drop-down list. The serial interface selected here must be the one connected to the console cable.

  • Page 29: Figure 4-4 Define Port Parameters

    Installation Manual H3C SecPath F100-A Firewall Chapter 4 Firewall Configuration Data bits = 8 Parity = None Stop bit = 1 Flow control = None Click <OK> and the HyperTerminal dialog box appears. Figure 4-4 Define port parameters Select emulation type Choose [Properties/Settings] to enter the corresponding page and select the emulation as VT100 or Auto detect.

  • Page 30: Powering Up The Firewall

    Installation Manual H3C SecPath F100-A Firewall Chapter 4 Firewall Configuration Figure 4-5 Select emulation type 4.1.2 Powering Up the Firewall I. Checking before power-up Check the following issues before powering up the firewall: Both the power cord and the PGND wire are correctly connected. The voltage of the power supply matches the requirements.

  • Page 31: Booting Process

    Installation Manual H3C SecPath F100-A Firewall Chapter 4 Firewall Configuration III. Checking after power-up After the firewall is powered up, please check: The LEDs on the front panel are normal. Refer to section 1.2.3 “LEDs” for the LED description. The console terminal display is correct. After powering up the firewall, you can see the startup window on the console terminal (see section 4.1.3 “Booting Process”).

  • Page 32: Configuration Fundamentals

    Installation Manual H3C SecPath F100-A Firewall Chapter 4 Firewall Configuration Note: To enter the Boot menu, you need to press <Ctrl+B> within three seconds after the prompt information “Press Ctrl-B to Enter Boot menu...” appears. The terminal screen gives this information when the system starts decompression and initialization: System is self-decompressing..........

  • Page 33: Command Line Interface

    Installation Manual H3C SecPath F100-A Firewall Chapter 4 Firewall Configuration 4.2.2 Command Line Interface I. Characteristics of CLI The command line interface (CLI) offers a series of configuration commands. It allows you to: Configure the device locally through the console port. Telnet to configure the device locally or remotely, and then telnet to access and manage other devices.

  • Page 34: Chapter 5 Software Maintenance

    Installation Manual H3C SecPath F100-A Firewall Chapter 5 Software Maintenance Chapter 5 Software Maintenance The firewall manages three types of files: Boot ROM program files Application program files Configuration files Software maintenance mainly involves upgrading/downloading Boot ROM/application program files and uploading/downloading configuration files. 5.1 Boot Menu This section introduces the Boot menu that you use in maintaining the software of the firewall.

  • Page 35: Upgrading Application And Boot Rom Using Xmodem

    Installation Manual H3C SecPath F100-A Firewall Chapter 5 Software Maintenance Boot Rom Operation Menu Do not check the version of the software Exit and reboot Enter your choice(1-9): Further description is given for the option 8: If you fail to upgrade the software and the system prompts “invalid version” although you use the correct software version, you can select this option to ignore the version check during software upgrade.

  • Page 36: Figure 5-1 Send File Dialog Box

    Installation Manual H3C SecPath F100-A Firewall Chapter 5 Software Maintenance Downloading application program from serial ... Please choose your download speed: 1: 9600 bps 2: 19200 bps 3: 38400 bps 4: 57600 bps 5: 115200 bps 6: Exit to Main Menu Enter your choice(1-6): Step 2: Select an appropriate downloading speed (for example, 115200 bps by entering Download speed is 115200 bps.

  • Page 37: Figure 5-2 Sending File Interface

    Installation Manual H3C SecPath F100-A Firewall Chapter 5 Software Maintenance Figure 5-2 Sending File interface Step 6: After completing the downloading, the system begins writing data to the Flash memory and then displays the following information in the terminal window, indicating the completion of the downloading: XModem download completed, Packet length 8790321 bytes.

  • Page 38: Backing Up And Restoring The Extended Segment Of The Boot Rom

    Installation Manual H3C SecPath F100-A Firewall Chapter 5 Software Maintenance Step 2: Select 1 in the Boot ROM operation menu to download the Boot ROM program using XModem. The subsequent operation steps are the same as those upgrading the application program. Caution: If you fail to upgrade the entire Boot ROM program, you cannot restore it on site.

  • Page 39: Upgrading The Application Program Using Tftp

    Installation Manual H3C SecPath F100-A Firewall Chapter 5 Software Maintenance Step 3: When the Boot ROM operation menu appears again, select 5 to exit and reboot the firewall. II. Restoring the extended segment from the Flash memory If faults occur to the extended segment of the Boot ROM program or you upgrade it by mistake, you can restore the extended segment saved in the Flash memory to the Boot ROM following these steps: Step 1: Enter the Boot menu, and select 7 to enter the Boot ROM operation menu.
  • Page 40 Installation Manual H3C SecPath F100-A Firewall Chapter 5 Software Maintenance Net Port Download Menu: Change Net Parameter Download From Net Exit to Main Menu Enter your choice(1-3): 1 Step 2: Select 1 in the Net Port Download Menu to set parameters for the Ethernet interface on the security gateway (including the interface in use, IP address and subnet mask of the interface) and parameters for the TFTP server (including IP address of the Ethernet interface on the TFTP server and the name of the application program).

  • Page 41: Uploading/Downloading Applications/Files Using Ftp

    Installation Manual H3C SecPath F100-A Firewall Chapter 5 Software Maintenance TFTP download completed, Packet length 8790321 bytes. System file length 7868992 bytes, http.zip file length 921329 bytes. Writing file flash:/system to FLASH... Please wait, it may take a long time #################################################################### Writing into Flash Succeeds.

  • Page 42: Figure 5-4 Set Up The Remote Upload/Download Environment

    Installation Manual H3C SecPath F100-A Firewall Chapter 5 Software Maintenance Step 1: Connect the PC to the Ethernet port of firewall. Step 2: Configure the IP address of the Ethernet port of firewall. Here suppose it is 10.110.10.10. Step 3: Configure the IP address of the PC. Here suppose it is 10.110.10.13. Step 4: Copy the application, Boot ROM program or configuration files to a specific path.
  • Page 43 Installation Manual H3C SecPath F100-A Firewall Chapter 5 Software Maintenance Step 2: Add the username and password. [VPNGateway] local-user VPNGateway VPNGateway is the username. Step 3: Add the password. [VPNGateway-luser-vpngateway] password simple 123 Step 4: Add the service type and specify the FTP directory. [VPNGateway-luser-vpngateway] service-type ftp ftp-directory flash: Step 5: Add an authority level.
  • Page 44 Installation Manual H3C SecPath F100-A Firewall Chapter 5 Software Maintenance Note: By default, the application name of the firewall side is system, the filename is config.cfg, Boot ROM filename extension is bootrom, and the entire Boot ROM filename is bootromfull. Upload application, Boot ROM program, or configuration files.

  • Page 45: Modifying Boot Rom Password

    Installation Manual H3C SecPath F100-A Firewall Chapter 5 Software Maintenance IV. Detaching the Web file When the downloading using FTP is completed, the Web file is included in the application program. You need to detach it from the application program using the detach command.

  • Page 46: Resetting A Lost Password

    Installation Manual H3C SecPath F100-A Firewall Chapter 5 Software Maintenance Exit and reboot Enter your choice(1-6): Following is the description on the options of Boot menu: 1: Download Boot ROM with XModem 2: Upgrade the extended segment of Boot ROM with XModem 3: Modify Boot ROM password 4: Boot the system from flash (This option requires backing up the extended segment of Boot ROM in flash, refer to 5.3 for details.)

  • Page 47: Chapter 6 Troubleshooting

    Installation Manual H3C SecPath F100-A Firewall Chapter 6 Troubleshooting Chapter 6 Troubleshooting 6.1 Troubleshooting PSU Symptom The power LED (PWR) is always off. Solution Check whether: The power switch of the firewall is turned on. The site power supply is turned on. The power cord is properly connected.

  • Page 48: Troubleshooting Application Upgrading

    Installation Manual H3C SecPath F100-A Firewall Chapter 6 Troubleshooting II. Troubleshooting illegible characters Symptom The console terminal displays illegible characters on the screen after the firewall is powered on. Solution Confirm the parameters are configured at the terminal (such as HyperTerminal): Bits per second = 9600 Data bits = 8 Parity = none...
  • Page 49 Installation Manual H3C SecPath F100-A Firewall Chapter 6 Troubleshooting II. Fault 2 Symptom Boot the firewall, upgrade Comware software using TFTP, and the system displays the following: Net Port Download Menu: Change Net Parameter Download From Net Exit to Main Menu Enter your choice(1-3): 2 Starting the TFTP download...
  • Page 50 Installation Manual H3C SecPath F100-A Firewall Chapter 6 Troubleshooting Note: There is a bar code pasted on the firewall. Since the bar code contains product and maintenance information, you need to tell the agent about the information if you need to fix the device.

  • Page 51: Chapter 7 Mim Modules

    Installation Manual H3C SecPath F100-A Firewall Chapter 7 MIM Modules Chapter 7 MIM Modules 7.1 MIM Options Currently the H3C SecPath F100-A firewall supports these types of multifunctional interface modules (MIMs): 1-port 10Base-T/100Base-TX FE interface module (1FE) 2-port 10Base-T/100Base-TX FE interface module (2FE) 4-port 10Base-T/100Base-TX FE interface module (4FE) High-performance network data encryption module (HNDE) 7.2 Installing and Removing an MIM...

  • Page 52: Figure 7-1 Install The Mim I

    Installation Manual H3C SecPath F100-A Firewall Chapter 7 MIM Modules Step 3: Select a slot and push the MIM into the chassis until it is fully seated in the slot and its front panel is flush with the front of the chassis. Step 4: Tighten the captive screws to secure the MIM.

  • Page 53: Troubleshooting An Mim

    Installation Manual H3C SecPath F100-A Firewall Chapter 7 MIM Modules 7.3 Troubleshooting an MIM You can read the LEDs on the MIM panel to check for the MIM installation. If the MIM on the firewall does not operate normally, check that: Correct interface cables are used.

  • Page 54: Interface Attributes

    Installation Manual H3C SecPath F100-A Firewall Chapter 7 MIM Modules Figure 7-4 2FE module III. Appearance of the 4FE module Figure 7-5 shows the 4FE module. Figure 7-5 4FE module 7.4.3 Interface Attributes Table 7-1 shows the interface attributes of the 1FE, 2FE and 4FE modules. Table 7-1 Interface attributes of the 1FE, 2FE and 4FE modules Attribute 1FE module...

  • Page 55: Panel And Interface Leds

    Installation Manual H3C SecPath F100-A Firewall Chapter 7 MIM Modules 7.4.4 Panel and Interface LEDs Figure 7-6 shows the 1FE module panel. 10/100BASE-TX Figure 7-6 1FE module panel Figure 7-7 shows the 2FE module panel. Figure 7-7 2FE module panel Figure 7-8 shows the 2FE module panel.

  • Page 56: Figure 7-9 Ethernet Cable

    Installation Manual H3C SecPath F100-A Firewall Chapter 7 MIM Modules Figure 7-9 Ethernet cable II. Making an Ethernet cable To make an Ethernet cable with RJ-45 connectors using a category-5 twisted-pair cable, refer to Figure 7-10. A category-5 twisted-pair cable is composed of eight wires that are identified and grouped by colors of the outer insulator.

  • Page 57: Connecting The Interface Cable

    Installation Manual H3C SecPath F100-A Firewall Chapter 7 MIM Modules Table 7-4 Crossover cable pinout Category-5 Direction of Direction of RJ-45 twisted-pair RJ-45 signal signal cable White → (orange) → Orange ← White (green) –– Blue –– –– White (blue) ––...

  • Page 58: Hnde Module

    Installation Manual H3C SecPath F100-A Firewall Chapter 7 MIM Modules Caution: Read the mark of a port carefully before you connect it; a wrong connection can cause damages to the interface module and even the device. 7.5 HNDE Module 7.5.1 Introduction High Network Data Encryption (HNDE) supports IPsec protocol, multiple hardware encryption/decryption and hash algorithm to speed up the encryption of the IP packets, featuring high-performance and high-reliability.

  • Page 59: Troubleshooting The Hnde Module

    Installation Manual H3C SecPath F100-A Firewall Chapter 7 MIM Modules Table 7-6 LEDs on the HNDE module Description ON (green): The HNDE module is powered on properly. STATUS OFF: There is no power supply, damaged power supply, or sever hardware failure. OFF after flashing yellow for two seconds: Initialized the HNDE module.

Table of Contents